diff --git a/.github/workflows/Scheduled - Generate Permission List.yml b/.github/workflows/Scheduled - Generate Permission List.yml index e9695f17ed..9a918fa9fa 100644 --- a/.github/workflows/Scheduled - Generate Permission List.yml +++ b/.github/workflows/Scheduled - Generate Permission List.yml @@ -1,49 +1,237 @@ -name: Generate Permissions List -on: - push: - branches: - - Master - - Dev - schedule: - - cron: "0 0 * * *" - -jobs: - # This workflow contains a single job called "build" - GeneratePermissionsList: - # The type of runner that the job will run on - runs-on: windows-latest - - permissions: write-all - - # Only when run from the main repo - if: github.repository == 'microsoft/Microsoft365DSC' - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - name: Checkout Repository - uses: actions/checkout@v3 - - - name: Install Dependencies - shell: powershell - run: | - Import-Module './Modules/Microsoft365DSC/Microsoft365DSC.psd1' -Force; - Import-Module './Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1' -Force; - Update-M365DSCModule - - name: Get Permissions List - shell: powershell - run: | - Import-Module './Tests/TestHarness.psm1' -Force; - $permissions = Get-M365DSCAllGraphPermissionsList - $permissions -join ',' | Out-File '.\Tests\QA\Graph.PermissionList.txt' - - name: Commit Permissions List - shell: powershell - run: | - git config --local user.email "nicharl@microsoft.com" - git config --local user.name "NikCharlebois" - git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/QA/* - git pull - git commit -m "Updated Graph Permissions List" - git push - $SHA = git rev-parse HEAD - echo "commitid=$SHA" >> $env:GITHUB_OUTPUT +function Invoke-TestHarness +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $TestResultsFile, + + [Parameter()] + [System.String] + $DscTestsPath, + + [Parameter()] + [Switch] + $IgnoreCodeCoverage + ) + + $sw = [System.Diagnostics.StopWatch]::startnew() + + $MaximumFunctionCount = 32767 + Write-Host -Object 'Running all Microsoft365DSC Unit Tests' + + $repoDir = Join-Path -Path $PSScriptRoot -ChildPath '..\' -Resolve + + $oldModPath = $env:PSModulePath + $env:PSModulePath = $env:PSModulePath + [System.IO.Path]::PathSeparator + (Join-Path -Path $repoDir -ChildPath 'Modules\Microsoft365DSC') + + $testCoverageFiles = @() + if ($IgnoreCodeCoverage.IsPresent -eq $false) + { + Get-ChildItem -Path "$repoDir\Modules\Microsoft365DSC\DSCResources\**\*.psm1" -Recurse | ForEach-Object { + if ($_.FullName -notlike '*\DSCResource.Tests\*') + { + $testCoverageFiles += $_.FullName + } + } + } + + Import-Module -Name "$repoDir/Modules/Microsoft365DSC/Microsoft365DSC.psd1" + Import-Module -Name PSDesiredStateConfiguration -Global -Prefix 'Pwsh' -Force + $testsToRun = @() + + # Run Unit Tests + $versionsPath = Join-Path -Path $repoDir -ChildPath '\Tests\Unit\Stubs\' + # Import the first stub found so that there is a base module loaded before the tests start + $firstStub = Join-Path -Path $repoDir ` + -ChildPath '\Tests\Unit\Stubs\Microsoft365.psm1' + Import-Module $firstStub -WarningAction SilentlyContinue + + $stubPath = Join-Path -Path $repoDir ` + -ChildPath '\Tests\Unit\Stubs\Microsoft365.psm1' + + # DSC Common Tests + $getChildItemParameters = @{ + Path = (Join-Path -Path $repoDir -ChildPath '\Tests\Unit') + Recurse = $true + Filter = '*.Tests.ps1' + } + + # Get all tests '*.Tests.ps1'. + $commonTestFiles = Get-ChildItem @getChildItemParameters + + # Remove DscResource.Tests unit tests. + $commonTestFiles = $commonTestFiles | Where-Object -FilterScript { + $_.FullName -notmatch 'DSCResource.Tests\\Tests' + } + + $testsToRun += @( $commonTestFiles.FullName ) + + $filesToExecute = @() + if ($DscTestsPath -ne '') + { + $filesToExecute += $DscTestsPath + } + else + { + foreach ($testToRun in $testsToRun) + { + $filesToExecute += $testToRun + } + } + + $Params = [ordered]@{ + Path = $filesToExecute + } + + $Container = New-PesterContainer @Params + + $Configuration = [PesterConfiguration]@{ + Run = @{ + Container = $Container + PassThru = $true + } + Output = @{ + Verbosity = 'Normal' + } + Should = @{ + ErrorAction = 'Continue' + } + } + + if ([String]::IsNullOrEmpty($TestResultsFile) -eq $false) + { + $Configuration.Output.Enabled = $true + $Configuration.Output.OutputFormat = 'NUnitXml' + $Configuration.Output.OutputFile = $TestResultsFile + } + + if ($IgnoreCodeCoverage.IsPresent -eq $false) + { + $Configuration.CodeCoverage.Enabled = $true + $Configuration.CodeCoverage.Path = $testCoverageFiles + $Configuration.CodeCoverage.OutputPath = 'CodeCov.xml' + $Configuration.CodeCoverage.OutputFormat = 'JaCoCo' + $Configuration.CodeCoverage.UseBreakpoints = $false + } + + $results = Invoke-Pester -Configuration $Configuration + + $message = 'Running the tests took {0} hours, {1} minutes, {2} seconds' -f $sw.Elapsed.Hours, $sw.Elapsed.Minutes, $sw.Elapsed.Seconds + Write-Host -Object $message + + $env:PSModulePath = $oldModPath + Write-Host -Object 'Completed running all Microsoft365DSC Unit Tests' + + return $results +} + +function Get-M365DSCAllGraphPermissionsList +{ + [CmdletBinding()] + [OutputType([System.String[]])] + param() + + $allModules = Get-module Microsoft.graph.* -ListAvailable + $allPermissions = @() + foreach ($module in $allModules) + { + $cmds = Get-Command -Module $module.Name + foreach ($cmd in $cmds) + { + $graphInfo = Find-MgGraphCommand -Command $cmd.Name -ErrorAction SilentlyContinue + if ($null -ne $graphInfo) + { + $permissions = $graphInfo.Permissions | Where-Object -FilterScript {$_.PermissionType -eq 'Application'} + $allPermissions += $permissions.Name + } + } + } + + $allPermissions+= @('OrgSettings-Microsoft365Install.Read.All', ` + 'OrgSettings-Forms.Read.All', ` + 'OrgSettings-Todo.Read.All', ` + 'OrgSettings-AppsAndServices.Read.All', ` + 'OrgSettings-DynamicsVoice.Read.All', ` + 'ReportSettings.Read.All', ` + 'RoleManagementPolicy.Read.Directory', ` + 'RoleEligibilitySchedule.Read.Directory', ` + 'Agreement.Read.All', ` + 'Policy.ReadWrite.ConditionalAccess', ` + 'Policy.Read.ConditionalAccess', ` + 'Policy.ReadWrite.AuthenticationMethod', ` + 'SharePointTenantSettings.Read.All', ` + 'AppCatalog.ReadWrite.All', ` + 'TeamSettings.ReadWrite.All', ` + 'Channel.Delete.All', ` + 'ChannelSettings.ReadWrite.All', ` + 'ChannelMember.ReadWrite.All', ` + 'ChannelSettings.Read.All', + 'EntitlementManagement.Read.All', + 'ExternalConnection.Read.All') + $roles = $allPermissions | Select-Object -Unique | Sort-Object -Descending:$false + return $roles +} + +function Invoke-QualityChecksHarness +{ + [CmdletBinding()] + param () + + $sw = [System.Diagnostics.StopWatch]::startnew() + + Write-Host -Object 'Running all Quality Check Tests' + + $repoDir = Join-Path -Path $PSScriptRoot -ChildPath '..\' -Resolve + + $oldModPath = $env:PSModulePath + $env:PSModulePath = $env:PSModulePath + [System.IO.Path]::PathSeparator + (Join-Path -Path $repoDir -ChildPath 'modules\Microsoft365DSC') + + # DSC Common Tests + $getChildItemParameters = @{ + Path = (Join-Path -Path $repoDir -ChildPath '\Tests\QA') + Filter = '*.Tests.ps1' + } + + # Get all tests '*.Tests.ps1'. + $commonTestFiles = Get-ChildItem @getChildItemParameters + + $testsToRun = @() + $testsToRun += @( $commonTestFiles.FullName ) + + $filesToExecute = @() + foreach ($testToRun in $testsToRun) + { + $filesToExecute += $testToRun + } + + $Params = [ordered]@{ + Path = $filesToExecute + } + + $Container = New-PesterContainer @Params + + $Configuration = [PesterConfiguration]@{ + Run = @{ + Container = $Container + PassThru = $true + } + Output = @{ + Verbosity = 'Detailed' + } + Should = @{ + ErrorAction = 'Continue' + } + } + + $results = Invoke-Pester -Configuration $Configuration + + $message = 'Running the tests took {0} hours, {1} minutes, {2} seconds' -f $sw.Hours, $sw.Minutes, $sw.Seconds + Write-Host -Object $message + + $env:PSModulePath = $oldModPath + Write-Host -Object 'Completed running all Quality Check Tests' + + return $results +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c2ad6918c..2196377267 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,154 @@ # Change log for Microsoft365DSC +# 1.24.1002.1 + +* AADAdministrativeUnit + * Added support for property IsMemberManagementRestricted. +* AADApplication + * Added AppRoles + * Added AuthenticationBehavior + * Added KeyCredentials + * Added OptionalClaims + * Added PasswordCredentials + * Added PreAuthorizationApplications +* AADAuthenticationMethodPolicy + * Added ReportSuspiciousActivitySettings +* AADAuthenticationMethodPolicyHardware + * Initial release. +* AADEntitlementManagementSettings + * Initial release. +* AADFeatureRolloutPolicy + * Initial release +* AADGroup + * Fixes issue with incorrect removal of assigned license(s) + FIXES [#5128](https://github.com/microsoft/Microsoft365DSC/issues/5128) + * Fixes logic to evaluate license assignments and disabled plans. + FIXES [#5101](https://github.com/microsoft/Microsoft365DSC/issues/5101) + * Fixes issue with code that is never executed + FIXES [#5001](https://github.com/microsoft/Microsoft365DSC/issues/5001) + * Adds support to assign Service Principal as members or owners. + FIXES [#4972](https://github.com/microsoft/Microsoft365DSC/issues/4972) +* AADPasswordRuleSettings + * Initial release +* ADOOrganizationOwner + * Initial release. +* ADOPermissionGroup + * Initial release. +* ADOSecurityPolicy + * Initial release. +* AzureSubscription + * Initial Release. +* DefenderSubscriptionDefenderPlan + * Initial release. +* EXOAntiPhishPolicy + * Use correct type integer for variable `PhishThresholdLevel` +* EXOArcConfig + * Initial Release. +* EXOAuthenticationPolicy + * If policy needs changes then recreate it to avoid issue with + `Set-AuthenticationPolicy` cmdlet + FIXES [#4819](https://github.com/microsoft/Microsoft365DSC/issues/4819) +* EXODnssecForVerifiedDomain + * Initial Release. +* EXOEmailTenantSettings + * Initial Release. +* EXOFocusedInbox + * Initial Release. +* EXOMailboxCalendarConfiguration + * Initial Release. +* EXOMailboxIRMAccess + * Initial Release. +* EXOMailboxFolderPermission + * Initial Release. +* EXOMailboxIRMAccess + * Initial Release. +* EXOMailTips + * Remove property `Ensure` since this resource is of type `IsSingleInstance` +* EXOManagementScope + * Initial Release. +* EXORetentionPolicy + * Initial Release. +* EXOPhishSimOverrideRule + * Initial Release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Fixes an issue with invalid parameter definition. + FIXES [#5015](https://github.com/microsoft/Microsoft365DSC/issues/5015) + * Fixes an issue where the `AccessTokens` parameter was not available. + FIXES [#5121](https://github.com/microsoft/Microsoft365DSC/issues/5121) +* IntuneAppCategory + * Initial release. +* IntuneAppProtectionPolicyiOS + * Improve `TargetedAppManagementLevels` property to specify multiple values. + FIXES [#5032](https://github.com/microsoft/Microsoft365DSC/issues/5032) +* IntuneDeviceCompliancePolicyWindows10 + * Fixes an issue where the property `ValidOperatingSystemBuildRanges` was + not exported properly. + FIXES [#5030](https://github.com/microsoft/Microsoft365DSC/issues/5030) +* IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 + * Add missing `AccessTokens` parameter to `Export-TargetResource` + FIXES [#5034](https://github.com/microsoft/Microsoft365DSC/issues/5034) +* IntuneFirewallPolicyWindows10 + * Initial release + FIXES [#3033](https://github.com/microsoft/Microsoft365DSC/issues/3033) +* IntuneSettingCatalogCustomPolicyWindows10 + * Update export logic to target more specific policy types. + * Prevent thrown exception to be caught by exception handler. + FIXES [#5088](https://github.com/microsoft/Microsoft365DSC/issues/5088) +* M365DSCDRGUtil + * Add support for more complex Intune Settings Catalog properties + * Update handling of `Update-IntuneDeviceConfigurationPolicy` to throw on error + FIXES [#5055](https://github.com/microsoft/Microsoft365DSC/issues/5055) +* M365DSCResourceGenerator + * Update Intune resource generation for the Settings Catalog. +* O365ExternalConnection + * Initial release. +* SCDeviceConditionalAccessRule + * Initial release. +* SCDeviceConfigurationRule + * Initial release. +* SCInsiderRiskEntityList + * Initial release. +* SCInsiderRiskPolicy + * Initial release. +* SCRecordReviewNotificationTemplateConfig + * Initial release. +* SCRoleGroup + * Fixes an issue with creation without specifying Displayname + * Fixes an issue with Drifts because of returned Role format + FIXES [#5036](https://github.com/microsoft/Microsoft365DSC/issues/5036) +* SCAutoSensitivityLabelRule + * Fixed issue with incorrectly applying HeaderMatchesPatterns, even when + parameter wasn't specified. + FIXES [#4641](https://github.com/microsoft/Microsoft365DSC/issues/4641) +* SCSensitivityLabel + * Added support for Auto Labeling settings + FIXES [#3784](https://github.com/microsoft/Microsoft365DSC/issues/3784) +* SentinelSetting + * Initial release. +* SentinelWatchlist + * Initial release. +* SPOAccessControlSettings + * Added support for property EnableRestrictedAccessControl. +* M365DSCUtil + * Fixes an issue where the O365Group workload was not properly detected. + FIXES [#5095](https://github.com/microsoft/Microsoft365DSC/issues/5095) +* DEPENDENCIES + * Updated DSCParser to version 2.0.0.10. + * Updated Microsoft.Graph to version 2.23.0. + * Added dependencies on Az.Accounts, Az.Resources, Az.ResourceGraph + and Az.SecurityInsights. + * Updated DSCParser to version 2.0.0.9. + * Updated MSCloudLoginAssistant to version 1.1.25. + * Added dependency on Microsoft.Graph.Beta.Search. + * Removed unnecessary dependency PSDesiredStateConfiguration v1.1 + # 1.24.904.1 * EXOOwaMailboxPolicy * Add support for AccountTransferEnabled parameter + +# 1.24.904.1 + * EXOSweepRule * Initial Release. * FabricAdminTenantSettings @@ -587,6 +732,8 @@ * Added EnableAIPIntegration. * TeamsChannelTab * Fixed schema file +* TeamsComplianceRecordingPolicy + * FIXES [[#3712](https://github.com/microsoft/Microsoft365DSC/issues/3712)] * TeamsGroupPolicyAssignment * Skip assignments that have orphaned/deleted groups or without display name instead of throwing an error diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 3440d0cdc3..0685ca72c5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -22,6 +22,10 @@ function Get-TargetResource [System.String] $Visibility, + [Parameter()] + [System.Boolean] + $IsMemberManagementRestricted, + [Parameter()] [validateset('Assigned', 'Dynamic')] [System.String] @@ -143,18 +147,19 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Administrative Unit with Id {$Id} and DisplayName {$DisplayName} was found." $results = @{ #region resource generator code - Description = $getValue.Description - DisplayName = $getValue.DisplayName - Visibility = $getValue.Visibility - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Description = $getValue.Description + DisplayName = $getValue.DisplayName + Visibility = $getValue.Visibility + IsMemberManagementRestricted = $getValue.IsMemberManagementRestricted + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens #endregion } @@ -293,6 +298,10 @@ function Set-TargetResource [System.String] $Visibility, + [Parameter()] + [System.Boolean] + $IsMemberManagementRestricted, + [Parameter()] [validateset('Assigned', 'Dynamic')] [System.String] @@ -352,7 +361,7 @@ function Set-TargetResource try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` + -InboundParameters $PSBoundParameters } catch { @@ -547,11 +556,7 @@ function Set-TargetResource #region resource generator code Write-Verbose -Message "Creating new Administrative Unit with: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" - $jsonParams = ConvertTo-Json $CreateParameters - - # TODO - Replace by cmdlet call which has an issue in 2.11.1 - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/administrativeUnits' - $policy = Invoke-MgGraphRequest -Method POST -Uri $url -Body $jsonParams + $policy = New-MgBetaDirectoryAdministrativeUnit @CreateParameters if ($MembershipType -ne 'Dynamic') { @@ -599,12 +604,8 @@ function Set-TargetResource $UpdateParameters.Remove('ScopedRoleMembers') | Out-Null #region resource generator code - $jsonParams = ConvertTo-Json $UpdateParameters - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" - Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $jsonParams - <#Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters ` - -AdministrativeUnitId $currentInstance.Id #> - + Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters ` + -AdministrativeUnitId $currentInstance.Id #endregion if ($MembershipType -ne 'Dynamic') @@ -818,6 +819,10 @@ function Test-TargetResource [System.String] $Visibility, + [Parameter()] + [System.Boolean] + $IsMemberManagementRestricted, + [Parameter()] [validateset('Assigned', 'Dynamic')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof index 53939212e8..3b580b2a20 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof @@ -18,6 +18,7 @@ class MSFT_AADAdministrativeUnit : OMI_BaseResource [Write, Description("Object-Id of the Administrative Unit")] String Id; [Write, Description("Description of the Administrative Unit")] String Description; [Write, Description("Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden")] String Visibility; + [Write, Description("Indicates whether the management rights on resources in the administrative units should be restricted to ONLY the administrators scoped on the administrative unit object.")] Boolean IsMemberManagementRestricted; [Write, Description("Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.")] String MembershipType; [Write, Description("Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.")] String MembershipRule; [Write, Description("Specify dynamic membership-rule processing-state. Valid values are 'On' and 'Paused'. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.")] String MembershipRuleProcessingState; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 11292d32cc..636e27a4db 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -60,6 +60,30 @@ function Get-TargetResource [System.String[]] $Owners, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OptionalClaims, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Api, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AuthenticationBehaviors, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $KeyCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PasswordCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AppRoles, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Permissions, @@ -163,6 +187,165 @@ function Get-TargetResource else { Write-Verbose -Message 'An instance of Azure AD App was retrieved.' + + + $AADBetaApp= Get-MgBetaApplication -Property "id,displayName,appId,authenticationBehaviors" -ApplicationId $ObjectID -ErrorAction SilentlyContinue + $AADAppKeyCredentials = Get-MgApplication -Property "keyCredentials" -ApplicationId $ObjectID -ErrorAction SilentlyContinue + + $complexAuthenticationBehaviors = @{} + if ($null -ne $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) + { + $complexAuthenticationBehaviors.Add('BlockAzureADGraphAccess', $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) + } + if ($null -ne $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) + { + $complexAuthenticationBehaviors.Add('RemoveUnverifiedEmailClaim', $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) + } + if ($null -ne $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + { + $complexAuthenticationBehaviors.Add('RequireClientServicePrincipal', $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + } + if ($complexAuthenticationBehaviors.values.Where({$null -ne $_}).Count -eq 0) + { + $complexAuthenticationBehaviors = $null + } + + $complexOptionalClaims = @{} + $complexAccessToken = @() + foreach ($currentAccessToken in $AADApp.optionalClaims.accessToken) + { + $myAccessToken = @{} + $myAccessToken.Add('Essential', $currentAccessToken.essential) + $myAccessToken.Add('Name', $currentAccessToken.name) + $myAccessToken.Add('Source', $currentAccessToken.source) + if ($myAccessToken.values.Where({$null -ne $_}).Count -gt 0) + { + $complexAccessToken += $myAccessToken + } + } + $complexOptionalClaims.Add('AccessToken',$complexAccessToken) + $complexIdToken = @() + foreach ($currentIdToken in $AADApp.optionalClaims.idToken) + { + $myIdToken = @{} + $myIdToken.Add('Essential', $currentIdToken.essential) + $myIdToken.Add('Name', $currentIdToken.name) + $myIdToken.Add('Source', $currentIdToken.source) + if ($myIdToken.values.Where({$null -ne $_}).Count -gt 0) + { + $complexIdToken += $myIdToken + } + } + $complexOptionalClaims.Add('IdToken',$complexIdToken) + $complexSaml2Token = @() + foreach ($currentSaml2Token in $AADApp.optionalClaims.saml2Token) + { + $mySaml2Token = @{} + $mySaml2Token.Add('Essential', $currentSaml2Token.essential) + $mySaml2Token.Add('Name', $currentSaml2Token.name) + $mySaml2Token.Add('Source', $currentSaml2Token.source) + if ($mySaml2Token.values.Where({$null -ne $_}).Count -gt 0) + { + $complexSaml2Token += $mySaml2Token + } + } + $complexOptionalClaims.Add('Saml2Token',$complexSaml2Token) + if ($complexOptionalClaims.values.Where({$null -ne $_}).Count -eq 0) + { + $complexOptionalClaims = $null + } + + + $complexApi = @{} + $complexPreAuthorizedApplications = @() + foreach ($currentPreAuthorizedApplications in $AADApp.api.preAuthorizedApplications) + { + $myPreAuthorizedApplications = @{} + $myPreAuthorizedApplications.Add('AppId', $currentPreAuthorizedApplications.appId) + $myPreAuthorizedApplications.Add('PermissionIds', $currentPreAuthorizedApplications.permissionIds) + if ($myPreAuthorizedApplications.values.Where({$null -ne $_}).Count -gt 0) + { + $complexPreAuthorizedApplications += $myPreAuthorizedApplications + } + } + $complexApi.Add('PreAuthorizedApplications',$complexPreAuthorizedApplications) + if ($complexApi.values.Where({$null -ne $_}).Count -eq 0) + { + $complexApi = $null + } + + + $complexKeyCredentials = @() + foreach ($currentkeyCredentials in $AADAppKeyCredentials.keyCredentials) + { + $mykeyCredentials = @{} + if($null -ne $currentkeyCredentials.customKeyIdentifier) + { + $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) + } + $mykeyCredentials.Add('DisplayName', $currentkeyCredentials.displayName) + if ($null -ne $currentkeyCredentials.endDateTime) + { + $mykeyCredentials.Add('EndDateTime', ([DateTimeOffset]$currentkeyCredentials.endDateTime).ToString('o')) + } + $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) + + + if($null -ne $currentkeyCredentials.Key) + { + $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) + } + + if ($null -ne $currentkeyCredentials.startDateTime) + { + $mykeyCredentials.Add('StartDateTime', ([DateTimeOffset]$currentkeyCredentials.startDateTime).ToString('o')) + } + $mykeyCredentials.Add('Type', $currentkeyCredentials.type) + $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) + if ($mykeyCredentials.values.Where({$null -ne $_}).Count -gt 0) + { + $complexKeyCredentials += $mykeyCredentials + } + } + + $complexPasswordCredentials = @() + foreach ($currentpasswordCredentials in $AADApp.passwordCredentials) + { + $mypasswordCredentials = @{} + $mypasswordCredentials.Add('DisplayName', $currentpasswordCredentials.displayName) + if ($null -ne $currentpasswordCredentials.endDateTime) + { + $mypasswordCredentials.Add('EndDateTime', ([DateTimeOffset]$currentpasswordCredentials.endDateTime).ToString('o')) + } + $mypasswordCredentials.Add('Hint', $currentpasswordCredentials.hint) + $mypasswordCredentials.Add('KeyId', $currentpasswordCredentials.keyId) + if ($null -ne $currentpasswordCredentials.startDateTime) + { + $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) + } + if ($mypasswordCredentials.values.Where({$null -ne $_}).Count -gt 0) + { + $complexPasswordCredentials += $mypasswordCredentials + } + } + + $complexAppRoles = @() + foreach ($currentappRoles in $AADApp.appRoles) + { + $myappRoles = @{} + $myappRoles.Add('AllowedMemberTypes', $currentappRoles.allowedMemberTypes) + $myappRoles.Add('Description', $currentappRoles.description) + $myappRoles.Add('DisplayName', $currentappRoles.displayName) + $myappRoles.Add('Id', $currentappRoles.id) + $myappRoles.Add('IsEnabled', $currentappRoles.isEnabled) + $myappRoles.Add('Origin', $currentappRoles.origin) + $myappRoles.Add('Value', $currentappRoles.value) + if ($myappRoles.values.Where({$null -ne $_}).Count -gt 0) + { + $complexAppRoles += $myappRoles + } + } + $permissionsObj = Get-M365DSCAzureADAppPermissions -App $AADApp $isPublicClient = $false if (-not [System.String]::IsNullOrEmpty($AADApp.PublicClient) -and $AADApp.PublicClient -eq $true) @@ -195,6 +378,7 @@ function Get-TargetResource { $IsFallbackPublicClientValue = $AADApp.IsFallbackPublicClient } + $result = @{ DisplayName = $AADApp.DisplayName AvailableToOtherTenants = $AvailableToOtherTenantsValue @@ -210,6 +394,12 @@ function Get-TargetResource Owners = $OwnersValues ObjectId = $AADApp.Id AppId = $AADApp.AppId + OptionalClaims = $complexOptionalClaims + Api = $complexApi + AuthenticationBehaviors = $complexAuthenticationBehaviors + KeyCredentials = $complexKeyCredentials + PasswordCredentials = $complexPasswordCredentials + AppRoles = $complexAppRoles Permissions = $permissionsObj Ensure = 'Present' Credential = $Credential @@ -304,6 +494,30 @@ function Set-TargetResource [System.String[]] $Owners, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OptionalClaims, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Api, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AuthenticationBehaviors, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $KeyCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PasswordCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AppRoles, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Permissions, @@ -405,8 +619,18 @@ function Set-TargetResource # App should exist but it doesn't $needToUpdatePermissions = $false + $needToUpdateAuthenticationBehaviors = $false + $needToUpdateKeyCredentials = $false $currentParameters.Remove('AppId') | Out-Null $currentParameters.Remove('Permissions') | Out-Null + $currentParameters.Remove('AuthenticationBehaviors') | Out-Null + $currentParameters.Remove('KeyCredentials') | Out-Null + $currentParameters.Remove('PasswordCredentials') | Out-Null + if ($PasswordCredentials) + { + Write-Warning -Message "PasswordCredentials is a readonly property and cannot be configured." + + } if ($currentParameters.AvailableToOtherTenants) { @@ -455,6 +679,16 @@ function Set-TargetResource $currentParameters.Remove('LogoutURL') | Out-Null $currentParameters.Remove('Homepage') | Out-Null + + $keys = (([Hashtable]$currentParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $currentParameters.$key -and $currentParameters.$key.getType().Name -like '*cimInstance*') + { + $currentParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $currentParameters.$key + } + } + $skipToUpdate = $false $AppIdValue = $null if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent') @@ -499,6 +733,8 @@ function Set-TargetResource $currentAADApp = New-MgApplication @currentParameters Write-Verbose -Message "Azure AD Application {$DisplayName} was successfully created" $needToUpdatePermissions = $true + $needToUpdateAuthenticationBehaviors = $true + $needToUpdateKeyCredentials = $true $tries = 1 $appEntity = $null @@ -525,6 +761,8 @@ function Set-TargetResource Update-MgApplication @currentParameters $currentAADApp.Add('ID', $AppIdValue) $needToUpdatePermissions = $true + $needToUpdateAuthenticationBehaviors = $true + $needToUpdateKeyCredentials = $true } # App exists but should not elseif ($Ensure -eq 'Absent' -and $currentAADApp.Ensure -eq 'Present') @@ -678,6 +916,25 @@ function Set-TargetResource Update-MgApplication -ApplicationId ($currentAADApp.Id) ` -RequiredResourceAccess $allRequiredAccess | Out-Null } + + if($needToUpdateAuthenticationBehaviors -and $AuthenticationBehaviors) + { + Write-Verbose -Message "Updating for Azure AD Application {$($currentAADApp.DisplayName)} with AuthenticationBehaviors:`r`n$($AuthenticationBehaviors| Out-String)" + Write-Verbose -Message "Current App Id: $($currentAADApp.AppId)" + + $IAuthenticationBehaviors = @{ + blockAzureADGraphAccess = $AuthenticationBehaviors.blockAzureADGraphAccess + removeUnverifiedEmailClaim = $AuthenticationBehaviors.removeUnverifiedEmailClaim + requireClientServicePrincipal = $AuthenticationBehaviors.requireClientServicePrincipal + } + + Update-MgBetaApplication -ApplicationId $currentAADApp.Id -AuthenticationBehaviors $IAuthenticationBehaviors | Out-Null + } + + if($needToUpdateKeyCredentials -and $KeyCredentials) + { + Write-Warning -Message "KeyCredentials is a readonly property and cannot be configured." + } } function Test-TargetResource @@ -742,6 +999,30 @@ function Test-TargetResource [System.String[]] $Owners, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OptionalClaims, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Api, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AuthenticationBehaviors, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $KeyCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PasswordCredentials, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AppRoles, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Permissions, @@ -829,23 +1110,56 @@ function Test-TargetResource Write-Verbose -Message 'No Permissions exist for the current Azure AD App and no permissions were specified' } } + + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + $testTargetResource = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*' -and $source -notlike '*Permission*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + Write-Verbose "TestResult returned False for $source" + $testTargetResource = $false + } + else { + $ValuesToCheck.Remove($key) | Out-Null + } + } + } + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('ObjectId') | Out-Null $ValuesToCheck.Remove('AppId') | Out-Null $ValuesToCheck.Remove('Permissions') | Out-Null + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams + + if(-not $TestResult) + { + $testTargetResource = $false + } - Write-Verbose -Message "Test-TargetResource returned $TestResult" - return $TestResult + Write-Verbose -Message "Test-TargetResource returned $testTargetResource" + + return $testTargetResource } function Export-TargetResource @@ -941,17 +1255,176 @@ function Export-TargetResource { $Results.Permissions = Get-M365DSCAzureADAppPermissionsAsString $Results.Permissions } + + if ($null -ne $Results.Api) + { + $complexMapping = @( + @{ + Name = 'Api' + CimInstanceName = 'MicrosoftGraphApiApplication' + IsRequired = $False + } + @{ + Name = 'PreAuthorizedApplications' + CimInstanceName = 'MicrosoftGraphPreAuthorizedApplication' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.Api ` + -CIMInstanceName 'MicrosoftGraphapiApplication' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.Api = $complexTypeStringResult + } + else + { + $Results.Remove('Api') | Out-Null + } + } + + if ($null -ne $Results.AuthenticationBehaviors) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.AuthenticationBehaviors ` + -CIMInstanceName 'MicrosoftGraphauthenticationBehaviors' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.AuthenticationBehaviors = $complexTypeStringResult + } + else + { + $Results.Remove('AuthenticationBehaviors') | Out-Null + } + } + + + if ($null -ne $Results.OptionalClaims) + { + $complexMapping = @( + @{ + Name = 'OptionalClaims' + CimInstanceName = 'MicrosoftGraphOptionalClaims' + IsRequired = $False + } + @{ + Name = 'AccessToken' + CimInstanceName = 'MicrosoftGraphOptionalClaim' + IsRequired = $False + } + @{ + Name = 'IdToken' + CimInstanceName = 'MicrosoftGraphOptionalClaim' + IsRequired = $False + } + @{ + Name = 'Saml2Token' + CimInstanceName = 'MicrosoftGraphOptionalClaim' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.OptionalClaims ` + -CIMInstanceName 'MicrosoftGraphoptionalClaims' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.OptionalClaims = $complexTypeStringResult + } + else + { + $Results.Remove('OptionalClaims') | Out-Null + } + } + + + if ($null -ne $Results.KeyCredentials) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.KeyCredentials ` + -CIMInstanceName 'MicrosoftGraphkeyCredential' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.KeyCredentials = $complexTypeStringResult + } + else + { + $Results.Remove('KeyCredentials') | Out-Null + } + } + + if ($null -ne $Results.PasswordCredentials) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.PasswordCredentials ` + -CIMInstanceName 'MicrosoftGraphpasswordCredential' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.PasswordCredentials = $complexTypeStringResult + } + else + { + $Results.Remove('PasswordCredentials') | Out-Null + } + } + + if ($null -ne $Results.AppRoles) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.AppRoles ` + -CIMInstanceName 'MicrosoftGraphappRole' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.AppRoles = $complexTypeStringResult + } + else + { + $Results.Remove('AppRoles') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + if ($Results.Api) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Api" -IsCIMArray:$False + } + if ($null -ne $Results.Permissions) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` -ParameterName 'Permissions' } + if ($Results.OptionalClaims) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OptionalClaims" -IsCIMArray:$False + } + if ($Results.AuthenticationBehaviors) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AuthenticationBehaviors" -IsCIMArray:$False + } + + if ($Results.KeyCredentials) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyCredentials" -IsCIMArray:$True + } + + if ($Results.PasswordCredentials) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PasswordCredentials" -IsCIMArray:$True + } + + if ($Results.AppRoles) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AppRoles" -IsCIMArray:$True + } $dscContent.Append($currentDSCBlock) | Out-Null Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof index 5396eb0fbb..c78c43016d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof @@ -7,6 +7,78 @@ class MSFT_AADApplicationPermission [Write, Description("Represented whether or not the Admin consent been granted on the app.")] Boolean AdminConsentGranted; }; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphOptionalClaims +{ + [Write, Description("The optional claims returned in the JWT access token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String AccessToken[]; + [Write, Description("The optional claims returned in the JWT ID token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String IdToken[]; + [Write, Description("The optional claims returned in the SAML token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String Saml2Token[]; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphOptionalClaim +{ + [Write, Description("If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience for the specific task requested by the end user. The default value is false.")] Boolean Essential; + [Write, Description("The name of the optional claim.")] String Name; + [Write, Description("The source (directory object) of the claim. There are predefined claims and user-defined claims from extension properties. If the source value is null, the claim is a predefined optional claim. If the source value is user, the value in the name property is the extension property from the user object.")] String Source; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphPreAuthorizedApplication +{ + [Write, Description("The unique identifier for the client application.")] String AppId; + [Write, Description("The unique identifier for the scopes the client application is granted.")] String PermissionIds[]; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphApiApplication +{ + [Write, Description("Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent."), EmbeddedInstance("MSFT_MicrosoftGraphPreAuthorizedApplication")] String PreAuthorizedApplications[]; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphAuthenticationBehaviors +{ + [Write, Description("If false, allows the app to have extended access to Azure AD Graph until June 30, 2025 when Azure AD Graph is fully retired. For more information on Azure AD retirement updates, see June 2024 update on Azure AD Graph API retirement.")] Boolean BlockAzureADGraphAccess; + [Write, Description("If true, removes the email claim from tokens sent to an application when the email address's domain can't be verified.")] Boolean RemoveUnverifiedEmailClaim; + [Write, Description("If true, requires multitenant applications to have a service principal in the resource tenant as part of authorization checks before they're granted access tokens. This property is only modifiable for multitenant resource applications that rely on access from clients without a service principal and had this behavior as set to false by Microsoft. Tenant administrators should respond to security advisories sent through Azure Health Service events and the Microsoft 365 message center.")] Boolean RequireClientServicePrincipal; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphKeyCredential +{ + [Write, Description("A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.")] String CustomKeyIdentifier; + [Write, Description("Friendly name for the key. Optional.")] String DisplayName; + [Write, Description("The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String EndDateTime; + [Write, Description("The unique identifier (GUID) for the key.")] String KeyId; + [Write, Description("The certificate's raw data in byte array converted to Base64 string.")] String Key; + [Write, Description("The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String StartDateTime; + [Write, Description("The type of key credential for example, Symmetric, AsymmetricX509Cert.")] String Type; + [Write, Description("A string that describes the purpose for which the key can be used for example, Verify.")] String Usage; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphPasswordCredential +{ + [Write, Description("Friendly name for the password. Optional.")] String DisplayName; + [Write, Description("The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String EndDateTime; + [Write, Description("Contains the first three characters of the password. Read-only.")] String Hint; + [Write, Description("The unique identifier for the password.")] String KeyId; + [Write, Description("The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String StartDateTime; +}; + +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphAppRole +{ + [Write, Description("Specifies whether this app role can be assigned to users and groups (by setting to 'User'), to other application's (by setting to 'Application', or both (by setting to 'User', 'Application'). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities.")] String AllowedMemberTypes[]; + [Write, Description("The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.")] String Description; + [Write, Description("Display name for the permission that appears in the app role assignment and consent experiences.")] String DisplayName; + [Write, Description("Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided.")] String Id; + [Write, Description("When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed.")] Boolean IsEnabled; + [Write, Description("Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only.")] String Origin; + [Write, Description("Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : = + _ } , and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with ..")] String Value; +}; + [ClassVersion("1.0.0.0"), FriendlyName("AADApplication")] class MSFT_AADApplication : OMI_BaseResource { @@ -20,6 +92,12 @@ class MSFT_AADApplication : OMI_BaseResource [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[]; [Write, Description("Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.")] Boolean IsFallbackPublicClient; [Write, Description("Client applications that are tied to this resource application.")] string KnownClientApplications[]; + [Write, Description("Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app."), EmbeddedInstance("MSFT_MicrosoftGraphoptionalClaims")] String OptionalClaims; + [Write, Description("Specifies settings for an application that implements a web API."), EmbeddedInstance("MSFT_MicrosoftGraphapiApplication")] String Api; + [Write, Description("The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. Returned only on $select. For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization."), EmbeddedInstance("MSFT_MicrosoftGraphauthenticationBehaviors")] String AuthenticationBehaviors; + [Write, Description("The collection of password credentials associated with the application. Not nullable."), EmbeddedInstance("MSFT_MicrosoftGraphpasswordCredential")] String PasswordCredentials[]; + [Write, Description("The collection of key credentials associated with the application. Not nullable. Supports $filter (eq, not, ge, le)."), EmbeddedInstance("MSFT_MicrosoftGraphkeyCredential")] String KeyCredentials[]; + [Write, Description("The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable."), EmbeddedInstance("MSFT_MicrosoftGraphappRole")] String AppRoles[]; [Write, Description("The logout url for this application.")] string LogoutURL; [Write, Description("Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.")] Boolean PublicClient; [Write, Description("Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.")] String ReplyURLs[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index e792ad65e9..f67f0d12f3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -30,6 +30,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RegistrationEnforcement, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ReportSuspiciousActivitySettings, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $SystemCredentialPreferences, @@ -172,6 +176,28 @@ function Get-TargetResource $complexRegistrationEnforcement = $null } + $complexReportSuspiciousActivitySettings = @{} + $newComplexIncludeTarget = @{} + $newComplexIncludeTarget.Add('Id', $getValue.ReportSuspiciousActivitySettings.IncludeTarget.id) + if ($null -ne $getValue.ReportSuspiciousActivitySettings.IncludeTarget.targetType) + { + $newComplexIncludeTarget.Add('TargetType', $getValue.ReportSuspiciousActivitySettings.IncludeTarget.targetType.toString()) + } + $complexReportSuspiciousActivitySettings.Add('IncludeTarget',$newComplexIncludeTarget) + + if ($null -ne $getValue.ReportSuspiciousActivitySettings.state) + { + $complexReportSuspiciousActivitySettings.Add('State', $getValue.ReportSuspiciousActivitySettings.state.toString()) + } + if($null -ne $getValue.ReportSuspiciousActivitySettings.VoiceReportingCode) + { + $complexReportSuspiciousActivitySettings.Add('VoiceReportingCode', $getValue.ReportSuspiciousActivitySettings.VoiceReportingCode) + } + if ($complexReportSuspiciousActivitySettings.values.Where({$null -ne $_}).count -eq 0) + { + $complexReportSuspiciousActivitySettings = $null + } + $complexSystemCredentialPreferences = @{} $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.SystemCredentialPreferences.excludeTargets) @@ -229,6 +255,7 @@ function Get-TargetResource PolicyVersion = $getValue.PolicyVersion ReconfirmationInDays = $getValue.ReconfirmationInDays RegistrationEnforcement = $complexRegistrationEnforcement + ReportSuspiciousActivitySettings = $complexReportSuspiciousActivitySettings SystemCredentialPreferences = $complexSystemCredentialPreferences Id = $getValue.Id Ensure = 'Present' @@ -287,6 +314,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RegistrationEnforcement, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ReportSuspiciousActivitySettings, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $SystemCredentialPreferences, @@ -407,6 +438,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RegistrationEnforcement, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ReportSuspiciousActivitySettings, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $SystemCredentialPreferences, @@ -648,6 +683,37 @@ function Export-TargetResource $Results.Remove('RegistrationEnforcement') | Out-Null } } + + if ($null -ne $Results.ReportSuspiciousActivitySettings) + { + $complexMapping = @( + @{ + Name = 'ReportSuspiciousActivitySettings' + CimInstanceName = 'MicrosoftGraphReportSuspiciousActivitySettings' + IsRequired = $False + } + @{ + Name = 'IncludeTarget' + CimInstanceName = 'AADAuthenticationMethodPolicyIncludeTarget' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.ReportSuspiciousActivitySettings ` + -CIMInstanceName 'MicrosoftGraphreportSuspiciousActivitySettings' ` + -ComplexTypeMapping $complexMapping + + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.ReportSuspiciousActivitySettings = $complexTypeStringResult + } + else + { + $Results.Remove('ReportSuspiciousActivitySettings') | Out-Null + } + } + + if ($null -ne $Results.SystemCredentialPreferences) { $complexMapping = @( @@ -695,6 +761,11 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SystemCredentialPreferences" -isCIMArray:$False } + + if ($Results.ReportSuspiciousActivitySettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ReportSuspiciousActivitySettings" -isCIMArray:$False + } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof index fb55f22adf..40541252d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof @@ -43,6 +43,13 @@ class MSFT_MicrosoftGraphSystemCredentialPreferences [Write, Description("Users and groups included in the preferred authentication method experience of the system."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyIncludeTarget")] String IncludeTargets[]; [Write, Description("Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled."), ValueMap{"default","enabled","disabled","unknownFutureValue"}, Values{"default","enabled","disabled","unknownFutureValue"}] String State; }; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphReportSuspiciousActivitySettings +{ + [Write, Description("Group IDs in scope for report suspicious activity."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyIncludeTarget")] String IncludeTarget; + [Write, Description("Specifies the state of the reportSuspiciousActivitySettings object."), ValueMap{"default","enabled","disabled","unknownFutureValue"}, Values{"default","enabled","disabled","unknownFutureValue"}] String State; + [Write, Description("Specifies the number the user enters on their phone to report the MFA prompt as suspicious.")] UInt32 VoiceReportingCode; +}; [ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationMethodPolicy")] class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource @@ -53,6 +60,7 @@ class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource [Write, Description("The version of the policy in use.")] String PolicyVersion; [Write, Description("Days before the user will be asked to reconfirm their method.")] UInt32 ReconfirmationInDays; [Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement; + [Write, Description("Allows users to report suspicious activities if they receive an authentication request that they did not initiate."), EmbeddedInstance("MSFT_MicrosoftGraphreportSuspiciousActivitySettings")] String ReportSuspiciousActivitySettings; [Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.psm1 new file mode 100644 index 0000000000..30be7f9089 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.psm1 @@ -0,0 +1,589 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $ExcludeTargets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IncludeTargets, + + [Parameter()] + [ValidateSet('enabled', 'disabled')] + [System.String] + $State, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue + + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Hardware with id {$id}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Azure AD Authentication Method Policy Hardware with Id {$Id} was found." + + #region resource generator code + $complexExcludeTargets = @() + foreach ($currentExcludeTargets in $getValue.excludeTargets) + { + $myExcludeTargets = @{} + if ($currentExcludeTargets.id -ne 'all_users'){ + $myExcludeTargetsDisplayName = get-MgGroup -GroupId $currentExcludeTargets.id + $myExcludeTargets.Add('Id', $myExcludeTargetsDisplayName.DisplayName) + } + else{ + $myExcludeTargets.Add('Id', $currentExcludeTargets.id) + } + if ($null -ne $currentExcludeTargets.targetType) + { + $myExcludeTargets.Add('TargetType', $currentExcludeTargets.targetType.toString()) + } + if ($myExcludeTargets.values.Where({ $null -ne $_ }).count -gt 0) + { + $complexExcludeTargets += $myExcludeTargets + } + } + #endregion + + $complexincludeTargets = @() + foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) + { + $myincludeTargets = @{} + if ($currentIncludeTargets.id -ne 'all_users'){ + $myIncludeTargetsDisplayName = get-MgGroup -GroupId $currentIncludeTargets.id + $myIncludeTargets.Add('Id', $myIncludeTargetsDisplayName.DisplayName) + } + else{ + $myIncludeTargets.Add('Id', $currentIncludeTargets.id) + } + if ($null -ne $currentincludeTargets.targetType) + { + $myincludeTargets.Add('TargetType', $currentincludeTargets.targetType.toString()) + } + if ($myincludeTargets.values.Where({ $null -ne $_ }).count -gt 0) + { + $complexincludeTargets += $myincludeTargets + } + } + #region resource generator code + $enumState = $null + if ($null -ne $getValue.State) + { + $enumState = $getValue.State.ToString() + } + #endregion + + $results = @{ + #region resource generator code + ExcludeTargets = $complexExcludeTargets + IncludeTargets = $complexincludeTargets + State = $enumState + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $ExcludeTargets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IncludeTargets, + + [Parameter()] + [ValidateSet('enabled', 'disabled')] + [System.String] + $State, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Azure AD Authentication Method Policy Hardware with Id {$($currentInstance.Id)}" + + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + if ($key -eq 'IncludeTargets') + { + $i = 0 + foreach ($entry in $UpdateParameters.$key){ + if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') + { + $Filter = "Displayname eq '$($entry.id)'" | Out-String + $UpdateParameters.$key[$i].foreach('id',(Get-MgGroup -Filter $Filter).id.ToString()) + } + $i++ + } + } + if ($key -eq 'ExcludeTargets') + { + $i = 0 + foreach ($entry in $UpdateParameters.$key){ + if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') + { + $Filter = "Displayname eq '$($entry.id)'" | Out-String + $UpdateParameters.$key[$i].foreach('id',(Get-MgGroup -Filter $Filter).id.ToString()) + } + $i++ + } + } + } + #region resource generator code + $UpdateParameters.Add('@odata.type', '#microsoft.graph.hardwareOathAuthenticationMethodConfiguration') + Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` + -AuthenticationMethodConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Authentication Method Policy Hardware with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $ExcludeTargets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IncludeTargets, + + [Parameter()] + [ValidateSet('enabled', 'disabled')] + [System.String] + $State, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Azure AD Authentication Method Policy Hardware with Id {$Id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` + -AuthenticationMethodConfigurationId HardwareOath ` + -ErrorAction Stop | Where-Object -FilterScript {$null -ne $_.Id} + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Id + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.ExcludeTargets) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.ExcludeTargets ` + -CIMInstanceName 'AADAuthenticationMethodPolicyHardwareExcludeTarget' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.ExcludeTargets = $complexTypeStringResult + } + else + { + $Results.Remove('ExcludeTargets') | Out-Null + } + } + + if ($null -ne $Results.IncludeTargets) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.IncludeTargets ` + -CIMInstanceName 'AADAuthenticationMethodPolicyHardwareIncludeTarget' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.IncludeTargets = $complexTypeStringResult + } + else + { + $Results.Remove('IncludeTargets') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.ExcludeTargets) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExcludeTargets' -IsCIMArray:$True + } + if ($Results.IncludeTargets) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'IncludeTargets' -IsCIMArray:$True + } + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.schema.mof new file mode 100644 index 0000000000..e82fa5d554 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/MSFT_AADAuthenticationMethodPolicyHardware.schema.mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0")] +class MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget +{ + [Write, Description("The object identifier of an Azure AD group.")] String Id; + [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType; +}; +[ClassVersion("1.0.0")] +class MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget +{ + [Write, Description("The object identifier of an Azure AD group.")] String Id; + [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationMethodPolicyHardware")] +class MSFT_AADAuthenticationMethodPolicyHardware : OMI_BaseResource +{ + [Write, Description("Displayname of the groups of users that are excluded from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget")] String ExcludeTargets[]; + [Write, Description("Displayname of the groups of users that are included from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget")] String IncludeTargets[]; + [Write, Description("The state of the policy. Possible values are: enabled, disabled."), ValueMap{"enabled","disabled"}, Values{"enabled","disabled"}] String State; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/readme.md new file mode 100644 index 0000000000..9cd813b949 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/readme.md @@ -0,0 +1,6 @@ + +# AADAuthenticationMethodPolicySoftware + +## Description + +Azure AD Authentication Method Policy Hardware diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/settings.json new file mode 100644 index 0000000000..be5ed21940 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyHardware/settings.json @@ -0,0 +1,52 @@ +{ + "resourceName": "AADAuthenticationMethodPolicyHardware", + "description": "This resource configures an Azure AD Authentication Method Policy Hardware.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Authentication Policy Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + }, + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + }, + { + "name": "Policy.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + }, + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + }, + { + "name": "Policy.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/settings.json index e3121136dc..e6f044849a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/settings.json @@ -18,9 +18,6 @@ } ], "update": [ - { - "name": "EntitlementManagement.Read.All" - }, { "name": "EntitlementManagement.ReadWrite.All" } @@ -33,9 +30,6 @@ } ], "update": [ - { - "name": "EntitlementManagement.Read.All" - }, { "name": "EntitlementManagement.ReadWrite.All" } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 new file mode 100644 index 0000000000..f145e6744d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 @@ -0,0 +1,322 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance = 'Yes', + + [Parameter()] + [System.UInt32] + $DaysUntilExternalUserDeletedAfterBlocked, + + [Parameter()] + [System.String] + $ExternalUserLifecycleAction, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + $instance = Get-MgBetaEntitlementManagementSetting + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + IsSingleInstance = 'Yes' + DaysUntilExternalUserDeletedAfterBlocked = $instance.DaysUntilExternalUserDeletedAfterBlocked + ExternalUserLifecycleAction = $instance.ExternalUserLifecycleAction + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance = 'Yes', + + [Parameter()] + [System.UInt32] + $DaysUntilExternalUserDeletedAfterBlocked, + + [Parameter()] + [System.String] + $ExternalUserLifecycleAction, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Remove('IsSingleInstance') | Out-Null + Write-Verbose -Message "Updating Entitlement Management settings" + Update-MgBetaEntitlementManagementSetting @setParameters | Out-Null +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $IsSingleInstance = 'Yes', + + [Parameter()] + [System.UInt32] + $DaysUntilExternalUserDeletedAfterBlocked, + + [Parameter()] + [System.String] + $ExternalUserLifecycleAction, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + $params = @{ + IsSIngleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.schema.mof new file mode 100644 index 0000000000..7ed1c6993a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementSettings")] +class MSFT_AADEntitlementManagementSettings : OMI_BaseResource +{ + [Key, Description("Only accepted value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("If externalUserLifecycleAction is blockSignInAndDelete, the duration, typically many days, after an external user is blocked from sign in before their account is deleted.")] UInt32 DaysUntilExternalUserDeletedAfterBlocked; + [Write, Description("Automatic action that the service should take when an external user's last access package assignment is removed. The possible values are: none, blockSignIn, blockSignInAndDelete, unknownFutureValue.")] String ExternalUserLifecycleAction; + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/readme.md new file mode 100644 index 0000000000..856052c457 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/readme.md @@ -0,0 +1,6 @@ + +# AADEntitlementManagementSettings + +## Description + +Manages Entra Id Entitlement Management settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json new file mode 100644 index 0000000000..3005622fd8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json @@ -0,0 +1,49 @@ +{ + "resourceName": "AADEntitlementManagementSettings", + "description": "Manages Entra Id Entitlement Management settings.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Identity Governance Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + }, + { + "name" : "RoleManagement.ReadWrite.Directory" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 new file mode 100644 index 0000000000..97857762ed --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 @@ -0,0 +1,512 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [System.String] + $Feature, + + [Parameter()] + [System.Boolean] + $IsAppliedToOrganization, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaPolicyFeatureRolloutPolicy -FeatureRolloutPolicyId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Policy Feature Rollout Policy with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaPolicyFeatureRolloutPolicy ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.FeatureRolloutPolicy" + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Policy Feature Rollout Policy with DisplayName {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Azure AD Policy Feature Rollout Policy with Id {$Id} and DisplayName {$DisplayName} was found" + + #region resource generator code + $enumFeature = $null + if ($null -ne $getValue.Feature) + { + $enumFeature = $getValue.Feature.ToString() + } + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.DisplayName + Feature = $enumFeature + IsAppliedToOrganization = $getValue.IsAppliedToOrganization + IsEnabled = $getValue.IsEnabled + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [System.String] + $Feature, + + [Parameter()] + [System.Boolean] + $IsAppliedToOrganization, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.String] + $Id, + + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Azure AD Policy Feature Rollout Policy with DisplayName {$DisplayName}" + + $createParameters = ([Hashtable]$BoundParameters).Clone() + $createParameters.Remove('Id') | Out-Null + + #region resource generator code + $policy = New-MgBetaPolicyFeatureRolloutPolicy -BodyParameter $createParameters + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Azure AD Policy Feature Rollout Policy with Id {$($currentInstance.Id)}" + + $updateParameters = ([Hashtable]$BoundParameters).Clone() + + $updateParameters.Remove('Id') | Out-Null + $updateParameters.Remove('Feature') | Out-Null + + #region resource generator code + Update-MgBetaPolicyFeatureRolloutPolicy ` + -FeatureRolloutPolicyId $currentInstance.Id ` + -BodyParameter $UpdateParameters + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Policy Feature Rollout Policy with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaPolicyFeatureRolloutPolicy -FeatureRolloutPolicyId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [System.String] + $Feature, + + [Parameter()] + [System.Boolean] + $IsAppliedToOrganization, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Azure AD Policy Feature Rollout Policy with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaPolicyFeatureRolloutPolicy ` + -Filter $Filter ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.schema.mof new file mode 100644 index 0000000000..eab252ba3b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.schema.mof @@ -0,0 +1,19 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("AADFeatureRolloutPolicy")] +class MSFT_AADFeatureRolloutPolicy : OMI_BaseResource +{ + [Write, Description("A description for this feature rollout policy.")] String Description; + [Key, Description("The display name for this feature rollout policy.")] String DisplayName; + [Write, Description("Possible values are: passthroughAuthentication, seamlessSso, passwordHashSync, emailAsAlternateId, unknownFutureValue, certificateBasedAuthentication. You must use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: certificateBasedAuthentication. For more information about the prerequisites for the enabled features, see Prerequisites for enabled features."), ValueMap{"passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"}, Values{"passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"}] String Feature; + [Write, Description("Indicates whether this feature rollout policy should be applied to the entire organization.")] Boolean IsAppliedToOrganization; + [Write, Description("Indicates whether the feature rollout is enabled.")] Boolean IsEnabled; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/readme.md new file mode 100644 index 0000000000..b1e4f319bc --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/readme.md @@ -0,0 +1,6 @@ + +# AADFeatureRolloutPolicy + +## Description + +Azure AD Policy Feature Rollout Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/settings.json new file mode 100644 index 0000000000..2a2839156c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "AADPolicyFeatureRolloutPolicy", + "description": "This resource configures an Azure AD Policy Feature Rollout Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Directory.Read.All" + } + ], + "update": [ + { + "name": "Directory.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Directory.Read.All" + } + ], + "update": [ + { + "name": "Directory.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 0a74f43a58..92e1614b52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -201,7 +201,7 @@ function Get-TargetResource Write-Verbose -Message 'Found existing AzureAD Group' # Owners - [Array]$owners = Get-MgGroupOwner -GroupId $Group.Id -All:$true + [Array]$owners = Get-MgBetaGroupOwner -GroupId $Group.Id -All:$true $OwnersValues = @() foreach ($owner in $owners) { @@ -209,13 +209,17 @@ function Get-TargetResource { $OwnersValues += $owner.AdditionalProperties.userPrincipalName } + elseif($owner.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.servicePrincipal") + { + $OwnersValues += $owner.AdditionalProperties.displayName + } } $MembersValues = $null if ($Group.MembershipRuleProcessingState -ne 'On') { # Members - [Array]$members = Get-MgGroupMember -GroupId $Group.Id -All:$true + [Array]$members = Get-MgBetaGroupMember -GroupId $Group.Id -All:$true $MembersValues = @() $GroupAsMembersValues = @() foreach ($member in $members) @@ -224,6 +228,10 @@ function Get-TargetResource { $MembersValues += $member.AdditionalProperties.userPrincipalName } + elseif ($member.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.servicePrincipal') + { + $MembersValues += $member.AdditionalProperties.displayName + } elseif($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.group") { $GroupAsMembersValues += $member.AdditionalProperties.displayName @@ -232,7 +240,7 @@ function Get-TargetResource } # MemberOf - [Array]$memberOf = Get-MgGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole + [Array]$memberOf = Get-MgBetaGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole $MemberOfValues = @() # Note: only process security-groups that this group is a member of and not directory roles (if any) foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) @@ -583,10 +591,6 @@ function Set-TargetResource -Source $MyInvocation.MyCommand.ModuleName } } - if ($assignedLicensesGUIDs.Length -gt 0) - { - Set-MgGroupLicense -GroupId $currentGroup.Id -AddLicenses $licensesToAdd -RemoveLicenses @() - } } if ($Ensure -eq 'Present') { @@ -612,10 +616,11 @@ function Set-TargetResource Update-MgGroup @currentParameters | Out-Null } - if (($licensesToAdd.Length -gt 0 -or $licensesToRemove.Length -gt 0) -and $AssignedLicenses -ne $null) + if (($licensesToAdd.Length -gt 0 -or $licensesToRemove.Length -gt 0) -and $PSBoundParameters.ContainsKey('AssignedLicenses')) { try { + Write-Verbose -Message "Setting Group Licenses" Set-MgGroupLicense -GroupId $currentGroup.Id ` -AddLicenses $licensesToAdd ` -RemoveLicenses $licensesToRemove ` @@ -651,6 +656,7 @@ function Set-TargetResource if ($Ensure -ne 'Absent') { #Owners + Write-Verbose -Message "Updating Owners" if ($PSBoundParameters.ContainsKey('Owners')) { $currentOwnersValue = @() @@ -670,13 +676,21 @@ function Set-TargetResource $ownersDiff = Compare-Object -ReferenceObject $backCurrentOwners -DifferenceObject $desiredOwnersValue foreach ($diff in $ownersDiff) { - $user = Get-MgUser -UserId $diff.InputObject - + $directoryObject = Get-MgUser -UserId $diff.InputObject -ErrorAction SilentlyContinue + if ($null -eq $directoryObject) + { + Write-Verbose -Message "Trying to retrieve Service Principal {$($diff.InputObject)}" + $app = Get-MgApplication -Filter "DisplayName eq '$($diff.InputObject)'" + if ($null -ne $app) + { + $directoryObject = Get-MgServicePrincipal -Filter "AppId eq '$($app.AppId)'" + } + } if ($diff.SideIndicator -eq '=>') { Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $ownerObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}" + '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" } try { @@ -700,6 +714,7 @@ function Set-TargetResource } #Members + Write-Verbose -Message "Updating Members" if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('Members')) { $currentMembersValue = @() @@ -716,16 +731,28 @@ function Set-TargetResource { $backCurrentMembers = @() } + Write-Verbose -Message "Comparing current members and desired list" $membersDiff = Compare-Object -ReferenceObject $backCurrentMembers -DifferenceObject $desiredMembersValue foreach ($diff in $membersDiff) { - $user = Get-MgUser -UserId $diff.InputObject + Write-Verbose -Message "Found difference for member {$($diff.InputObject)}" + $directoryObject = Get-MgUser -UserId $diff.InputObject -ErrorAction SilentlyContinue + + if ($null -eq $directoryObject) + { + Write-Verbose -Message "Trying to retrieve Service Principal {$($diff.InputObject)}" + $app = Get-MgApplication -Filter "DisplayName eq '$($diff.InputObject)'" + if ($null -ne $app) + { + $directoryObject = Get-MgServicePrincipal -Filter "AppId eq '$($app.AppId)'" + } + } if ($diff.SideIndicator -eq '=>') { Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}" + '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" } New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null } @@ -733,9 +760,9 @@ function Set-TargetResource { Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}" + '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" } - Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null + Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null } } } @@ -745,6 +772,7 @@ function Set-TargetResource } #GroupAsMembers + Write-Verbose -Message "Updating GroupAsMembers" if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('GroupAsMembers')) { $currentGroupAsMembersValue = @() @@ -766,7 +794,7 @@ function Set-TargetResource { try { - $groupAsMember = Get-MgGroup -Filter "DisplayName eq '$($diff.InputObject)'" -ErrorAction Stop + $groupAsMember = Get-MgGroup -Filter "DisplayName eq '$($diff.InputObject)'" -ErrorAction SilentlyContinue } catch { @@ -784,18 +812,19 @@ function Set-TargetResource $groupAsMemberObject = @{ "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/$($groupAsMember.Id)" } - New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null + New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null } if ($diff.SideIndicator -eq '<=') { Write-Verbose -Message "Removing AAD Group {$($groupAsMember.DisplayName)} from AAD group {$($currentGroup.DisplayName)}" - Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($groupAsMember.Id) | Out-Null + Remove-MgBetaGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($groupAsMember.Id) | Out-Null } } } } #MemberOf + Write-Verbose -Message "Updating MemberOf" if ($PSBoundParameters.ContainsKey('MemberOf')) { $currentMemberOfValue = @() @@ -1050,43 +1079,95 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" # Check Licenses - if (-not ($AssignedLicenses -eq $null -and $CurrentValues.AssignedLicenses -eq $null)) + if (-not ($null -eq $AssignedLicenses -and $null -eq $CurrentValues.AssignedLicenses)) { try { - $licensesDiff = Compare-Object -ReferenceObject ($CurrentValues.AssignedLicenses.SkuId) -DifferenceObject ($AssignedLicenses.SkuId) - if ($null -ne $licensesDiff) + if ($null -ne $CurrentValues.AssignedLicenses -and $CurrentValues.AssignedLicenses.Length -gt 0 -and ` + ($PSBoundParameters.ContainsKey('AssignedLicenses') -and $null -eq $AssignedLicenses)) { - Write-Verbose -Message "AssignedLicenses differ: $($licensesDiff | Out-String)" + Write-Verbose -Message "The group {$DisplayName} currently has licenses assigned but it shouldn't" Write-Verbose -Message "Test-TargetResource returned $false" - $EventMessage = "Assigned Licenses for Azure AD Group {$DisplayName} were not in the desired state.`r`n" + ` - "They should contain {$($AssignedLicenses.SkuId)} but instead contained {$($CurrentValues.AssignedLicenses.SkuId)}" + $EventMessage = "Assigned Licenses for Azure AD Group {$DisplayName} were not in the desired state.`r`nThe group should not have any licenses assigned but instead contained {$($CurrentValues.AssignedLicenses.SkuId -join ',')}" Add-M365DSCEvent -Message $EventMessage -EntryType 'Warning' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) return $false } - else + elseif ($null -eq $CurrentValues.AssignedLicenses -and $null -ne $AssignedLicenses -and ` + $AssignedLicenses.Length -gt 0) { - Write-Verbose -Message 'AssignedLicenses for Azure AD Group are the same' + Write-Verbose -Message "The group {$DisplayName} currently doesn't have licenses assigned but it should" + Write-Verbose -Message "Test-TargetResource returned $false" + $EventMessage = "Assigned Licenses for Azure AD Group {$DisplayName} were not in the desired state.`r`nThe group doesn't not have any licenses assigned but should have {$($CurrentValues.AssignedLicenses.SkuId -join ',')}" + Add-M365DSCEvent -Message $EventMessage -EntryType 'Warning' ` + -EventID 1 -Source $($MyInvocation.MyCommand.Source) + + return $false } - } - catch - { - Write-Verbose -Message "Test-TargetResource returned $false" - return $false - } + elseif ($CurrentValues.AssignedLicenses.Length -gt 0 -and $AssignedLicenses.Length -gt 0) + { + Write-Verbose -Message "Current assigned licenses and desired assigned licenses for group {$DisplayName} are not null and will be compared" + $licensesDiff = Compare-Object -ReferenceObject ($CurrentValues.AssignedLicenses.SkuId) -DifferenceObject ($AssignedLicenses.SkuId) + if ($null -ne $licensesDiff) + { + Write-Verbose -Message "AssignedLicenses differ for group {$DisplayName}: $($licensesDiff | Out-String)" + Write-Verbose -Message "Test-TargetResource returned $false" + $EventMessage = "Assigned Licenses for Azure AD Group {$DisplayName} were not in the desired state.`r`nThey should contain {$($AssignedLicenses.SkuId -join ',')} but instead contained {$($CurrentValues.AssignedLicenses.SkuId -join ',')}" + Add-M365DSCEvent -Message $EventMessage -EntryType 'Warning' ` + -EventID 1 -Source $($MyInvocation.MyCommand.Source) - #Check DisabledPlans - try - { - $licensesDiff = Compare-Object -ReferenceObject ($CurrentValues.AssignedLicenses.DisabledPlans) -DifferenceObject ($AssignedLicenses.DisabledPlans) - if ($null -ne $licensesDiff) + return $false + } + else + { + Write-Verbose -Message "AssignedLicenses for Azure AD Group {$DisplayName} are the same, checking DisabledPlans" + } + + # Disabled Plans + #Compare DisabledPlans for each SkuId - all SkuId's are processed regardless of result + $result = $true + foreach ($assignedLicense in $AssignedLicenses) + { + Write-Verbose "Compare DisabledPlans for SkuId $($assignedLicense.SkuId) in group {$DisplayName}" + $currentLicense = $CurrentValues.AssignedLicenses | Where-Object -FilterScript {$_.SkuId -eq $assignedLicense.SkuId} + if ($assignedLicense.DisabledPlans.Count -ne 0 -or $currentLicense.DisabledPlans.Count -ne 0) + { + try { + $licensesDiff = Compare-Object -ReferenceObject $assignedLicense.DisabledPlans -DifferenceObject $currentLicense.DisabledPlans + if ($null -ne $licensesDiff) + { + Write-Verbose -Message "DisabledPlans for SkuId $($assignedLicense.SkuId) differ: $($licensesDiff | Out-String)" + Write-Verbose -Message "Test-TargetResource returned $false" + $EventMessage = "Disabled Plans for Azure AD Group Licenses {$DisplayName} SkuId $($assignedLicense.SkuId) were not in the desired state.`r`n" + ` + "They should contain {$($assignedLicense.DisabledPlans -join ',')} but instead contained {$($currentLicense.DisabledPlans -join ',')}" + Add-M365DSCEvent -Message $EventMessage -EntryType 'Warning' ` + -EventID 1 -Source $($MyInvocation.MyCommand.Source) + + $result = $false + } + else + { + Write-Verbose -Message "DisabledPlans for SkuId $($assignedLicense.SkuId) are the same" + } + } + catch + { + Write-Verbose -Message "Test-TargetResource returned `$false (DisabledPlans: $($_.Exception.Message))" + $result = $false + } + } + } + if ($true -ne $result) + { + return $result + } + } + elseif ($PSBoundParameters.ContainsKey('AssignedLicenses')) { - Write-Verbose -Message "DisabledPlans differ: $($licensesDiff | Out-String)" + Write-Verbose -Message "The group {$DisplayName} currently has licenses assigned but it shouldn't have" Write-Verbose -Message "Test-TargetResource returned $false" - $EventMessage = "Disabled Plans for Azure AD Group Licenses {$DisplayName} were not in the desired state.`r`n" + ` - "They should contain {$($AssignedLicenses.DisabledPlans)} but instead contained {$($CurrentValues.AssignedLicenses.DisabledPlans)}" + $EventMessage = "Assigned Licenses for Azure AD Group {$DisplayName} were not in the desired state.`r`nThe group has licenses assigned but shouldn't have {$($CurrentValues.AssignedLicenses.SkuId)}" Add-M365DSCEvent -Message $EventMessage -EntryType 'Warning' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) @@ -1094,11 +1175,12 @@ function Test-TargetResource } else { - Write-Verbose -Message 'DisabledPlans for Azure AD Group Licensing are the same' + Write-Verbose -Message "Both the current and desired assigned licenses lists for group {$DisplayName} are empty or not specified." } } catch { + Write-Verbose -Message "Error evaluating the AssignedLicenses for group {$DisplayName}: $_" Write-Verbose -Message "Test-TargetResource returned $false" return $false } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 new file mode 100644 index 0000000000..4c4d286efe --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 @@ -0,0 +1,483 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.UInt32] + $LockoutThreshold, + + [Parameter()] + [System.UInt32] + $LockoutDurationInSeconds, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheck, + + [Parameter()] + [System.String[]] + $BannedPasswordList, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheckOnPremises, + + [Parameter()] + [validateset('Enforced', 'Audit')] + [System.String] + $BannedPasswordCheckOnPremisesMode, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message 'Getting configuration of AzureAD Password Rule Settings' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + try + { + $Policy = Get-MgBetaDirectorySetting -All | Where-Object -FilterScript { $_.DisplayName -eq 'Password Rule Settings' } + + if ($null -eq $Policy) + { + return $nullReturn + } + else + { + Write-Verbose -Message 'Found existing AzureAD DirectorySetting for Password Rule Settings' + $valueBannedPasswordCheckOnPremisesMode = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'BannedPasswordCheckOnPremisesMode'} + $valueEnableBannedPasswordCheckOnPremises = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'EnableBannedPasswordCheckOnPremises'} + $valueEnableBannedPasswordCheck = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'EnableBannedPasswordCheck'} + $valueLockoutDurationInSeconds = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'LockoutDurationInSeconds'} + $valueLockoutThreshold = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'LockoutThreshold'} + $valueBannedPasswordList = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'BannedPasswordList'} + + $result = @{ + IsSingleInstance = 'Yes' + BannedPasswordCheckOnPremisesMode = $valueBannedPasswordCheckOnPremisesMode.Value + EnableBannedPasswordCheckOnPremises = [Boolean]::Parse($valueEnableBannedPasswordCheckOnPremises.Value) + EnableBannedPasswordCheck = [Boolean]::Parse($valueEnableBannedPasswordCheck.Value) + LockoutDurationInSeconds = $valueLockoutDurationInSeconds.Value + LockoutThreshold = $valueLockoutThreshold.Value + BannedPasswordList = $valueBannedPasswordList.Value -split "`t" # list is tab-delimited + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.UInt32] + $LockoutThreshold, + + [Parameter()] + [System.UInt32] + $LockoutDurationInSeconds, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheck, + + [Parameter()] + [System.String[]] + $BannedPasswordList, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheckOnPremises, + + [Parameter()] + [validateset('Enforced', 'Audit')] + [System.String] + $BannedPasswordCheckOnPremisesMode, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message 'Setting configuration of Azure AD Password Rule Settings' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentPolicy = Get-TargetResource @PSBoundParameters + + # Policy should exist but it doesn't + $needToUpdate = $false + if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent') + { + #$template = Get-MgBetaDirectorySettingTemplate -All | Where-Object -FilterScript {$_.Displayname -eq 'Password Rule Settings'} + $Policy = New-MgBetaDirectorySetting -TemplateId '5cf42378-d67d-4f36-ba46-e8b86229381d' | Out-Null + $needToUpdate = $true + } + + $Policy = Get-MgBetaDirectorySetting -All | Where-Object -FilterScript { $_.DisplayName -eq 'Password Rule Settings' } + + if (($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') -or $needToUpdate) + { + $index = 0 + foreach ($property in $Policy.Values) + { + if ($property.Name -eq 'LockoutThreshold') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = $LockoutThreshold + } + elseif ($property.Name -eq 'LockoutDurationInSeconds') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = $LockoutDurationInSeconds + } + elseif ($property.Value -eq 'EnableBannedPasswordCheck') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = [System.Boolean]$EnableBannedPasswordCheck + } + elseif ($property.Value -eq 'BannedPasswordList') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = $BannedPasswordList -join "`t" + } + elseif ($property.Value -eq 'EnableBannedPasswordCheckOnPremises') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = [System.Boolean]$EnableBannedPasswordCheckOnPremises + } + elseif ($property.Value -eq 'BannedPasswordCheckOnPremisesMode') + { + $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry.Value = $BannedPasswordCheckOnPremisesMode + } + $index++ + } + + Write-Verbose -Message "Updating Policy's Values with $($Policy.Values | Out-String)" + Update-MgBetaDirectorySetting -DirectorySettingId $Policy.id -Values $Policy.Values | Out-Null + } + elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') + { + Write-Verbose -Message "An existing Directory Setting entry exists, and we don't allow to have it removed." + throw 'The AADPasswordRuleSettings resource cannot delete existing Directory Setting entries. Please specify Present.' + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.UInt32] + $LockoutThreshold, + + [Parameter()] + [System.UInt32] + $LockoutDurationInSeconds, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheck, + + [Parameter()] + [System.String[]] + $BannedPasswordList, + + [Parameter()] + [System.Boolean] + $EnableBannedPasswordCheckOnPremises, + + [Parameter()] + [validateset('Enforced', 'Audit')] + [System.String] + $BannedPasswordCheckOnPremisesMode, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Testing configuration of AzureAD Password Rule Settings' + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $TestResult" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $Params = @{ + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + IsSingleInstance = 'Yes' + ApplicationSecret = $ApplicationSecret + Credential = $Credential + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + $dscContent = '' + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof new file mode 100644 index 0000000000..1356eee844 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof @@ -0,0 +1,19 @@ +[ClassVersion("1.0.0.0"), FriendlyName("AADPasswordRuleSettings")] +class MSFT_AADPasswordRuleSettings : OMI_BaseResource +{ + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The number of failed login attempts before the first lockout period begins.")] UInt32 LockoutThreshold; + [Write, Description("The duration in seconds of the initial lockout period.")] UInt32 LockoutDurationInSeconds; + [Write, Description("Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.")] Boolean EnableBannedPasswordCheck; + [Write, Description("A list of banned words in passwords.")] String BannedPasswordList[]; + [Write, Description("How should we enforce password policy check in on-premises system.")] String BannedPasswordCheckOnPremisesMode; + [Write, Description("Boolean indicating if the banned password check is turned on or not for on-premises system.")] Boolean EnableBannedPasswordCheckOnPremises; + [Write, Description("Specify if the Azure AD Password Rule Settings should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/Readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/Readme.md new file mode 100644 index 0000000000..94efd9bcd6 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/Readme.md @@ -0,0 +1,5 @@ +# AADPasswordRuleSettings + +## Description + +This resource configures the Azure Active Directory Password Rule Settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/settings.json new file mode 100644 index 0000000000..f2fcba1008 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/settings.json @@ -0,0 +1,45 @@ +{ + "resourceName": "AADGroupsSettings", + "description": "This resource configures the Azure Active Directory Password Rule Settings.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Directory.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "Directory.Read.All" + }, + { + "name": "Directory.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Directory.Read.All" + } + ], + "update": [ + { + "name": "Directory.Read.All" + }, + { + "name": "Directory.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 2613ce6640..a32fd0d623 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -44,6 +44,10 @@ function Get-TargetResource [System.String] $LogoutUrl, + [Parameter()] + [System.String[]] + $Owners, + [Parameter()] [System.String] $PublisherName, @@ -197,6 +201,17 @@ function Get-TargetResource } } + $ownersValues = @() + $ownersInfo = Get-MgServicePrincipalOwner -ServicePrincipalId $AADServicePrincipal.Id -ErrorAction SilentlyContinue + foreach ($ownerInfo in $ownersInfo) + { + $info = Get-MgUser -UserId $ownerInfo.Id -ErrorAction SilentlyContinue + if ($null -ne $info) + { + $ownersValues += $info.UserPrincipalName + } + } + $result = @{ AppId = $AADServicePrincipal.AppId AppRoleAssignedTo = $AppRoleAssignedToValues @@ -208,6 +223,7 @@ function Get-TargetResource ErrorUrl = $AADServicePrincipal.ErrorUrl Homepage = $AADServicePrincipal.Homepage LogoutUrl = $AADServicePrincipal.LogoutUrl + Owners = $ownersValues PublisherName = $AADServicePrincipal.PublisherName ReplyURLs = $AADServicePrincipal.ReplyURLs SamlMetadataURL = $AADServicePrincipal.SamlMetadataURL @@ -285,6 +301,10 @@ function Set-TargetResource [System.String] $LogoutUrl, + [Parameter()] + [System.String[]] + $Owners, + [Parameter()] [System.String] $PublisherName, @@ -387,7 +407,18 @@ function Set-TargetResource Write-Verbose -Message 'Creating new Service Principal' Write-Verbose -Message "With Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" - New-MgServicePrincipal @currentParameters + $newSP = New-MgServicePrincipal @currentParameters + + # Assign Owners + foreach ($owner in $Owners) + { + $userInfo = Get-MgUser -UserId $owner + $body = @{ + '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($userInfo.Id)" + } + Write-Verbose -Message "Adding new owner {$owner}" + $newOwner = New-MgServicePrincipalOwnerByRef -ServicePrincipalId $newSP.Id -BodyParameter $body + } } # ServicePrincipal should exist and will be configured to desired state elseif ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present') @@ -402,6 +433,7 @@ function Set-TargetResource Write-Verbose -Message "CurrentParameters: $($currentParameters | Out-String)" Write-Verbose -Message "ServicePrincipalID: $($currentAADServicePrincipal.ObjectID)" $currentParameters.Remove('AppRoleAssignedTo') | Out-Null + $currentParameters.Remove('Owners') | Out-Null Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters if ($AppRoleAssignedTo) @@ -488,6 +520,32 @@ function Set-TargetResource } } } + + Write-Verbose -Message "Checking if owners need to be updated..." + + if ($null -ne $Owners) + { + $diffOwners = Compare-Object -ReferenceObject $currentAADServicePrincipal.Owners -DifferenceObject $Owners + } + foreach ($diff in $diffOwners) + { + $userInfo = Get-MgUser -UserId $diff.InputObject + if ($diff.SideIndicator -eq '=>') + { + $body = @{ + '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($userInfo.Id)" + } + Write-Verbose -Message "Adding owner {$($userInfo.Id)}" + New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` + -BodyParameter $body | Out-Null + } + else + { + Write-Verbose -Message "Removing owner {$($userInfo.Id)}" + Remove-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` + -DirectoryObjectId $userInfo.Id | Out-Null + } + } } # ServicePrincipal exists but should not elseif ($Ensure -eq 'Absent' -and $currentAADServicePrincipal.Ensure -eq 'Present') @@ -543,6 +601,10 @@ function Test-TargetResource [System.String] $LogoutUrl, + [Parameter()] + [System.String[]] + $Owners, + [Parameter()] [System.String] $PublisherName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof index 44fefb22c6..3d4c507c12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof @@ -19,6 +19,7 @@ class MSFT_AADServicePrincipal : OMI_BaseResource [Write, Description("Specifies the homepage of the ServicePrincipal.")] String Homepage; [Write, Description("Specifies the LogoutURL of the ServicePrincipal.")] String LogoutUrl; [Write, Description("Specifies the PublisherName of the ServicePrincipal.")] String PublisherName; + [Write, Description("List of the owners of the service principal.")] String Owners[]; [Write, Description("The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.")] String ReplyUrls[]; [Write, Description("The URL for the SAML metadata of the ServicePrincipal.")] String SamlMetadataUrl; [Write, Description("Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal.")] String ServicePrincipalNames[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 new file mode 100644 index 0000000000..db746c4549 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 @@ -0,0 +1,344 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.String] + $Owner, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + $uri = "https://vssps.dev.azure.com/$OrganizationName/_apis/Organization/Collections/Me" + $organizationInfo = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + + $uri = "https://vsaex.dev.azure.com/$OrganizationName/_apis/userentitlements?api-version=7.2-preview.4" + $allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + + $ownerInfo = $allUsers.Items | Where-Object -FilterScript {$_.id -eq $organizationInfo.owner} + + $results = @{ + OrganizationName = $OrganizationName + Owner = $ownerInfo.user.principalName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.String] + $Owner, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + $ConnectionMode = New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Retrieving all users." + $uri = "https://vsaex.dev.azure.com/$OrganizationName/_apis/userentitlements?api-version=7.2-preview.4" + $allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + + $ownerInfo = $allUsers.items | Where-Object -FilterScript {$_.user.principalName -eq $Owner} + + if ($null -ne $ownerInfo) + { + Write-Verbose -Message "Updating owner for organization {$OrganizationName} to {$($ownerInfo.id)}" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Owner`",`"value`":`"$($ownerInfo.id)`"}]" + $uri ='https://vssps.dev.azure.com/O365DSC-Dev/_apis/Organization/Collections/Me?api-version=7.1-preview.1' + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method PATCH -Body $body + } + else + { + throw "Could not retrieve an Azure DevOPS user entitlement for {$Owner}" + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.String] + $Owner, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $Script:ExportMode = $true + + $profile = Invoke-M365DSCAzureDevOPSWebRequest -Uri 'https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=5.1' + $accounts = Invoke-M365DSCAzureDevOPSWebRequest -Uri "https://app.vssps.visualstudio.com/_apis/accounts?api-version=7.1-preview.1&memberId=$($profile.id)" + + $i = 1 + $dscContent = '' + if ($accounts.count -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + return '' + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($account in $accounts) + { + $organization = $account.Value.accountName + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $organization + Write-Host " |---[$i/$($accounts.Count)] $displayedKey" -NoNewline + $params = @{ + OrganizationName = $organization + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.schema.mof new file mode 100644 index 0000000000..1f87c3b452 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.schema.mof @@ -0,0 +1,12 @@ +[ClassVersion("1.0.0.0"), FriendlyName("ADOOrganizationOwner")] +class MSFT_ADOOrganizationOwner : OMI_BaseResource +{ + [Key, Description("NAme of the Azure DevOPS Organization")] String OrganizationName; + [Write, Description("User principal of the organization's owner")] String Owner; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/readme.md new file mode 100644 index 0000000000..1ed3a6aebf --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/readme.md @@ -0,0 +1,6 @@ + +# ADOOrganizationOwner + +## Description + +Configures the owner of an Azure DevOPS organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/settings.json new file mode 100644 index 0000000000..0fedf78523 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "ADOOrganizationOwner", + "description": "Configures the owner of an Azure DevOPS organization.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 new file mode 100644 index 0000000000..1f9df20d61 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 @@ -0,0 +1,597 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter(Mandatory = $true)] + [System.String] + $PrincipalName, + + [Parameter()] + [System.String] + $Descriptor, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('Project', 'Organization')] + [System.String] + $Level, + + [Parameter()] + [System.String[]] + $Members, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + if (-not [System.String]::IsNullOrEmpty($Descriptor)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + } + + if ($null -eq $instance) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + } + } + else + { + $uri = "https://vssps.dev.azure.com/$OrganizationName/_apis/graph/groups?api-version=7.1-preview.1" + $allInstances = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).value + if (-not [System.String]::IsNullOrEmpty($Descriptor)) + { + $instance = $allInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + } + if ($null -eq $instance) + { + $instance = $allInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + } + } + if ($null -eq $instance) + { + return $nullResult + } + + # Level + $LevelValue = 'Project' + if ($instance.domain.StartsWith('vstfs:///Framework/IdentityDomain/')) + { + $LevelValue = 'Organization' + } + + # Membership + $MembersValue = @() + $uri = "https://vsaex.dev.azure.com/$($OrganizationName)/_apis/GroupEntitlements/$($instance.originId)/members?api-version=7.1" + $membership = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).members + + foreach ($member in $membership) + { + $MembersValue += $member.user.principalName + } + + $results = @{ + OrganizationName = $OrganizationName + PrincipalName = $instance.principalName + Description = $instance.description + DisplayName = $instance.displayName + Descriptor = $instance.descriptor + Level = $LevelValue + Id = $instance.originId + Members = $MembersValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter(Mandatory = $true)] + [System.String] + $PrincipalName, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Descriptor, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('Project', 'Organization')] + [System.String] + $Level, + + [Parameter()] + [System.String[]] + $Members, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $newGroup = $null + if ($Level -eq 'Organization') + { + $uri = "https://vssps.dev.azure.com/$OrganizationName/_apis/graph/groups?api-version=7.1-preview.1" + $body = '{"displayName": "' + $DisplayName + '","description": "' + $Description + '"}' + $newGroup = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method POST -Body $body -ContentType 'application/json' + } + elseif ($Level -eq 'Project') + { + $projectName = $PrincipalName.Split(']')[0] + $projectName = $projectName.Substring(1, $projectName.Length -1) + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/projects/$($ProjectName)?api-version=7.1" + $response = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + $projectId = $response.id + + $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/graph/descriptors/$($projectId)?api-version=7.1-preview.1" + $response = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + $scope = $response.value + + $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/graph/groups?scopeDescriptor=$($scope)&api-version=7.1-preview.1" + $body = '{"displayName": "' + $DisplayName + '","description": "' + $Description + '"}' + $newGroup = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method POST -Body $body -ContentType 'application/json' + } + + Write-Host "NEWGROUP::: $($newGroup | fl * | Out-String)" + foreach ($member in $Members) + { + Write-Verbose -Message "Adding Member {$member} to group ${$PrincipalName}" + Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` + -GroupId $newGroup.originId ` + -PrincipalName $member + } + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + if ($Description -ne $currentInstance.Description) + { + Write-Verbose -Message "Updating group {$PrincipalName} description to {$Description}" + $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/graph/groups/$($currentInstance.Descriptor)?api-version=7.1-preview.1" + $body = '[{"op": "replace", "path": "/description", "from": null, "value": "' + $Description + '"}]' + } + + $membershipChanges = Compare-Object -ReferenceObject $currentInstance.Members -DifferenceObject $Members + foreach ($diff in $membershipChanges) + { + if ($diff.SideIndicator -eq '=>') + { + Write-Verbose -Message "Adding Member {$($diff.InputObject)} to group ${$PrincipalName}" + Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` + -GroupId $currentInstance.Id ` + -PrincipalName $diff.InputObject ` + -Method 'PUT' + } + else + { + Write-Verbose -Message "Removing Member {$($diff.InputObject)} to group ${$PrincipalName}" + Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` + -GroupId $currentInstance.Id ` + -PrincipalName $diff.InputObject ` + -Method 'DELETE' + } + } + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing group {$principalName} with Descriptor {$($currentInstance.Descriptor)}" + $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/graph/groups/$($currentInstance.Descriptor)?api-version=7.1-preview.1" + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'DELETE' -ContentType 'application/json' | Out-Null + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter(Mandatory = $true)] + [System.String] + $PrincipalName, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Descriptor, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('Project', 'Organization')] + [System.String] + $Level, + + [Parameter()] + [System.String[]] + $Members, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + $profile = Invoke-M365DSCAzureDevOPSWebRequest -Uri 'https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=5.1' + $accounts = Invoke-M365DSCAzureDevOPSWebRequest -Uri "https://app.vssps.visualstudio.com/_apis/accounts?api-version=7.1-preview.1&memberId=$($profile.id)" + + $i = 1 + $dscContent = '' + if ($accounts.count -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + return '' + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($account in $accounts) + { + $organization = $account.Value.accountName + $uri = "https://vssps.dev.azure.com/$organization/_apis/graph/groups?api-version=7.1-preview.1" + + [array] $Script:exportedInstances = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.principalName + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + OrganizationName = $Organization + PrincipalName = $config.principalName + Descriptor = $config.descriptor + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + if (-not $config.principalName.StartsWith("[TEAM FOUNDATION]")) + { + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + } + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Set-M365DSCADOPermissionGroupMember +{ + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter(Mandatory = $true)] + [System.String] + $GroupId, + + [Parameter(Mandatory = $true)] + [System.String] + $PrincipalName, + + [Parameter()] + [System.String] + $Method = 'Put' + ) + if ($null -eq $Script:allUsers) + { + $uri = "https://vsaex.dev.azure.com/$($OrganizationName)/_apis/userentitlements?api-version=7.2-preview.4" + $Script:allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri + } + $user = $Script:allUsers.items | Where-Object -FilterScript {$_.user.principalName -eq $PrincipalName} + $UserId = $user.id + $uri = "https://vsaex.dev.azure.com/$($OrganizationName)/_apis/GroupEntitlements/$($GroupId)/members/$($UserId)?api-version=5.0-preview.1" + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method $Method | Out-Null +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.schema.mof new file mode 100644 index 0000000000..43ef224474 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.schema.mof @@ -0,0 +1,19 @@ +[ClassVersion("1.0.0.0"), FriendlyName("ADOPermissionGroup")] +class MSFT_ADOPermissionGroup : OMI_BaseResource +{ + [Key, Description("The name of the Azure DevOPS Organization.")] String OrganizationName; + [Key, Description("Principal name to identify the group.")] String PrincipalName; + [Write, Description("Display name for the group.")] String DisplayName; + [Write, Description("Description of the group.")] String Description; + [Write, Description("List of principal names of the members of the group.")] String Members[]; + [Write, Description("Unique identifier for the group.")] String Id; + [Write, Description("Unique descriptor for the group.")] String Descriptor; + [Write, Description("Determines at what level in the hierarchy the group exists. Valid values are Project or Organization."), ValueMap{"Organization", "Project"}, Values{"Organization", "Project"}] String Level; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/readme.md new file mode 100644 index 0000000000..d460ee4d90 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/readme.md @@ -0,0 +1,6 @@ + +# ADOPermissionGroup + +## Description + +Manages Azure DevOPS permission groups. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/settings.json new file mode 100644 index 0000000000..9157b5dcfc --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "ADOPermissionGroup", + "description": "Manages Azure DevOPS permission groups.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 new file mode 100644 index 0000000000..e6c10774cd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 @@ -0,0 +1,534 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.Boolean] + $DisallowAadGuestUserAccess, + + [Parameter()] + [System.Boolean] + $DisallowOAuthAuthentication, + + [Parameter()] + [System.Boolean] + $DisallowSecureShell, + + [Parameter()] + [System.Boolean] + $LogAuditEvents, + + [Parameter()] + [System.Boolean] + $AllowAnonymousAccess, + + [Parameter()] + [System.Boolean] + $ArtifactsExternalPackageProtectionToken, + + [Parameter()] + [System.Boolean] + $EnforceAADConditionalAccess, + + [Parameter()] + [System.Boolean] + $AllowTeamAdminsInvitationsAccessToken, + + [Parameter()] + [System.Boolean] + $AllowRequestAccessToken, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowAadGuestUserAccess?defaultValue" + $DisallowAadGuestUserAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowOAuthAuthentication?defaultValue" + $DisallowOAuthAuthenticationValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowSecureShell?defaultValue" + $DisallowSecureShellValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.LogAuditEvents?defaultValue" + $LogAuditEventsValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowAnonymousAccess?defaultValue" + $AllowAnonymousAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.ArtifactsExternalPackageProtectionToken?defaultValue" + $ArtifactsExternalPackageProtectionTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.EnforceAADConditionalAccess?defaultValue" + $EnforceAADConditionalAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowTeamAdminsInvitationsAccessToken?defaultValue" + $AllowTeamAdminsInvitationsAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowRequestAccessToken?defaultValue" + $AllowRequestAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + + $results = @{ + OrganizationName = $OrganizationName + DisallowAadGuestUserAccess = [Boolean]::Parse($DisallowAadGuestUserAccessValue) + DisallowOAuthAuthentication = [Boolean]::Parse($DisallowOAuthAuthenticationValue) + DisallowSecureShell = [Boolean]::Parse($DisallowSecureShellValue) + LogAuditEvents = [Boolean]::Parse($LogAuditEventsValue) + AllowAnonymousAccess = [Boolean]::Parse($AllowAnonymousAccessValue) + ArtifactsExternalPackageProtectionToken = [Boolean]::Parse($ArtifactsExternalPackageProtectionTokenValue) + EnforceAADConditionalAccess = [Boolean]::Parse($EnforceAADConditionalAccessValue) + AllowTeamAdminsInvitationsAccessToken = [Boolean]::Parse($AllowTeamAdminsInvitationsAccessTokenValue) + AllowRequestAccessToken = [Boolean]::Parse($AllowRequestAccessTokenValue) + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.Boolean] + $DisallowAadGuestUserAccess, + + [Parameter()] + [System.Boolean] + $DisallowOAuthAuthentication, + + [Parameter()] + [System.Boolean] + $DisallowSecureShell, + + [Parameter()] + [System.Boolean] + $LogAuditEvents, + + [Parameter()] + [System.Boolean] + $AllowAnonymousAccess, + + [Parameter()] + [System.Boolean] + $ArtifactsExternalPackageProtectionToken, + + [Parameter()] + [System.Boolean] + $EnforceAADConditionalAccess, + + [Parameter()] + [System.Boolean] + $AllowTeamAdminsInvitationsAccessToken, + + [Parameter()] + [System.Boolean] + $AllowRequestAccessToken, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters | Out-Null + + if ($PSBoundParameters.ContainsKey('DisallowAadGuestUserAccess')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowAadGuestUserAccess?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowAadGuestUserAccess.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating DisallowAadGuestUserAccess policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('DisallowOAuthAuthentication')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowOAuthAuthentication?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowOAuthAuthentication.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating DisallowOAuthAuthentication policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('DisallowSecureShell')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowSecureShell?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowSecureShell.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating DisallowSecureShell policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('LogAuditEvents')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.LogAuditEvents?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($LogAuditEvents.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating LogAuditEvents policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('AllowAnonymousAccess')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowAnonymousAccess?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowAnonymousAccess.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating AllowAnonymousAccess policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('ArtifactsExternalPackageProtectionToken')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.ArtifactsExternalPackageProtectionToken?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($ArtifactsExternalPackageProtectionToken.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating ArtifactsExternalPackageProtectionToken policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('EnforceAADConditionalAccess')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.EnforceAADConditionalAccess?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($EnforceAADConditionalAccess.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating EnforceAADConditionalAccess policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('AllowTeamAdminsInvitationsAccessToken')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowTeamAdminsInvitationsAccessToken?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowTeamAdminsInvitationsAccessToken.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating AllowTeamAdminsInvitationsAccessToken policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } + + if ($PSBoundParameters.ContainsKey('AllowRequestAccessToken')) + { + $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowRequestAccessToken?api-version=5.0-preview" + $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowRequestAccessToken.ToString().ToLower())`"}]" + Write-Verbose -Message "Updating AllowRequestAccessToken policy with values: $($body)" + + Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $OrganizationName, + + [Parameter()] + [System.Boolean] + $DisallowAadGuestUserAccess, + + [Parameter()] + [System.Boolean] + $DisallowOAuthAuthentication, + + [Parameter()] + [System.Boolean] + $DisallowSecureShell, + + [Parameter()] + [System.Boolean] + $LogAuditEvents, + + [Parameter()] + [System.Boolean] + $AllowAnonymousAccess, + + [Parameter()] + [System.Boolean] + $ArtifactsExternalPackageProtectionToken, + + [Parameter()] + [System.Boolean] + $EnforceAADConditionalAccess, + + [Parameter()] + [System.Boolean] + $AllowTeamAdminsInvitationsAccessToken, + + [Parameter()] + [System.Boolean] + $AllowRequestAccessToken, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'AzureDevOPS' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + $profile = Invoke-M365DSCAzureDevOPSWebRequest -Uri 'https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=5.1' + $accounts = Invoke-M365DSCAzureDevOPSWebRequest -Uri "https://app.vssps.visualstudio.com/_apis/accounts?api-version=7.1-preview.1&memberId=$($profile.id)" + + $i = 1 + $dscContent = '' + if ($accounts.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($account in $accounts) + { + $organization = $account.Value.accountName + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $organization + Write-Host " |---[$i/$($accounts.Count)] $displayedKey" -NoNewline + $params = @{ + OrganizationName = $organization + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.schema.mof new file mode 100644 index 0000000000..51e606ca11 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.schema.mof @@ -0,0 +1,20 @@ +[ClassVersion("1.0.0.0"), FriendlyName("ADOSecurityPolicy")] +class MSFT_ADOSecurityPolicy : OMI_BaseResource +{ + [Key, Description("The name of the Azure DevOPS Organization.")] String OrganizationName; + [Write, Description("Controls the external guest access.")] Boolean DisallowAadGuestUserAccess; + [Write, Description("Controls the Third-party application access via OAuth.")] Boolean DisallowOAuthAuthentication; + [Write, Description("Controls SSH Authentication.")] Boolean DisallowSecureShell; + [Write, Description("Controls Log Audit Events.")] Boolean LogAuditEvents; + [Write, Description("Controls the Allow public projects setting.")] Boolean AllowAnonymousAccess; + [Write, Description("Controls the Additional protections when using public package registries setting.")] Boolean ArtifactsExternalPackageProtectionToken; + [Write, Description("Controls the Enable IP Conditional Access policy validation setting.")] Boolean EnforceAADConditionalAccess; + [Write, Description("Controls the Allow team and project administrators to invite new user setting.")] Boolean AllowTeamAdminsInvitationsAccessToken; + [Write, Description("Controls the Request access setting.")] Boolean AllowRequestAccessToken; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/readme.md new file mode 100644 index 0000000000..46a7607129 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/readme.md @@ -0,0 +1,6 @@ + +# ADOSecurityPolicy + +## Description + +Configures Azure DevOPS Security Policies. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/settings.json new file mode 100644 index 0000000000..0a92ea98a7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "ADOSecurityPolicy", + "description": "Configures Azure DevOPS Security Policies.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 new file mode 100644 index 0000000000..d3076e1a9c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 @@ -0,0 +1,395 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($Name)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + } + } + else + { + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = Get-AzSubscription -SubscriptionId $Id + } + elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($Name)) + { + $instance = Get-AzSubscription -SubscriptionName $Name + } + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Name = $instance.Name + Id = $instance.Id + Enabled = $instance.Enabled + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + throw "This resource cannot create new Azure subscriptions." + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + if ($Enabled) + { + Enable-AzSubscription -Id $currentInstance.Id | Out-Null + } + elseif (-not $Enabled) + { + Disable-AzSubscription -Id $currentInstance.Id | Out-Null + } + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + throw "This resource cannot remove Azure subscriptions." + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'Workload' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-AzSubscription -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Id = $config.Id + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.schema.mof new file mode 100644 index 0000000000..3d74c750c9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("AzureSubscription")] +class MSFT_AzureSubscription : OMI_BaseResource +{ + [Key, Description("The display name of the subscription.")] String Name; + [Write, Description("The unique identifier of the subscription.")] String Id; + [Write, Description("Enables or disables the subscription")] Boolean Enabled; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/readme.md new file mode 100644 index 0000000000..3899577f38 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/readme.md @@ -0,0 +1,6 @@ + +# AzureSubscription + +## Description + +This resource controls the properties of an Azure subscription. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/settings.json new file mode 100644 index 0000000000..344c77f592 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "AzureSubscription", + "description": "This resource controls the properties of an Azure subscription.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 new file mode 100644 index 0000000000..13a1b423f4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 @@ -0,0 +1,482 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionName, + + [Parameter(Mandatory = $true)] + [System.String] + $PlanName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [ValidateSet('Free', 'Standard')] + [System.String] + $PricingTier, + + [Parameter()] + [System.String] + $SubPlanName, + + [Parameter()] + [System.String] + $Extensions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + if (-not [System.String]::IsNullOrEmpty($SubscriptionId)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.SubscriptionId -eq $SubscriptionId -and $_.Name -eq $PlanName} + } + elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($SubscriptionName)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.SubscriptionName -eq $SubscriptionName -and $_.Name -eq $PlanName} + } + } + else + { + $subscriptionId = $SubscriptionId + if ([System.String]::IsNullOrEmpty($subscriptionId)) + { + $subscription = Get-AzSubscription -SubscriptionName $SubscriptionName + + if($subscription -ne $null) + { + $subscriptionId = $subscription.Id + } + } + + + if($subscriptionId -ne $null) + { + Set-AzContext -Subscription $subscriptionId -ErrorAction Stop + $instance = Get-AzSecurityPricing -Name $PlanName -ErrorAction Stop + $azContext = Get-AzContext + Add-Member -InputObject $instance -NotePropertyName "SubscriptionName" -NotePropertyValue $azContext.Subscription.Name + Add-Member -InputObject $instance -NotePropertyName "SubscriptionId" -NotePropertyValue $azContext.Subscription.Id + } + + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + SubscriptionId = $instance.SubscriptionId + SubscriptionName = $instance.SubscriptionName + PlanName = $PlanName + PricingTier = $instance.PricingTier + SubPlanName = $instance.SubPlan + Extensions = $instance.Extensions + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionName, + + [Parameter(Mandatory = $true)] + [System.String] + $PlanName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [ValidateSet('Free', 'Standard')] + [System.String] + $PricingTier, + + [Parameter()] + [System.String] + $SubPlanName, + + [Parameter()] + [System.String] + $Extensions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + throw "It's not possible to create Microsoft Defender for Cloud bundles" + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Set-AzContext -Subscription $currentInstance.SubscriptionId -ErrorAction Stop + if($Extensions) + { + Set-AzSecurityPricing -Name $PlanName -PricingTier $PricingTier -SubPlan $SubPlanName -Extension $Extensions -ErrorAction Stop + } + else + { + Set-AzSecurityPricing -Name $PlanName -PricingTier $PricingTier -SubPlan $SubPlanName -ErrorAction Stop + } + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + throw "It's not possible to delete Microsoft Defender for Cloud bundles" + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionName, + + [Parameter(Mandatory = $true)] + [System.String] + $PlanName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [ValidateSet('Free', 'Standard')] + [System.String] + $PricingTier, + + [Parameter()] + [System.String] + $SubPlanName, + + [Parameter()] + [System.String] + $Extensions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-SubscriptionsDefenderPlansFromArg -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + SubscriptionName = $config.SubscriptionName + SubscriptionId = $config.SubscriptionId + PlanName = $config.PlanName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + + +function Get-SubscriptionsDefenderPlansFromArg +{ + try + { + $results = @() + $argQuery=@' +securityresources | where type == "microsoft.security/pricings" | project Id=id, PlanName=name, SubscriptionId=subscriptionId, SubPlan=tostring(properties.subPlan), PricingTier=tostring(properties.pricingTier), Extensions=tostring(properties.extensions) +| join kind=inner (resourcecontainers | where type == "microsoft.resources/subscriptions" | project SubscriptionName = name, SubscriptionId = subscriptionId) on SubscriptionId | project-away SubscriptionId1 +'@ + $queryResult = Search-AzGraph -Query $argQuery -First 1000 -UseTenantScope -ErrorAction Stop + $results += $queryResult.Data + + while($queryResult.SkipToken -ne $null) + { + $queryResult = Search-AzGraph -Query $argQuery -First 1000 -UseTenantScope -SkipToken $queryResult.SkipToken -ErrorAction Stop + $results+=$queryResult.Data + } + + return $results + } + catch + { + throw $_ + } +} + + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.schema.mof new file mode 100644 index 0000000000..5a9df9169a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.schema.mof @@ -0,0 +1,19 @@ +[ClassVersion("1.0.0.0"), FriendlyName("DefenderSubscriptionPlan")] +class MSFT_DefenderSubscriptionPlan : OMI_BaseResource +{ + [Key, Description("The display name of the subscription.")] String SubscriptionName; + [Key, Description("The Defender plan name, for the list all of possible Defender plans refer to Defender for Cloud documentation")] String PlanName; + [Write, Description("The unique identifier of the Azure subscription.")] String SubscriptionId; + [Write, Description("The pricing tier ('Standard' or 'Free')")] String PricingTier; + [Write, Description("The Defender sub plan name, for the list all of possible sub plans refer to Defender for Cloud documentation")] String SubPlanName; + [Write, Description("The extensions offered under the plan, for more information refer to Defender for Cloud documentation")] String Extensions; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; + diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/readme.md new file mode 100644 index 0000000000..915493e159 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/readme.md @@ -0,0 +1,12 @@ + +# DefenderSubscriptionPlan + +## Description + +Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud. +For more information about the available Defender plans, sub plans and plan extensions refer to Defender for Cloud onboarding API documentation. +https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/update?view=rest-defenderforcloud-2024-01-01&tabs=HTTP + + +To have all security features enabled during plan enablement, make sure to assign the required Azure RBAC permissions to the application running this module. +For more information about the required permissions refer to the documentation https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/settings.json new file mode 100644 index 0000000000..d0ccb20829 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "DefenderSubscriptionPlan", + "description": "Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 index d849dc40ff..138293a897 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 @@ -113,9 +113,9 @@ function Get-TargetResource $MakeDefault = $false, [Parameter()] - [ValidateSet('1', '2', '3', '4')] - [System.String] - $PhishThresholdLevel = '1', + [ValidateSet(1, 2, 3, 4)] + [System.Int32] + $PhishThresholdLevel = 1, [Parameter()] [System.String[]] @@ -151,6 +151,16 @@ function Get-TargetResource [System.String] $TargetedUserQuarantineTag, + [Parameter()] + [System.String] + [ValidateSet('MoveToJmf', 'Quarantine')] + $DmarcQuarantineAction, + + [Parameter()] + [System.String] + [ValidateSet('Quarantine', 'Reject')] + $DmarcRejectAction, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -227,7 +237,7 @@ function Get-TargetResource $PhishThresholdLevelValue = $AntiPhishPolicy.PhishThresholdLevel if ([System.String]::IsNullOrEmpty($PhishThresholdLevelValue)) { - $PhishThresholdLevelValue = '1' + $PhishThresholdLevelValue = 1 } $TargetedUserProtectionActionValue = $AntiPhishPolicy.TargetedUserProtectionAction @@ -277,6 +287,8 @@ function Get-TargetResource TargetedUserProtectionAction = $TargetedUserProtectionActionValue TargetedUsersToProtect = $AntiPhishPolicy.TargetedUsersToProtect TargetedUserQuarantineTag = $AntiPhishPolicy.TargetedUserQuarantineTag + DmarcQuarantineAction = $AntiPhishPolicy.DmarcQuarantineAction + DmarcRejectAction = $AntiPhishPolicy.DmarcRejectAction Credential = $Credential Ensure = 'Present' ApplicationId = $ApplicationId @@ -419,9 +431,9 @@ function Set-TargetResource $MakeDefault = $false, [Parameter()] - [ValidateSet('1', '2', '3', '4')] - [System.String] - $PhishThresholdLevel = '1', + [ValidateSet(1, 2, 3, 4)] + [System.Int32] + $PhishThresholdLevel = 1, [Parameter()] [System.String[]] @@ -457,6 +469,16 @@ function Set-TargetResource [System.String] $TargetedUserQuarantineTag, + [Parameter()] + [System.String] + [ValidateSet('MoveToJmf', 'Quarantine')] + $DmarcQuarantineAction, + + [Parameter()] + [System.String] + [ValidateSet('Quarantine', 'Reject')] + $DmarcRejectAction, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -656,9 +678,9 @@ function Test-TargetResource $MakeDefault = $false, [Parameter()] - [ValidateSet('1', '2', '3', '4')] - [System.String] - $PhishThresholdLevel = '1', + [ValidateSet(1, 2, 3, 4)] + [System.Int32] + $PhishThresholdLevel = 1, [Parameter()] [System.String[]] @@ -694,6 +716,16 @@ function Test-TargetResource [System.String] $TargetedUserQuarantineTag, + [Parameter()] + [System.String] + [ValidateSet('MoveToJmf', 'Quarantine')] + $DmarcQuarantineAction, + + [Parameter()] + [System.String] + [ValidateSet('Quarantine', 'Reject')] + $DmarcRejectAction, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof index 42d4410650..9009ba3095 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof @@ -4,7 +4,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Key, Description("The Identity parameter specifies the name of the antiphishing policy that you want to modify.")] String Identity; [Write, Description("Specify if this policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("The AdminDisplayName parameter specifies a description for the policy.")] String AdminDisplayName; - [Write, Description("The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages."), ValueMap{"1","2","3","4"}, Values{"1","2","3","4"}] String PhishThresholdLevel; + [Write, Description("The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages."), ValueMap{"1","2","3","4"}, Values{"1","2","3","4"}] UInt32 PhishThresholdLevel; [Write, Description("The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication."), ValueMap{"MoveToJmf","Quarantine"}, Values{"MoveToJmf","Quarantine"}] String AuthenticationFailAction; [Write, Description("The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedUserProtectionAction; [Write, Description("Specify if this policy should be enabled. Default is $true.")] Boolean Enabled; @@ -36,6 +36,8 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[]; [Write, Description("The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.")] String TargetedUsersToProtect[]; [Write, Description("The TargetedUserQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection.")] String TargetedUserQuarantineTag; + [Write, Description("The DmarcQuarantineAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=quarantine"), ValueMap{"MoveToJmf","Quarantine"}, Values{"MoveToJmf","Quarantine"}] String DmarcQuarantineAction; + [Write, Description("The DmarcRejectAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=reject."), ValueMap{"Quarantine","Reject"}, Values{"Quarantine","Reject"}] String DmarcRejectAction; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 new file mode 100644 index 0000000000..3da9fdc728 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 @@ -0,0 +1,388 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $ArcTrustedSealers, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message 'Getting EXO Arc Settings' + + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + $ArcConfigSettings = Get-ArcConfig -ErrorAction Stop + + $result = @{ + IsSingleInstance = 'Yes' + ArcTrustedSealers = $ArcConfigSettings.ArcTrustedSealers + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } + + Write-Verbose -Message 'Found Arc config settings' + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $ArcTrustedSealers, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message 'Setting configuration of Arc Config' + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $ArcConfigParams = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $ArcConfigParams.Remove('IsSingleInstance') | Out-Null + + if ($Null -ne $ArcConfigParams) + { + Write-Verbose -Message "Setting Arc Config with values: $(Convert-M365DscHashtableToString -Hashtable $ArcConfigParams)" + Set-ArcConfig -Identity Default @ArcConfigParams + + Write-Verbose -Message 'Arc Config updated successfully' + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $ArcTrustedSealers, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Testing configuration of Arc Config settings' + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + + # Need to remove Identity as Get-ArcConfig doesn't return Identity + $ValuesToCheck.Remove('Identity') | Out-Null + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' -InboundParameters $PSBoundParameters -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + + #endregion + try + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $ArcConfigSettings = Get-ArcConfig -ErrorAction Stop + $dscContent = '' + Write-Host "`r`n" -NoNewline + + Write-Host " |---[1/1]" -NoNewline + + $Params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof new file mode 100644 index 0000000000..e773a36adf --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOArcConfig")] +class MSFT_EXOArcConfig : OMI_BaseResource +{ + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Identity which indicates the organization.")] String Identity; + [Write, Description("The domain names of the ARC sealers.")] String ArcTrustedSealers[]; + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; \ No newline at end of file diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/readme.md new file mode 100644 index 0000000000..c1d7d37c14 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/readme.md @@ -0,0 +1,6 @@ + +# EXOArcConfig + +## Description + +This resource manages the list of trusted Authenticated Received Chain (ARC) sealers that are configured in the organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/settings.json new file mode 100644 index 0000000000..3e8c121cd5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOArcConfig", + "description": "This resource manages the list of trusted Authenticated Received Chain (ARC) sealers that are configured in the organization.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Security Admin", + "Security Reader", + "Tenant AllowBlockList Manager", + "Transport Hygiene", + "View-Only Configuration" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 new file mode 100644 index 0000000000..46ffac1760 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 @@ -0,0 +1,534 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String] + $SafeAttachmentPolicy, + + [Parameter()] + [System.String] + $SafeLinksPolicy, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $instance = Get-ATPProtectionPolicyRule -Identity $Identity -ErrorAction Stop + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Identity = $instance.Identity + Ensure = 'Present' + Comments = $instance.Comments + Enabled = $instance.State -eq 'Enabled' + ExceptIfRecipientDomainIs = $instance.ExceptIfRecipientDomainIs + ExceptIfSentTo = $instance.ExceptIfSentTo + ExceptIfSentToMemberOf = $instance.ExceptIfSentToMemberOf + Name = $instance.Name + Priority = $instance.Priority + RecipientDomainIs = $instance.RecipientDomainIs + SafeAttachmentPolicy = $instance.SafeAttachmentPolicy + SafeLinksPolicy = $instance.SafeLinksPolicy + SentTo = $instance.SentTo + SentToMemberOf = $instance.SentToMemberOf + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String] + $SafeAttachmentPolicy, + + [Parameter()] + [System.String] + $SafeLinksPolicy, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $SetParameters.Remove('Identity') | Out-Null + New-ATPProtectionPolicyRule @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + if ($currentInstance.SafeAttachmentPolicy -ne $SetParameters.SafeAttachmentPolicy) + { + throw "SafeAttachmentPolicy cannot be changed after creation" + } + if ($currentInstance.SafeLinksPolicy -ne $SetParameters.SafeLinksPolicy) + { + throw "SafeLinksPolicy cannot be changed after creation" + } + + # Enabled state can only be changed by the Enabled/Disable-ATPProtectionPolicyRule cmdlets + if ($currentInstance.Enabled -ne $setParameters.Enabled) + { + Write-Verbose -Message "Changing Enabled state of the ATPProtectionPolicyRule $($currentInstance.Identity) from $($currentInstance.Enabled) to $($setParameters.Enabled)" + if ($setParameters.Enabled) + { + Enable-ATPProtectionPolicyRule -Identity $currentInstance.Identity + } + else + { + Disable-ATPProtectionPolicyRule -Identity $currentInstance.Identity + } + } + + $SetParameters.Remove("SafeLinksPolicy") | Out-Null + $SetParameters.Remove("SafeAttachmentPolicy") | Out-Null + $SetParameters.Remove("Enabled") | Out-Null + + Set-ATPProtectionPolicyRule @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + ##TODO - Replace by the Remove cmdlet for the resource + Remove-ATPProtectionPolicyRule -Identity $currentInstance.Identity + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String] + $SafeAttachmentPolicy, + + [Parameter()] + [System.String] + $SafeLinksPolicy, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-ATPProtectionPolicyRule -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.schema.mof new file mode 100644 index 0000000000..436b9628c8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.schema.mof @@ -0,0 +1,25 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOAtpProtectionPolicyRule")] +class MSFT_EXOAtpProtectionPolicyRule : OMI_BaseResource +{ + [Key, Description("Identifier for the rule")] String Identity; + [Write, Description("Specifies whether the rule is enabled")] Boolean Enabled; + [Write, Description("Informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.")] String Comments; + [Write, Description("Specifies an exception that looks for recipients with email addresses in the specified domains.")] String ExceptIfRecipientDomainIs[]; + [Write, Description("Specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient")] String ExceptIfSentTo[]; + [Write, Description("Specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.")] String ExceptIfSentToMemberOf[]; + [Write, Description("Unique name for the rule. The maximum length is 64 characters.")] String Name; + [Write, Description("Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.")] UInt32 Priority; + [Write, Description("Specifies a condition that looks for recipients with email addresses in the specified domains.")] String RecipientDomainIs[]; + [Write, Description("Specifies the existing Safe Attachments policy that's associated with the preset security policy.")] String SafeAttachmentPolicy; + [Write, Description("Specifies the existing Safe Links policy that's associated with the preset security policy.")] String SafeLinksPolicy; + [Write, Description("Specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.")] String SentTo[]; + [Write, Description("Specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. ")] String SentToMemberOf[]; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/readme.md new file mode 100644 index 0000000000..5d125b34c4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/readme.md @@ -0,0 +1,6 @@ + +# EXOATPProtectionPolicyRule + +## Description + +Manage ATP Protection policy rules that are associated with Microsoft Defender for Office 365 protections in preset security policies. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/settings.json new file mode 100644 index 0000000000..8ca47640d7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "ResourceName", + "description": "Manage ATP Protection policy rules that are associated with Microsoft Defender for Office 365 protections in preset security policies.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Transport Hygiene", + "Security Admin", + "View-Only Configuration", + "Security Reader" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicy/MSFT_EXOAuthenticationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicy/MSFT_EXOAuthenticationPolicy.psm1 index 741cc99558..4d0cf695a3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicy/MSFT_EXOAuthenticationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicy/MSFT_EXOAuthenticationPolicy.psm1 @@ -329,10 +329,12 @@ function Set-TargetResource Remove-AuthenticationPolicy -Identity $Identity -Confirm:$false } # CASE: Authentication Policy exists and it should, but has different values than the desired one + # Policy cannot be changed so it must be deleted and re-created again elseif ($Ensure -eq 'Present' -and $currentAuthenticationPolicyConfig.Ensure -eq 'Present') { Write-Verbose -Message "Authentication Policy '$($Identity)' exists. Updating settings." - Set-AuthenticationPolicy -Identity $Identity @NewAuthenticationPolicyParams | Out-Null + Remove-AuthenticationPolicy -Identity $Identity -Confirm:$false + New-AuthenticationPolicy -Name $Identity @NewAuthenticationPolicyParams | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.psm1 new file mode 100644 index 0000000000..3c39679718 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.psm1 @@ -0,0 +1,334 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DomainName, + + [Parameter()] + [System.String] + $DnssecFeatureStatus, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.DnssecFeatureStatus = 'Unknown' + + try + { + $instance = Get-DnssecStatusForVerifiedDomain -DomainName $DomainName -ErrorAction Stop + if ('Unknown' -eq $instance.DnssecFeatureStatus.ToString()) + { + return $nullResult + } + + $results = @{ + DomainName = $DomainName + DnssecFeatureStatus = $instance.DnssecFeatureStatus.ToString() + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DomainName, + + [Parameter()] + [System.String] + $DnssecFeatureStatus, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # Enable + if ($DnssecFeatureStatus -eq 'Enabled' -and $currentInstance.DnssecFeatureStatus -eq 'Disabled') + { + Enable-DnssecForVerifiedDomain -DomainName $setParameters.DomainName + } + # Disable + elseif ($DnssecFeatureStatus -eq 'Disabled' -and $currentInstance.DnssecFeatureStatus -eq 'Enabled') + { + Disable-DnssecForVerifiedDomain -DomainName $setParameters.DomainName + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $DomainName, + + [Parameter()] + [System.String] + $DnssecFeatureStatus, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-AcceptedDomain -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + DomainName = $config.DomainName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.schema.mof new file mode 100644 index 0000000000..40def183ce --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/MSFT_EXODnssecForVerifiedDomain.schema.mof @@ -0,0 +1,13 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXODnssecForVerifiedDomain")] +class MSFT_EXODnssecForVerifiedDomain : OMI_BaseResource +{ + [Key, Description("DomainName parameter specifies the accepted domain in the Exchange Online organization where you want to view information about DNSSEC")] String DomainName; + [Write, Description("Status of the DnsSec for the given Domain Name."), ValueMap{"Enabled","Disabled","Unknown"}, Values{"Enabled","Disabled","Unknown"}] string DnssecFeatureStatus; + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/readme.md new file mode 100644 index 0000000000..3ce7d651bb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/readme.md @@ -0,0 +1,6 @@ + +# EXODnssecForVerifiedDomain + +## Description + +DNSSec status for a verified domain. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/settings.json new file mode 100644 index 0000000000..a6aeb81b3a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODnssecForVerifiedDomain/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "EXODnssecForVerifiedDomain", + "description": "This resource configures the DnsSec status for a verified domain.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 new file mode 100644 index 0000000000..dd5a345ee6 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 @@ -0,0 +1,424 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $EnablePriorityAccountProtection, + + [Parameter()] + [System.Boolean] + $IsValid, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $ObjectState, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + Write-Verbose -Message 'Getting EXO Email Tenant Settings' + + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try + { + $EmailTenantSettings = Get-EmailTenantSettings -ErrorAction Stop + + $result = @{ + IsSingleInstance = 'Yes' + Identity = $EmailTenantSettings.Identity + EnablePriorityAccountProtection = $EmailTenantSettings.EnablePriorityAccountProtection + Name = $EmailTenantSettings.Name + IsValid = $EmailTenantSettings.IsValid + ObjectState = $EmailTenantSettings.ObjectState + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } + + Write-Verbose -Message 'Found Email Tenant Settings config ' + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $EnablePriorityAccountProtection, + + [Parameter()] + [System.Boolean] + $IsValid, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $ObjectState, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Setting configuration of Email tenant setings' + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $EmailTenantSettingsParams = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #removing params that cannot be set. + $EmailTenantSettingsParams.Remove('Name') | Out-Null + $EmailTenantSettingsParams.Remove('IsValid') | Out-Null + $EmailTenantSettingsParams.Remove('ObjectState') | Out-Null + $EmailTenantSettingsParams.Remove('IsSingleInstance') | Out-Null + + if ($Null -ne $EmailTenantSettingsParams) + { + Write-Verbose -Message "Setting Email tenant settings with values: $(Convert-M365DscHashtableToString -Hashtable $EmailTenantSettingsParams)" + Set-EmailTenantSettings @EmailTenantSettingsParams + + Write-Verbose -Message 'Email tenant settings updated successfully' + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Yes')] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $EnablePriorityAccountProtection, + + [Parameter()] + [System.Boolean] + $IsValid, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $ObjectState, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Testing configuration of Email tenant settings' + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' -InboundParameters $PSBoundParameters -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + + #endregion + try + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $EmailTenantSettings = Get-EmailTenantSettings -ErrorAction Stop + $dscContent = '' + Write-Host "`r`n" -NoNewline + + Write-Host " |---[1/1] $($EmailTenantSettings.Identity)" -NoNewline + + $Params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.schema.mof new file mode 100644 index 0000000000..3f6bdbbd6e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.schema.mof @@ -0,0 +1,18 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOEmailTenantSettings")] +class MSFT_EXOEmailTenantSettings : OMI_BaseResource +{ + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Identity which indicates the organization name.")] String Identity; + [Write, Description("Specifies whether priority account protection is enabled.")] Boolean EnablePriorityAccountProtection; + [Write, Description("Specifies whether the migration configuration is valid.")] Boolean IsValid; + [Write, Description("Specifies the state of the object.")] String ObjectState; + [Write, Description("Specifies the name of the object.")] String Name; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/readme.md new file mode 100644 index 0000000000..b07d58c77b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/readme.md @@ -0,0 +1,5 @@ +EXOEmailTenantSettings + +## Description + +This resource allows users to manage email tenant settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json new file mode 100644 index 0000000000..a3fb9d4fcf --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOEmailTenantSettings", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Organization Management", + "Security Reader" + ], + "requiredrolegroups": [ + "Organization Management", + "Security Administrator" + ] + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 new file mode 100644 index 0000000000..c424b4364e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 @@ -0,0 +1,353 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.DateTime] + $FocusedInboxOnLastUpdateTime, + + [Parameter()] + [System.Boolean] + $FocusedInboxOn, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $instance = Get-FocusedInbox -Identity $Identity + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Identity = $Identity + FocusedInboxOn = [Boolean]$instance.FocusedInboxOn + FocusedInboxOnLastUpdateTime = [DateTime]$instance.FocusedInboxOnLastUpdateTime + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.DateTime] + $FocusedInboxOnLastUpdateTime, + + [Parameter()] + [System.Boolean] + $FocusedInboxOn, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $SetParameters.Remove("FocusedInboxOnLastUpdateTime") | Out-Null + Set-FocusedInbox @SetParameters +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.DateTime] + $FocusedInboxOnLastUpdateTime, + + [Parameter()] + [System.Boolean] + $FocusedInboxOn, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-Mailbox -ResultSize Unlimited -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.UserPrincipalName + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $displayedKey + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.schema.mof new file mode 100644 index 0000000000..8b3cdaffa9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOFocusedInbox")] +class MSFT_EXOFocusedInbox : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the mailbox that you want to modify.")] String Identity; + [Write, Description("The FocusedInboxOn parameter enables or disables Focused Inbox for the mailbox.")] Boolean FocusedInboxOn; + [Write, Description("Gets the last updated time on focused inbox")] DateTime FocusedInboxOnLastUpdateTime; + [Write, Description("Specify if the AcceptedDomain should exist or not."), ValueMap{"Present"}, Values{"Present"}] String Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md new file mode 100644 index 0000000000..0212dc7bb0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md @@ -0,0 +1,5 @@ + +# EXOFocusedInbox + +## Description +Manage the Focused Inbox configuration for mailboxes in your organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json new file mode 100644 index 0000000000..5421220128 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOFocusedInbox", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Organization Management", + "Recipient Management" + ], + "requiredrolegroups": [ + "Organization Management", + "Help Desk" + ] + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 index cff7f59a8e..5b87fb95ac 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 @@ -29,11 +29,6 @@ function Get-TargetResource [System.Boolean] $MailTipsExternalRecipientsTipsEnabled, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -93,7 +88,6 @@ function Get-TargetResource #endregion $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { @@ -112,7 +106,6 @@ function Get-TargetResource MailTipsLargeAudienceThreshold = $OrgConfig.MailTipsLargeAudienceThreshold MailTipsMailboxSourcedTipsEnabled = $OrgConfig.MailTipsMailboxSourcedTipsEnabled MailTipsExternalRecipientsTipsEnabled = $OrgConfig.MailTipsExternalRecipientsTipsEnabled - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId CertificateThumbprint = $CertificateThumbprint @@ -168,11 +161,6 @@ function Set-TargetResource [System.Boolean] $MailTipsExternalRecipientsTipsEnabled, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -289,11 +277,6 @@ function Test-TargetResource [System.Boolean] $MailTipsExternalRecipientsTipsEnabled, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -353,8 +336,7 @@ function Test-TargetResource 'MailTipsGroupMetricsEnabled', 'MailTipsLargeAudienceThreshold', 'MailTipsMailboxSourcedTipsEnabled', - 'MailTipsExternalRecipientsTipsEnabled', - 'Ensure') + 'MailTipsExternalRecipientsTipsEnabled') Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -462,4 +444,3 @@ function Export-TargetResource } Export-ModuleMember -Function *-TargetResource - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof index 964dbbfd54..424254b37a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof @@ -8,7 +8,6 @@ class MSFT_EXOMailTips : OMI_BaseResource [Write, Description("Specifies what a large audience is.")] UInt32 MailTipsLargeAudienceThreshold; [Write, Description("Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.")] Boolean MailTipsMailboxSourcedTipsEnabled; [Write, Description("Specifies whether MailTips for external recipients are enabled.")] Boolean MailTipsExternalRecipientsTipsEnabled; - [Write, Description("Specifies if this MailTip should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 new file mode 100644 index 0000000000..4e64667fca --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 @@ -0,0 +1,873 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $AgendaMailIntroductionEnabled, + + [Parameter()] + [System.Boolean] + $AutoDeclineWhenBusy, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredLanguage, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredRegion, + + [Parameter()] + [System.String] + $CalendarFeedsRootPageId, + + [Parameter()] + [System.Boolean] + $ConversationalSchedulingEnabled, + + [Parameter()] + [System.Boolean] + $CreateEventsFromEmailAsPrivate, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceLongEventsBy, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceShortEventsBy, + + [Parameter()] + [System.String] + $DefaultOnlineMeetingProvider, + + [Parameter()] + [System.TimeSpan] + $DefaultReminderTime, + + [Parameter()] + [System.Boolean] + $DeleteMeetingRequestOnRespond, + + [Parameter()] + [System.Boolean] + $DiningEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EntertainmentEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EventsFromEmailEnabled, + + [Parameter()] + [System.String] + $FirstWeekOfYear, + + [Parameter()] + [System.Boolean] + $FlightEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $HotelEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $InvoiceEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $LocationDetailsInFreeBusy, + + [Parameter()] + [System.String] + $MailboxLocation, + + [Parameter()] + [System.Boolean] + $OnlineMeetingsByDefaultEnabled, + + [Parameter()] + [System.Boolean] + $PackageDeliveryEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $PreserveDeclinedMeetings, + + [Parameter()] + [System.Boolean] + $RemindersEnabled, + + [Parameter()] + [System.Boolean] + $ReminderSoundEnabled, + + [Parameter()] + [System.Boolean] + $RentalCarEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $ServiceAppointmentEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $ShortenEventScopeDefault, + + [Parameter()] + [System.Boolean] + $ShowWeekNumbers, + + [Parameter()] + [System.String] + $TimeIncrement, + + [Parameter()] + [System.Boolean] + $UseBrightCalendarColorThemeInOwa, + + [Parameter()] + [System.String] + $WeatherEnabled, + + [Parameter()] + [System.Int32] + $WeatherLocationBookmark, + + [Parameter()] + [System.String[]] + $WeatherLocations, + + [Parameter()] + [System.String] + $WeatherUnit, + + [Parameter()] + [System.String] + $WeekStartDay, + + [Parameter()] + [System.String] + $WorkDays, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursEndTime, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursStartTime, + + [Parameter()] + [System.String] + $WorkingHoursTimeZone, + + [Parameter()] + [System.Boolean] + $WorkspaceUserEnabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $config = Get-MailboxCalendarConfiguration -Identity $Identity -ErrorAction Stop + + if ($null -eq $config) + { + return $nullResult + } + + $results = @{ + Ensure = 'Present' + Identity = $Identity + AgendaMailIntroductionEnabled = $config.AgendaMailIntroductionEnabled + AutoDeclineWhenBusy = $config.AutoDeclineWhenBusy + CalendarFeedsPreferredLanguage = $config.CalendarFeedsPreferredLanguage + CalendarFeedsPreferredRegion = $config.CalendarFeedsPreferredRegion + CalendarFeedsRootPageId = $config.CalendarFeedsRootPageId + ConversationalSchedulingEnabled = $config.ConversationalSchedulingEnabled + CreateEventsFromEmailAsPrivate = $config.CreateEventsFromEmailAsPrivate + DefaultMinutesToReduceLongEventsBy = $config.DefaultMinutesToReduceLongEventsBy + DefaultMinutesToReduceShortEventsBy = $config.DefaultMinutesToReduceShortEventsBy + DefaultOnlineMeetingProvider = $config.DefaultOnlineMeetingProvider + DefaultReminderTime = $config.DefaultReminderTime + DeleteMeetingRequestOnRespond = $config.DeleteMeetingRequestOnRespond + DiningEventsFromEmailEnabled = $config.DiningEventsFromEmailEnabled + EntertainmentEventsFromEmailEnabled = $config.EntertainmentEventsFromEmailEnabled + EventsFromEmailEnabled = $config.EventsFromEmailEnabled + FirstWeekOfYear = $config.FirstWeekOfYear + FlightEventsFromEmailEnabled = $config.FlightEventsFromEmailEnabled + HotelEventsFromEmailEnabled = $config.HotelEventsFromEmailEnabled + InvoiceEventsFromEmailEnabled = $config.InvoiceEventsFromEmailEnabled + LocationDetailsInFreeBusy = $config.LocationDetailsInFreeBusy + MailboxLocation = $config.MailboxLocation + OnlineMeetingsByDefaultEnabled = $config.OnlineMeetingsByDefaultEnabled + PackageDeliveryEventsFromEmailEnabled = $config.PackageDeliveryEventsFromEmailEnabled + PreserveDeclinedMeetings = $config.PreserveDeclinedMeetings + RemindersEnabled = $config.RemindersEnabled + ReminderSoundEnabled = $config.ReminderSoundEnabled + RentalCarEventsFromEmailEnabled = $config.RentalCarEventsFromEmailEnabled + ServiceAppointmentEventsFromEmailEnabled = $config.ServiceAppointmentEventsFromEmailEnabled + ShortenEventScopeDefault = $config.ShortenEventScopeDefault + ShowWeekNumbers = $config.ShowWeekNumbers + TimeIncrement = $config.TimeIncrement + UseBrightCalendarColorThemeInOwa = $config.UseBrightCalendarColorThemeInOwa + WeatherEnabled = $config.WeatherEnabled + WeatherLocationBookmark = $config.WeatherLocationBookmark + WeatherLocations = [Array]$config.WeatherLocations + WeatherUnit = $config.WeatherUnit + WeekStartDay = $config.WeekStartDay + WorkDays = $config.WorkDays + WorkingHoursEndTime = $config.WorkingHoursEndTime + WorkingHoursStartTime = $config.WorkingHoursStartTime + WorkingHoursTimeZone = $config.WorkingHoursTimeZone + WorkspaceUserEnabled = $config.WorkspaceUserEnabled + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $AgendaMailIntroductionEnabled, + + [Parameter()] + [System.Boolean] + $AutoDeclineWhenBusy, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredLanguage, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredRegion, + + [Parameter()] + [System.String] + $CalendarFeedsRootPageId, + + [Parameter()] + [System.Boolean] + $ConversationalSchedulingEnabled, + + [Parameter()] + [System.Boolean] + $CreateEventsFromEmailAsPrivate, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceLongEventsBy, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceShortEventsBy, + + [Parameter()] + [System.String] + $DefaultOnlineMeetingProvider, + + [Parameter()] + [System.TimeSpan] + $DefaultReminderTime, + + [Parameter()] + [System.Boolean] + $DeleteMeetingRequestOnRespond, + + [Parameter()] + [System.Boolean] + $DiningEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EntertainmentEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EventsFromEmailEnabled, + + [Parameter()] + [System.String] + $FirstWeekOfYear, + + [Parameter()] + [System.Boolean] + $FlightEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $HotelEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $InvoiceEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $LocationDetailsInFreeBusy, + + [Parameter()] + [System.String] + $MailboxLocation, + + [Parameter()] + [System.Boolean] + $OnlineMeetingsByDefaultEnabled, + + [Parameter()] + [System.Boolean] + $PackageDeliveryEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $PreserveDeclinedMeetings, + + [Parameter()] + [System.Boolean] + $RemindersEnabled, + + [Parameter()] + [System.Boolean] + $ReminderSoundEnabled, + + [Parameter()] + [System.Boolean] + $RentalCarEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $ServiceAppointmentEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $ShortenEventScopeDefault, + + [Parameter()] + [System.Boolean] + $ShowWeekNumbers, + + [Parameter()] + [System.String] + $TimeIncrement, + + [Parameter()] + [System.Boolean] + $UseBrightCalendarColorThemeInOwa, + + [Parameter()] + [System.String] + $WeatherEnabled, + + [Parameter()] + [System.Int32] + $WeatherLocationBookmark, + + [Parameter()] + [System.String[]] + $WeatherLocations, + + [Parameter()] + [System.String] + $WeatherUnit, + + [Parameter()] + [System.String] + $WeekStartDay, + + [Parameter()] + [System.String] + $WorkDays, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursEndTime, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursStartTime, + + [Parameter()] + [System.String] + $WorkingHoursTimeZone, + + [Parameter()] + [System.Boolean] + $WorkspaceUserEnabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + Set-MailboxCalendarConfiguration @SetParameters +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $AgendaMailIntroductionEnabled, + + [Parameter()] + [System.Boolean] + $AutoDeclineWhenBusy, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredLanguage, + + [Parameter()] + [System.String] + $CalendarFeedsPreferredRegion, + + [Parameter()] + [System.String] + $CalendarFeedsRootPageId, + + [Parameter()] + [System.Boolean] + $ConversationalSchedulingEnabled, + + [Parameter()] + [System.Boolean] + $CreateEventsFromEmailAsPrivate, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceLongEventsBy, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceShortEventsBy, + + [Parameter()] + [System.String] + $DefaultOnlineMeetingProvider, + + [Parameter()] + [System.TimeSpan] + $DefaultReminderTime, + + [Parameter()] + [System.Boolean] + $DeleteMeetingRequestOnRespond, + + [Parameter()] + [System.Boolean] + $DiningEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EntertainmentEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EventsFromEmailEnabled, + + [Parameter()] + [System.String] + $FirstWeekOfYear, + + [Parameter()] + [System.Boolean] + $FlightEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $HotelEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $InvoiceEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $LocationDetailsInFreeBusy, + + [Parameter()] + [System.String] + $MailboxLocation, + + [Parameter()] + [System.Boolean] + $OnlineMeetingsByDefaultEnabled, + + [Parameter()] + [System.Boolean] + $PackageDeliveryEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $PreserveDeclinedMeetings, + + [Parameter()] + [System.Boolean] + $RemindersEnabled, + + [Parameter()] + [System.Boolean] + $ReminderSoundEnabled, + + [Parameter()] + [System.Boolean] + $RentalCarEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $ServiceAppointmentEventsFromEmailEnabled, + + [Parameter()] + [System.String] + $ShortenEventScopeDefault, + + [Parameter()] + [System.Boolean] + $ShowWeekNumbers, + + [Parameter()] + [System.String] + $TimeIncrement, + + [Parameter()] + [System.Boolean] + $UseBrightCalendarColorThemeInOwa, + + [Parameter()] + [System.String] + $WeatherEnabled, + + [Parameter()] + [System.Int32] + $WeatherLocationBookmark, + + [Parameter()] + [System.String[]] + $WeatherLocations, + + [Parameter()] + [System.String] + $WeatherUnit, + + [Parameter()] + [System.String] + $WeekStartDay, + + [Parameter()] + [System.String] + $WorkDays, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursEndTime, + + [Parameter()] + [System.TimeSpan] + $WorkingHoursStartTime, + + [Parameter()] + [System.String] + $WorkingHoursTimeZone, + + [Parameter()] + [System.Boolean] + $WorkspaceUserEnabled, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-Mailbox -ResultSize 'Unlimited' -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.UserPrincipalName + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.UserPrincipalName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.schema.mof new file mode 100644 index 0000000000..3a0c7f94d8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.schema.mof @@ -0,0 +1,56 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOMailboxCalendarConfiguration")] +class MSFT_EXOMailboxCalendarConfiguration: OMI_BaseResource +{ + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + + [Key, Description("Specifies the mailbox identity.")] String Identity; + [Write, Description("Enables or disables agenda mail introduction.")] Boolean AgendaMailIntroductionEnabled; + [Write, Description("Automatically declines meeting requests when the user is busy.")] Boolean AutoDeclineWhenBusy; + [Write, Description("Preferred language for calendar feeds.")] String CalendarFeedsPreferredLanguage; + [Write, Description("Preferred region for calendar feeds.")] String CalendarFeedsPreferredRegion; + [Write, Description("Root page ID for calendar feeds.")] String CalendarFeedsRootPageId; + [Write, Description("Enables or disables conversational scheduling.")] Boolean ConversationalSchedulingEnabled; + [Write, Description("Creates events from email as private.")] Boolean CreateEventsFromEmailAsPrivate; + [Write, Description("Default minutes to reduce long events by.")] UInt32 DefaultMinutesToReduceLongEventsBy; + [Write, Description("Default minutes to reduce short events by.")] UInt32 DefaultMinutesToReduceShortEventsBy; + [Write, Description("Default online meeting provider.")] String DefaultOnlineMeetingProvider; + [Write, Description("Default reminder time.")] String DefaultReminderTime; + [Write, Description("Deletes meeting request on respond.")] Boolean DeleteMeetingRequestOnRespond; + [Write, Description("Enables or disables dining events from email.")] Boolean DiningEventsFromEmailEnabled; + [Write, Description("Enables or disables entertainment events from email.")] Boolean EntertainmentEventsFromEmailEnabled; + [Write, Description("Enables or disables events from email.")] Boolean EventsFromEmailEnabled; + [Write, Description("Specifies the first week of the year.")] String FirstWeekOfYear; + [Write, Description("Enables or disables flight events from email.")] Boolean FlightEventsFromEmailEnabled; + [Write, Description("Enables or disables hotel events from email.")] Boolean HotelEventsFromEmailEnabled; + [Write, Description("Enables or disables invoice events from email.")] Boolean InvoiceEventsFromEmailEnabled; + [Write, Description("Specifies location details in free/busy information.")] String LocationDetailsInFreeBusy; + [Write, Description("Specifies the mailbox location.")] String MailboxLocation; + [Write, Description("Enables or disables online meetings by default.")] Boolean OnlineMeetingsByDefaultEnabled; + [Write, Description("Enables or disables package delivery events from email.")] Boolean PackageDeliveryEventsFromEmailEnabled; + [Write, Description("Preserves declined meetings.")] Boolean PreserveDeclinedMeetings; + [Write, Description("Enables or disables reminders.")] Boolean RemindersEnabled; + [Write, Description("Enables or disables reminder sound.")] Boolean ReminderSoundEnabled; + [Write, Description("Enables or disables rental car events from email.")] Boolean RentalCarEventsFromEmailEnabled; + [Write, Description("Enables or disables service appointment events from email.")] Boolean ServiceAppointmentEventsFromEmailEnabled; + [Write, Description("Specifies the default scope for shortening events.")] String ShortenEventScopeDefault; + [Write, Description("Shows or hides week numbers.")] Boolean ShowWeekNumbers; + [Write, Description("Specifies the time increment for calendar events.")] String TimeIncrement; + [Write, Description("Uses a bright calendar color theme in Outlook on the web.")] Boolean UseBrightCalendarColorThemeInOwa; + [Write, Description("Enables or disables weather information.")] String WeatherEnabled; + [Write, Description("Specifies the weather location bookmark.")] UInt32 WeatherLocationBookmark; + [Write, Description("Specifies the weather locations.")] String WeatherLocations[]; + [Write, Description("Specifies the weather unit.")] String WeatherUnit; + [Write, Description("Specifies the start day of the week.")] String WeekStartDay; + [Write, Description("Specifies the work days.")] String WorkDays; + [Write, Description("Specifies the end time of working hours.")] String WorkingHoursEndTime; + [Write, Description("Specifies the start time of working hours.")] String WorkingHoursStartTime; + [Write, Description("Specifies the time zone for working hours.")] String WorkingHoursTimeZone; + [Write, Description("Enables or disables workspace user.")] Boolean WorkspaceUserEnabled; + [Write, Description("Ensures the presence or absence of the configuration.")] String Ensure; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md new file mode 100644 index 0000000000..5f4846dd1e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md @@ -0,0 +1,6 @@ + +# EXOMailboxCalendarConfiguration + +## Description + +This resource allows users to manage mailbox calendar settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json new file mode 100644 index 0000000000..f9832ee223 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOMailboxCalendarConfiguration", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Organization Management", + "Recipient Management" + ], + "requiredrolegroups": [ + "Organization Management", + "Help Desk" + ] + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 new file mode 100644 index 0000000000..21fcb822c9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 @@ -0,0 +1,501 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $UserPermissions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instances = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $instances = Get-MailboxFolderPermission -Identity $Identity -ErrorAction Stop + } + if ($null -eq $instances) + { + return $nullResult + } + + [Array]$permissionsObj = @() + + foreach($mailboxfolderPermission in $instances){ + $currentPermission = @{} + $currentPermission.Add('User', $mailboxFolderPermission.User.ToString()) + $currentPermission.Add('AccessRights', $mailboxFolderPermission.AccessRights) + if($null -ne $mailboxFolderPermission.SharingPermissionFlags) { + $currentPermission.Add('SharingPermissionFlags', $mailboxFolderPermission.SharingPermissionFlags) + } + $permissionsObj += $currentPermission + } + + $results = @{ + Identity = $Identity + UserPermissions = [Array]$permissionsObj + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $UserPermissions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $currentMailboxFolderPermissions = $currentInstance.UserPermissions + + if ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Absent') + { + Write-Verbose -Message "There was some error in fetching the mailbox folder permissions for the folder {$Identity}." + return + } + elseif ($Ensure -eq 'Absent') + { + Write-Verbose -Message "Supplying Ensure = 'Absent' doesn't remove the permissions for the current mailbox folder. Send an array of required permissions instead." + return + } + + # Remove all the current existing pemrissions on this folder. + # Skip removing the default and anonymous permissions, as can't be removed, and should just be directly updated. + foreach($currentUserPermission in $currentMailboxFolderPermissions) { + if($currentUserPermission.User.ToString().ToLower() -ne "default" -and $currentUserPermission.User.ToString().ToLower() -ne "anonymous"){ + Remove-MailboxFolderPermission -Identity $Identity -User $currentUserPermission.User -Confirm:$false + } + } + + # Add the desired state permissions on the mailbox folder + # For Default and anonymous users, as the permissions were not removed, we just need to call set. + foreach($userPermission in $UserPermissions) { + if($userPermission.User.ToString().ToLower() -eq "default" -or $userPermission.User.ToString().ToLower() -eq "anonymous"){ + if ($userPermission.SharingPermissionFlags -eq ""){ + Set-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights + } + else { + Set-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights -SharingPermissionFlags $userPermission.SharingPermissionFlags + } + } + else { + if ($userPermission.SharingPermissionFlags -eq ""){ + Add-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights + } + else { + Add-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights -SharingPermissionFlags $userPermission.SharingPermissionFlags + } + } + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $UserPermissions, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $testTargetResource = $true + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + $testTargetResource = $false + } + else { + $ValuesToCheck.Remove($key) | Out-Null + } + } + } + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams + + if(-not $TestResult) + { + $testTargetResource = $false + } + + Write-Verbose -Message "Test-TargetResource returned $testTargetResource" + + return $testTargetResource +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + # Ensure the cmdlet is available + $cmdletInfo = Get-Command Get-MailboxFolder -ErrorAction SilentlyContinue + + if ($null -eq $cmdletInfo) + { + Write-Host " `r`n$($Global:M365DSCEmojiYellowCircle) The Get-MailboxFolder cmdlet is not avalaible. Service Principals do not have mailboxes." + return '' + } + + [Array]$mailboxFolders = Get-MailboxFolder -Recurse + + if ($mailboxes.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + + $j = 1 + foreach ($mailboxFolder in $mailboxFolders) + { + Write-Host " |---[$j/$($mailboxFolders.count)] $($mailboxFolder.Identity)" -NoNewline + Write-Host "`r`n" -NoNewline + + $Params = @{ + Identity = $mailboxFolder.Identity + UserPermissions = $null + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $MailboxFolderPermissions = Get-TargetResource @Params + + $Result = $MailboxFolderPermissions + $Result = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Result + if ($Result.UserPermissions.Count -gt 0) + { + $Result.UserPermissions = Get-M365DSCEXOUserPermissionsList $Result.UserPermissions + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Result ` + -Credential $Credential + + if ($null -ne $Result.UserPermissions) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'UserPermissions' + } + + $dscContent += $currentDSCBlock + + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + + $j++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Get-M365DSCEXOUserPermissionsList +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = $true)] + [System.Collections.ArrayList] + $Permissions + ) + + $StringContent = '@(' + foreach ($permission in $Permissions) + { + $StringContent += "MSFT_EXOMailboxFolderUserPermission {`r`n" + $StringContent += " User = '" + $permission.User + "'`r`n" + $StringContent += " AccessRights = '" + $permission.AccessRights + "'`r`n" + if($null -ne $permission.SharingPermissionFlags){ + # $StringContent += " SharingPermissionFlags = `$null" + "`r`n" + # } else { + $StringContent += " SharingPermissionFlags = '" + $permission.SharingPermissionFlags + "'`r`n" + } + $StringContent += " }`r`n" + } + $StringContent += ' )' + return $StringContent +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.schema.mof new file mode 100644 index 0000000000..90ba203151 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.schema.mof @@ -0,0 +1,24 @@ +[ClassVersion("1.0.0")] +class MSFT_EXOMailboxFolderUserPermission +{ + [Write, Description("The AccessRights parameter specifies the permissions that you want to add for the user on the mailbox folder.")] String AccessRights[]; + [Write, Description("The User parameter specifies who gets the permissions on the mailbox folder.")] String User; + [Write, Description("The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are: None, Delegate, CanViewPrivateItems")] String SharingPermissionFlags; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("EXOMailboxFolderPermission")] +class MSFT_EXOMailboxFolderPermission : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the target mailbox and folder. The syntax is MailboxID:\\ParentFolder[\\SubFolder]. For the MailboxID you can use any value that uniquely identifies the mailbox.")] String Identity; + [Write, Description("Mailbox Folder Permissions for the current user."),EmbeddedInstance("MSFT_EXOMailboxFolderUserPermission")] String UserPermissions[]; + + [Write, Description("Determines wheter or not the permission should exist on the mailbox."), ValueMap{"Present"}, Values{"Present"}] String Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/readme.md new file mode 100644 index 0000000000..6c2b64a330 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/readme.md @@ -0,0 +1,6 @@ + +# EXOMailboxFolderPermission + +## Description + +Use this resource to add/set/remove mailbox folder permissions for users in your tenant. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json new file mode 100644 index 0000000000..874090d3bc --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOMailboxFolderPermission", + "description": "Use this resource to add/set/remove mailbox folder permissions for users in your tenant.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Organization Management", + "Recipient Management" + ], + "requiredrolegroups": [ + "Organization Management", + "Help Desk" + ] + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 new file mode 100644 index 0000000000..13c1f4be94 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 @@ -0,0 +1,392 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter(Mandatory = $true)] + [System.String] + $User, + + [Parameter()] + [ValidateSet('Block')] + [System.String] + $AccessLevel, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity -and $_.User -eq $User} + } + else + { + $instance = Get-MailboxIRMAccess -Identity $Identity -User $User + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Identity = $Identity + User = $User + AccessLevel = $instance.AccessLevel + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter(Mandatory = $true)] + [System.String] + $User, + + [Parameter()] + [ValidateSet('Block')] + [System.String] + $AccessLevel, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Set-MailboxIRMAccess @setParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + $setParameters.Remove('AccessLevel') | Out-Null + Remove-MailboxIRMAccess @SetParameters + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter(Mandatory = $true)] + [System.String] + $User, + + [Parameter()] + [ValidateSet('Block')] + [System.String] + $AccessLevel, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + [array]$mailboxes = Get-Mailbox -ResultSize 'Unlimited' -ErrorAction Stop + + if ($mailboxes.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + $i = 1 + foreach ($mailbox in $mailboxes) + { + Write-Host " |---[$i/$($mailboxes.Count)] $($mailbox.UserPrincipalName)" -NoNewline + + [Array]$irmAccesses = Get-MailboxIRMAccess -Identity $mailbox.UserPrincipalName + + $j = 1 + Write-Host "`r`n" -NoNewline + foreach ($irmAccess in $irmAccesses) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$j/$($irmAccesses.Count)] $($irmAccess.User)" -NoNewline + Write-Host "`r`n" -NoNewline + $dscIRMAccess = @{ + Identity = $mailbox.UserPrincipalName + User = $irmAccess.User + AccessLevel = $irmAccess.AccessLevel + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + AccessTokens = $AccessTokens + } + + $Result = $dscIRMAccess + $Result = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Result + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Result ` + -Credential $Credential + $dscContent += $currentDSCBlock + + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $j++ + } + + $i++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.schema.mof new file mode 100644 index 0000000000..8dc3e7f108 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOMailboxIRMAccess")] +class MSFT_EXOMailboxIRMAccess : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the mailbox that you want to modify")] String Identity; + [Key, Description("The User parameter specifies the delegate who is blocked from reading IRM-protected messages in the mailbox.")] String User; + [Write, Description("The AccessLevel parameter specifies what delegates can do to IRM-protected messages in the mailbox that's specified by the Identity parameter."), ValueMap{"Block"}, Values{"Block"}] string AccessLevel; + [Write, Description("Present ensures the resource exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/readme.md new file mode 100644 index 0000000000..afc0ca3907 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/readme.md @@ -0,0 +1,6 @@ + +# EXOMailboxIRMAccess + +## Description + +Use this resource to set MailboxIRMAccess settings diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/settings.json new file mode 100644 index 0000000000..df17329583 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOMailboxIRMAccess", + "description": "Use this resource to create block Mailbox IRM access for delegates.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Hygiene Management", + "Compliance Management", + "Organization Management", + "View-Only Organization Management" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 new file mode 100644 index 0000000000..bd19cc11f4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 @@ -0,0 +1,407 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $RecipientRestrictionFilter, + + [Parameter()] + [System.String] + $RecipientRoot, + + [Parameter()] + [System.Boolean] + $Exclusive, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $ManagementScope = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $ManagementScope = Get-ManagementScope -Identity $Identity -ErrorAction Stop + } + if ($null -eq $ManagementScope) + { + return $nullResult + } + + $results = @{ + Identity = $Identity + Name = $ManagementScope.Name + RecipientRestrictionFilter = $ManagementScope.RecipientFilter + RecipientRoot = $ManagementScope.RecipientRoot + Exclusive = $ManagementScope.Exclusive + Ensure = "Present" + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $RecipientRestrictionFilter, + + [Parameter()] + [System.String] + $RecipientRoot, + + [Parameter()] + [System.Boolean] + $Exclusive, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + if ($setParameters.ContainsKey('Identity')) + { + $setParameters.Remove('Identity') | Out-Null + } + New-ManagementScope @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + if ($setParameters.ContainsKey('Exclusive')) + { + $setParameters.Remove('Exclusive') | Out-Null + } + Set-ManagementScope @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-ManagementScope -Identity $Identity + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $RecipientRestrictionFilter, + + [Parameter()] + [System.String] + $RecipientRoot, + + [Parameter()] + [System.Boolean] + $Exclusive, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-ManagementScope -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.schema.mof new file mode 100644 index 0000000000..4fbc6b845d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.schema.mof @@ -0,0 +1,16 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOManagementScope")] +class MSFT_EXOManagementScope : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the name of the management scope to modify.")] String Identity; + [Write, Description("The Name parameter specifies the name of the management scope.")] String Name; + [Write, Description("The RecipientRestrictionFilter parameter uses OPATH filter syntax to specify the recipients that are included in the scope.")] String RecipientRestrictionFilter; + [Write, Description("The RecipientRoot parameter specifies the organizational unit (OU) under which the filter specified with the RecipientRestrictionFilter parameter should be applied.")] String RecipientRoot; + [Write, Description("The Exclusive switch specifies that the role should be an exclusive scope.")] Boolean Exclusive; + [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/readme.md new file mode 100644 index 0000000000..2a43485a5b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/readme.md @@ -0,0 +1,6 @@ + +# EXOManagementScope + +## Description + +Use this resource to create ManagementScopes. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/settings.json new file mode 100644 index 0000000000..09c305555c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOManagementScope", + "description": "Use this resource to create Management Scope.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Hygiene Management", + "Compliance Management", + "Organization Management", + "View-Only Organization Management" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 new file mode 100644 index 0000000000..ee3dc48fbe --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 @@ -0,0 +1,435 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Domains, + + [Parameter()] + [System.String[]] + $SenderIpRanges, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $instance = Get-EXOPhishSimOverrideRule -Identity $Identity + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Identity = $instance.Identity + SenderIpRanges = $instance.SenderIpRanges + Domains = $instance.Domains + Comment = $instance.Comment + Policy = $instance.Policy + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +# Function to compare and modify properties +function ModifyPropertiesForSetCmdlet { + param ( + [Hashtable]$setParameters, + [Hashtable]$currentInstance, + [string]$propertyName + ) + + # Get the arrays + $setArray = $setParameters[$propertyName] + $currentArray = $currentInstance[$propertyName] + + # Compare arrays + $addArray = $setArray | Where-Object { $_ -notin $currentArray } + $removeArray = $currentArray | Where-Object { $_ -notin $setArray } + + # Modify $setParameters + if ($addArray.Count -gt 0) { + $setParameters.Add("Add$propertyName", $addArray) + } + if ($removeArray.Count -gt 0) { + $setParameters.Add("Remove$propertyName", $removeArray) + } + + # Remove the original property + $setParameters.Remove($propertyName) +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Domains, + + [Parameter()] + [System.String[]] + $SenderIpRanges, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $ruleIdentity = $setParameters['Identity'] + $setParameters.Add("Name", $ruleIdentity) + $setParameters.Remove("Identity") + + New-EXOPhishSimOverrideRule @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + # Modify Domains and SenderIpRanges parameters as Set cmdlet for this resource has different parameter names + ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName "Domains" + ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName "SenderIpRanges" + + Set-EXOPhishSimOverrideRule @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-EXOPhishSimOverrideRule -Identity $setParameters['Identity'] + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Domains, + + [Parameter()] + [System.String[]] + $SenderIpRanges, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-EXOPhishSimOverrideRule + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.schema.mof new file mode 100644 index 0000000000..d6b5aa4a56 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.schema.mof @@ -0,0 +1,17 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOPhishSimOverrideRule")] +class MSFT_EXOPhishSimOverrideRule : OMI_BaseResource +{ +[Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + + [Key, Description("The unique identifier (GUID or name) of the override rule. This parameter is mandatory.")] String Identity; + [Write, Description("The domains for the override rule.")] String Domains[]; + [Write, Description("The IP ranges for the override rule.")] String SenderIpRanges[]; + [Write, Description("An optional comment for the override rule.")] String Comment; + [Write, Description("The phishing simulation override policy that's associated with the rule.")] String Policy; + [Write, Description("Ensures the presence or absence of the configuration."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/readme.md new file mode 100644 index 0000000000..b80529a2c8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/readme.md @@ -0,0 +1,7 @@ + +# EXOPhishSimOverrideRule + +## Description + +This resource allows users to manage resource to modify third-party phishing +simulation override rules to bypass Exchange Online Protection filtering. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/settings.json new file mode 100644 index 0000000000..2c02172d8e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "EXOPhishSimOverrideRule", + "description": "Use this resource to manage phish sim override rules.", + "roles": { + "read": [ + "Exchange Admin" + ], + "update": [ + "Exchange Admin" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 new file mode 100644 index 0000000000..fbd6d16c3a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 @@ -0,0 +1,414 @@ + +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $instance = Get-RetentionPolicy -Identity $Identity -ErrorAction Stop + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Ensure = 'Present' + Identity = [System.String]$instance.Identity + IsDefault = [System.Boolean]$instance.IsDefault + IsDefaultArbitrationMailbox = [System.Boolean]$instance.IsDefaultArbitrationMailbox + Name = [System.String]$instance.Name + RetentionId = [System.Guid]$instance.RetentionId + RetentionPolicyTagLinks = [System.String[]]$instance.RetentionPolicyTagLinks + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $setParameters.Remove("Identity") + New-RetentionPolicy @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Set-RetentionPolicy @SetParameters -Force + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-RetentionPolicy -Identity $Identity -Force + } +} + + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-RetentionPolicy -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof new file mode 100644 index 0000000000..06fc8d548a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof @@ -0,0 +1,19 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXORetentionPolicy")] +class MSFT_EXORetentionPolicy : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy.")] String Identity; + [Write, Description("The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch.")] Boolean IsDefault; + [Write, Description("The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch.")] Boolean IsDefaultArbitrationMailbox; + [Write, Description("The Name parameter specifies a unique name for the retention policy.")] String Name; + [Write, Description("The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them.")] String RetentionId; + [Write, Description("The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy.")] String RetentionPolicyTagLinks[]; + + + [Write, Description("Specifies if this report submission rule should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md new file mode 100644 index 0000000000..08cbda5846 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md @@ -0,0 +1,5 @@ +# EXORetentionPolicy + +## Description + +Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json new file mode 100644 index 0000000000..f9832ee223 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOMailboxCalendarConfiguration", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Organization Management", + "Recipient Management" + ], + "requiredrolegroups": [ + "Organization Management", + "Help Desk" + ] + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 new file mode 100644 index 0000000000..a804064c90 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 @@ -0,0 +1,380 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + } + else + { + $instance = Get-EXOSecOpsOverrideRule -Identity $Identity + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Identity = $instance.Identity + Comment = $instance.Comment + Policy = $instance.Policy + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $ruleIdentity = $setParameters['Identity'] + $setParameters.Add("Name", $ruleIdentity) + $setParameters.Remove("Identity") + New-EXOSecOpsOverrideRule @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + $setParameters.Remove("Policy") + Set-EXOSecOpsOverrideRule @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-EXOSecOpsOverrideRule -Identity $Identity + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.String] + $Policy, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-EXOSecOpsOverrideRule + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Comment = $config.Comment + Policy = $config.Policy + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.schema.mof new file mode 100644 index 0000000000..e3212f2c4b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOSecOpsOverrideRule")] +class MSFT_EXOSecOpsOverrideRule : OMI_BaseResource +{ + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + + [Key, Description("The unique identifier (GUID or name) of the override rule. This parameter is mandatory.")] String Identity; + [Write, Description("An optional comment for the override rule.")] String Comment; + [Write, Description("The SecOps simulation override policy that's associated with the rule.")] String Policy; + [Write, Description("Ensures the presence or absence of the configuration."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/readme.md new file mode 100644 index 0000000000..bf657c2c98 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/readme.md @@ -0,0 +1,7 @@ + +# EXOSecOpsOverrideRule + +## Description + +This resource allows users to manage resource to modify SecOps +override rules to bypass Exchange Online Protection filtering. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/settings.json new file mode 100644 index 0000000000..9c0ed5b836 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "EXOSecOpsOverrideRule", + "description": "Use this resource to manage phish sim override rules.", + "roles": { + "read": [ + "Exchange Admin" + ], + "update": [ + "Exchange Admin" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 new file mode 100644 index 0000000000..08fd6b85e3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 @@ -0,0 +1,548 @@ +function Add-ActionParameters +{ + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.String] + $Action, + + [Parameter(Mandatory = $true)] + [System.Collections.Hashtable] + $Parameters + ) + + if ($Action -eq 'Allow') + { + $Parameters.Add('Allow', $true) | Out-Null + } + elseif ($Action -eq 'Block') + { + $Parameters.Add('Block', $true) | Out-Null + } + $Parameters.Remove('Action') | Out-Null +} + +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Allow', 'Block')] + [System.String] + $Action, + + [Parameter(Mandatory = $true)] + [System.String] + $Value, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [ValidateSet('AdvancedDelivery', 'Tenant')] + [System.String] + $ListSubType, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.UInt32] + $RemoveAfter, + + [Parameter()] + [System.String] + $SubmissionID, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + $nullResult.ListType = $ListType + try + { + $getParams = @{ ListType = $ListType; Entry = $Value; } + if ($Action -eq 'Allow') + { + $getParams.Allow = $true + } + elseif ($Action -eq 'Block') + { + $getParams.Block = $true + } + $instance = Get-TenantAllowBlockListItems @getParams -ErrorAction SilentlyContinue + if ($null -eq $instance) + { + return $nullResult + } + + Write-Verbose -Message "Found an instance with Action {$Action}, Value {$Value}, and ListType {$ListType}" + $results = @{ + Action = $Action + Value = $instance.Value + ExpirationDate = $instance.ExpirationDate + ListSubType = $instance.ListSubType + ListType = $ListType + Notes = $instance.Notes + RemoveAfter = $instance.RemoveAfter + SubmissionID = $instance.SubmissionID + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Allow', 'Block')] + [System.String] + $Action, + + [Parameter(Mandatory = $true)] + [System.String] + $Value, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [ValidateSet('AdvancedDelivery', 'Tenant')] + [System.String] + $ListSubType, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.UInt32] + $RemoveAfter, + + [Parameter()] + [System.String] + $SubmissionID, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $CreateParameters = ([Hashtable]$BoundParameters).Clone() + + $CreateParameters.Remove('Verbose') | Out-Null + $CreateParameters.Remove('Value') | Out-Null + $CreateParameters.Add('Entries', @($Value)) | Out-Null + Add-ActionParameters -Action $Action -Parameters $CreateParameters + + $keys = $CreateParameters.Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.GetType().Name -like '*cimInstance*') + { + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.Remove($key) | Out-Null + $CreateParameters.Add($keyName, $keyValue) + } + } + Write-Verbose -Message "Creating {$Value} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" + New-TenantAllowBlockListItems @CreateParameters | Out-Null + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$Value}" + + if ($currentInstance.SubmissionID -ne $SubmissionID) + { + throw "SubmissionID can not be changed" + } + + $UpdateParameters = ([Hashtable]$BoundParameters).Clone() + $UpdateParameters.Remove('Verbose') | Out-Null + $UpdateParameters.Remove('Value') | Out-Null + $UpdateParameters.Remove('SubmissionID') | Out-Null #SubmissionID can not be changed + $UpdateParameters.Add('Entries', @($Value)) | Out-Null + $UpdateParameters.Remove('Action') | Out-Null + + $keys = $UpdateParameters.Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.GetType().Name -like '*cimInstance*') + { + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.Remove($key) | Out-Null + $UpdateParameters.Add($keyName, $keyValue) + } + } + + Set-TenantAllowBlockListItems @UpdateParameters | Out-Null + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$Value}" + Remove-TenantAllowBlockListItems -Entries $currentInstance.Value -ListType $currentInstance.ListType + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Allow', 'Block')] + [System.String] + $Action, + + [Parameter(Mandatory = $true)] + [System.String] + $Value, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [ValidateSet('AdvancedDelivery', 'Tenant')] + [System.String] + $ListSubType, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.Int32] + $RemoveAfter, + + [Parameter()] + [System.String] + $SubmissionID, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$Value}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck.Remove('Entries') | Out-Null + if ($null -ne $ValuesToCheck.ExpirationDate -and $ValuesToCheck.ExpirationDate.Kind -eq 'Local') + { + $ValuesToCheck.ExpirationDate = $ValuesToCheck.ExpirationDate.ToUniversalTime().ToString() + } + + if ($CurrentValues.Ensure -eq 'Absent') + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + $keys = $ValuesToCheck.Keys + foreach ($key in $keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].GetType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].ToString() + } + } + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $ValuesToCheck ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $ListTypes = ("FileHash", "Sender", "Url"); + + [array]$getValues = @() + + foreach ($ListType in $ListTypes) + { + $listValues = Get-TenantAllowBlockListItems -ListType $ListType -ErrorAction Stop + $listValues | ForEach-Object { + $getValues += @{ + Action = $_.Action + Value = $_.Value + ListType = $ListType + } + } + } + + $i = 1 + $dscContent = '' + if ($getValues.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValues) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = "[$($config.Action)] [$($config.ListType)] $($config.Value)" + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValues.Count)] $displayedKey" -NoNewline + $params = @{ + Action = $config.Action + ListType = $config.ListType + Value = $config.Value + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.schema.mof new file mode 100644 index 0000000000..a5cc03a1f6 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.schema.mof @@ -0,0 +1,18 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOTenantAllowBlockListItems")] +class MSFT_EXOTenantAllowBlockListItems : OMI_BaseResource +{ + [Key, Description("The action (allow/block) to take for this list entry"), ValueMap{"Allow","Block"}, Values{"Allow","Block"}] String Action; + [Key, Description("The value that you want to add to the Tenant Allow/Block List based on the ListType parameter value")] String Value; + [Write, Description("The expiration date of the entry in Coordinated Universal Time (UTC)")] DateTime ExpirationDate; + [Write, Description("The subtype for this entry"), ValueMap{"AdvancedDelivery", "Tenant"}, Values{"AdvancedDelivery", "Tenant"}] String ListSubType; + [Key, Description("The type of entry to add."), ValueMap{"FileHash","Sender","Url"}, Values{"FileHash","Sender","Url"}] String ListType; + [Write, Description("Additional information about the object")] String Notes; + [Write, Description("Number of days after the entry is first used for it to removed")] UInt32 RemoveAfter; + [Write, Description("Reserved for internal Microsoft use")] String SubmissionID; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/readme.md new file mode 100644 index 0000000000..ab32bd5a82 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/readme.md @@ -0,0 +1,7 @@ + +# EXOTenantAllowBlockListItems + +## Description + +Use this resource to manage the Exchange Online Tenant Allow/Block List items. + diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/settings.json new file mode 100644 index 0000000000..104a649436 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "EXOTenantAllowBlockListItems", + "description": "This resource configures the tenant allow/block list (TABL) entries", + "roles": { + "read": [ + "Exchange Admin" + ], + "update": [ + "Exchange Admin" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index ee80cfb92b..79cd8949f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -90,11 +90,11 @@ function Get-TargetResource [System.int32] $avgcpuloadfactor, - [Parameter] + [Parameter()] [System.Int32] $archivemaxdepth, - [Parameter] + [Parameter()] [System.Int32] $archivemaxsize, @@ -601,11 +601,11 @@ function Set-TargetResource [System.int32] $avgcpuloadfactor, - [Parameter] + [Parameter()] [System.Int32] $archivemaxdepth, - [Parameter] + [Parameter()] [System.Int32] $archivemaxsize, @@ -1095,11 +1095,11 @@ function Test-TargetResource [System.int32] $avgcpuloadfactor, - [Parameter] + [Parameter()] [System.Int32] $archivemaxdepth, - [Parameter] + [Parameter()] [System.Int32] $archivemaxsize, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index f95e692cab..da964ec534 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof @@ -97,4 +97,5 @@ class MSFT_IntuneAntivirusPolicyWindows10SettingCatalog : OMI_BaseResource [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 new file mode 100644 index 0000000000..bb74801759 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 @@ -0,0 +1,408 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppCategory -MobileAppCategoryId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileAppCategory by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find MobileAppCategory by DisplayName {$DisplayName}." + return $nullResult + } + } + + $results = @{ + Id = $instance.Id + DisplayName = $instance.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceAppManagementMobileAppCategory @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Update-MgBetaDeviceAppManagementMobileAppCategory -MobileAppCategoryId $currentInstance.Id @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceAppManagementMobileAppCategory -MobileAppCategoryId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region Intune params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + #endregion Intune params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileAppCategory -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof new file mode 100644 index 0000000000..676bc98242 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneAppCategory")] +class MSFT_IntuneAppCategory : OMI_BaseResource +{ + [Key, Description("The name of the app category.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/readme.md new file mode 100644 index 0000000000..bf34aa3b26 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/readme.md @@ -0,0 +1,6 @@ + +# IntuneAppCategory + +## Description + +Configures a resource for navigation property for Intune mobile app categories. Default app categories cannot be renamed. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/settings.json new file mode 100644 index 0000000000..cd9e8d4d50 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneAppCategory", + "description": "Configures a resource for navigation property for Intune mobile app categories.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index 94f6a51ff1..3148f18042 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -170,7 +170,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('unspecified', 'unmanaged', 'mdm', 'androidEnterprise')] - [System.String] + [System.String[]] $TargetedAppManagementLevels, [Parameter()] @@ -393,7 +393,7 @@ function Get-TargetResource PinRequiredInsteadOfBiometricTimeout = $myPinRequiredInsteadOfBiometricTimeout AllowedOutboundClipboardSharingExceptionLength = $policy.AllowedOutboundClipboardSharingExceptionLength NotificationRestriction = [String]$policy.NotificationRestriction - TargetedAppManagementLevels = [String]$policy.TargetedAppManagementLevels + TargetedAppManagementLevels = [String[]]$policy.TargetedAppManagementLevels.ToString().Split(',') ExemptedAppProtocols = $exemptedAppProtocolsArray MinimumWipeSdkVersion = $policy.MinimumWipeSdkVersion AllowedIosDeviceModels = $policy.AllowedIosDeviceModels @@ -594,7 +594,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('unspecified', 'unmanaged', 'mdm', 'androidEnterprise')] - [System.String] + [System.String[]] $TargetedAppManagementLevels, [Parameter()] @@ -707,9 +707,10 @@ function Set-TargetResource { Write-Verbose -Message "Creating new iOS App Protection Policy {$DisplayName}" $createParameters = ([Hashtable]$PSBoundParameters).clone() - $createParameters.remove('Identity') - $createParameters.remove('Assignments') - $createParameters.remove('Apps') + $createParameters.Remove('Identity') + $createParameters.Remove('Assignments') + $createParameters.Remove('Apps') + $createParameters.TargetedAppManagementLevels = $createParameters.TargetedAppManagementLevels -join ',' $myApps = Get-IntuneAppProtectionPolicyiOSAppsToHashtable -Parameters $PSBoundParameters $myAssignments = Get-IntuneAppProtectionPolicyiOSAssignmentToHashtable -Parameters $PSBoundParameters @@ -758,9 +759,10 @@ function Set-TargetResource { Write-Verbose -Message "Updating existing iOS App Protection Policy {$DisplayName}" $updateParameters = ([Hashtable]$PSBoundParameters).clone() - $updateParameters.remove('Identity') - $updateParameters.remove('Assignments') - $updateParameters.remove('Apps') + $updateParameters.Remove('Identity') + $updateParameters.Remove('Assignments') + $updateParameters.Remove('Apps') + $updateParameters.TargetedAppManagementLevels = $updateParameters.TargetedAppManagementLevels -join ',' $myApps = Get-IntuneAppProtectionPolicyiOSAppsToHashtable -Parameters $PSBoundParameters $myAssignments = Get-IntuneAppProtectionPolicyiOSAssignmentToHashtable -Parameters $PSBoundParameters @@ -982,7 +984,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('unspecified', 'unmanaged', 'mdm', 'androidEnterprise')] - [System.String] + [System.String[]] $TargetedAppManagementLevels, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof index 58efec471d..1801c4dd5f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof @@ -40,7 +40,7 @@ class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource [Write, Description("Timeout in minutes for an app pin instead of non biometrics passcode .")] String PinRequiredInsteadOfBiometricTimeout; [Write, Description("Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.")] Uint32 AllowedOutboundClipboardSharingExceptionLength; [Write, Description("Specify app notification restriction."), ValueMap{"allow","blockOrganizationalData","block"}, Values{"allow","blockOrganizationalData","block"}] String NotificationRestriction; - [Write, Description("The intended app management levels for this policy."), ValueMap{"unspecified","unmanaged","mdm","androidEnterprise"}, Values{"unspecified","unmanaged","mdm","androidEnterprise"}] String TargetedAppManagementLevels; + [Write, Description("The intended app management levels for this policy."), ValueMap{"unspecified","unmanaged","mdm","androidEnterprise"}, Values{"unspecified","unmanaged","mdm","androidEnterprise"}] String TargetedAppManagementLevels[]; [Write, Description("Require app data to be encrypted."), Values{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}, ValueMap{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}] String AppDataEncryptionType; [Write, Description("Apps in this list will be exempt from the policy and will be able to receive data from managed apps.")] String ExemptedAppProtocols[]; [Write, Description("Versions less than the specified version will block the managed app from accessing company data.")] String MinimumWipeSdkVersion; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 81f4c3aa3b..40d34cd35b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -139,7 +139,7 @@ function Get-TargetResource $DeviceCompliancePolicyScript, [Parameter()] - [System.Array] + [Microsoft.Management.Infrastructure.CimInstance[]] $ValidOperatingSystemBuildRanges, [Parameter()] @@ -214,6 +214,28 @@ function Get-TargetResource return $nullResult } + $complexValidOperatingSystemBuildRanges = @() + foreach ($currentValidOperatingSystemBuildRanges in $devicePolicy.AdditionalProperties.validOperatingSystemBuildRanges) + { + $myValidOperatingSystemBuildRanges = @{} + if ($null -ne $currentValidOperatingSystemBuildRanges.lowestVersion) + { + $myValidOperatingSystemBuildRanges.Add('LowestVersion', $currentValidOperatingSystemBuildRanges.lowestVersion.ToString()) + } + if ($null -ne $currentValidOperatingSystemBuildRanges.highestVersion) + { + $myValidOperatingSystemBuildRanges.Add('HighestVersion', $currentValidOperatingSystemBuildRanges.highestVersion.ToString()) + } + if ($null -ne $currentValidOperatingSystemBuildRanges.description) + { + $myValidOperatingSystemBuildRanges.Add('Description', $currentValidOperatingSystemBuildRanges.description) + } + if ($myValidOperatingSystemBuildRanges.values.Where({$null -ne $_}).Count -gt 0) + { + $complexValidOperatingSystemBuildRanges += $myValidOperatingSystemBuildRanges + } + } + Write-Verbose -Message "Found Windows 10 Device Compliance Policy with displayName {$DisplayName}" $results = @{ DisplayName = $devicePolicy.DisplayName @@ -249,7 +271,7 @@ function Get-TargetResource ConfigurationManagerComplianceRequired = $devicePolicy.AdditionalProperties.configurationManagerComplianceRequired TpmRequired = $devicePolicy.AdditionalProperties.tpmRequired DeviceCompliancePolicyScript = $devicePolicy.AdditionalProperties.deviceCompliancePolicyScript - ValidOperatingSystemBuildRanges = $devicePolicy.AdditionalProperties.validOperatingSystemBuildRanges + ValidOperatingSystemBuildRanges = $complexValidOperatingSystemBuildRanges Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -262,7 +284,7 @@ function Get-TargetResource $returnAssignments = @() $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id - if ($graphAssignments.count -gt 0) + if ($graphAssignments.Count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` -IncludeDeviceFilter:$true ` @@ -425,7 +447,7 @@ function Set-TargetResource $DeviceCompliancePolicyScript, [Parameter()] - [System.Array] + [Microsoft.Management.Infrastructure.CimInstance[]] $ValidOperatingSystemBuildRanges, [Parameter()] @@ -701,7 +723,7 @@ function Test-TargetResource $DeviceCompliancePolicyScript, [Parameter()] - [System.Array] + [Microsoft.Management.Infrastructure.CimInstance[]] $ValidOperatingSystemBuildRanges, [Parameter()] @@ -763,25 +785,36 @@ function Test-TargetResource throw "An error occured in Get-TargetResource, the policy {$displayName} will not be processed. Refer to the event viewer logs for more information." } - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - - $ValuesToCheck = $PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() $testResult = $true if ($CurrentValues.Ensure -ne $Ensure) { $testResult = $false } - #region Assignments - if ($testResult) + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) { - $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.Assignments - $target = $CurrentValues.Assignments - $testResult = Compare-M365DSCIntunePolicyAssignment -Source $source -Target $target - $ValuesToCheck.Remove('Assignments') | Out-Null + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } } - #endregion + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" if ($testResult) { @@ -887,7 +920,7 @@ function Export-TargetResource TenantId = $TenantId ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } $Results = Get-TargetResource @params @@ -899,6 +932,21 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ($null -ne $Results.ValidOperatingSystemBuildRanges) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.ValidOperatingSystemBuildRanges ` + -CIMInstanceName 'MicrosoftGraphOperatingSystemVersionRange' ` + -IsArray + if (-not [string]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.ValidOperatingSystemBuildRanges = $complexTypeStringResult + } + else + { + $Results.Remove('ValidOperatingSystemBuildRanges') | Out-Null + } + } if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCAssignmentsAsString -Params $Results.Assignments @@ -916,6 +964,10 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + if ($Results.ValidOperatingSystemBuildRanges) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ValidOperatingSystemBuildRanges' + } if ($Results.Assignments) { $isCIMArray = $false @@ -974,6 +1026,10 @@ function Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties { $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) $propertyValue = $properties.$property + if ($null -ne $propertyValue -and $propertyValue.GetType().Name -like '*cimInstance*') + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $propertyValue + } $results.Add($propertyName, $propertyValue) } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof index 3dd4d6a55b..ac822b9aa6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof @@ -9,6 +9,14 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphOperatingSystemVersionRange +{ + [Write, Description("The description of this range (e.g. Valid 1702 builds)")] String Description; + [Write, Description("The lowest inclusive version that this range contains.")] String LowestVersion; + [Write, Description("The highest inclusive version that this range contains.")] String HighestVersion; +}; + [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCompliancePolicyWindows10")] class MSFT_IntuneDeviceCompliancePolicyWindows10 : OMI_BaseResource { @@ -46,7 +54,7 @@ class MSFT_IntuneDeviceCompliancePolicyWindows10 : OMI_BaseResource [Write, Description("ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy.")] Boolean ConfigurationManagerComplianceRequired; [Write, Description("TpmRequired of the Windows 10 device compliance policy.")] Boolean TpmRequired; [Write, Description("DeviceCompliancePolicyScript of the Windows 10 device compliance policy.")] String DeviceCompliancePolicyScript; - [Write, Description("ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy.")] String ValidOperatingSystemBuildRanges[]; + [Write, Description("ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy."), EmbeddedInstance("MSFT_MicrosoftGraphOperatingSystemVersionRange")] String ValidOperatingSystemBuildRanges[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 index f99ba0c052..6b55829931 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 @@ -775,7 +775,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -836,6 +840,7 @@ function Export-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 index e9a0626642..1582907087 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 @@ -266,10 +266,7 @@ function Get-TargetResource { $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.DeviceManagementConfigurationPolicy" - } + -ErrorAction SilentlyContinue } } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 new file mode 100644 index 0000000000..5ab2f94e5b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -0,0 +1,1746 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $CRLcheck, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DisableStatefulFtp, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.Int32[]] + $EnablePacketQueue, + + [Parameter()] + [ValidateSet('0', '1', '2', '4', '8')] + [System.Int32[]] + $IPsecExempt, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $OpportunisticallyMatchAuthSetPerKM, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PresharedKeyEncoding, + + [Parameter()] + [ValidateRange(300, 3600)] + [System.Int32] + $SaIdleTime, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $DomainProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_Shielded, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $DomainProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PrivateProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PrivateProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PublicProfile_LogFilePath, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PublicProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformConnection, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformPacketDrop, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $AllowedTlsAuthenticationEndpoints, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $ConfiguredTlsAuthenticationNetworkName, + + [Parameter()] + [ValidateSet('wsl')] + [System.String] + $Target, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $EnableLoopback, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $AllowHostPolicyMerge, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" + + # Retrieve policy specific settings + [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Id ` + -ExpandProperty 'settingDefinitions' ` + -ErrorAction Stop + + $policySettings = @{} + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.Name + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + $results += $policySettings + + $assignmentsValues = Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $assignmentsValues -IncludeDeviceFilter $true + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $CRLcheck, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DisableStatefulFtp, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.Int32[]] + $EnablePacketQueue, + + [Parameter()] + [ValidateSet('0', '1', '2', '4', '8')] + [System.Int32[]] + $IPsecExempt, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $OpportunisticallyMatchAuthSetPerKM, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PresharedKeyEncoding, + + [Parameter()] + [ValidateRange(300, 3600)] + [System.Int32] + $SaIdleTime, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $DomainProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_Shielded, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $DomainProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PrivateProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PrivateProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PublicProfile_LogFilePath, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PublicProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformConnection, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformPacketDrop, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $AllowedTlsAuthenticationEndpoints, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $ConfiguredTlsAuthenticationNetworkName, + + [Parameter()] + [ValidateSet('wsl')] + [System.String] + $Target, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $EnableLoopback, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $AllowHostPolicyMerge, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $templateReferenceId = '6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1' + $platforms = 'windows10' + $technologies = 'mdm,microsoftSense' + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Firewall Policy for Windows10 with Name {$DisplayName}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId + + $createParameters = @{ + Name = $DisplayName + Description = $Description + TemplateReference = @{ templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings + } + + #region resource generator code + $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters + + if ($policy.Id) + { + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Firewall Policy for Windows10 with Id {$($currentInstance.Id)}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId + + Update-IntuneDeviceConfigurationPolicy ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Name $DisplayName ` + -Description $Description ` + -TemplateReferenceId $templateReferenceId ` + -Platforms $platforms ` + -Technologies $technologies ` + -Settings $settings + + #region resource generator code + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Firewall Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $CRLcheck, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DisableStatefulFtp, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.Int32[]] + $EnablePacketQueue, + + [Parameter()] + [ValidateSet('0', '1', '2', '4', '8')] + [System.Int32[]] + $IPsecExempt, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $OpportunisticallyMatchAuthSetPerKM, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PresharedKeyEncoding, + + [Parameter()] + [ValidateRange(300, 3600)] + [System.Int32] + $SaIdleTime, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $DomainProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_Shielded, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $DomainProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $DomainProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PrivateProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PrivateProfile_LogFilePath, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PrivateProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableInboundNotifications, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthModeIpsecSecuredPacketExemption, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_Shielded, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AuthAppsAllowUserPrefMerge, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $PublicProfile_LogFilePath, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableUnicastResponsesToMulticastBroadcast, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_GlobalPortsAllowUserPrefMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogSuccessConnections, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_AllowLocalIpsecPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogDroppedPackets, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_EnableLogIgnoredRules, + + [Parameter()] + [ValidateRange(0, 4294967295)] + [System.Int32] + $PublicProfile_LogMaxFileSize, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $PublicProfile_DisableStealthMode, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformConnection, + + [Parameter()] + [ValidateSet('0', '1', '2', '3')] + [System.String] + $ObjectAccess_AuditFilteringPlatformPacketDrop, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $AllowedTlsAuthenticationEndpoints, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String] + $ConfiguredTlsAuthenticationNetworkName, + + [Parameter()] + [ValidateSet('wsl')] + [System.String] + $Target, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_DomainProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $EnableLoopback, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PublicProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_EnableFirewall, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultOutboundAction, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $HyperVVMSettings_PrivateProfile_DefaultInboundAction, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge, + + [Parameter()] + [ValidateSet('false', 'true')] + [System.String] + $AllowHostPolicyMerge, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + [Hashtable]$ValuesToCheck = @{} + $MyInvocation.MyCommand.Parameters.GetEnumerator() | ForEach-Object { + if ($_.Key -notlike '*Variable' -or $_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction')) + { + if ($null -ne $CurrentValues[$_.Key] -or $null -ne $PSBoundParameters[$_.Key]) + { + $ValuesToCheck.Add($_.Key, $null) + if (-not $PSBoundParameters.ContainsKey($_.Key)) + { + $PSBoundParameters.Add($_.Key, $null) + } + } + } + } + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $targetVariable = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($targetVariable) + + if (-not $testResult) + { + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + $policyTemplateID = "6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1" + [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter $Filter ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { + $_.TemplateReference.TemplateId -eq $policyTemplateID + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + elseif (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.schema.mof new file mode 100644 index 0000000000..9a13fffd22 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.schema.mof @@ -0,0 +1,106 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneFirewallPolicyWindows10")] +class MSFT_IntuneFirewallPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Policy description")] String Description; + [Key, Description("Policy name")] String DisplayName; + [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Certificate revocation list verification (0: Disables CRL checking, 1: Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail., 2: Means that checking is required and that certificate validation fails if any error is encountered during CRL processing)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String CRLcheck; + [Write, Description("Disable Stateful Ftp (false: Stateful FTP enabled, true: Stateful FTP disabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DisableStatefulFtp; + [Write, Description("Enable Packet Queue (0: Indicates that all queuing is to be disabled, 1: Specifies that inbound encrypted packets are to be queued, 2: Specifies that packets are to be queued after decryption is performed for forwarding)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] SInt32 EnablePacketQueue[]; + [Write, Description("IPsec Exceptions (0: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE: No IPsec exemptions., 1: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC: Exempt neighbor discover IPv6 ICMP type-codes from IPsec., 2: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP: Exempt ICMP from IPsec., 4: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC: Exempt router discover IPv6 ICMP type-codes from IPsec., 8: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP: Exempt both IPv4 and IPv6 DHCP traffic from IPsec.)"), ValueMap{"0", "1", "2", "4", "8"}, Values{"0", "1", "2", "4", "8"}] SInt32 IPsecExempt[]; + [Write, Description("Opportunistically Match Auth Set Per KM (false: FALSE, true: TRUE)"), ValueMap{"false", "true"}, Values{"false", "true"}] String OpportunisticallyMatchAuthSetPerKM; + [Write, Description("Preshared Key Encoding (0: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0., 1: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8: Encode the preshared key using UTF-8. This symbolic constant has a value of 1.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PresharedKeyEncoding; + [Write, Description("Security association idle time")] SInt32 SaIdleTime; + [Write, Description("Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_EnableFirewall; + [Write, Description("Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_DisableUnicastResponsesToMulticastBroadcast; + [Write, Description("Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_EnableLogIgnoredRules; + [Write, Description("Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_GlobalPortsAllowUserPrefMerge; + [Write, Description("Default Inbound Action for Domain Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DomainProfile_DefaultInboundAction; + [Write, Description("Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_DisableStealthModeIpsecSecuredPacketExemption; + [Write, Description("Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_AllowLocalPolicyMerge; + [Write, Description("Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_EnableLogSuccessConnections; + [Write, Description("Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_AllowLocalIpsecPolicyMerge; + [Write, Description("Log File Path")] String DomainProfile_LogFilePath; + [Write, Description("Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_DisableStealthMode; + [Write, Description("Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_AuthAppsAllowUserPrefMerge; + [Write, Description("Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_EnableLogDroppedPackets; + [Write, Description("Shielded (false: Shielding Off, true: Shielding On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_Shielded; + [Write, Description("Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DomainProfile_DefaultOutboundAction; + [Write, Description("Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)"), ValueMap{"false", "true"}, Values{"false", "true"}] String DomainProfile_DisableInboundNotifications; + [Write, Description("Log Max File Size")] SInt32 DomainProfile_LogMaxFileSize; + [Write, Description("Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_EnableFirewall; + [Write, Description("Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_AllowLocalIpsecPolicyMerge; + [Write, Description("Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption; + [Write, Description("Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_DisableInboundNotifications; + [Write, Description("Shielded (false: Shielding Off, true: Shielding On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_Shielded; + [Write, Description("Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_AllowLocalPolicyMerge; + [Write, Description("Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PrivateProfile_DefaultOutboundAction; + [Write, Description("Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_AuthAppsAllowUserPrefMerge; + [Write, Description("Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_EnableLogIgnoredRules; + [Write, Description("Log Max File Size")] SInt32 PrivateProfile_LogMaxFileSize; + [Write, Description("Default Inbound Action for Private Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PrivateProfile_DefaultInboundAction; + [Write, Description("Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_DisableUnicastResponsesToMulticastBroadcast; + [Write, Description("Log File Path")] String PrivateProfile_LogFilePath; + [Write, Description("Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_DisableStealthMode; + [Write, Description("Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_EnableLogSuccessConnections; + [Write, Description("Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_GlobalPortsAllowUserPrefMerge; + [Write, Description("Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PrivateProfile_EnableLogDroppedPackets; + [Write, Description("Enable Public Network Firewall (false: Disable Firewall, true: Enable Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_EnableFirewall; + [Write, Description("Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PublicProfile_DefaultOutboundAction; + [Write, Description("Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_DisableInboundNotifications; + [Write, Description("Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_DisableStealthModeIpsecSecuredPacketExemption; + [Write, Description("Shielded (false: Shielding Off, true: Shielding On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_Shielded; + [Write, Description("Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_AllowLocalPolicyMerge; + [Write, Description("Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_AuthAppsAllowUserPrefMerge; + [Write, Description("Log File Path")] String PublicProfile_LogFilePath; + [Write, Description("Default Inbound Action for Public Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PublicProfile_DefaultInboundAction; + [Write, Description("Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_DisableUnicastResponsesToMulticastBroadcast; + [Write, Description("Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_GlobalPortsAllowUserPrefMerge; + [Write, Description("Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_EnableLogSuccessConnections; + [Write, Description("Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_AllowLocalIpsecPolicyMerge; + [Write, Description("Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_EnableLogDroppedPackets; + [Write, Description("Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_EnableLogIgnoredRules; + [Write, Description("Log Max File Size")] SInt32 PublicProfile_LogMaxFileSize; + [Write, Description("Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PublicProfile_DisableStealthMode; + [Write, Description("Object Access Audit Filtering Platform Connection (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditFilteringPlatformConnection; + [Write, Description("Object Access Audit Filtering Platform Packet Drop (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditFilteringPlatformPacketDrop; + [Write, Description("Allowed Tls Authentication Endpoints")] String AllowedTlsAuthenticationEndpoints[]; + [Write, Description("Configured Tls Authentication Network Name")] String ConfiguredTlsAuthenticationNetworkName; + [Write, Description("Hyper-V: Target (wsl: WSL)"), ValueMap{"wsl"}, Values{"wsl"}] String Target; + [Write, Description("Hyper-V: Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_DomainProfile_EnableFirewall; + [Write, Description("Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge; + [Write, Description("Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_DomainProfile_DefaultInboundAction; + [Write, Description("Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_DomainProfile_DefaultOutboundAction; + [Write, Description("Hyper-V: Enable Loopback (false: Disable loopback, true: Enable loopback)"), ValueMap{"false", "true"}, Values{"false", "true"}] String EnableLoopback; + [Write, Description("Hyper-V: Enable Public Network Firewall (false: Disable Hyper-V Firewall, true: Enable Hyper-V Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_PublicProfile_EnableFirewall; + [Write, Description("Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_PublicProfile_DefaultInboundAction; + [Write, Description("Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_PublicProfile_DefaultOutboundAction; + [Write, Description("Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge; + [Write, Description("Hyper-V: Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_PrivateProfile_EnableFirewall; + [Write, Description("Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_PrivateProfile_DefaultOutboundAction; + [Write, Description("Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)"), ValueMap{"0", "1"}, Values{"0", "1"}] String HyperVVMSettings_PrivateProfile_DefaultInboundAction; + [Write, Description("Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge; + [Write, Description("Hyper-V: Allow Host Policy Merge (false: AllowHostPolicyMerge Off, true: AllowHostPolicyMerge On)"), ValueMap{"false", "true"}, Values{"false", "true"}] String AllowHostPolicyMerge; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/readme.md new file mode 100644 index 0000000000..d232a97bef --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneFirewallPolicyWindows10 + +## Description + +Intune Firewall Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json new file mode 100644 index 0000000000..74e36b3081 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneFirewallPolicyWindows10", + "description": "This resource configures an Intune Firewall Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ] + }, + "application": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index ebebc20cb0..1f639783f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -107,24 +107,25 @@ function Get-TargetResource { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($Name)) + if (-not [string]::IsNullOrEmpty($Name)) { $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$Name' and Platforms eq 'windows10'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript {[String]::IsNullOrWhiteSpace($_.TemplateReference.TemplateId)} - if ($getValue.count -gt 1) + -Filter "Name eq '$Name' and Platforms eq 'windows10' and Technologies eq 'mdm' and TemplateReference/TemplateFamily eq 'none'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Count -gt 1) { throw "Error: The displayName {$Name} is not unique in the tenant`r`nEnsure the display Name is unique for this type of resource." } - if (-not [string]::IsNullOrEmpty($getValue.id)) + + if (-not [string]::IsNullOrEmpty($getValue.Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $getValue.id -ExpandProperty 'settings' -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $getValue.Id -ExpandProperty 'settings' -ErrorAction SilentlyContinue } } } #endregion - if ([string]::IsNullOrEmpty($getValue.id)) + if ([string]::IsNullOrEmpty($getValue.Id)) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Name {$Name}" return $nullResult @@ -202,6 +203,11 @@ function Get-TargetResource -TenantId $TenantId ` -Credential $Credential + if ($_.Exception.Message -like "Error: The displayName*") + { + throw $_ + } + return $nullResult } } @@ -304,17 +310,17 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating an Intune Setting Catalog Custom Policy for Windows10 with Name {$DisplayName}" + Write-Verbose -Message "Creating an Intune Setting Catalog Custom Policy for Windows10 with Name {$Name}" $BoundParameters.Remove('Assignments') | Out-Null - $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = ([Hashtable]$BoundParameters).Clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters -KeyMapping $keyToRename $CreateParameters.Remove('Id') | Out-Null - $keys = (([Hashtable]$CreateParameters).clone()).Keys + $keys = (([Hashtable]$CreateParameters).Clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.GetType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } @@ -324,9 +330,9 @@ function Set-TargetResource $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - if ($policy.id) + if ($policy.Id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.Id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/configurationPolicies' } @@ -337,15 +343,15 @@ function Set-TargetResource Write-Verbose -Message "Updating the Intune Setting Catalog Custom Policy for Windows10 with Id {$($currentInstance.Id)}" $BoundParameters.Remove('Assignments') | Out-Null - $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = ([Hashtable]$BoundParameters).Clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters -KeyMapping $keyToRename $UpdateParameters.Remove('Id') | Out-Null - $keys = (([Hashtable]$UpdateParameters).clone()).Keys + $keys = (([Hashtable]$UpdateParameters).Clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.GetType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } @@ -357,7 +363,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId $currentInstance.id ` + -DeviceConfigurationPolicyId $currentInstance.Id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/configurationPolicies' #endregion @@ -462,7 +468,7 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of the Intune Setting Catalog Custom Policy for Windows10 with Id {$Id} and Name {$Name}" $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() if ($CurrentValues.Ensure -ne $Ensure) { @@ -476,13 +482,13 @@ function Test-TargetResource { $source = $PSBoundParameters.$key $target = $CurrentValues.$key - if ($source.getType().Name -like '*CimInstance*') + if ($source.GetType().Name -like '*CimInstance*') { $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if (-Not $testResult) + if (-not $testResult) { $testResult = $false break @@ -491,7 +497,7 @@ function Test-TargetResource } } - $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -567,7 +573,8 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy -Filter $Filter -All ` -ErrorAction Stop | Where-Object -FilterScript { ` $_.Platforms -eq 'windows10' -and - [String]::IsNullOrWhiteSpace($_.TemplateReference.TemplateId) + $_.Technologies -eq 'mdm' -and + $_.TemplateReference.TemplateFamily -eq 'none' } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 new file mode 100644 index 0000000000..fd8834c6c3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 @@ -0,0 +1,449 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $AuthorizedAppIds, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + } + } + else + { + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = Get-MgBetaExternalConnection -ExternalConnectionId $Id -ErrorAction SilentlyContinue + } + if ($null -eq $instance) + { + $instance = Get-MgBetaExternalConnection -Filter "Name eq '$Name'" + } + } + if ($null -eq $instance) + { + return $nullResult + } + + $AuthorizedAppIdsValue = @() + foreach ($app in $instance.Configuration.AuthorizedAppIds) + { + $appInstance = Get-MgApplication -Filter "AppId eq '$app'" -ErrorAction SilentlyContinue + if ($null -ne $appInstance) + { + $AuthorizedAppIdsValue += $appInstance.DisplayName + } + else + { + throw "Could not find referenced application {$app} in the tenant." + } + } + + $results = @{ + Name = $instance.Name + Id = $instance.id + Description = $instance.Description + AuthorizedAppIds = $AuthorizedAppIdsValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $AuthorizedAppIds, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $AuthorizedAppIdsValue = @() + if ($null -ne $AuthorizedAppIds) + { + foreach ($app in $AuthorizedAppIds) + { + $app = Get-MgApplication -Filter "DisplayName eq '$app'" -ErrorAction SilentlyContinue + if ($null -ne $app) + { + $AuthorizedAppIdsValue += $app.AppId + } + else + { + throw "Could not find referenced application {$app} in the tenant." + } + } + } + $body = @{ + id = $Id + name = $Name + description = $Description + configuration = @{ + AuthorizedAppIds = $AuthorizedAppIdsValue + } + } + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new external connection {$Name}" + New-MgBetaExternalConnection -BodyParameter $body + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating new external connection {$Name}" + $body.Remove('Id') | Out-Null + Update-MgBetaExternalConnection -ExternalConnectionId $currentInstance.Id -BodyParameter $body + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing external connection {$Name}" + Remove-MgBetaExternalConnection -ExternalConnectionId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $AuthorizedAppIds, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaExternalConnection -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Id = $config.Id + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.schema.mof new file mode 100644 index 0000000000..b3f888c603 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("O365ExternalConnection")] +class MSFT_O365ExternalConnection : OMI_BaseResource +{ + [Key, Description("The name of the external connector.")] String Name; + [Write, Description("The unique identifier of the external connector.")] String Id; + [Write, Description("The description of the external connector.")] String Description; + [Write, Description("A collection of application IDs for registered Microsoft Entra apps that are allowed to manage the externalConnection and to index content in the externalConnection.")] String AuthorizedAppIds[]; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/readme.md new file mode 100644 index 0000000000..f7509cc64a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/readme.md @@ -0,0 +1,6 @@ + +# O365ExternalConnection + +## Description + +Configures external connectors in Microsoft 365. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/settings.json new file mode 100644 index 0000000000..72e0ff2579 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/settings.json @@ -0,0 +1,31 @@ +{ + "resourceName": "O365ExternalConnection", + "description": "Configures external connectors in Microsoft 365.", + "roles": {}, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + "name": "Application.Read.All" + }, + { + "name": "ExternalConnection.Read.All" + } + ], + "update": [ + { + "name": "Application.Read.All" + }, + { + "name": "ExternalConnection.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index edabc166c2..22ef5eca5a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -631,9 +631,9 @@ function Set-TargetResource $CurrentRule = Get-TargetResource @PSBoundParameters - $HeaderMatchesPatternsValue = @{} if ($null -ne $HeaderMatchesPatterns -and $null -ne $HeaderMatchesPatterns.Name) { + $HeaderMatchesPatternsValue = @{} $HeaderMatchesPatternsValue.Add($HeaderMatchesPatterns.Name, $HeaderMatchesPatterns.Values) } if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentRule.Ensure)) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 58cd3a9831..053cd48070 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -407,7 +407,7 @@ function Get-TargetResource { $ruleobject.Condition.SubConditions[$index].Value = $ruleobject.Condition.SubConditions[$index].Value | Select-Object * -ExcludeProperty Id } - else + elseif ($null -ne $ruleObject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes) { $ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes = @($ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes | Select-Object * -ExcludeProperty Id) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 new file mode 100644 index 0000000000..834c470d45 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 @@ -0,0 +1,1073 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowJailbroken, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $policyObj = Get-DeviceConditionalAccessPolicy | Where-Object -FilterScript {$_.Name -eq $Policy} + if ($null -ne $policyObj) + { + Write-Verbose -Message "Found policy object {$Policy}" + if ($null -ne $Script:exportedInstances -and $Script:ExportMode -and $null) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + } + else + { + $instance = Get-DeviceConditionalAccessRule | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + } + } + if ($null -eq $instance) + { + return $nullResult + } + + $groupNames = @() + foreach ($group in $instance.TargetGroups) + { + $groupValue = '' + $entry = Get-MgGroup -GroupId $group.Guid -ErrorAction SilentlyContinue + if ($null -eq $entry) + { + $entry = Get-MgUser -UserId $group.Guid -ErrorAction SilentlyContinue + $groupValue = $entry.UserPrincipalName + } + else + { + $groupValue = $entry.DisplayName + } + + if ($null -eq $entry) + { + Write-Error -Message "Could not find group or user identified with id {$group}" + } + else + { + $groupNames += $groupValue + } + } + + $results = @{ + Name = $instance.Name + Policy = $policyObj.Name + TargetGroups = $groupNames + AccountName = $instance.AccountName + AccountUserName = $instance.AccountUserName + AllowAppStore = $instance.AllowAppStore + AllowAssistantWhileLocked = $instance.AllowAssistantWhileLocked + AllowConvenienceLogon = $instance.AllowConvenienceLogon + AllowDiagnosticSubmission = $instance.AllowDiagnosticSubmission + AllowiCloudBackup = $instance.AllowiCloudBackup + AllowiCloudDocSync = $instance.AllowiCloudDocSync + AllowiCloudPhotoSync = $instance.AllowiCloudPhotoSync + AllowJailbroken = $instance.AllowJailbroken + AllowPassbookWhileLocked = $instance.AllowPassbookWhileLocked + AllowScreenshot = $instance.AllowScreenshot + AllowSimplePassword = $instance.AllowSimplePassword + AllowVideoConferencing = $instance.AllowVideoConferencing + AllowVoiceAssistant = $instance.AllowVoiceAssistant + AllowVoiceDialing = $instance.AllowVoiceDialing + AntiVirusSignatureStatus = $instance.AntiVirusSignatureStatus + AntiVirusStatus = $instance.AntiVirusStatus + AppsRating = $instance.AppsRating + AutoUpdateStatus = $instance.AutoUpdateStatus + BluetoothEnabled = $instance.BluetoothEnabled + CameraEnabled = $instance.CameraEnabled + EmailAddress = $instance.EmailAddress + EnableRemovableStorage = $instance.EnableRemovableStorage + ExchangeActiveSyncHost = $instance.ExchangeActiveSyncHost + FirewallStatus = $instance.FirewallStatus + ForceAppStorePassword = $instance.ForceAppStorePassword + ForceEncryptedBackup = $instance.ForceEncryptedBackup + MaxPasswordAttemptsBeforeWipe = $instance.MaxPasswordAttemptsBeforeWipe + MaxPasswordGracePeriod = $instance.MaxPasswordGracePeriod + MoviesRating = $instance.MoviesRating + PasswordComplexity = $instance.PasswordComplexity + PasswordExpirationDays = $instance.PasswordExpirationDays + PasswordHistoryCount = $instance.PasswordHistoryCount + PasswordMinComplexChars = $instance.PasswordMinComplexChars + PasswordMinimumLength = $instance.PasswordMinimumLength + PasswordQuality = $instance.PasswordQuality + PasswordRequired = $instance.PasswordRequired + PasswordTimeout = $instance.PasswordTimeout + PhoneMemoryEncrypted = $instance.PhoneMemoryEncrypted + RegionRatings = $instance.RegionRatings + RequireEmailProfile = $instance.RequireEmailProfile + SmartScreenEnabled = $instance.SmartScreenEnabled + SystemSecurityTLS = $instance.SystemSecurityTLS + TVShowsRating = $instance.TVShowsRating + UserAccountControlStatus = $instance.UserAccountControlStatus + WLANEnabled = $instance.WLANEnabled + WorkFoldersSyncUrl = $instance.WorkFoldersSyncUrl + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowJailbroken, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Remove('Name') | Out-Null + + if ($Ensure -eq 'Present' -and $null -ne $TargetGroups) + { + $targetGroupsValue = @() + foreach ($group in $TargetGroups) + { + $groupValue = '' + $entry = Get-MgGroup -Filter "DisplayName eq '$group'" -ErrorAction SilentlyContinue + if ($null -eq $entry) + { + $entry = Get-MgUser -UserId $group -ErrorAction SilentlyContinue + $groupValue = $entry.Id + } + else + { + $groupValue = $entry.Id + } + + if ($null -eq $entry) + { + Write-Error -Message "Could not find group or user identified with id {$group}" + } + else + { + $targetGroupsValue += $groupValue + } + } + $setParameters.TargetGroups = $targetGroupsValue + } + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new device conditional access rule {$Name}" + New-DeviceConditionalAccessRule @setParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + $setParameters.Remove('Policy') | Out-Null + $setParameters.Add('Identity', $currentInstance.Name) + Write-Verbose -Message "Updating device conditional access rule {$Name}" + Set-DeviceConditionalAccessRule @setParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing device conditional access rule {$Name}" + Remove-DeviceConditionalAccessRule -Identity $currentInstance.Name -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowJailbroken, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck.Remove('Name') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-DeviceConditionalAccessRule -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Policy = $config.Name.Split('{')[0] + TargetGroups = $config.TargetGroups + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.schema.mof new file mode 100644 index 0000000000..d70e8d9b12 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.schema.mof @@ -0,0 +1,63 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SCDeviceConditionalAccessRule")] +class MSFT_SCDeviceConditionalAccessRule : OMI_BaseResource +{ + [Key, Description("Name for the rule.")] String Name; + [Write, Description("Name of the associated policy.")] String Policy; + [Write, Description("The display names of the graoups targeted by the policy.")] String TargetGroups[]; + [Write, Description("The AccountName parameter specifies the account name.")] String AccountName; + [Write, Description("The AccountUserName parameter specifies the account user name.")] String AccountUserName; + [Write, Description("The AllowAppStore parameter specifies whether to allow access to the app store on devices.")] Boolean AllowAppStore; + [Write, Description("The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.")] Boolean AllowAssistantWhileLocked; + [Write, Description("The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.")] Boolean AllowConvenienceLogon; + [Write, Description("The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.")] Boolean AllowDiagnosticSubmission; + [Write, Description("The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.")] Boolean AllowiCloudBackup; + [Write, Description("The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.")] Boolean AllowiCloudDocSync; + [Write, Description("The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.")] Boolean AllowiCloudPhotoSync; + [Write, Description("The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted devices.")] Boolean AllowJailbroken; + [Write, Description("The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.")] Boolean AllowPassbookWhileLocked; + [Write, Description("The AllowScreenshot parameter specifies whether to allow screenshots on devices.")] Boolean AllowScreenshot; + [Write, Description("The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.")] Boolean AllowSimplePassword; + [Write, Description("The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ")] Boolean AllowVideoConferencing; + [Write, Description("The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.")] Boolean AllowVoiceAssistant; + [Write, Description("The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.")] Boolean AllowVoiceDialing; + [Write, Description("The AntiVirusSignatureStatus parameter specifies the antivirus signature status.")] UInt32 AntiVirusSignatureStatus; + [Write, Description("The AntiVirusStatus parameter specifies the antivirus status.")] UInt32 AntiVirusStatus; + [Write, Description("The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.")] String AppsRating; + [Write, Description("The AutoUpdateStatus parameter specifies the update settings for devices.")] String AutoUpdateStatus; + [Write, Description("The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.")] Boolean BluetoothEnabled; + [Write, Description("The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.")] Boolean CameraEnabled; + [Write, Description("The EmailAddress parameter specifies the email address.")] String EmailAddress; + [Write, Description("The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.")] Boolean EnableRemovableStorage; + [Write, Description("The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.")] String ExchangeActiveSyncHost; + [Write, Description("The FirewallStatus parameter specifies the acceptable firewall status values on devices.")] Boolean FirewallStatus; + [Write, Description("The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.")] Boolean ForceAppStorePassword; + [Write, Description("The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.")] Boolean ForceEncryptedBackup; + [Write, Description("The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.")] UInt32 MaxPasswordAttemptsBeforeWipe; + [Write, Description("The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.")] UInt32 MaxPasswordGracePeriod; + [Write, Description("The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.")] String MoviesRating; + [Write, Description("The PasswordComplexity parameter specifies the password complexity.")] UInt32 PasswordComplexity; + [Write, Description("The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.")] UInt32 PasswordExpirationDays; + [Write, Description("The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.")] UInt32 PasswordHistoryCount; + [Write, Description("The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.")] UInt32 PasswordMinComplexChars; + [Write, Description("The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.")] UInt32 PasswordMinimumLength; + [Write, Description("The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.")] UInt32 PasswordQuality; + [Write, Description("The PasswordRequired parameter specifies whether a password is required to access devices.")] Boolean PasswordRequired; + [Write, Description("The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.")] String PasswordTimeout; + [Write, Description("The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.")] Boolean PhoneMemoryEncrypted; + [Write, Description("The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.")] String RegionRatings; + [Write, Description("The RequireEmailProfile parameter specifies whether an email profile is required on devices.")] Boolean RequireEmailProfile; + [Write, Description("The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.")] Boolean SmartScreenEnabled; + [Write, Description("The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.")] Boolean SystemSecurityTLS; + [Write, Description("The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.")] String TVShowsRating; + [Write, Description("The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.")] String UserAccountControlStatus; + [Write, Description("The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.")] Boolean WLANEnabled; + [Write, Description("The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.")] String WorkFoldersSyncUrl; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent", "Present"}, Values{"Absent", "Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/readme.md new file mode 100644 index 0000000000..a6bdf75fdf --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/readme.md @@ -0,0 +1,6 @@ + +# SCDeviceConditionalAccessRule + +## Description + +Manages Purview Device Conditional Access rules. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/settings.json new file mode 100644 index 0000000000..dc19088d20 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/settings.json @@ -0,0 +1,28 @@ +{ + "resourceName": "SCDeviceConditionalAccessRule", + "description": "Manages Purview Device Conditional Access rules.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 new file mode 100644 index 0000000000..97f1c316ad --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 @@ -0,0 +1,1060 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $policyObj = Get-DeviceConfigurationPolicy | Where-Object -FilterScript {$_.Name -eq $Policy} + if ($null -ne $policyObj) + { + Write-Verbose -Message "Found policy object {$Policy}" + if ($null -ne $Script:exportedInstances -and $Script:ExportMode -and $null) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + } + else + { + $instance = Get-DeviceConfigurationRule | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + } + } + if ($null -eq $instance) + { + return $nullResult + } + + $groupNames = @() + foreach ($group in $instance.TargetGroups) + { + $groupValue = '' + $entry = Get-MgGroup -GroupId $group.Guid -ErrorAction SilentlyContinue + if ($null -eq $entry) + { + $entry = Get-MgUser -UserId $group.Guid -ErrorAction SilentlyContinue + $groupValue = $entry.UserPrincipalName + } + else + { + $groupValue = $entry.DisplayName + } + + if ($null -eq $entry) + { + Write-Error -Message "Could not find group or user identified with id {$group}" + } + else + { + $groupNames += $groupValue + } + } + + $results = @{ + Name = $instance.Name + Policy = $policyObj.Name + TargetGroups = $groupNames + AccountName = $instance.AccountName + AccountUserName = $instance.AccountUserName + AllowAppStore = $instance.AllowAppStore + AllowAssistantWhileLocked = $instance.AllowAssistantWhileLocked + AllowConvenienceLogon = $instance.AllowConvenienceLogon + AllowDiagnosticSubmission = $instance.AllowDiagnosticSubmission + AllowiCloudBackup = $instance.AllowiCloudBackup + AllowiCloudDocSync = $instance.AllowiCloudDocSync + AllowiCloudPhotoSync = $instance.AllowiCloudPhotoSync + AllowPassbookWhileLocked = $instance.AllowPassbookWhileLocked + AllowScreenshot = $instance.AllowScreenshot + AllowSimplePassword = $instance.AllowSimplePassword + AllowVideoConferencing = $instance.AllowVideoConferencing + AllowVoiceAssistant = $instance.AllowVoiceAssistant + AllowVoiceDialing = $instance.AllowVoiceDialing + AntiVirusSignatureStatus = $instance.AntiVirusSignatureStatus + AntiVirusStatus = $instance.AntiVirusStatus + AppsRating = $instance.AppsRating + AutoUpdateStatus = $instance.AutoUpdateStatus + BluetoothEnabled = $instance.BluetoothEnabled + CameraEnabled = $instance.CameraEnabled + EmailAddress = $instance.EmailAddress + EnableRemovableStorage = $instance.EnableRemovableStorage + ExchangeActiveSyncHost = $instance.ExchangeActiveSyncHost + FirewallStatus = $instance.FirewallStatus + ForceAppStorePassword = $instance.ForceAppStorePassword + ForceEncryptedBackup = $instance.ForceEncryptedBackup + MaxPasswordAttemptsBeforeWipe = $instance.MaxPasswordAttemptsBeforeWipe + MaxPasswordGracePeriod = $instance.MaxPasswordGracePeriod + MoviesRating = $instance.MoviesRating + PasswordComplexity = $instance.PasswordComplexity + PasswordExpirationDays = $instance.PasswordExpirationDays + PasswordHistoryCount = $instance.PasswordHistoryCount + PasswordMinComplexChars = $instance.PasswordMinComplexChars + PasswordMinimumLength = $instance.PasswordMinimumLength + PasswordQuality = $instance.PasswordQuality + PasswordRequired = $instance.PasswordRequired + PasswordTimeout = $instance.PasswordTimeout + PhoneMemoryEncrypted = $instance.PhoneMemoryEncrypted + RegionRatings = $instance.RegionRatings + RequireEmailProfile = $instance.RequireEmailProfile + SmartScreenEnabled = $instance.SmartScreenEnabled + SystemSecurityTLS = $instance.SystemSecurityTLS + TVShowsRating = $instance.TVShowsRating + UserAccountControlStatus = $instance.UserAccountControlStatus + WLANEnabled = $instance.WLANEnabled + WorkFoldersSyncUrl = $instance.WorkFoldersSyncUrl + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Remove('Name') | Out-Null + + if ($Ensure -eq 'Present' -and $null -ne $TargetGroups) + { + $targetGroupsValue = @() + foreach ($group in $TargetGroups) + { + $groupValue = '' + $entry = Get-MgGroup -Filter "DisplayName eq '$group'" -ErrorAction SilentlyContinue + if ($null -eq $entry) + { + $entry = Get-MgUser -UserId $group -ErrorAction SilentlyContinue + $groupValue = $entry.Id + } + else + { + $groupValue = $entry.Id + } + + if ($null -eq $entry) + { + Write-Error -Message "Could not find group or user identified with id {$group}" + } + else + { + $targetGroupsValue += $groupValue + } + } + $setParameters.TargetGroups = $targetGroupsValue + } + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new device configuration rule {$Name}" + New-DeviceConfigurationRule @setParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + $setParameters.Remove('Policy') | Out-Null + $setParameters.Add('Identity', $currentInstance.Name) + Write-Verbose -Message "Updating device configuration rule {$Name}" + Set-DeviceConfigurationRule @setParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing device configuration rule {$Name}" + Remove-DeviceConfigurationRule -Identity $currentInstance.Name -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $Policy, + + [Parameter(Mandatory = $true)] + [System.String[]] + $TargetGroups, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.String] + $AccountUserName, + + [Parameter()] + [System.Boolean] + $AllowAppStore, + + [Parameter()] + [System.Boolean] + $AllowAssistantWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowConvenienceLogon, + + [Parameter()] + [System.Boolean] + $AllowDiagnosticSubmission, + + [Parameter()] + [System.Boolean] + $AllowiCloudBackup, + + [Parameter()] + [System.Boolean] + $AllowiCloudDocSync, + + [Parameter()] + [System.Boolean] + $AllowiCloudPhotoSync, + + [Parameter()] + [System.Boolean] + $AllowPassbookWhileLocked, + + [Parameter()] + [System.Boolean] + $AllowScreenshot, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowVideoConferencing, + + [Parameter()] + [System.Boolean] + $AllowVoiceAssistant, + + [Parameter()] + [System.Boolean] + $AllowVoiceDialing, + + [Parameter()] + [System.UInt32] + $AntiVirusSignatureStatus, + + [Parameter()] + [System.UInt32] + $AntiVirusStatus, + + [Parameter()] + [System.String] + $AppsRating, + + [Parameter()] + [System.String] + $AutoUpdateStatus, + + [Parameter()] + [System.Boolean] + $BluetoothEnabled, + + [Parameter()] + [System.Boolean] + $CameraEnabled, + + [Parameter()] + [System.String] + $EmailAddress, + + [Parameter()] + [System.Boolean] + $EnableRemovableStorage, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, + + [Parameter()] + [System.Boolean] + $FirewallStatus, + + [Parameter()] + [System.Boolean] + $ForceAppStorePassword, + + [Parameter()] + [System.Boolean] + $ForceEncryptedBackup, + + [Parameter()] + [System.UInt32] + $MaxPasswordAttemptsBeforeWipe, + + [Parameter()] + [System.UInt32] + $MaxPasswordGracePeriod, + + [Parameter()] + [System.String] + $MoviesRating, + + [Parameter()] + [System.UInt32] + $PasswordComplexity, + + [Parameter()] + [System.UInt32] + $PasswordExpirationDays, + + [Parameter()] + [System.UInt32] + $PasswordHistoryCount, + + [Parameter()] + [System.UInt32] + $PasswordMinComplexChars, + + [Parameter()] + [System.UInt32] + $PasswordMinimumLength, + + [Parameter()] + [System.UInt32] + $PasswordQuality, + + [Parameter()] + [System.Boolean] + $PasswordRequired, + + [Parameter()] + [System.String] + $PasswordTimeout, + + [Parameter()] + [System.Boolean] + $PhoneMemoryEncrypted, + + [Parameter()] + [System.String] + $RegionRatings, + + [Parameter()] + [System.Boolean] + $RequireEmailProfile, + + [Parameter()] + [System.Boolean] + $SmartScreenEnabled, + + [Parameter()] + [System.Boolean] + $SystemSecurityTLS, + + [Parameter()] + [System.String] + $TVShowsRating, + + [Parameter()] + [System.String] + $UserAccountControlStatus, + + [Parameter()] + [System.Boolean] + $WLANEnabled, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck.Remove('Name') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-DeviceConfigurationRule -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Policy = $config.Name.Split('{')[0] + TargetGroups = $config.TargetGroups + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.schema.mof new file mode 100644 index 0000000000..f21d833b08 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.schema.mof @@ -0,0 +1,62 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SCDeviceConfigurationRule")] +class MSFT_SCDeviceConfigurationRule : OMI_BaseResource +{ + [Key, Description("Name for the rule.")] String Name; + [Write, Description("Name of the associated policy.")] String Policy; + [Write, Description("The display names of the graoups targeted by the policy.")] String TargetGroups[]; + [Write, Description("The AccountName parameter specifies the account name.")] String AccountName; + [Write, Description("The AccountUserName parameter specifies the account user name.")] String AccountUserName; + [Write, Description("The AllowAppStore parameter specifies whether to allow access to the app store on devices.")] Boolean AllowAppStore; + [Write, Description("The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.")] Boolean AllowAssistantWhileLocked; + [Write, Description("The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.")] Boolean AllowConvenienceLogon; + [Write, Description("The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.")] Boolean AllowDiagnosticSubmission; + [Write, Description("The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.")] Boolean AllowiCloudBackup; + [Write, Description("The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.")] Boolean AllowiCloudDocSync; + [Write, Description("The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.")] Boolean AllowiCloudPhotoSync; + [Write, Description("The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.")] Boolean AllowPassbookWhileLocked; + [Write, Description("The AllowScreenshot parameter specifies whether to allow screenshots on devices.")] Boolean AllowScreenshot; + [Write, Description("The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.")] Boolean AllowSimplePassword; + [Write, Description("The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ")] Boolean AllowVideoConferencing; + [Write, Description("The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.")] Boolean AllowVoiceAssistant; + [Write, Description("The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.")] Boolean AllowVoiceDialing; + [Write, Description("The AntiVirusSignatureStatus parameter specifies the antivirus signature status.")] UInt32 AntiVirusSignatureStatus; + [Write, Description("The AntiVirusStatus parameter specifies the antivirus status.")] UInt32 AntiVirusStatus; + [Write, Description("The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.")] String AppsRating; + [Write, Description("The AutoUpdateStatus parameter specifies the update settings for devices.")] String AutoUpdateStatus; + [Write, Description("The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.")] Boolean BluetoothEnabled; + [Write, Description("The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.")] Boolean CameraEnabled; + [Write, Description("The EmailAddress parameter specifies the email address.")] String EmailAddress; + [Write, Description("The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.")] Boolean EnableRemovableStorage; + [Write, Description("The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.")] String ExchangeActiveSyncHost; + [Write, Description("The FirewallStatus parameter specifies the acceptable firewall status values on devices.")] Boolean FirewallStatus; + [Write, Description("The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.")] Boolean ForceAppStorePassword; + [Write, Description("The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.")] Boolean ForceEncryptedBackup; + [Write, Description("The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.")] UInt32 MaxPasswordAttemptsBeforeWipe; + [Write, Description("The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.")] UInt32 MaxPasswordGracePeriod; + [Write, Description("The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.")] String MoviesRating; + [Write, Description("The PasswordComplexity parameter specifies the password complexity.")] UInt32 PasswordComplexity; + [Write, Description("The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.")] UInt32 PasswordExpirationDays; + [Write, Description("The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.")] UInt32 PasswordHistoryCount; + [Write, Description("The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.")] UInt32 PasswordMinComplexChars; + [Write, Description("The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.")] UInt32 PasswordMinimumLength; + [Write, Description("The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.")] UInt32 PasswordQuality; + [Write, Description("The PasswordRequired parameter specifies whether a password is required to access devices.")] Boolean PasswordRequired; + [Write, Description("The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.")] String PasswordTimeout; + [Write, Description("The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.")] Boolean PhoneMemoryEncrypted; + [Write, Description("The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.")] String RegionRatings; + [Write, Description("The RequireEmailProfile parameter specifies whether an email profile is required on devices.")] Boolean RequireEmailProfile; + [Write, Description("The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.")] Boolean SmartScreenEnabled; + [Write, Description("The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.")] Boolean SystemSecurityTLS; + [Write, Description("The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.")] String TVShowsRating; + [Write, Description("The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.")] String UserAccountControlStatus; + [Write, Description("The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.")] Boolean WLANEnabled; + [Write, Description("The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.")] String WorkFoldersSyncUrl; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent", "Present"}, Values{"Absent", "Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/readme.md new file mode 100644 index 0000000000..881ff87137 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/readme.md @@ -0,0 +1,6 @@ + +# SCDeviceConfigurationRule + +## Description + +This resource configures a Device Configuration Rule in Purview. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/settings.json new file mode 100644 index 0000000000..dc6636d9d2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/settings.json @@ -0,0 +1,28 @@ +{ + "resourceName": "SCDeviceConfigurationRule", + "description": "This resource configures a Device Configuration Rule in Purview.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 new file mode 100644 index 0000000000..a0d5e92ed3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 @@ -0,0 +1,1260 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Domains, + + [Parameter()] + [System.String[]] + $FilePaths, + + [Parameter()] + [System.String[]] + $FileTypes, + + [Parameter()] + [System.String[]] + $Keywords, + + [Parameter()] + [System.String[]] + $SensitiveInformationTypes, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Sites, + + [Parameter()] + [System.String[]] + $TrainableClassifiers, + + [Parameter()] + [System.String[]] + $ExceptionKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedClassifierGroups, + + [Parameter()] + [System.String[]] + $ExcludedDomainGroups, + + [Parameter()] + [System.String[]] + $ExcludedFilePathGroups, + + [Parameter()] + [System.String[]] + $ExcludedFileTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedSensitiveInformationTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedSiteGroups, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace the workload by the one associated to your resource + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $instance = Get-InsiderRiskEntityList -Identity $Name -ErrorAction Stop + + if ($null -eq $instance) + { + return $nullResult + } + + # CustomDomainLists + $DmnValues = @() + if ($instance.ListType -eq 'CustomDomainLists' -or ` + $instance.Name -eq 'IrmWhitelistDomains') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $current = @{ + Dmn = $entity.Dmn + isMLSubDmn = $entity.isMLSubDmn + } + $DmnValues += $current + } + } + + # CustomFilePathRegexLists + $FilePathValues = @() + if ($instance.ListType -eq 'CustomFilePathRegexLists' -or ` + $instance.Name -eq 'IrmCustomExWinFilePaths') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $FilePathValues += $entity.FlPthRgx + } + } + + # CustomFileTypeLists + $FileTypeValues = @() + if ($instance.ListType -eq 'CustomFileTypeLists') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $FileTypeValues += $entity.Ext + } + } + + # CustomKeywordLists + $KeywordValues = @() + if ($instance.ListType -eq 'CustomKeywordLists' -or ` + $instance.Name -eq 'IrmExcludedKeywords' -or $instance.Name -eq 'IrmNotExcludedKeywords') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $KeywordValues += $entity.Name + } + } + + # CustomSensitiveInformationTypeLists + $SITValues = @() + if ($instance.ListType -eq 'CustomSensitiveInformationTypeLists' -or ` + $instance.Name -eq 'IrmCustomExSensitiveTypes') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $SITObject = Get-DLPSensitiveInformationType -Identity $entity.GUID + $SITValues += $SITObject.Name + } + } + + # CustomSiteLists + $SiteValues = @() + if ($instance.ListType -eq 'CustomSiteLists' -or ` + $instance.Name -eq 'IrmExcludedSites') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $site = @{ + Url = $entity.Url + Name = $entity.Name + Guid = $entity.Guid + } + $SiteValues += $site + } + } + + # CustomMLClassifierTypeLists + $TrainableClassifierValues = @() + if ($instance.ListType -eq 'CustomMLClassifierTypeLists' -or $instance.Name -eq 'IrmCustomExMLClassifiers') + { + foreach ($entity in $instance.Entities) + { + $entity = ConvertFrom-Json $entity + $TrainableClassifierValues += $entity.Guid + } + } + + # Global Exclusions - Excluded Keyword Groups + $excludedKeywordGroupValue = @() + if ($instance.Name -eq 'IrmXSGExcludedKeywords') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedKeywordGroupValue += $group.Name + } + } + + # Global Exclusions - Exception Keyword Groups + $exceptionKeywordGroupValue = @() + if ($instance.Name -eq 'IrmXSGExceptionKeywords') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $exceptionKeywordGroupValue += $group.Name + } + } + + # Global Exclusions - Excluded Classifier Groups + $excludedClassifierGroupValue = @() + if ($instance.Name -eq 'IrmXSGMLClassifierTypes') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedClassifierGroupValue += $group.Name + } + } + + # Global Exclusions - Excluded Domain Groups + $excludedDomainGroupValue = @() + if ($instance.Name -eq 'IrmXSGDomains') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedDomainGroupValue += $group.Name + } + } + + # Global Exclusions - Excluded File Path Groups + $ExcludedFilePathGroupsValue = @() + if ($instance.Name -eq 'IrmXSGFilePaths') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $ExcludedFilePathGroupsValue += $group.Name + } + } + + # Global Exclusions - Excluded Site Groups + $excludedSiteGroupValue = @() + if ($instance.Name -eq 'IrmXSGSites') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedSiteGroupValue += $group.Name + } + } + + # Global Exclusions - Excluded Sensitive Info Type Groups + $excludedSITGroupValue = @() + if ($instance.Name -eq 'IrmXSGSensitiveInfoTypes') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedSITGroupValue += $group.Name + } + } + + # Global Exclusions - Excluded File Type Groups + $excludedFileTypeGroupValue = @() + if ($instance.Name -eq 'IrmXSGFiletypes') + { + $entities = $instance.Entities + foreach ($entity in $entities) + { + $entity = ConvertFrom-Json $entity + $group = Get-InsiderRiskEntityList -Identity $entity.GroupId + $excludedFileTypeGroupValue += $group.Name + } + } + + $results = @{ + DisplayName = $instance.DisplayName + Name = $instance.Name + Description = $instance.Description + ListType = $instance.ListType + Domains = $DmnValues + FilePaths = $FilePathValues + FileTypes = $FileTypeValues + Keywords = $KeywordValues + SensitiveInformationTypes = $SITValues + Sites = $SiteValues + TrainableClassifiers = $TrainableClassifierValues + ExcludedKeyworkGroups = $excludedKeywordGroupValue + ExceptionKeyworkGroups = $exceptionKeywordGroupValue + ExcludedClassifierGroups = $excludedClassifierGroupValue + ExcludedDomainGroups = $excludedDomainGroupValue + ExcludedFilePathGroups = $ExcludedFilePathGroupsValue + ExcludedSiteGroups = $excludedSiteGroupValue + ExcludedSensitiveInformationTypeGroups = $excludedSITGroupValue + ExcludedFileTypeGroups = $excludedFileTypeGroupValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Domains, + + [Parameter()] + [System.String[]] + $FilePaths, + + [Parameter()] + [System.String[]] + $FileTypes, + + [Parameter()] + [System.String[]] + $Keywords, + + [Parameter()] + [System.String[]] + $SensitiveInformationTypes, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Sites, + + [Parameter()] + [System.String[]] + $TrainableClassifiers, + + [Parameter()] + [System.String[]] + $ExceptionKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedClassifierGroups, + + [Parameter()] + [System.String[]] + $ExcludedDomainGroups, + + [Parameter()] + [System.String[]] + $ExcludedFilePathGroups, + + [Parameter()] + [System.String[]] + $ExcludedFileTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedSensitiveInformationTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedSiteGroups, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + # Create a new Domain Group + if ($ListType -eq 'CustomDomainLists') + { + $value = @() + foreach ($domain in $Domains) + { + $value += "{`"Dmn`":`"$($domain.Dmn)`",`"isMLSubDmn`":$($domain.isMLSubDmn.ToString().ToLower())}" + } + Write-Verbose -Message "Creating new Domain Group {$Name} with values {$($value -join ',')}" + New-InsiderRiskEntityList -Type 'CustomDomainLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomFilePathRegexLists') + { + $value = @() + foreach ($filePath in $FilePaths) + { + $value += "{`"FlPthRgx`":`"$($filePath.Replace('\', '\\'))`",`"isSrc`":true,`"isTrgt`":true}" + } + Write-Verbose -Message "Creating new FilePath Group {$Name} with values {$($value -join ',')}" + New-InsiderRiskEntityList -Type 'CustomFilePathRegexLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomFileTypeLists') + { + $value = @() + foreach ($fileType in $FileTypes) + { + $value += "{`"Ext`":`"$fileType`"}" + } + Write-Verbose -Message "Creating new FileType Group {$Name} with values {$($value -join ',')}" + New-InsiderRiskEntityList -Type 'CustomFileTypeLists ' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomKeywordLists') + { + $value = @() + foreach ($keyword in $Keywords) + { + $value += "{`"Name`":`"$keyword`"}" + } + Write-Verbose -Message "Creating new Keyword Group {$Name} with values {$($value -join ',')}" + New-InsiderRiskEntityList -Type 'CustomKeywordLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomSensitiveInformationTypeLists') + { + $value = @() + foreach ($sit in $SensitiveInformationTypes) + { + $value += "{`"Guid`":`"$sit`"}" + } + Write-Verbose -Message "Creating new SIT Group {$Name} with values {$($value -join ',')}" + New-InsiderRiskEntityList -Type 'CustomSensitiveInformationTypeLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomSiteLists') + { + $value = @() + foreach ($site in $Sites) + { + $value += "{`"Url`":`"$($site.Url.ToString())`",`"Name`":`"$($site.Name.ToString())`",`"Guid`":`"$((New-GUID).ToString())`"}" + } + Write-Verbose -Message "Creating new Site Group {$Name} with values {$($value)}" + New-InsiderRiskEntityList -Type 'CustomSiteLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + elseif ($ListType -eq 'CustomMLClassifierTypeLists') + { + $value = @() + foreach ($clasifier in $TrainableClassifiers) + { + $value += "{`"Guid`":`"$($classifier)`"}" + } + Write-Verbose -Message "Creating new Trainable classifier Group {$Name} with values {$($value)}" + New-InsiderRiskEntityList -Type 'CustomMLClassifierTypeLists' ` + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null + } + else + { + throw "Couldn't not identify operation to perform on {$Name}" + } + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + # Update Domain Group + if ($ListType -eq 'CustomDomainLists' -or $Name -eq 'IrmWhitelistDomains') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.Domains.Dmn -DifferenceObject $Domains.Dmn + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $instance = $Domains | Where-Object -FilterScript {$_.Dmn -eq $diff.InputObject} + $entitiesToAdd += "{`"Dmn`":`"$($instance.Dmn)`",`"isMLSubDmn`":$($instance.isMLSubDmn.ToString().ToLower())}" + } + else + { + $instance = $currentInstance.Domains | Where-Object -FilterScript {$_.Dmn -eq $diff.InputObject} + $entitiesToRemove += "{`"Dmn`":`"$($instance.Dmn)`",`"isMLSubDmn`":$($instance.isMLSubDmn.ToString().ToLower())}" + } + } + + Write-Verbose -Message "Updating Domain Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update File Path Group + elseif ($ListType -eq 'CustomFilePathRegexLists' -or $Name -eq 'IrmCustomExWinFilePaths' -or ` + $Name -eq 'IrmDsbldSysExWinFilePaths') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.FilePaths -DifferenceObject $FilePaths + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"FlPthRgx`":`"$($diff.InputObject.Replace('\', '\\'))`",`"isSrc`":true,`"isTrgt`":true}" + } + else + { + $entitiesToRemove += "{`"FlPthRgx`":`"$($diff.InputObject.Replace('\', '\\'))`",`"isSrc`":true,`"isTrgt`":true}" + } + } + + Write-Verbose -Message "Updating File Path Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update File Type Group + elseif ($ListType -eq 'CustomFileTypeLists') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.FileTypes -DifferenceObject $FileTypes + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"Ext`":`"$($diff.InputObject)`"}" + } + else + { + $entitiesToRemove += "{`"Ext`":`"$($diff.InputObject)`"}" + } + } + + Write-Verbose -Message "Updating File Type Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update Keywords Group + elseif ($ListType -eq 'CustomKeywordLists' -or $Name -eq 'IrmExcludedKeywords' -or $Name -eq 'IrmNotExcludedKeywords') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.Keywords -DifferenceObject $Keywords + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"Name`":`"$($diff.InputObject)`"}" + } + else + { + $entitiesToRemove += "{`"Name`":`"$($diff.InputObject)`"}" + } + } + + Write-Verbose -Message "Updating Keyword Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update SIT Group + elseif ($ListType -eq 'CustomSensitiveInformationTypeLists' -or $Name -eq 'IrmCustomExSensitiveTypes ' -or ` + $Name -eq 'IrmDsbldSysExSensitiveTypes') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.SensitiveInformationTypes -DifferenceObject $SensitiveInformationTypes + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"Guid`":`"$($diff.InputObject)`"}" + } + else + { + $entitiesToRemove += "{`"Guid`":`"$($diff.InputObject)`"}" + } + } + + Write-Verbose -Message "Updating SIT Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update Sites Group + elseif ($ListType -eq 'CustomSiteLists' -or $Name -eq 'IrmExcludedSites') + { + Write-Verbose -Message "Calculating the difference in the Site list." + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.Sites.Url -DifferenceObject $Sites.Url + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entry = $Sites | Where-Object -FilterScript {$_.Url -eq $diff.InputObject} + $guid = $entry.Guid + if ([System.String]::IsNullOrEmpty($guid)) + { + $guid = (New-Guid).ToString() + } + $entitiesToAdd += "{`"Url`":`"$($entry.Url)`",`"Name`":`"$($entry.Name)`",`"Guid`":`"$($guid)`"}" + } + else + { + $entry = $currentInstance.Sites | Where-Object -FilterScript {$_.Url -eq $diff.InputObject} + $entitiesToRemove += "{`"Url`":`"$($entry.Url)`",`"Name`":`"$($entry.Name)`",`"Guid`":`"$($entry.Guid)`"}" + } + } + + Write-Verbose -Message "Updating Sites Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + # Update Trainable Classifiers Group + elseif ($ListType -eq 'CustomMLClassifierTypeLists' -or $Name -eq 'IrmCustomExMLClassifiers' -or ` + $Name -eq 'IrmDsbldSysExMLClassifiers') + { + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $currentInstance.Sites.Url -DifferenceObject $Sites.Url + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"Guid`":`"$($diff.InputObject)`"}" + } + else + { + $entitiesToRemove += "{`"Guid`":`"$($diff.InputObject)`"}" + } + } + + Write-Verbose -Message "Updating Sites Group {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null + } + + <################## Group Exclusions #############> + if ($null -ne $ExcludedDomainGroups -and $ExcludedDomainGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedDomainGroups ` + -DesiredValues $ExcludedDomainGroups ` + -Name 'IrmXSGDomains' + } + elseif ($null -ne $ExcludedFilePathGroups -and $ExcludedFilePathGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedFilePathGroups ` + -DesiredValues $ExcludedFilePathGroups ` + -Name 'IrmXSGFilePaths' + } + elseif ($null -ne $ExcludedFileTypeGroups -and $ExcludedFileTypeGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedFileTypeGroups ` + -DesiredValues $ExcludedFileTypeGroups ` + -Name 'IrmXSGFiletypes' + } + elseif ($null -ne $ExceptionKeyworkGroups -and $ExceptionKeyworkGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExceptionKeyworkGroups ` + -DesiredValues $ExceptionKeyworkGroups ` + -Name 'IrmXSGExcludedKeywords ' + } + elseif ($null -ne $ExcludedKeyworkGroups -and $ExcludedKeyworkGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedKeyworkGroups ` + -DesiredValues $ExcludedKeyworkGroups ` + -Name 'IrmXSGExcludedKeywords ' + } + elseif ($null -ne $ExcludedSensitiveInformationTypeGroups -and $ExcludedSensitiveInformationTypeGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedSensitiveInformationTypeGroups ` + -DesiredValues $ExcludedSensitiveInformationTypeGroups ` + -Name 'IrmXSGSensitiveInfoTypes ' + } + elseif ($null -ne $ExcludedSiteGroups -and $ExcludedSiteGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedSiteGroups ` + -DesiredValues $ExcludedSiteGroups ` + -Name 'IrmXSGSites ' + } + elseif ($null -ne $ExcludedClassifierGroups -and $ExcludedClassifierGroups.Length -gt 0) + { + Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedClassifierGroups ` + -DesiredValues $ExcludedClassifierGroups ` + -Name 'IrmXSGMLClassifierTypes ' + } + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing group {$Name}" + Remove-InsiderRiskEntityList -Identity $Name -ForceDeletion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $ListType, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Domains, + + [Parameter()] + [System.String[]] + $FilePaths, + + [Parameter()] + [System.String[]] + $FileTypes, + + [Parameter()] + [System.String[]] + $Keywords, + + [Parameter()] + [System.String[]] + $SensitiveInformationTypes, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Sites, + + [Parameter()] + [System.String[]] + $TrainableClassifiers, + + [Parameter()] + [System.String[]] + $ExceptionKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedClassifierGroups, + + [Parameter()] + [System.String[]] + $ExcludedDomainGroups, + + [Parameter()] + [System.String[]] + $ExcludedFilePathGroups, + + [Parameter()] + [System.String[]] + $ExcludedFileTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedKeyworkGroups, + + [Parameter()] + [System.String[]] + $ExcludedSensitiveInformationTypeGroups, + + [Parameter()] + [System.String[]] + $ExcludedSiteGroups, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = @() + $availableTypes = @('HveLists', 'DomainLists', 'CriticalAssetLists', 'WindowsFilePathRegexLists', 'SensitiveTypeLists', 'SiteLists', 'KeywordLists', ` + 'CustomDomainLists', 'CustomSiteLists', 'CustomKeywordLists', 'CustomFileTypeLists', 'CustomFilePathRegexLists', ` + 'CustomSensitiveInformationTypeLists', 'CustomMLClassifierTypeLists', 'GlobalExclusionSGMapping', 'DlpPolicyLists') + + # Retrieve entries for each type + foreach ($listType in $availableTypes) + { + $Script:exportedInstances += Get-InsiderRiskEntityList -Type $listType -ErrorAction Stop + } + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.ListType + ' - ' + $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + DisplayName = $config.DisplayName + Name = $config.Name + ListType = $config.ListType + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + + if ($null -ne $Results.Domains -and $Results.Domains.Length -gt 0 -and ` + ($Results.ListType -eq 'CustomDomainLists' -or $Results.ListType -eq 'DomainLists')) + { + $Results.Domains = ConvertTo-M365DSCSCInsiderRiskDomainToString -Domains $Results.Domains + } + + if ($null -ne $Results.Sites -and $Results.Sites.Length -gt 0 -and ` + ($Results.ListType -eq 'CustomSiteLists' -or $Results.ListType -eq 'SiteLists')) + { + $Results.Sites = ConvertTo-M365DSCSCInsiderRiskSiteToString -Sites $Results.Sites + } + + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($null -ne $Results.Domains -and ` + ($Results.ListType -eq 'CustomDomainLists' -or $Results.ListType -eq 'DomainLists')) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Domains' -IsCIMArray $true + } + + if ($null -ne $Results.Sites -and ` + ($Results.ListType -eq 'CustomSiteLists' -or $Results.ListType -eq 'SiteLists')) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Sites' -IsCIMArray $true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function ConvertTo-M365DSCSCInsiderRiskDomainToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory=$true)] + [System.Object[]] + $Domains + ) + + $content = "@(" + foreach ($domain in $Domains) + { + $content += "MSFT_SCInsiderRiskEntityListDomain`r`n" + $content += "{`r`n" + $content += " Dmn = '$($domain.Dmn)'`r`n" + $content += " isMLSubDmn = `$$($domain.isMLSubDmn)`r`n" + $content += "}`r`n" + } + $content += ")" + return $content +} + +function ConvertTo-M365DSCSCInsiderRiskSiteToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory=$true)] + [System.Object[]] + $Sites + ) + + $content = "@(" + foreach ($site in $Sites) + { + $content += "MSFT_SCInsiderRiskEntityListSite`r`n" + $content += "{`r`n" + $content += " Url = '$($site.Url)'`r`n" + $content += " Name = '$($site.Name)'`r`n" + $content += " Guid = '$($site.Guid)'`r`n" + $content += "}`r`n" + } + $content += ")" + return $content +} + +function Set-M365DSCSCInsiderRiskExclusionGroup +{ + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.String[]] + $CurrentValues, + + [Parameter(Mandatory = $true)] + [System.String[]] + $DesiredValues, + + [Parameter(Mandatory = $true)] + [System.String] + $Name + ) + + $entitiesToAdd = @() + $entitiesToRemove = @() + $differences = Compare-Object -ReferenceObject $CurrentValues -DifferenceObject $DesiredValues + foreach ($diff in $differences) + { + if ($diff.SideIndicator -eq '=>') + { + $entitiesToAdd += "{`"GroupId`":`"$($diff.InputObject)`"}" + } + else + { + $entitiesToRemove += "{`"GroupId`":`"$($diff.InputObject)`"}" + } + } + + Write-Verbose -Message "Updating Group Exclusions for {$Name}" + Write-Verbose -Message "Adding entities: $($entitiesToAdd -join ',')" + Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" + + Set-InsiderRiskEntityList -Identity $Name ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.schema.mof new file mode 100644 index 0000000000..020a45d679 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.schema.mof @@ -0,0 +1,43 @@ +[ClassVersion("1.0.0")] +class MSFT_SCInsiderRiskEntityListDomain +{ + [Required, Description("Domain name.")] String Dmn; + [Write, Description("Defines if the entry should include multi-level subdomains or not.")] Boolean isMLSubDmn; +}; +[ClassVersion("1.0.0")] +class MSFT_SCInsiderRiskEntityListSite +{ + [Required, Description("Url of the site.")] String Url; + [Write, Description("Name of the site.")] String Name; + [Write, Description("Unique identifier of the site.")] String Guid; +}; +[ClassVersion("1.0.0.0"), FriendlyName("SCInsiderRiskEntityList")] +class MSFT_SCInsiderRiskEntityList : OMI_BaseResource +{ + [Key, Description("The name of the group or setting.")] String Name; + [Required, Description("The setting type.")] String ListType; + [Write, Description("Description for the group or setting.")] String Description; + [Write, Description("The display name of the group or setting.")] String DisplayName; + [Write, Description("List of domains"), EmbeddedInstance("MSFT_SCInsiderRiskEntityListDomain")] String Domains[]; + [Write, Description("List of file paths.")] String FilePaths[]; + [Write, Description("List of file types.")] String FileTypes[]; + [Write, Description("List of keywords.")] String Keywords[]; + [Write, Description("List of sensitive information types.")] String SensitiveInformationTypes[]; + [Write, Description("List of sites."), EmbeddedInstance("MSFT_SCInsiderRiskEntityListSite")] String Sites[]; + [Write, Description("List of trainable classifiers.")] String TrainableClassifiers[]; + [Write, Description("List of keywords for exception.")] String ExceptionKeyworkGroups[]; + [Write, Description("List of excluded trainable classifiers.")] String ExcludedClassifierGroups[]; + [Write, Description("List of excluded domains.")] String ExcludedDomainGroups[]; + [Write, Description("List of excluded file paths.")] String ExcludedFilePathGroups[]; + [Write, Description("List of excluded file types.")] String ExcludedFileTypeGroups[]; + [Write, Description("List of excluded keywords.")] String ExcludedKeyworkGroups[]; + [Write, Description("List of excluded sensitive information types.")] String ExcludedSensitiveInformationTypeGroups[]; + [Write, Description("List of excluded sites.")] String ExcludedSiteGroups[]; + [Write, Description("Specify if this entity should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/readme.md new file mode 100644 index 0000000000..75a6e455f5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/readme.md @@ -0,0 +1,6 @@ + +# SCInsiderRiskEntityList + +## Description + +Configures settings for Insider Risk in Purview. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/settings.json new file mode 100644 index 0000000000..98c729187d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "SCInsiderRiskEntityList", + "description": "Configures settings for Insider Risk in Purview.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 new file mode 100644 index 0000000000..baac85f2b7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 @@ -0,0 +1,2734 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $InsiderRiskScenario, + + [Parameter()] + [System.Boolean] + $Anonymization, + + [Parameter()] + [System.Boolean] + $DLPUserRiskSync, + + [Parameter()] + [System.Boolean] + $OptInIRMDataExport, + + [Parameter()] + [System.Boolean] + $RaiseAuditAlert, + + [Parameter()] + [System.String] + $FileVolCutoffLimits, + + [Parameter()] + [System.String] + $AlertVolume, + + [Parameter()] + [System.Boolean] + $AnomalyDetections, + + [Parameter()] + [System.Boolean] + $CopyToPersonalCloud, + + [Parameter()] + [System.Boolean] + $CopyToUSB, + + [Parameter()] + [System.Boolean] + $CumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $EmailExternal, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedEmployeePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedFamilyData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedHighVolumePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedNeighbourData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedRestrictedData, + + [Parameter()] + [System.Boolean] + $EpoBrowseToChildAbuseSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCriminalActivitySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCultSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToGamblingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHackingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHateIntoleranceSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToIllegalSoftwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToKeyloggerSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToLlmSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToMalwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPhishingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPornographySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToUnallowedDomain, + + [Parameter()] + [System.Boolean] + $EpoBrowseToViolenceSites, + + [Parameter()] + [System.Boolean] + $EpoCopyToClipboardFromSensitiveFile, + + [Parameter()] + [System.Boolean] + $EpoCopyToNetworkShare, + + [Parameter()] + [System.Boolean] + $EpoFileArchived, + + [Parameter()] + [System.Boolean] + $EpoFileCopiedToRemoteDesktopSession, + + [Parameter()] + [System.Boolean] + $EpoFileDeleted, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromBlacklistedDomain, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromEnterpriseDomain, + + [Parameter()] + [System.Boolean] + $EpoFileRenamed, + + [Parameter()] + [System.Boolean] + $EpoFileStagedToCentralLocation, + + [Parameter()] + [System.Boolean] + $EpoHiddenFileCreated, + + [Parameter()] + [System.Boolean] + $EpoRemovableMediaMount, + + [Parameter()] + [System.Boolean] + $EpoSensitiveFileRead, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppDownload, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileDelete, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileSharing, + + [Parameter()] + [System.Boolean] + $McasActivityFromInfrequentCountry, + + [Parameter()] + [System.Boolean] + $McasImpossibleTravel, + + [Parameter()] + [System.Boolean] + $McasMultipleFailedLogins, + + [Parameter()] + [System.Boolean] + $McasMultipleStorageDeletion, + + [Parameter()] + [System.Boolean] + $McasMultipleVMCreation, + + [Parameter()] + [System.Boolean] + $McasMultipleVMDeletion, + + [Parameter()] + [System.Boolean] + $McasSuspiciousAdminActivities, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudCreation, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudTrailLoggingChange, + + [Parameter()] + [System.Boolean] + $McasTerminatedEmployeeActivity, + + [Parameter()] + [System.Boolean] + $OdbDownload, + + [Parameter()] + [System.Boolean] + $OdbSyncDownload, + + [Parameter()] + [System.Boolean] + $PeerCumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $PhysicalAccess, + + [Parameter()] + [System.Boolean] + $PotentialHighImpactUser, + + [Parameter()] + [System.Boolean] + $Print, + + [Parameter()] + [System.Boolean] + $PriorityUserGroupMember, + + [Parameter()] + [System.Boolean] + $SecurityAlertDefenseEvasion, + + [Parameter()] + [System.Boolean] + $SecurityAlertUnwantedSoftware, + + [Parameter()] + [System.Boolean] + $SpoAccessRequest, + + [Parameter()] + [System.Boolean] + $SpoApprovedAccess, + + [Parameter()] + [System.Boolean] + $SpoDownload, + + [Parameter()] + [System.Boolean] + $SpoDownloadV2, + + [Parameter()] + [System.Boolean] + $SpoFileAccessed, + + [Parameter()] + [System.Boolean] + $SpoFileDeleted, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileLabelDowngraded, + + [Parameter()] + [System.Boolean] + $SpoFileLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoFileSharing, + + [Parameter()] + [System.Boolean] + $SpoFolderDeleted, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderSharing, + + [Parameter()] + [System.Boolean] + $SpoSiteExternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteInternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoSiteSharing, + + [Parameter()] + [System.Boolean] + $SpoSyncDownload, + + [Parameter()] + [System.Boolean] + $TeamsChannelFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChannelMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChatFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsFileDownload, + + [Parameter()] + [System.Boolean] + $TeamsFolderSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsSensitiveMessage, + + [Parameter()] + [System.Boolean] + $UserHistory, + + [Parameter()] + [System.Boolean] + $AWSS3BlockPublicAccessDisabled, + + [Parameter()] + [System.Boolean] + $AWSS3BucketDeleted, + + [Parameter()] + [System.Boolean] + $AWSS3PublicAccessEnabled, + + [Parameter()] + [System.Boolean] + $AWSS3ServerLoggingDisabled, + + [Parameter()] + [System.Boolean] + $AzureElevateAccessToAllSubscriptions, + + [Parameter()] + [System.Boolean] + $AzureResourceThreatProtectionSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerAuditingSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleDeleted, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleUpdated, + + [Parameter()] + [System.Boolean] + $AzureStorageAccountOrContainerDeleted, + + [Parameter()] + [System.Boolean] + $BoxContentAccess, + + [Parameter()] + [System.Boolean] + $BoxContentDelete, + + [Parameter()] + [System.Boolean] + $BoxContentDownload, + + [Parameter()] + [System.Boolean] + $BoxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $CCFinancialRegulatoryRiskyTextSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateContentSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateImagesSent, + + [Parameter()] + [System.Boolean] + $DropboxContentAccess, + + [Parameter()] + [System.Boolean] + $DropboxContentDelete, + + [Parameter()] + [System.Boolean] + $DropboxContentDownload, + + [Parameter()] + [System.Boolean] + $DropboxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentAccess, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentDelete, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentExternallyShared, + + [Parameter()] + [System.Boolean] + $PowerBIDashboardsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDownloaded, + + [Parameter()] + [System.Boolean] + $PowerBIReportsExported, + + [Parameter()] + [System.Boolean] + $PowerBIReportsViewed, + + [Parameter()] + [System.Boolean] + $PowerBISemanticModelsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelDowngradedForArtifacts, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelRemovedFromArtifacts, + + [Parameter()] + [System.String] + $HistoricTimeSpan, + + [Parameter()] + [System.String] + $InScopeTimeSpan, + + [Parameter()] + [System.Boolean] + $EnableTeam, + + [Parameter()] + [System.Boolean] + $AnalyticsNewInsightEnabled, + + [Parameter()] + [System.Boolean] + $AnalyticsTurnedOffEnabled, + + [Parameter()] + [System.Boolean] + $HighSeverityAlertsEnabled, + + [Parameter()] + [System.String[]] + $HighSeverityAlertsRoleGroups, + + [Parameter()] + [System.Boolean] + $PoliciesHealthEnabled, + + [Parameter()] + [System.String[]] + $PoliciesHealthRoleGroups, + + [Parameter()] + [System.Boolean] + $NotificationDetailsEnabled, + + [Parameter()] + [System.String[]] + $NotificationDetailsRoleGroups, + + [Parameter()] + [System.Boolean] + $ClipDeletionEnabled, + + [Parameter()] + [System.Boolean] + $SessionRecordingEnabled, + + [Parameter()] + [System.String] + $RecordingTimeframePreEventInSec, + + [Parameter()] + [System.String] + $RecordingTimeframePostEventInSec, + + [Parameter()] + [System.String] + $BandwidthCapInMb, + + [Parameter()] + [System.String] + $OfflineRecordingStorageLimitInMb, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionEnabled, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionHighProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionHighProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionMediumProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionMediumProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionLowProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionLowProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $ProfileInscopeTimeSpan, + + [Parameter()] + [System.UInt32] + $LookbackTimeSpan, + + [Parameter()] + [System.Boolean] + $RetainSeverityAfterTriage, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + } + else + { + $instance = Get-InsiderRiskPolicy -Identity $Name + } + + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Name = $instance.Name + InsiderRiskScenario = $instance.InsiderRiskScenario + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + if (-not [System.String]::IsNullOrEmpty($instance.SessionRecordingSettings)) + { + $SessionRecordingSettings = ConvertFrom-Json $instance.SessionRecordingSettings + $forensicSettingsHash = @{ + ClipDeletionEnabled = [Boolean]($SessionRecordingSettings.ClipDeletionEnabled) + SessionRecordingEnabled = [Boolean]($SessionRecordingSettings.Enabled) + RecordingTimeframePreEventInSec = $SessionRecordingSettings.RecordingTimeframePreEventInSec + RecordingTimeframePostEventInSec = $SessionRecordingSettings.RecordingTimeframePostEventInSec + BandwidthCapInMb = $SessionRecordingSettings.BandwidthCapInMb + OfflineRecordingStorageLimitInMb = $SessionRecordingSettings.OfflineRecordingStorageLimitInMb + } + $results += $forensicSettingsHash + } + + if (-not [System.String]::IsNullOrEmpty($instance.TenantSettings) -and $instance.TenantSettings.Length -gt 0) + { + $tenantSettings = ConvertFrom-Json $instance.TenantSettings[0] + + $DLPUserRiskSyncValue = $null + if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.DLPUserRiskSync)) + { + $DLPUserRiskSyncValue = [Boolean]::Parse($tenantSettings.FeatureSettings.DLPUserRiskSync) + } + + $AnonymizationValue = $null + if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.Anonymization)) + { + $AnonymizationValue = [Boolean]::Parse($tenantSettings.FeatureSettings.Anonymization) + } + + $OptInIRMDataExportValue = $null + if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.OptInIRMDataExport)) + { + $OptInIRMDataExportValue = [Boolean]::Parse($tenantSettings.FeatureSettings.OptInIRMDataExport) + } + + $RaiseAuditAlertValue = $null + if (-not [System.String]::IsNullOrEmpty($tenantSettings.FeatureSettings.RaiseAuditAlert)) + { + $RaiseAuditAlertValue = [Boolean]::Parse($tenantSettings.FeatureSettings.RaiseAuditAlert) + } + + $tenantSettingsHash = @{ + Anonymization = $AnonymizationValue + DLPUserRiskSync = $DLPUserRiskSyncValue + OptInIRMDataExport = $OptInIRMDataExportValue + RaiseAuditAlert = $RaiseAuditAlertValue + FileVolCutoffLimits = $tenantSettings.IntelligentDetections.FileVolCutoffLimits + AlertVolume = $tenantSettings.IntelligentDetections.AlertVolume + AnomalyDetections = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'AnomalyDetections'}).Enabled + CopyToPersonalCloud = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToPersonalCloud'}).Enabled + CopyToUSB = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToUSB'}).Enabled + CumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CumulativeExfiltrationDetector'}).Enabled + EmailExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmailExternal'}).Enabled + EmployeeAccessedEmployeePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedEmployeePatientData'}).Enabled + EmployeeAccessedFamilyData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedFamilyData'}).Enabled + EmployeeAccessedHighVolumePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedHighVolumePatientData'}).Enabled + EmployeeAccessedNeighbourData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedNeighbourData'}).Enabled + EmployeeAccessedRestrictedData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedRestrictedData'}).Enabled + EpoBrowseToChildAbuseSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToChildAbuseSites'}).Enabled + EpoBrowseToCriminalActivitySites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCriminalActivitySites'}).Enabled + EpoBrowseToCultSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCultSites'}).Enabled + EpoBrowseToGamblingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToGamblingSites'}).Enabled + EpoBrowseToHackingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHackingSites'}).Enabled + EpoBrowseToHateIntoleranceSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHateIntoleranceSites'}).Enabled + EpoBrowseToIllegalSoftwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToIllegalSoftwareSites'}).Enabled + EpoBrowseToKeyloggerSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToKeyloggerSites'}).Enabled + EpoBrowseToLlmSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToLlmSites'}).Enabled + EpoBrowseToMalwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToMalwareSites'}).Enabled + EpoBrowseToPhishingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPhishingSites'}).Enabled + EpoBrowseToPornographySites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPornographySites'}).Enabled + EpoBrowseToUnallowedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToUnallowedDomain'}).Enabled + EpoBrowseToViolenceSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToViolenceSites'}).Enabled + EpoCopyToClipboardFromSensitiveFile = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToClipboardFromSensitiveFile'}).Enabled + EpoCopyToNetworkShare = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToNetworkShare'}).Enabled + EpoFileArchived = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileArchived'}).Enabled + EpoFileCopiedToRemoteDesktopSession = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileCopiedToRemoteDesktopSession'}).Enabled + EpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDeleted'}).Enabled + EpoFileDownloadedFromBlacklistedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromBlacklistedDomain'}).Enabled + EpoFileDownloadedFromEnterpriseDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromEnterpriseDomain'}).Enabled + EpoFileRenamed = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileRenamed'}).Enabled + EpoFileStagedToCentralLocation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileStagedToCentralLocation'}).Enabled + EpoHiddenFileCreated = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoHiddenFileCreated'}).Enabled + EpoRemovableMediaMount = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoRemovableMediaMount'}).Enabled + EpoSensitiveFileRead = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoSensitiveFileRead'}).Enabled + Mcas3rdPartyAppDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppDownload'}).Enabled + Mcas3rdPartyAppFileDelete = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileDelete'}).Enabled + Mcas3rdPartyAppFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileSharing'}).Enabled + McasActivityFromInfrequentCountry = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasActivityFromInfrequentCountry'}).Enabled + McasImpossibleTravel = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasImpossibleTravel'}).Enabled + McasMultipleFailedLogins = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleFailedLogins'}).Enabled + McasMultipleStorageDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleStorageDeletion'}).Enabled + McasMultipleVMCreation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMCreation'}).Enabled + McasMultipleVMDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMDeletion'}).Enabled + McasSuspiciousAdminActivities = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousAdminActivities'}).Enabled + McasSuspiciousCloudCreation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudCreation'}).Enabled + McasSuspiciousCloudTrailLoggingChange = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudTrailLoggingChange'}).Enabled + McasTerminatedEmployeeActivity = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasTerminatedEmployeeActivity'}).Enabled + OdbDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbDownload'}).Enabled + OdbSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbSyncDownload'}).Enabled + PeerCumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PeerCumulativeExfiltrationDetector'}).Enabled + PhysicalAccess = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PhysicalAccess'}).Enabled + PotentialHighImpactUser = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PotentialHighImpactUser'}).Enabled + Print = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Print'}).Enabled + PriorityUserGroupMember = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PriorityUserGroupMember'}).Enabled + SecurityAlertDefenseEvasion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertDefenseEvasion'}).Enabled + SecurityAlertUnwantedSoftware = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertUnwantedSoftware'}).Enabled + SpoAccessRequest = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoAccessRequest'}).Enabled + SpoApprovedAccess = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoApprovedAccess'}).Enabled + SpoDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownload'}).Enabled + SpoDownloadV2 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownloadV2'}).Enabled + SpoFileAccessed = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileAccessed'}).Enabled + SpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeleted'}).Enabled + SpoFileDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromFirstStageRecycleBin'}).Enabled + SpoFileDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromSecondStageRecycleBin'}).Enabled + SpoFileLabelDowngraded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelDowngraded'}).Enabled + SpoFileLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelRemoved'}).Enabled + SpoFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileSharing'}).Enabled + SpoFolderDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeleted'}).Enabled + SpoFolderDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromFirstStageRecycleBin'}).Enabled + SpoFolderDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromSecondStageRecycleBin'}).Enabled + SpoFolderSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderSharing'}).Enabled + SpoSiteExternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteExternalUserAdded'}).Enabled + SpoSiteInternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteInternalUserAdded'}).Enabled + SpoSiteLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteLabelRemoved'}).Enabled + SpoSiteSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteSharing'}).Enabled + SpoSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSyncDownload'}).Enabled + TeamsChannelFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelFileSharedExternal'}).Enabled + TeamsChannelMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelMemberAddedExternal'}).Enabled + TeamsChatFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChatFileSharedExternal'}).Enabled + TeamsFileDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFileDownload'}).Enabled + TeamsFolderSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFolderSharedExternal'}).Enabled + TeamsMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsMemberAddedExternal'}).Enabled + TeamsSensitiveMessage = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsSensitiveMessage'}).Enabled + UserHistory = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'UserHistory'}).Enabled + AWSS3BlockPublicAccessDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BlockPublicAccessDisabled'}).Enabled + AWSS3BucketDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BucketDeleted'}).Enabled + AWSS3PublicAccessEnabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3PublicAccessEnabled'}).Enabled + AWSS3ServerLoggingDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3ServerLoggingDisabled'}).Enabled + AzureElevateAccessToAllSubscriptions = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureElevateAccessToAllSubscriptions'}).Enabled + AzureResourceThreatProtectionSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureResourceThreatProtectionSettingsUpdated'}).Enabled + AzureSQLServerAuditingSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerAuditingSettingsUpdated'}).Enabled + AzureSQLServerFirewallRuleDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleDeleted'}).Enabled + AzureSQLServerFirewallRuleUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleUpdated'}).Enabled + AzureStorageAccountOrContainerDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureStorageAccountOrContainerDeleted'}).Enabled + BoxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentAccess'}).Enabled + BoxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDelete'}).Enabled + BoxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDownload'}).Enabled + BoxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentExternallyShared'}).Enabled + CCFinancialRegulatoryRiskyTextSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCFinancialRegulatoryRiskyTextSent'}).Enabled + CCInappropriateContentSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateContentSent'}).Enabled + CCInappropriateImagesSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateImagesSent'}).Enabled + DropboxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentAccess'}).Enabled + DropboxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDelete'}).Enabled + DropboxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDownload'}).Enabled + DropboxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentExternallyShared'}).Enabled + GoogleDriveContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentAccess'}).Enabled + GoogleDriveContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentDelete'}).Enabled + GoogleDriveContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentExternallyShared'}).Enabled + PowerBIDashboardsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIDashboardsDeleted'}).Enabled + PowerBIReportsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDeleted'}).Enabled + PowerBIReportsDownloaded = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDownloaded'}).Enabled + PowerBIReportsExported = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsExported'}).Enabled + PowerBIReportsViewed = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsViewed'}).Enabled + PowerBISemanticModelsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISemanticModelsDeleted'}).Enabled + PowerBISensitivityLabelDowngradedForArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelDowngradedForArtifacts'}).Enabled + PowerBISensitivityLabelRemovedFromArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelRemovedFromArtifacts'}).Enabled + HistoricTimeSpan = $tenantSettings.TimeSpan.HistoricTimeSpan + InScopeTimeSpan = $tenantSettings.TimeSpan.InScopeTimeSpan + EnableTeam = [Boolean]($tenantSettings.FeatureSettings.EnableTeam) + } + + $AnalyticsNewInsight = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsNewInsight'} + if ($null -ne $AnalyticsNewInsight) + { + $tenantSettingsHash.Add('AnalyticsNewInsightEnabled', [Boolean]$AnalyticsNewInsight.Enabled) + } + + $AnalyticsTurnedOff = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsTurnedOff'} + if ($null -ne $AnalyticsTurnedOff) + { + $tenantSettingsHash.Add('AnalyticsTurnedOffEnabled', [Boolean]$AnalyticsTurnedOff.Enabled) + } + + $highSeverityAlerts = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'HighSeverityAlerts'} + if ($null -ne $highSeverityAlerts) + { + $tenantSettingsHash.Add('HighSeverityAlertsEnabled', [Boolean]$highSeverityAlerts.Enabled) + $tenantSettingsHash.Add('HighSeverityAlertsRoleGroups', [Array]$highSeverityAlerts.RoleGroups) + } + + $policiesHealth = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'PoliciesHealth'} + if ($null -ne $policiesHealth) + { + $tenantSettingsHash.Add('PoliciesHealthEnabled', [Boolean]$policiesHealth.Enabled) + $tenantSettingsHash.Add('PoliciesHealthRoleGroups', [Array]$policiesHealth.RoleGroups) + } + + if ($null -ne $tenantSettings.FeatureSettings.NotificationDetails) + { + $tenantSettingsHash.Add('NotificationDetailsEnabled', $true) + $tenantSettingsHash.Add('NotificationDetailsRoleGroups', [Array]$tenantSettings.FeatureSettings.NotificationDetails.RoleGroups) + } + else + { + $tenantSettingsHash.Add('NotificationDetailsEnabled', $false) + } + + # Adaptive Protection + $AdaptiveProtectionEnabledValue = $false + if ($null -ne $tenantSettings.DynamicRiskPreventionSettings -and ` + $null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings) + { + if ($tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.ActivationStatus -eq 0) + { + $AdaptiveProtectionEnabledValue = $true + } + else + { + $AdaptiveProtectionEnabledValue = $false + } + + # High Profile + if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.HighProfile) + { + $highProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.HighProfile + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileSourceType', $highProfile.ProfileSourceType) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileConfirmedIssueSeverity', $highProfile.ConfirmedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileGeneratedIssueSeverity', $highProfile.GeneratedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightSeverity', $highProfile.InsightSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightCount', $highProfile.InsightCount) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileInsightTypes', [Array]($highProfile.InsightTypes)) + $tenantSettingsHash.Add('AdaptiveProtectionHighProfileConfirmedIssue', $highProfile.ConfirmedIssue) + } + + # Medium Profile + if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.MediumProfile) + { + $mediumProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.MediumProfile + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileSourceType', $mediumProfile.ProfileSourceType) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileConfirmedIssueSeverity', $mediumProfile.ConfirmedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileGeneratedIssueSeverity', $mediumProfile.GeneratedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightSeverity', $mediumProfile.InsightSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightCount', $mediumProfile.InsightCount) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileInsightTypes', [Array]($mediumProfile.InsightTypes)) + $tenantSettingsHash.Add('AdaptiveProtectionMediumProfileConfirmedIssue', $mediumProfile.ConfirmedIssue) + } + + # Low Profile + if ($null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.LowProfile) + { + $lowProfile = $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.LowProfile + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileSourceType', $lowProfile.ProfileSourceType) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileConfirmedIssueSeverity', $lowProfile.ConfirmedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileGeneratedIssueSeverity', $lowProfile.GeneratedIssueSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightSeverity', $lowProfile.InsightSeverity) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightCount', $lowProfile.InsightCount) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileInsightTypes', [Array]($lowProfile.InsightTypes)) + $tenantSettingsHash.Add('AdaptiveProtectionLowProfileConfirmedIssue', $lowProfile.ConfirmedIssue) + } + + $tenantSettingsHash.Add('ProfileInScopeTimeSpan', $tenantSettings.DynamicRiskPreventionSettings.ProfileInScopeTimeSpan) + $tenantSettingsHash.Add('LookbackTimeSpan', $tenantSettings.DynamicRiskPreventionSettings.LookbackTimeSpan) + $tenantSettingsHash.Add('RetainSeverityAfterTriage', $tenantSettings.DynamicRiskPreventionSettings.RetainSeverityAfterTriage) + } + $tenantSettingsHash.Add('AdaptiveProtectionEnabled', $AdaptiveProtectionEnabledValue) + + $results += $tenantSettingsHash + } + + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $InsiderRiskScenario, + + [Parameter()] + [System.Boolean] + $Anonymization, + + [Parameter()] + [System.Boolean] + $DLPUserRiskSync, + + [Parameter()] + [System.Boolean] + $OptInIRMDataExport, + + [Parameter()] + [System.Boolean] + $RaiseAuditAlert, + + [Parameter()] + [System.String] + $FileVolCutoffLimits, + + [Parameter()] + [System.String] + $AlertVolume, + + [Parameter()] + [System.Boolean] + $AnomalyDetections, + + [Parameter()] + [System.Boolean] + $CopyToPersonalCloud, + + [Parameter()] + [System.Boolean] + $CopyToUSB, + + [Parameter()] + [System.Boolean] + $CumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $EmailExternal, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedEmployeePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedFamilyData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedHighVolumePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedNeighbourData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedRestrictedData, + + [Parameter()] + [System.Boolean] + $EpoBrowseToChildAbuseSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCriminalActivitySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCultSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToGamblingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHackingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHateIntoleranceSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToIllegalSoftwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToKeyloggerSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToLlmSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToMalwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPhishingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPornographySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToUnallowedDomain, + + [Parameter()] + [System.Boolean] + $EpoBrowseToViolenceSites, + + [Parameter()] + [System.Boolean] + $EpoCopyToClipboardFromSensitiveFile, + + [Parameter()] + [System.Boolean] + $EpoCopyToNetworkShare, + + [Parameter()] + [System.Boolean] + $EpoFileArchived, + + [Parameter()] + [System.Boolean] + $EpoFileCopiedToRemoteDesktopSession, + + [Parameter()] + [System.Boolean] + $EpoFileDeleted, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromBlacklistedDomain, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromEnterpriseDomain, + + [Parameter()] + [System.Boolean] + $EpoFileRenamed, + + [Parameter()] + [System.Boolean] + $EpoFileStagedToCentralLocation, + + [Parameter()] + [System.Boolean] + $EpoHiddenFileCreated, + + [Parameter()] + [System.Boolean] + $EpoRemovableMediaMount, + + [Parameter()] + [System.Boolean] + $EpoSensitiveFileRead, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppDownload, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileDelete, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileSharing, + + [Parameter()] + [System.Boolean] + $McasActivityFromInfrequentCountry, + + [Parameter()] + [System.Boolean] + $McasImpossibleTravel, + + [Parameter()] + [System.Boolean] + $McasMultipleFailedLogins, + + [Parameter()] + [System.Boolean] + $McasMultipleStorageDeletion, + + [Parameter()] + [System.Boolean] + $McasMultipleVMCreation, + + [Parameter()] + [System.Boolean] + $McasMultipleVMDeletion, + + [Parameter()] + [System.Boolean] + $McasSuspiciousAdminActivities, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudCreation, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudTrailLoggingChange, + + [Parameter()] + [System.Boolean] + $McasTerminatedEmployeeActivity, + + [Parameter()] + [System.Boolean] + $OdbDownload, + + [Parameter()] + [System.Boolean] + $OdbSyncDownload, + + [Parameter()] + [System.Boolean] + $PeerCumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $PhysicalAccess, + + [Parameter()] + [System.Boolean] + $PotentialHighImpactUser, + + [Parameter()] + [System.Boolean] + $Print, + + [Parameter()] + [System.Boolean] + $PriorityUserGroupMember, + + [Parameter()] + [System.Boolean] + $SecurityAlertDefenseEvasion, + + [Parameter()] + [System.Boolean] + $SecurityAlertUnwantedSoftware, + + [Parameter()] + [System.Boolean] + $SpoAccessRequest, + + [Parameter()] + [System.Boolean] + $SpoApprovedAccess, + + [Parameter()] + [System.Boolean] + $SpoDownload, + + [Parameter()] + [System.Boolean] + $SpoDownloadV2, + + [Parameter()] + [System.Boolean] + $SpoFileAccessed, + + [Parameter()] + [System.Boolean] + $SpoFileDeleted, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileLabelDowngraded, + + [Parameter()] + [System.Boolean] + $SpoFileLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoFileSharing, + + [Parameter()] + [System.Boolean] + $SpoFolderDeleted, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderSharing, + + [Parameter()] + [System.Boolean] + $SpoSiteExternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteInternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoSiteSharing, + + [Parameter()] + [System.Boolean] + $SpoSyncDownload, + + [Parameter()] + [System.Boolean] + $TeamsChannelFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChannelMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChatFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsFileDownload, + + [Parameter()] + [System.Boolean] + $TeamsFolderSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsSensitiveMessage, + + [Parameter()] + [System.Boolean] + $UserHistory, + + [Parameter()] + [System.Boolean] + $AWSS3BlockPublicAccessDisabled, + + [Parameter()] + [System.Boolean] + $AWSS3BucketDeleted, + + [Parameter()] + [System.Boolean] + $AWSS3PublicAccessEnabled, + + [Parameter()] + [System.Boolean] + $AWSS3ServerLoggingDisabled, + + [Parameter()] + [System.Boolean] + $AzureElevateAccessToAllSubscriptions, + + [Parameter()] + [System.Boolean] + $AzureResourceThreatProtectionSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerAuditingSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleDeleted, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleUpdated, + + [Parameter()] + [System.Boolean] + $AzureStorageAccountOrContainerDeleted, + + [Parameter()] + [System.Boolean] + $BoxContentAccess, + + [Parameter()] + [System.Boolean] + $BoxContentDelete, + + [Parameter()] + [System.Boolean] + $BoxContentDownload, + + [Parameter()] + [System.Boolean] + $BoxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $CCFinancialRegulatoryRiskyTextSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateContentSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateImagesSent, + + [Parameter()] + [System.Boolean] + $DropboxContentAccess, + + [Parameter()] + [System.Boolean] + $DropboxContentDelete, + + [Parameter()] + [System.Boolean] + $DropboxContentDownload, + + [Parameter()] + [System.Boolean] + $DropboxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentAccess, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentDelete, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentExternallyShared, + + [Parameter()] + [System.Boolean] + $PowerBIDashboardsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDownloaded, + + [Parameter()] + [System.Boolean] + $PowerBIReportsExported, + + [Parameter()] + [System.Boolean] + $PowerBIReportsViewed, + + [Parameter()] + [System.Boolean] + $PowerBISemanticModelsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelDowngradedForArtifacts, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelRemovedFromArtifacts, + + [Parameter()] + [System.String] + $HistoricTimeSpan, + + [Parameter()] + [System.String] + $InScopeTimeSpan, + + [Parameter()] + [System.Boolean] + $EnableTeam, + + [Parameter()] + [System.Boolean] + $AnalyticsNewInsightEnabled, + + [Parameter()] + [System.Boolean] + $AnalyticsTurnedOffEnabled, + + [Parameter()] + [System.Boolean] + $HighSeverityAlertsEnabled, + + [Parameter()] + [System.String[]] + $HighSeverityAlertsRoleGroups, + + [Parameter()] + [System.Boolean] + $PoliciesHealthEnabled, + + [Parameter()] + [System.String[]] + $PoliciesHealthRoleGroups, + + [Parameter()] + [System.Boolean] + $NotificationDetailsEnabled, + + [Parameter()] + [System.String[]] + $NotificationDetailsRoleGroups, + + [Parameter()] + [System.Boolean] + $ClipDeletionEnabled, + + [Parameter()] + [System.Boolean] + $SessionRecordingEnabled, + + [Parameter()] + [System.String] + $RecordingTimeframePreEventInSec, + + [Parameter()] + [System.String] + $RecordingTimeframePostEventInSec, + + [Parameter()] + [System.String] + $BandwidthCapInMb, + + [Parameter()] + [System.String] + $OfflineRecordingStorageLimitInMb, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionEnabled, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionHighProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionHighProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionMediumProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionMediumProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionLowProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionLowProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $ProfileInscopeTimeSpan, + + [Parameter()] + [System.UInt32] + $LookbackTimeSpan, + + [Parameter()] + [System.Boolean] + $RetainSeverityAfterTriage, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $indicatorsProperties = @('AnomalyDetections','CopyToPersonalCloud','CopyToUSB','CumulativeExfiltrationDetector', ` + 'EmailExternal','EmployeeAccessedEmployeePatientData','EmployeeAccessedFamilyData', ` + 'EmployeeAccessedHighVolumePatientData','EmployeeAccessedNeighbourData', ` + 'EmployeeAccessedRestrictedData','EpoBrowseToChildAbuseSites','EpoBrowseToCriminalActivitySites', ` + 'EpoBrowseToCultSites','EpoBrowseToGamblingSites','EpoBrowseToHackingSites', ` + 'EpoBrowseToHateIntoleranceSites','EpoBrowseToIllegalSoftwareSites','EpoBrowseToKeyloggerSites', ` + 'EpoBrowseToLlmSites','EpoBrowseToMalwareSites','EpoBrowseToPhishingSites', ` + 'EpoBrowseToPornographySites','EpoBrowseToUnallowedDomain','EpoBrowseToViolenceSites', ` + 'EpoCopyToClipboardFromSensitiveFile','EpoCopyToNetworkShare','EpoFileArchived', ` + 'EpoFileCopiedToRemoteDesktopSession','EpoFileDeleted','EpoFileDownloadedFromBlacklistedDomain', ` + 'EpoFileDownloadedFromEnterpriseDomain','EpoFileRenamed','EpoFileStagedToCentralLocation', ` + 'EpoHiddenFileCreated','EpoRemovableMediaMount','EpoSensitiveFileRead','Mcas3rdPartyAppDownload', ` + 'Mcas3rdPartyAppFileDelete','Mcas3rdPartyAppFileSharing','McasActivityFromInfrequentCountry', ` + 'McasImpossibleTravel','McasMultipleFailedLogins','McasMultipleStorageDeletion', ` + 'McasMultipleVMCreation','McasMultipleVMDeletion','McasSuspiciousAdminActivities', ` + 'McasSuspiciousCloudCreation','McasSuspiciousCloudTrailLoggingChange','McasTerminatedEmployeeActivity', ` + 'OdbDownload','OdbSyncDownload','PeerCumulativeExfiltrationDetector','PhysicalAccess', ` + 'PotentialHighImpactUser','Print','PriorityUserGroupMember','SecurityAlertDefenseEvasion', ` + 'SecurityAlertUnwantedSoftware','SpoAccessRequest','SpoApprovedAccess','SpoDownload','SpoDownloadV2', ` + 'SpoFileAccessed','SpoFileDeleted','SpoFileDeletedFromFirstStageRecycleBin', ` + 'SpoFileDeletedFromSecondStageRecycleBin','SpoFileLabelDowngraded','SpoFileLabelRemoved', ` + 'SpoFileSharing','SpoFolderDeleted','SpoFolderDeletedFromFirstStageRecycleBin', ` + 'SpoFolderDeletedFromSecondStageRecycleBin','SpoFolderSharing','SpoSiteExternalUserAdded', ` + 'SpoSiteInternalUserAdded','SpoSiteLabelRemoved','SpoSiteSharing','SpoSyncDownload', ` + 'TeamsChannelFileSharedExternal','TeamsChannelMemberAddedExternal','TeamsChatFileSharedExternal', ` + 'TeamsFileDownload','TeamsFolderSharedExternal','TeamsMemberAddedExternal','TeamsSensitiveMessage', ` + 'UserHistory') + + $indicatorValues = @() + foreach ($indicatorProperty in $indicatorsProperties) + { + if ($PSBoundParameters.ContainsKey($indicatorProperty)) + { + $indicatorValues += "{`"Name`":`"$indicatorProperty`",`"Type`":`"Insight`",`"Enabled`":$(($PSBoundParameters.$indicatorProperty).ToString().ToLower()),`"UseDefault`":true,`"ThresholdMode`":`"Default`"}" + } + } + + $extensibleIndicatorsProperties = @('AWSS3BlockPublicAccessDisabled','AWSS3BucketDeleted','AWSS3PublicAccessEnabled',` + 'AWSS3ServerLoggingDisabled','AzureElevateAccessToAllSubscriptions','AzureResourceThreatProtectionSettingsUpdated', ` + 'AzureSQLServerAuditingSettingsUpdated','AzureSQLServerFirewallRuleDeleted','AzureSQLServerFirewallRuleUpdated', ` + 'AzureStorageAccountOrContainerDeleted','BoxContentAccess','BoxContentDelete','BoxContentDownload','BoxContentExternallyShared', ` + 'CCFinancialRegulatoryRiskyTextSent','CCInappropriateContentSent','CCInappropriateImagesSent','DropboxContentAccess', ` + 'DropboxContentDelete','DropboxContentDownload','DropboxContentExternallyShared','GoogleDriveContentAccess', ` + 'GoogleDriveContentDelete','GoogleDriveContentExternallyShared','PowerBIDashboardsDeleted','PowerBIReportsDeleted', ` + 'PowerBIReportsDownloaded','PowerBIReportsExported','PowerBIReportsViewed','PowerBISemanticModelsDeleted', ` + 'PowerBISensitivityLabelDowngradedForArtifacts','PowerBISensitivityLabelRemovedFromArtifacts') + + $extensibleIndicatorsValues = @() + foreach ($extensibleIndicatorsProperty in $extensibleIndicatorsProperties) + { + if ($PSBoundParameters.ContainsKey($extensibleIndicatorsProperty)) + { + $extensibleIndicatorsValues += "{`"Name`":`"$extensibleIndicatorsProperty`",`"Type`":`"ExtensibleInsight`",`"Enabled`":$(($PSBoundParameters.$extensibleIndicatorsProperty).ToString().ToLower()),`"UseDefault`":true,`"ThresholdMode`":`"Default`"}" + } + } + + # Tenant Settings + $featureSettingsValue = "{`"Anonymization`":$($Anonymization.ToString().ToLower()), `"DLPUserRiskSync`":$($DLPUserRiskSync.ToString().ToLower()), `"OptInIRMDataExport`":$($OptInIRMDataExport.ToString().ToLower()), `"RaiseAuditAlert`":$($RaiseAuditAlert.ToString().ToLower()), `"EnableTeam`":$($EnableTeam.ToString().ToLower())}" + $intelligentDetectionValue = "{`"FileVolCutoffLimits`":`"$($FileVolCutoffLimits)`", `"AlertVolume`":`"$($AlertVolume)`"}" + + + $tenantSettingsValue = "{`"Region`":`"WW`", `"FeatureSettings`":$($featureSettingsValue), " + ` + "`"IntelligentDetections`":$($intelligentDetectionValue)" + if ($null -ne $AdaptiveProtectionEnabled) + { + Write-Verbose -Message "Adding Adaptive Protection setting to the set parameters." + $AdaptiveProtectionActivatonStatus = 1 + if ($AdaptiveProtectionEnabled) + { + $AdaptiveProtectionActivatonStatus = 0 + } + $dynamicRiskPreventionSettings = "{`"RetainSeverityAfterTriage`":$($RetainSeverityAfterTriage.ToString().ToLower()),`"ProfileInScopeTimeSpan`":$($ProfileInscopeTimeSpan), `"LookbackTimeSpan`":$($LookbackTimeSpan), `"DynamicRiskScenarioSettings`":[{`"ActivationStatus`":$AdaptiveProtectionActivatonStatus" + $dynamicRiskPreventionSettings += ", `"HighProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionHighProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionHighProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionHighProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionHighProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionHighProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionHighProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionHighProfileConfirmedIssue.ToString().ToLower())}" + $dynamicRiskPreventionSettings += ", `"MediumProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionMediumProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionMediumProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionMediumProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionMediumProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionMediumProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionMediumProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionMediumProfileConfirmedIssue.ToString().ToLower())}" + $dynamicRiskPreventionSettings += ", `"LowProfile`":{`"ProfileSourceType`":$($AdaptiveProtectionLowProfileSourceType), `"ConfirmedIssueSeverity`":$($AdaptiveProtectionLowProfileConfirmedIssueSeverity), `"GeneratedIssueSeverity`":$($AdaptiveProtectionLowProfileGeneratedIssueSeverity), `"InsightSeverity`": $($AdaptiveProtectionLowProfileInsightSeverity), `"InsightCount`": $($AdaptiveProtectionLowProfileInsightCount), `"InsightTypes`": [`"$($AdaptiveProtectionLowProfileInsightTypes -join '","')`"], `"ConfirmedIssue`": $($AdaptiveProtectionLowProfileConfirmedIssue.ToString().ToLower())}" + $dynamicRiskPreventionSettings += '}]}' + $tenantSettingsValue += ", `"DynamicRiskPreventionSettings`":$dynamicRiskPreventionSettings" + } + + $tenantSettingsValue += "}" + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new Insider Risk Policy {$Name} with values:`r`nIndicators: $($indicatorValues)`r`n`r`nExtensibleIndicators: $($extensibleIndicatorsValues)`r`n`r`nTenantSettings: $($tenantSettingsValue)`r`n`r`nSessionRecordingSettings: $($sessionRecordingValues)" + New-InsiderRiskPolicy -Name $Name -InsiderRiskScenario $InsiderRiskScenario ` + -Indicators $indicatorValues ` + -ExtensibleIndicators $extensibleIndicatorsValues ` + -TenantSetting $tenantSettingsValue ` + -HistoricTimeSpan $HistoricTimeSpan ` + -InScopeTimeSpan $InScopeTimeSpan ` + -SessionRecordingSettings $sessionRecordingValues + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating existing Insider Risk Policy {$Name} with values:`r`nIndicators: $($indicatorValues)`r`n`r`nExtensibleIndicators: $($extensibleIndicatorsValues)`r`n`r`nTenantSettings: $($tenantSettingsValue)`r`n`r`nSessionRecordingSettings: $($sessionRecordingValues)" + + if ($InsiderRiskScenario -eq 'SessionRecordingSetting') + { + $sessionRecordingValues = "{`"RecordingMode`":`"EventDriven`", `"RecordingTimeframePreEventInSec`":$($RecordingTimeframePreEventInSec),`"RecordingTimeframePostEventInSec`":$($RecordingTimeframePostEventInSec),`"BandwidthCapInMb`":$($BandwidthCapInMb),`"OfflineRecordingStorageLimitInMb`":$($OfflineRecordingStorageLimitInMb),`"ClipDeletionEnabled`":$($ClipDeletionEnabled.ToString().ToLower()),`"Enabled`":$($SessionRecordingEnabled.ToString().ToLower()),`"FpsNumerator`":0,`"FpsDenominator`":0}" + Write-Verbose -Message 'Updating Session Recording Settings' + Set-InsiderRiskPolicy -Identity $Name -SessionRecordingSettings $sessionRecordingValues | Out-Null + } + else + { + Set-InsiderRiskPolicy -Identity $Name -Indicators $indicatorValues ` + -ExtensibleIndicators $extensibleIndicatorsValues ` + -TenantSetting $tenantSettingsValue ` + -HistoricTimeSpan $HistoricTimeSpan ` + -InScopeTimeSpan $InScopeTimeSpan + } + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing Insider Risk Policy {$Name}" + Remove-InsiderRiskPolicy -Identity $Name -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $InsiderRiskScenario, + + [Parameter()] + [System.Boolean] + $Anonymization, + + [Parameter()] + [System.Boolean] + $DLPUserRiskSync, + + [Parameter()] + [System.Boolean] + $OptInIRMDataExport, + + [Parameter()] + [System.Boolean] + $RaiseAuditAlert, + + [Parameter()] + [System.String] + $FileVolCutoffLimits, + + [Parameter()] + [System.String] + $AlertVolume, + + [Parameter()] + [System.Boolean] + $AnomalyDetections, + + [Parameter()] + [System.Boolean] + $CopyToPersonalCloud, + + [Parameter()] + [System.Boolean] + $CopyToUSB, + + [Parameter()] + [System.Boolean] + $CumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $EmailExternal, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedEmployeePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedFamilyData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedHighVolumePatientData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedNeighbourData, + + [Parameter()] + [System.Boolean] + $EmployeeAccessedRestrictedData, + + [Parameter()] + [System.Boolean] + $EpoBrowseToChildAbuseSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCriminalActivitySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToCultSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToGamblingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHackingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToHateIntoleranceSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToIllegalSoftwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToKeyloggerSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToLlmSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToMalwareSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPhishingSites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToPornographySites, + + [Parameter()] + [System.Boolean] + $EpoBrowseToUnallowedDomain, + + [Parameter()] + [System.Boolean] + $EpoBrowseToViolenceSites, + + [Parameter()] + [System.Boolean] + $EpoCopyToClipboardFromSensitiveFile, + + [Parameter()] + [System.Boolean] + $EpoCopyToNetworkShare, + + [Parameter()] + [System.Boolean] + $EpoFileArchived, + + [Parameter()] + [System.Boolean] + $EpoFileCopiedToRemoteDesktopSession, + + [Parameter()] + [System.Boolean] + $EpoFileDeleted, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromBlacklistedDomain, + + [Parameter()] + [System.Boolean] + $EpoFileDownloadedFromEnterpriseDomain, + + [Parameter()] + [System.Boolean] + $EpoFileRenamed, + + [Parameter()] + [System.Boolean] + $EpoFileStagedToCentralLocation, + + [Parameter()] + [System.Boolean] + $EpoHiddenFileCreated, + + [Parameter()] + [System.Boolean] + $EpoRemovableMediaMount, + + [Parameter()] + [System.Boolean] + $EpoSensitiveFileRead, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppDownload, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileDelete, + + [Parameter()] + [System.Boolean] + $Mcas3rdPartyAppFileSharing, + + [Parameter()] + [System.Boolean] + $McasActivityFromInfrequentCountry, + + [Parameter()] + [System.Boolean] + $McasImpossibleTravel, + + [Parameter()] + [System.Boolean] + $McasMultipleFailedLogins, + + [Parameter()] + [System.Boolean] + $McasMultipleStorageDeletion, + + [Parameter()] + [System.Boolean] + $McasMultipleVMCreation, + + [Parameter()] + [System.Boolean] + $McasMultipleVMDeletion, + + [Parameter()] + [System.Boolean] + $McasSuspiciousAdminActivities, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudCreation, + + [Parameter()] + [System.Boolean] + $McasSuspiciousCloudTrailLoggingChange, + + [Parameter()] + [System.Boolean] + $McasTerminatedEmployeeActivity, + + [Parameter()] + [System.Boolean] + $OdbDownload, + + [Parameter()] + [System.Boolean] + $OdbSyncDownload, + + [Parameter()] + [System.Boolean] + $PeerCumulativeExfiltrationDetector, + + [Parameter()] + [System.Boolean] + $PhysicalAccess, + + [Parameter()] + [System.Boolean] + $PotentialHighImpactUser, + + [Parameter()] + [System.Boolean] + $Print, + + [Parameter()] + [System.Boolean] + $PriorityUserGroupMember, + + [Parameter()] + [System.Boolean] + $SecurityAlertDefenseEvasion, + + [Parameter()] + [System.Boolean] + $SecurityAlertUnwantedSoftware, + + [Parameter()] + [System.Boolean] + $SpoAccessRequest, + + [Parameter()] + [System.Boolean] + $SpoApprovedAccess, + + [Parameter()] + [System.Boolean] + $SpoDownload, + + [Parameter()] + [System.Boolean] + $SpoDownloadV2, + + [Parameter()] + [System.Boolean] + $SpoFileAccessed, + + [Parameter()] + [System.Boolean] + $SpoFileDeleted, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFileLabelDowngraded, + + [Parameter()] + [System.Boolean] + $SpoFileLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoFileSharing, + + [Parameter()] + [System.Boolean] + $SpoFolderDeleted, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromFirstStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderDeletedFromSecondStageRecycleBin, + + [Parameter()] + [System.Boolean] + $SpoFolderSharing, + + [Parameter()] + [System.Boolean] + $SpoSiteExternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteInternalUserAdded, + + [Parameter()] + [System.Boolean] + $SpoSiteLabelRemoved, + + [Parameter()] + [System.Boolean] + $SpoSiteSharing, + + [Parameter()] + [System.Boolean] + $SpoSyncDownload, + + [Parameter()] + [System.Boolean] + $TeamsChannelFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChannelMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsChatFileSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsFileDownload, + + [Parameter()] + [System.Boolean] + $TeamsFolderSharedExternal, + + [Parameter()] + [System.Boolean] + $TeamsMemberAddedExternal, + + [Parameter()] + [System.Boolean] + $TeamsSensitiveMessage, + + [Parameter()] + [System.Boolean] + $UserHistory, + + [Parameter()] + [System.Boolean] + $AWSS3BlockPublicAccessDisabled, + + [Parameter()] + [System.Boolean] + $AWSS3BucketDeleted, + + [Parameter()] + [System.Boolean] + $AWSS3PublicAccessEnabled, + + [Parameter()] + [System.Boolean] + $AWSS3ServerLoggingDisabled, + + [Parameter()] + [System.Boolean] + $AzureElevateAccessToAllSubscriptions, + + [Parameter()] + [System.Boolean] + $AzureResourceThreatProtectionSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerAuditingSettingsUpdated, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleDeleted, + + [Parameter()] + [System.Boolean] + $AzureSQLServerFirewallRuleUpdated, + + [Parameter()] + [System.Boolean] + $AzureStorageAccountOrContainerDeleted, + + [Parameter()] + [System.Boolean] + $BoxContentAccess, + + [Parameter()] + [System.Boolean] + $BoxContentDelete, + + [Parameter()] + [System.Boolean] + $BoxContentDownload, + + [Parameter()] + [System.Boolean] + $BoxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $CCFinancialRegulatoryRiskyTextSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateContentSent, + + [Parameter()] + [System.Boolean] + $CCInappropriateImagesSent, + + [Parameter()] + [System.Boolean] + $DropboxContentAccess, + + [Parameter()] + [System.Boolean] + $DropboxContentDelete, + + [Parameter()] + [System.Boolean] + $DropboxContentDownload, + + [Parameter()] + [System.Boolean] + $DropboxContentExternallyShared, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentAccess, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentDelete, + + [Parameter()] + [System.Boolean] + $GoogleDriveContentExternallyShared, + + [Parameter()] + [System.Boolean] + $PowerBIDashboardsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBIReportsDownloaded, + + [Parameter()] + [System.Boolean] + $PowerBIReportsExported, + + [Parameter()] + [System.Boolean] + $PowerBIReportsViewed, + + [Parameter()] + [System.Boolean] + $PowerBISemanticModelsDeleted, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelDowngradedForArtifacts, + + [Parameter()] + [System.Boolean] + $PowerBISensitivityLabelRemovedFromArtifacts, + + [Parameter()] + [System.String] + $HistoricTimeSpan, + + [Parameter()] + [System.String] + $InScopeTimeSpan, + + [Parameter()] + [System.Boolean] + $EnableTeam, + + [Parameter()] + [System.Boolean] + $AnalyticsNewInsightEnabled, + + [Parameter()] + [System.Boolean] + $AnalyticsTurnedOffEnabled, + + [Parameter()] + [System.Boolean] + $HighSeverityAlertsEnabled, + + [Parameter()] + [System.String[]] + $HighSeverityAlertsRoleGroups, + + [Parameter()] + [System.Boolean] + $PoliciesHealthEnabled, + + [Parameter()] + [System.String[]] + $PoliciesHealthRoleGroups, + + [Parameter()] + [System.Boolean] + $NotificationDetailsEnabled, + + [Parameter()] + [System.String[]] + $NotificationDetailsRoleGroups, + + [Parameter()] + [System.Boolean] + $ClipDeletionEnabled, + + [Parameter()] + [System.Boolean] + $SessionRecordingEnabled, + + [Parameter()] + [System.String] + $RecordingTimeframePreEventInSec, + + [Parameter()] + [System.String] + $RecordingTimeframePostEventInSec, + + [Parameter()] + [System.String] + $BandwidthCapInMb, + + [Parameter()] + [System.String] + $OfflineRecordingStorageLimitInMb, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionEnabled, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionHighProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionHighProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionHighProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionMediumProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionMediumProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionMediumProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileSourceType, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileConfirmedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileGeneratedIssueSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightSeverity, + + [Parameter()] + [System.UInt32] + $AdaptiveProtectionLowProfileInsightCount, + + [Parameter()] + [System.String[]] + $AdaptiveProtectionLowProfileInsightTypes, + + [Parameter()] + [System.Boolean] + $AdaptiveProtectionLowProfileConfirmedIssue, + + [Parameter()] + [System.UInt32] + $ProfileInscopeTimeSpan, + + [Parameter()] + [System.UInt32] + $LookbackTimeSpan, + + [Parameter()] + [System.Boolean] + $RetainSeverityAfterTriage, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-InsiderRiskPolicy -ErrorAction Stop + + $dscContent = '' + $i = 1 + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + InsiderRiskScenario = $config.InsiderRiskScenario + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + $i++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof new file mode 100644 index 0000000000..dccbecd928 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof @@ -0,0 +1,179 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SCInsiderRiskPolicy")] +class MSFT_SCInsiderRiskPolicy : OMI_BaseResource +{ + [Key, Description("Name of the insider risk policy.")] string Name; + [Key, Description("Name of the scenario supported by the policy.")] string InsiderRiskScenario; + [Write, Description("Official documentation to come.")] Boolean Anonymization; + [Write, Description("Official documentation to come.")] Boolean DLPUserRiskSync; + [Write, Description("Official documentation to come.")] Boolean OptInIRMDataExport; + [Write, Description("Official documentation to come.")] Boolean RaiseAuditAlert; + [Write, Description("Official documentation to come.")] String FileVolCutoffLimits; + [Write, Description("Official documentation to come.")] String AlertVolume; + [Write, Description("Official documentation to come.")] Boolean AnomalyDetections; + [Write, Description("Official documentation to come.")] Boolean CopyToPersonalCloud; + [Write, Description("Official documentation to come.")] Boolean CopyToUSB; + [Write, Description("Official documentation to come.")] Boolean CumulativeExfiltrationDetector; + [Write, Description("Official documentation to come.")] Boolean EmailExternal; + [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedEmployeePatientData; + [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedFamilyData; + [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedHighVolumePatientData; + [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedNeighbourData; + [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedRestrictedData; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToChildAbuseSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToCriminalActivitySites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToCultSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToGamblingSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToHackingSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToHateIntoleranceSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToIllegalSoftwareSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToKeyloggerSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToLlmSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToMalwareSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToPhishingSites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToPornographySites; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToUnallowedDomain; + [Write, Description("Official documentation to come.")] Boolean EpoBrowseToViolenceSites; + [Write, Description("Official documentation to come.")] Boolean EpoCopyToClipboardFromSensitiveFile; + [Write, Description("Official documentation to come.")] Boolean EpoCopyToNetworkShare; + [Write, Description("Official documentation to come.")] Boolean EpoFileArchived; + [Write, Description("Official documentation to come.")] Boolean EpoFileCopiedToRemoteDesktopSession; + [Write, Description("Official documentation to come.")] Boolean EpoFileDeleted; + [Write, Description("Official documentation to come.")] Boolean EpoFileDownloadedFromBlacklistedDomain; + [Write, Description("Official documentation to come.")] Boolean EpoFileDownloadedFromEnterpriseDomain; + [Write, Description("Official documentation to come.")] Boolean EpoFileRenamed; + [Write, Description("Official documentation to come.")] Boolean EpoFileStagedToCentralLocation; + [Write, Description("Official documentation to come.")] Boolean EpoHiddenFileCreated; + [Write, Description("Official documentation to come.")] Boolean EpoRemovableMediaMount; + [Write, Description("Official documentation to come.")] Boolean EpoSensitiveFileRead; + [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppDownload; + [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppFileDelete; + [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppFileSharing; + [Write, Description("Official documentation to come.")] Boolean McasActivityFromInfrequentCountry; + [Write, Description("Official documentation to come.")] Boolean McasImpossibleTravel; + [Write, Description("Official documentation to come.")] Boolean McasMultipleFailedLogins; + [Write, Description("Official documentation to come.")] Boolean McasMultipleStorageDeletion; + [Write, Description("Official documentation to come.")] Boolean McasMultipleVMCreation; + [Write, Description("Official documentation to come.")] Boolean McasMultipleVMDeletion; + [Write, Description("Official documentation to come.")] Boolean McasSuspiciousAdminActivities; + [Write, Description("Official documentation to come.")] Boolean McasSuspiciousCloudCreation; + [Write, Description("Official documentation to come.")] Boolean McasSuspiciousCloudTrailLoggingChange; + [Write, Description("Official documentation to come.")] Boolean McasTerminatedEmployeeActivity; + [Write, Description("Official documentation to come.")] Boolean OdbDownload; + [Write, Description("Official documentation to come.")] Boolean OdbSyncDownload; + [Write, Description("Official documentation to come.")] Boolean PeerCumulativeExfiltrationDetector; + [Write, Description("Official documentation to come.")] Boolean PhysicalAccess; + [Write, Description("Official documentation to come.")] Boolean PotentialHighImpactUser; + [Write, Description("Official documentation to come.")] Boolean Print; + [Write, Description("Official documentation to come.")] Boolean PriorityUserGroupMember; + [Write, Description("Official documentation to come.")] Boolean SecurityAlertDefenseEvasion; + [Write, Description("Official documentation to come.")] Boolean SecurityAlertUnwantedSoftware; + [Write, Description("Official documentation to come.")] Boolean SpoAccessRequest; + [Write, Description("Official documentation to come.")] Boolean SpoApprovedAccess; + [Write, Description("Official documentation to come.")] Boolean SpoDownload; + [Write, Description("Official documentation to come.")] Boolean SpoDownloadV2; + [Write, Description("Official documentation to come.")] Boolean SpoFileAccessed; + [Write, Description("Official documentation to come.")] Boolean SpoFileDeleted; + [Write, Description("Official documentation to come.")] Boolean SpoFileDeletedFromFirstStageRecycleBin; + [Write, Description("Official documentation to come.")] Boolean SpoFileDeletedFromSecondStageRecycleBin; + [Write, Description("Official documentation to come.")] Boolean SpoFileLabelDowngraded; + [Write, Description("Official documentation to come.")] Boolean SpoFileLabelRemoved; + [Write, Description("Official documentation to come.")] Boolean SpoFileSharing; + [Write, Description("Official documentation to come.")] Boolean SpoFolderDeleted; + [Write, Description("Official documentation to come.")] Boolean SpoFolderDeletedFromFirstStageRecycleBin; + [Write, Description("Official documentation to come.")] Boolean SpoFolderDeletedFromSecondStageRecycleBin; + [Write, Description("Official documentation to come.")] Boolean SpoFolderSharing; + [Write, Description("Official documentation to come.")] Boolean SpoSiteExternalUserAdded; + [Write, Description("Official documentation to come.")] Boolean SpoSiteInternalUserAdded; + [Write, Description("Official documentation to come.")] Boolean SpoSiteLabelRemoved; + [Write, Description("Official documentation to come.")] Boolean SpoSiteSharing; + [Write, Description("Official documentation to come.")] Boolean SpoSyncDownload; + [Write, Description("Official documentation to come.")] Boolean TeamsChannelFileSharedExternal; + [Write, Description("Official documentation to come.")] Boolean TeamsChannelMemberAddedExternal; + [Write, Description("Official documentation to come.")] Boolean TeamsChatFileSharedExternal; + [Write, Description("Official documentation to come.")] Boolean TeamsFileDownload; + [Write, Description("Official documentation to come.")] Boolean TeamsFolderSharedExternal; + [Write, Description("Official documentation to come.")] Boolean TeamsMemberAddedExternal; + [Write, Description("Official documentation to come.")] Boolean TeamsSensitiveMessage; + [Write, Description("Official documentation to come.")] Boolean UserHistory; + [Write, Description("Official documentation to come.")] Boolean AWSS3BlockPublicAccessDisabled; + [Write, Description("Official documentation to come.")] Boolean AWSS3BucketDeleted; + [Write, Description("Official documentation to come.")] Boolean AWSS3PublicAccessEnabled; + [Write, Description("Official documentation to come.")] Boolean AWSS3ServerLoggingDisabled; + [Write, Description("Official documentation to come.")] Boolean AzureElevateAccessToAllSubscriptions; + [Write, Description("Official documentation to come.")] Boolean AzureResourceThreatProtectionSettingsUpdated; + [Write, Description("Official documentation to come.")] Boolean AzureSQLServerAuditingSettingsUpdated; + [Write, Description("Official documentation to come.")] Boolean AzureSQLServerFirewallRuleDeleted; + [Write, Description("Official documentation to come.")] Boolean AzureSQLServerFirewallRuleUpdated; + [Write, Description("Official documentation to come.")] Boolean AzureStorageAccountOrContainerDeleted; + [Write, Description("Official documentation to come.")] Boolean BoxContentAccess; + [Write, Description("Official documentation to come.")] Boolean BoxContentDelete; + [Write, Description("Official documentation to come.")] Boolean BoxContentDownload; + [Write, Description("Official documentation to come.")] Boolean BoxContentExternallyShared; + [Write, Description("Official documentation to come.")] Boolean CCFinancialRegulatoryRiskyTextSent; + [Write, Description("Official documentation to come.")] Boolean CCInappropriateContentSent; + [Write, Description("Official documentation to come.")] Boolean CCInappropriateImagesSent; + [Write, Description("Official documentation to come.")] Boolean DropboxContentAccess; + [Write, Description("Official documentation to come.")] Boolean DropboxContentDelete; + [Write, Description("Official documentation to come.")] Boolean DropboxContentDownload; + [Write, Description("Official documentation to come.")] Boolean DropboxContentExternallyShared; + [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentAccess; + [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentDelete; + [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentExternallyShared; + [Write, Description("Official documentation to come.")] Boolean PowerBIDashboardsDeleted; + [Write, Description("Official documentation to come.")] Boolean PowerBIReportsDeleted; + [Write, Description("Official documentation to come.")] Boolean PowerBIReportsDownloaded; + [Write, Description("Official documentation to come.")] Boolean PowerBIReportsExported; + [Write, Description("Official documentation to come.")] Boolean PowerBIReportsViewed; + [Write, Description("Official documentation to come.")] Boolean PowerBISemanticModelsDeleted; + [Write, Description("Official documentation to come.")] Boolean PowerBISensitivityLabelDowngradedForArtifacts; + [Write, Description("Official documentation to come.")] Boolean PowerBISensitivityLabelRemovedFromArtifacts; + [Write, Description("Official documentation to come.")] String HistoricTimeSpan; + [Write, Description("Official documentation to come.")] String InScopeTimeSpan; + [Write, Description("Official documentation to come.")] Boolean EnableTeam; + [Write, Description("Official documentation to come.")] Boolean AnalyticsNewInsightEnabled; + [Write, Description("Official documentation to come.")] Boolean AnalyticsTurnedOffEnabled; + [Write, Description("Official documentation to come.")] Boolean HighSeverityAlertsEnabled; + [Write, Description("Official documentation to come.")] String HighSeverityAlertsRoleGroups[]; + [Write, Description("Official documentation to come.")] Boolean PoliciesHealthEnabled; + [Write, Description("Official documentation to come.")] String PoliciesHealthRoleGroups[]; + [Write, Description("Official documentation to come.")] Boolean NotificationDetailsEnabled; + [Write, Description("Official documentation to come.")] String NotificationDetailsRoleGroups[]; + [Write, Description("Official documentation to come.")] Boolean ClipDeletionEnabled; + [Write, Description("Official documentation to come.")] Boolean SessionRecordingEnabled; + [Write, Description("Official documentation to come.")] String RecordingTimeframePreEventInSec; + [Write, Description("Official documentation to come.")] String RecordingTimeframePostEventInSec; + [Write, Description("Official documentation to come.")] String BandwidthCapInMb; + [Write, Description("Official documentation to come.")] String OfflineRecordingStorageLimitInMb; + [Write, Description("Determines if Adaptive Protection is enabled for Purview.")] Boolean AdaptiveProtectionEnabled; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileSourceType; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileConfirmedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileGeneratedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileInsightSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileInsightCount; + [Write, Description("Official documentation to come.")] String AdaptiveProtectionHighProfileInsightTypes[]; + [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionHighProfileConfirmedIssue; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileSourceType; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileConfirmedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileGeneratedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileInsightSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileInsightCount; + [Write, Description("Official documentation to come.")] String AdaptiveProtectionMediumProfileInsightTypes[]; + [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionMediumProfileConfirmedIssue; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileSourceType; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileConfirmedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileGeneratedIssueSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileInsightSeverity; + [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileInsightCount; + [Write, Description("Official documentation to come.")] String AdaptiveProtectionLowProfileInsightTypes[]; + [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionLowProfileConfirmedIssue; + [Write, Description("Official documentation to come.")] Boolean RetainSeverityAfterTriage; + [Write, Description("Official documentation to come.")] UInt32 LookbackTimeSpan; + [Write, Description("Official documentation to come.")] UInt32 ProfileInScopeTimeSpan; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/readme.md new file mode 100644 index 0000000000..eab9d9aa11 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/readme.md @@ -0,0 +1,6 @@ + +# SCInsiderRiskPolicy + +## Description + +Configures Insider Risk Policies in Purview. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/settings.json new file mode 100644 index 0000000000..5738537aa8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "SCInsiderRiskPolicy", + "description": "Configures Insider Risk Policies in Purview.", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Compliance Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.psm1 new file mode 100644 index 0000000000..0c53f3c54a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.psm1 @@ -0,0 +1,381 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $IsCustomizedNotificationTemplate, + + [Parameter()] + [System.Boolean] + $IsCustomizedReminderTemplate, + + [Parameter()] + [System.String] + $CustomizedNotificationDataString, + + [Parameter()] + [System.String] + $CustomizedReminderDataString, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances[0] + } + else + { + $instance = Get-RecordReviewNotificationTemplateConfig -ErrorAction Stop + } + if ($null -eq $instance) + { + throw "Couldn't retrieve the Record Management Disposition settings" + } + + $results = @{ + IsSingleInstance = 'Yes' + IsCustomizedNotificationTemplate = $instance.IsCustomizedNotificationTemplate + IsCustomizedReminderTemplate = $instance.IsCustomizedReminderTemplate + CustomizedNotificationDataString = $instance.CustomizedNotificationDataString + CustomizedReminderDataString = $instance.CustomizedReminderDataString + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $IsCustomizedNotificationTemplate, + + [Parameter()] + [System.Boolean] + $IsCustomizedReminderTemplate, + + [Parameter()] + [System.String] + $CustomizedNotificationDataString, + + [Parameter()] + [System.String] + $CustomizedReminderDataString, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Updating the Records Management Disposition settings for Purview' + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Remove('IsSingleInstance') | Out-Null + Set-RecordReviewNotificationTemplateConfig @setParameters +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $IsCustomizedNotificationTemplate, + + [Parameter()] + [System.Boolean] + $IsCustomizedReminderTemplate, + + [Parameter()] + [System.String] + $CustomizedNotificationDataString, + + [Parameter()] + [System.String] + $CustomizedReminderDataString, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-RecordReviewNotificationTemplateConfig -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.schema.mof new file mode 100644 index 0000000000..1713a5828f --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/MSFT_SCRecordReviewNotificationTemplateConfig.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SCRecordReviewNotificationTemplateConfig")] +class MSFT_SCRecordReviewNotificationTemplateConfig : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"),ValueMap{"Yes"},Values{"Yes"}] String IsSingleInstance; + [Write, Description("The CustomizedNotificationDataString parameter specifies the customized review notification text to use. If the value contains spaces, enclose the value in quotation marks.")] String CustomizedNotificationDataString; + [Write, Description("The CustomizedReminderDataString parameter specifies the customized review reminder text to use. If the value contains spaces, enclose the value in quotation marks.")] String CustomizedReminderDataString; + [Write, Description("The IsCustomizedNotificationTemplate switch specifies whether to use a customized review notification instead of the system default notification.")] Boolean IsCustomizedNotificationTemplate; + [Write, Description("The IsCustomizedReminderTemplate switch specifies whether to use a customized review reminder instead of the system default reminder.")] Boolean IsCustomizedReminderTemplate; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/readme.md new file mode 100644 index 0000000000..ae0f575028 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/readme.md @@ -0,0 +1,6 @@ + +# SCRecordReviewNotificationTemplateConfig + +## Description + +Configures Purview Records Management disposition settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/settings.json new file mode 100644 index 0000000000..410be122f2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRecordReviewNotificationTemplateConfig/settings.json @@ -0,0 +1,16 @@ +{ + "resourceName": "SCRecordReviewNotificationTemplateConfig", + "description": "Configures Purview Records Management disposition settings.", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 index 5533d71d2f..171c460360 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 @@ -9,6 +9,11 @@ function Get-TargetResource [System.String] $Name, + [Parameter()] + [ValidateLength(1, 256)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $Description, @@ -95,8 +100,9 @@ function Get-TargetResource { $result = @{ Name = $RoleGroup.Name + DisplayName = $RoleGroup.DisplayName Description = $RoleGroup.Description - Roles = $RoleGroup.Roles + Roles = $RoleGroup.Roles -replace "^.*\/(?=[^\/]*$)" Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -134,6 +140,11 @@ function Set-TargetResource [System.String] $Name, + [Parameter()] + [ValidateLength(1, 256)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $Description, @@ -205,6 +216,14 @@ function Set-TargetResource Roles = $Roles Confirm = $false } + # Add DisplayName Parameter equals Name if null or Empty as creation with no value will lead to a corrupted state of the created RoleGroup + if ([System.String]::IsNullOrEmpty($DisplayName)) + { + $NewRoleGroupParams.Add('DisplayName', $Name) + } + else { + $NewRoleGroupParams.Add('DisplayName', $DisplayName) + } # Remove Description Parameter if null or Empty as the creation fails with $null parameter if ([System.String]::IsNullOrEmpty($Description)) { @@ -240,6 +259,11 @@ function Test-TargetResource [System.String] $Name, + [Parameter()] + [ValidateLength(1, 256)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $Description, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof index 9348360605..466581fdae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof @@ -2,6 +2,7 @@ class MSFT_SCRoleGroup : OMI_BaseResource { [Key, Description("The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.")] String Name; + [Write, Description("The DisplayName parameter specifies the friendly name of the role group. If the name contains spaces, enclose the name in quotation marks. This parameter has a maximum length of 256 characters.")] String DisplayName; [Write, Description("The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks")] String Description; [Write, Description("The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.")] String Roles[]; [Write, Description("Specify if the Role Group should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index 056f92cf9f..badac1d9d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -1,3 +1,84 @@ +$allTrainableClassifiers = @( + [PSCustomObject]@{ Name = "Actuary reports"; Id = "b27df2ee-fd14-4ce9-b02f-4070a5d68132" } + [PSCustomObject]@{ Name = "Agreements"; Id = "7f12e403-5335-4da8-a91e-6c2210b7a2b1" } + [PSCustomObject]@{ Name = "Asset Management"; Id = "716fb550-90cd-493b-b29b-ceed41ee8a6f" } + [PSCustomObject]@{ Name = "Bank statement"; Id = "f426bd16-e42e-4397-824b-f17dedc5bb1c" } + [PSCustomObject]@{ Name = "Budget"; Id = "6f207592-f71e-4b4f-8c07-ebc4bd4965b9" } + [PSCustomObject]@{ Name = "Business Context"; Id = "08b772df-bf93-457f-be23-b5cbf02005fd" } + [PSCustomObject]@{ Name = "Business plan"; Id = "693f8221-ae4e-4612-80f5-746efee167c3" } + [PSCustomObject]@{ Name = "Completion Certificates"; Id = "b2580781-286b-4ad2-ab47-84e84ff331e5" } + [PSCustomObject]@{ Name = "Compliance policies"; Id = "fdad8089-651b-4877-8b66-be105b2e57da" } + [PSCustomObject]@{ Name = "Construction specifications"; Id = "bfde18ef-b4b9-4f30-9965-ef8d00861a2c" } + [PSCustomObject]@{ Name = "Control System and SCADA files"; Id = "59f1f471-687d-453b-a73e-0b0e9f350812" } + [PSCustomObject]@{ Name = "Corporate Sabotage"; Id = "d88960c3-6101-43d9-9250-8c43c71d638a" } + [PSCustomObject]@{ Name = "Credit Report"; Id = "07ce7d30-690a-4a1c-a331-8df9c944f1ab" } + [PSCustomObject]@{ Name = "Customer Complaints"; Id = "8137d8fc-fb7a-40db-9009-284f962fde96" } + [PSCustomObject]@{ Name = "Customer Files"; Id = "fdff9df2-03ba-4372-be97-82c0d2515118" } + [PSCustomObject]@{ Name = "Discrimination"; Id = "a65c4ab6-a155-11eb-921c-6c0b84aa8ea5" } + [PSCustomObject]@{ Name = "Employee disciplinary action files"; Id = "769d56c1-e737-4fc1-8673-8c99bbe24a07" } + [PSCustomObject]@{ Name = "Employee Insurance files"; Id = "fa982a9f-9454-4885-a2bf-94a155df2f33" } + [PSCustomObject]@{ Name = "Employee Pension Records"; Id = "f9ae0bbc-a1e0-4b7e-a96a-eb60b26b4434" } + [PSCustomObject]@{ Name = "Employee Stocks and Financial Bond Records"; Id = "a67b2b59-c5f0-4c66-a6c4-ca6973adfd94" } + [PSCustomObject]@{ Name = "Employment Agreement"; Id = "2a2baab7-b82c-4166-bbe4-55f9d3fd1129" } + [PSCustomObject]@{ Name = "Enterprise Risk Management"; Id = "eed09aae-6f32-47c7-9c99-9d17bad48783" } + [PSCustomObject]@{ Name = "Environmental permits and clearances"; Id = "1b7d3e51-0ecf-41bd-9794-966c94a889ba" } + [PSCustomObject]@{ Name = "Facility Permits"; Id = "914c5379-9d05-47cb-98f0-f5a2be059b5a" } + [PSCustomObject]@{ Name = "factory Incident Investigation reports"; Id = "86186144-d507-4603-bac7-50b56ba05c70" } + [PSCustomObject]@{ Name = "Finance"; Id = "1771481d-a337-4dbf-8e64-af8da0cc3ee9" } + [PSCustomObject]@{ Name = "Finance policies and procedures"; Id = "6556c5eb-0819-4618-ba2e-59925925655e" } + [PSCustomObject]@{ Name = "Financial Audit Reports"; Id = "b04b2a4e-22f8-4024-8adc-e2caaad1c2e2" } + [PSCustomObject]@{ Name = "Financial statement"; Id = "c31bfef9-8045-4a35-88a3-74b8681615c2" } + [PSCustomObject]@{ Name = "Freight Documents"; Id = "785917ed-db01-43c7-8153-8a6fc393efa3" } + [PSCustomObject]@{ Name = "Garnishment"; Id = "65e827c3-f8e8-4bc8-b08c-c31e3132b832" } + [PSCustomObject]@{ Name = "Gifts \u0026 entertainment"; Id = "3b3d817a-9190-465b-af2d-9e856f894059" } + [PSCustomObject]@{ Name = "Health/Medical forms"; Id = "7cc60f30-9e96-4d51-b26f-3d7a9df56338" } + [PSCustomObject]@{ Name = "Healthcare"; Id = "dcbada08-65bf-4561-b140-25d8fee4d143" } + [PSCustomObject]@{ Name = "HR"; Id = "11631f87-7ffe-4052-b173-abda16b231f3" } + [PSCustomObject]@{ Name = "Invoice"; Id = "bf7df7c3-fce4-4ffd-ab90-26f6463f3a00" } + [PSCustomObject]@{ Name = "IP"; Id = "495fad07-d6e4-4da4-9c64-5b9b109a5f59" } + [PSCustomObject]@{ Name = "IT"; Id = "77a140be-c29f-4155-9dc4-c3e247e47560" } + [PSCustomObject]@{ Name = "IT Infra and Network Security Documents"; Id = "bc55de38-cb72-43e6-952f-8422f584f229" } + [PSCustomObject]@{ Name = "Lease Deeds"; Id = "841f54ad-3e31-4ddd-aea0-e7f0cd6b3d18" } + [PSCustomObject]@{ Name = "Legal Affairs"; Id = "ba38aa0f-8c86-4c73-87db-95147a0f4420" } + [PSCustomObject]@{ Name = "Legal Agreements"; Id = "bee9cefb-88bd-410f-ab3e-67cab21cef46" } + [PSCustomObject]@{ Name = "Letter of Credits"; Id = "fd85acd5-59dd-49b2-a4c3-df7075885a82" } + [PSCustomObject]@{ Name = "License agreement"; Id = "b399eb17-c9c4-4205-951b-43f38eb8dffe" } + [PSCustomObject]@{ Name = "Loan agreements and offer letters"; Id = "5771fa57-34a1-48b3-93df-778b304daa54" } + [PSCustomObject]@{ Name = "M&A Files"; Id = "eeffbf7c-fd04-40ef-a156-b37bf61832f7" } + [PSCustomObject]@{ Name = "Manufacturing batch records"; Id = "834b2353-509a-4605-b4f1-fc2172a0d97c" } + [PSCustomObject]@{ Name = "Marketing Collaterals"; Id = "fcaa6d2a-601c-4bdc-947e-af1178a646ac" } + [PSCustomObject]@{ Name = "Meeting notes"; Id = "e7ff9a9e-4689-4192-b927-e6c6bdf099fc" } + [PSCustomObject]@{ Name = "Money laundering"; Id = "adbbb20e-b175-46e7-8ba2-cf3f3179d0ed" } + [PSCustomObject]@{ Name = "MoU Files (Memorandum of understanding)"; Id = "cb37c277-4b88-49c6-81fb-2eeca8c52bb9" } + [PSCustomObject]@{ Name = "Network Design files"; Id = "12587d70-9596-4c21-b09f-f1abe9d6ca13" } + [PSCustomObject]@{ Name = "Non disclosure agreement"; Id = "8dfd10db-0c72-4be4-a4f2-f615fe7aeb1c" } + [PSCustomObject]@{ Name = "OSHA records"; Id = "b11b771e-7dd1-4434-873a-d648a16e969e" } + [PSCustomObject]@{ Name = "Paystub"; Id = "31c11384-2d64-4635-9335-018295c64268" } + [PSCustomObject]@{ Name = "Personal Financial Information"; Id = "6901c616-5857-432f-b3da-f5234fa1d342" } + [PSCustomObject]@{ Name = "Procurement"; Id = "8fa64a47-6e77-4b4c-91a5-0f67525cebf5" } + [PSCustomObject]@{ Name = "Profanity"; Id = "4b0aa61d-37dc-4596-a1f1-fc5a5b21d56b" } + [PSCustomObject]@{ Name = "Project documents"; Id = "e062df90-816c-47ca-8913-db647510d3b5" } + [PSCustomObject]@{ Name = "Quality assurance files"; Id = "97b1e0d3-7788-4dd4-bb18-48ea77796743" } + [PSCustomObject]@{ Name = "Quotation"; Id = "3882e681-c437-42d8-ac75-1f9b7481fe13" } + [PSCustomObject]@{ Name = "Regulatory Collusion"; Id = "911b7815-6883-4022-a882-9cbe9462f114" } + [PSCustomObject]@{ Name = "Resume"; Id = "14b2da41-0427-47e9-a11b-c924e1d05689" } + [PSCustomObject]@{ Name = "Safety Records"; Id = "938fb100-5b1f-4bbb-aba7-73d9c89d086f" } + [PSCustomObject]@{ Name = "Sales and revenue"; Id = "9d6b864d-28c6-4be3-a9d0-cd40434a847f" } + [PSCustomObject]@{ Name = "Software Product Development Files"; Id = "813aa6d8-0727-48d8-acb7-06e1819ee339" } + [PSCustomObject]@{ Name = "Source code"; Id = "8aef6743-61aa-44b9-9ae5-3bb3d77df535" } + [PSCustomObject]@{ Name = "Standard Operating Procedures and Manuals"; Id = "32f23ad4-2ca1-4495-8048-8dc567891644" } + [PSCustomObject]@{ Name = "Statement of Accounts"; Id = "fe3676a6-0f5d-4990-bb46-9b2b31d7746a" } + [PSCustomObject]@{ Name = "Statement of Work"; Id = "611c95f9-b1ef-4253-8b36-d8ae19d02fb0" } + [PSCustomObject]@{ Name = "Stock manipulation"; Id = "1140cd79-ad87-4043-a562-c768acacc6ba" } + [PSCustomObject]@{ Name = "Strategic planning documents"; Id = "9332b317-2ca4-413a-b983-92a1bd88c6f3" } + [PSCustomObject]@{ Name = "Targeted Harassment"; Id = "a02ddb8e-3c93-44ac-87c1-2f682b1cb78e" } + [PSCustomObject]@{ Name = "Tax"; Id = "9722b51a-f920-4a81-8390-b188a0692840" } + [PSCustomObject]@{ Name = "Threat"; Id = "ef2edb64-6982-4648-b0ad-c0d8a861501b" } + [PSCustomObject]@{ Name = "Unauthorized disclosure"; Id = "839aecf8-c67b-4270-8aaf-378127b23b7f" } + [PSCustomObject]@{ Name = "Wire transfer"; Id = "05fc5ed0-58ef-4306-b65c-11b0a43895c2" } + [PSCustomObject]@{ Name = "Work Schedules"; Id = "25bb9d2d-a5b5-45b1-882e-b2581a183873" } +) + function Get-TargetResource { [CmdletBinding()] @@ -187,6 +268,10 @@ function Get-TargetResource [System.String] $SiteAndGroupExternalSharingControlType, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoLabelingSettings, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -447,6 +532,101 @@ function Get-TargetResource $siteAndGroupBlockAccess = [Boolean]::Parse($entry.Value) } + # Auto Labelling Conditions + $getConditions = $null + if ([System.String]::IsNullOrEmpty($label.Conditions) -eq $false) + { + $currConditions = $label.Conditions | ConvertFrom-Json + + $getConditions = @{ + Groups = @() + Operator = '' + } + + $operator = $currConditions.PSObject.Properties.Name + $getConditions.Operator = $operator + + $autoApplyType = '' + $policyTip = '' + $groups = foreach ($group in $currConditions.$($operator)) + { + $grpObject = @{ + Name = '' + Operator = '' + } + + $grpOperator = $group.PSObject.Properties.Name + $grpObject.Operator = $grpOperator + + $grpName = '' + [array]$sensitiveInformationTypes = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'CCSI'}) + { + if ([String]::IsNullOrEmpty($grpName)) + { + $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value + } + + if ([String]::IsNullOrEmpty($policyTip)) + { + $policyTip = ($item.Settings | Where-Object { $_.Key -eq 'policytip' }).Value + } + + if ([String]::IsNullOrEmpty($autoApplyType)) + { + $autoApplyType = ($item.Settings | Where-Object { $_.Key -eq 'autoapplytype' }).Value + } + + $settingsObject = @{ + name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value + confidencelevel = ($item.Settings | Where-Object { $_.Key -eq 'confidencelevel' }).Value + mincount = ($item.Settings | Where-Object { $_.Key -eq 'mincount' }).Value + maxcount = ($item.Settings | Where-Object { $_.Key -eq 'maxcount' }).Value + } + + if ($null -ne ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' })) + { + $settingsObject.classifiertype = ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' }).Value + } + + # return the settings object as output to the sensitiveInformationTypes array + $settingsObject + } + + [array]$trainableClassifiers = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'ContentMatchesModule'}) + { + if ([String]::IsNullOrEmpty($grpName)) + { + $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value + } + + @{ + name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value + id = $item.Value + } + } + + $grpObject.Name = $grpName + $grpObject.SensitiveInformationType = $sensitiveInformationTypes + $grpObject.TrainableClassifier = $trainableClassifiers + + # return the group object as output to the groups array + $grpObject + } + $getConditions.Groups = $groups + if ([System.String]::IsNullOrEmpty($policyTip) -eq $false) + { + $getConditions.PolicyTip = $policyTip + } + if ([System.String]::IsNullOrEmpty($autoApplyType) -eq $false) + { + $getConditions.AutoApplyType = $autoApplyType + } + else + { + $getConditions.AutoApplyType = 'Automatic' + } + } + $result = @{ Name = $label.Name Comment = $label.Comment @@ -500,9 +680,9 @@ function Get-TargetResource SiteAndGroupProtectionEnabled = $siteAndGroupEnabledValue SiteAndGroupExternalSharingControlType = ($protectsite | Where-Object { $_.Key -eq 'externalsharingcontroltype' }).Value AccessTokens = $AccessTokens + AutoLabelingSettings = $getConditions } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result } } @@ -706,6 +886,10 @@ function Set-TargetResource [System.String] $SiteAndGroupExternalSharingControlType, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoLabelingSettings, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -770,6 +954,139 @@ function Set-TargetResource Write-Warning -Message "You have specified EncryptionDoNotForward, EncryptionEncryptOnly or EncryptionPromptUser, but EncryptionProtectionType isn't set to UserDefined." } + if ('Present' -eq $Ensure -and $PSBoundParameters.ContainsKey('AutoLabelingSettings')) + { + Write-Verbose 'Generating required JSON string for AutoLabelingSettings' + + Write-Verbose 'Retrieving all existing Sensitive Information Types' + $existingSITs = Get-DlpSensitiveInformationType | Select-Object -Property Name,Id, RulePackId + + # Convert the AutoLabelingSettings to the correct JSON format, ready to be inserted into the label cmdlets + $autoLabelingSettingsHT = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $AutoLabelingSettings + + Write-Verbose 'Processing all setting groups' + [array]$grps = foreach ($group in $autoLabelingSettingsHT.Groups) + { + $groupCollection = @() + Write-Verbose 'Processing all Sensitive Information Types' + foreach ($sit in $group.SensitiveInformationType) + { + $currentSIT = $existingSITs | Where-Object { $_.Name -eq $sit.Name } + if ($null -eq $currentSIT) + { + throw "[ERROR] Provided Sensitive Information Type $($sit.Name) doesn't exist." + } + + [array]$settingsCollection = foreach ($setting in ($sit.Keys | Where-Object { $_ -ne 'id' })) + { + @{ + Key = $setting + Value = $sit[$setting] + } + } + $settingsCollection += @{ + Key = "rulepackage" + Value = $currentSIT.RulePackId + } + $settingsCollection += @{ + Key = "groupname" + Value = $group.Name + } + + if ($autoLabelingSettingsHT.ContainsKey("PolicyTip")) + { + $settingsCollection += @{ + Key = "policytip" + Value = $autoLabelingSettingsHT.PolicyTip + } + } + + if ($autoLabelingSettingsHT.ContainsKey("AutoApplyType") -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') + { + $settingsCollection += @{ + Key = "autoapplytype" + Value = $autoLabelingSettingsHT.AutoApplyType + } + } + + $groupCollection += @{ + Key = 'CCSI' + Value = $currentSIT.Id + Properties = $null + Settings = $settingsCollection + } + } + + Write-Verbose 'Processing all Trainable Classifiers' + foreach ($trainableClassifier in $group.TrainableClassifier) + { + $currentTrainableClassifier = $allTrainableClassifiers | Where-Object { $_.Name -eq $trainableClassifier.name } + if ($null -ne $currentTrainableClassifier) + { + if ([String]::IsNullOrEmpty($trainableClassifier.id) -eq $false -and ` + $trainableClassifier.id -ne $currentTrainableClassifier.Id) + { + Write-Verbose ("[WARNING] Provided ID ($($trainableClassifier.id)) does not match the known " + ` + "ID ($($currentTrainableClassifier.id)) for trainable classifier '$($trainableClassifier.name)'.") + } + $requiredId = $currentTrainableClassifier.Id + } + else + { + if ([String]::IsNullOrEmpty($trainableClassifier.id)) + { + throw "[ERROR] Trainable classifier $($trainableClassifier.name) isn't a default classifier and no ID was provided." + } + $requiredId = $trainableClassifier.id + } + + [array]$settingsCollection = foreach ($key in ($trainableClassifier.Keys | Where-Object { $_ -ne 'id' })) + { + @{ + Key = $key + Value = $trainableClassifier[$key] + } + } + $settingsCollection += @{ + Key = "groupname" + Value = $group.Name + } + + if ($autoLabelingSettingsHT.ContainsKey("PolicyTip")) + { + $settingsCollection += @{ + Key = "policytip" + Value = $autoLabelingSettingsHT.PolicyTip + } + } + + if ($autoLabelingSettingsHT.ContainsKey("AutoApplyType") -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') + { + $settingsCollection += @{ + Key = "autoapplytype" + Value = $autoLabelingSettingsHT.AutoApplyType + } + } + + $groupCollection += @{ + Key = 'ContentMatchesModule' + Value = $requiredId + Properties = $null + Settings = $settingsCollection + } + } + + @{ + $group.Operator = $groupCollection + } + } + + $desiredAutoLabelingSettings = @{ + $autoLabelingSettingsHT.Operator = $grps + } + Write-Verbose 'Completed generating required JSON string for AutoLabelingSettings' + } + if (('Present' -eq $Ensure) -and ('Absent' -eq $label.Ensure)) { Write-Verbose -Message "Label {$Name} doesn't already exist, creating it from the Set-TargetResource function." @@ -793,6 +1110,12 @@ function Set-TargetResource $CreationParams.Remove('SiteAndGroupExternalSharingControlType') } + if ($PSBoundParameters.ContainsKey('AutoLabelingSettings') -and $null -ne $desiredAutoLabelingSettings) + { + $CreationParams.Conditions = $desiredAutoLabelingSettings | ConvertTo-Json -Depth 20 + $CreationParams.Remove('AutoLabelingSettings') + } + $CreationParams.Remove('Priority') | Out-Null # Remove authentication parameters @@ -810,19 +1133,25 @@ function Set-TargetResource try { Write-Verbose -Message "Creating Label {$Name}" - New-Label @CreationParams + New-Label @CreationParams -ErrorAction Stop ## Can't set priority until label created if ($PSBoundParameters.ContainsKey('Priority')) { Start-Sleep 5 Write-Verbose -Message "Updating the priority for newly created label {$Name}" - Set-label -Identity $Name -priority $Priority + Set-label -Identity $Name -priority $Priority -ErrorAction Stop } } catch { - Write-Warning "New-Label is not available in tenant $($Credential.UserName.Split('@')[1]): $_" + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + throw $_ } } elseif (('Present' -eq $Ensure) -and ('Present' -eq $label.Ensure)) @@ -848,6 +1177,12 @@ function Set-TargetResource $SetParams.Remove('SiteAndGroupExternalSharingControlType') } + if ($PSBoundParameters.ContainsKey('AutoLabelingSettings') -and $null -ne $desiredAutoLabelingSettings) + { + $SetParams.Conditions = $desiredAutoLabelingSettings | ConvertTo-Json -Depth 20 + $SetParams.Remove('AutoLabelingSettings') + } + #Remove unused parameters for Set-Label cmdlet $SetParams.Remove('Name') | Out-Null @@ -865,11 +1200,17 @@ function Set-TargetResource try { - Set-Label @SetParams -Identity $Name + Set-Label @SetParams -Identity $Name -ErrorAction Stop } catch { - Write-Warning "Set-Label is not available in tenant $($Credential.UserName.Split('@')[1]): $_" + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + throw $_ } } elseif (('Absent' -eq $Ensure) -and ('Present' -eq $label.Ensure)) @@ -879,12 +1220,18 @@ function Set-TargetResource try { - Remove-Label -Identity $Name -Confirm:$false - Remove-Label -Identity $Name -Confirm:$false -forcedeletion:$true + Remove-Label -Identity $Name -Confirm:$false -ErrorAction Stop + Remove-Label -Identity $Name -Confirm:$false -forcedeletion:$true -ErrorAction Stop } catch { - Write-Warning "Remove-Label is not available in tenant $($Credential.UserName.Split('@')[1]): $_" + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + throw $_ } } } @@ -1078,6 +1425,10 @@ function Test-TargetResource [System.String] $SiteAndGroupExternalSharingControlType, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoLabelingSettings, + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -1127,6 +1478,7 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('AdvancedSettings') | Out-Null $ValuesToCheck.Remove('LocaleSettings') | Out-Null + $ValuesToCheck.Remove('AutoLabelingSettings') | Out-Null if ($null -ne $AdvancedSettings -and $null -ne $CurrentValues.AdvancedSettings) { @@ -1148,6 +1500,20 @@ function Test-TargetResource } } + if ($null -ne $AutoLabelingSettings -and $null -ne $CurrentValues.AutoLabelingSettings) + { + Write-Verbose -Message 'Testing AutoLabelingSettings' + + # Convert the AutoLabelingSettings to the correct JSON format, ready to be inserted into the label cmdlets + $autoLabelingSettingsHT = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $AutoLabelingSettings + + $autoLabelSettingsSame = Test-AutoLabelingSettings -CurrentProperty $CurrentValues.AutoLabelingSettings -DesiredProperty $autoLabelingSettingsHT + if ($false -eq $autoLabelSettingsSame) + { + return $false + } + } + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -1241,6 +1607,10 @@ function Export-TargetResource { $Results.LocaleSettings = ConvertTo-LocaleSettingsString -LocaleSettings $Results.LocaleSettings } + if ($null -ne $Results.AutoLabelingSettings) + { + $Results.AutoLabelingSettings = ConvertTo-AutoLabelingSettingsString -AutoLabelingSettings $Results.AutoLabelingSettings + } $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` @@ -1256,6 +1626,10 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'LocaleSettings' } + if ($null -ne $Results.AutoLabelingSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AutoLabelingSettings' + } Write-Host $Global:M365DSCEmojiGreenCheckMark $dscContent += $currentDSCBlock @@ -1566,7 +1940,160 @@ function Test-LocaleSettings } } + if ($foundSettings -eq $false) + { + New-M365DSCLogEntry -Message "LocaleSettings for label $Name do not match: $($driftedSetting -join ', ')" ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + Write-Verbose -Message "Test LocaleSettings returns $foundSettings" + + return $foundSettings +} + +function Test-AutoLabelingSettings +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter (Mandatory = $true)] + [System.Object] + $DesiredProperty, + + [Parameter (Mandatory = $true)] + [System.Object] + $CurrentProperty + ) + + $foundSettings = $true + $driftedSetting = New-Object System.Collections.ArrayList + + if ($DesiredProperty.Operator -ne $CurrentProperty.Operator) + { + $null = $driftedSetting.Add("Parameter 'Operator' does not match. Current: '$($CurrentProperty.Operator)'. Desired: '$($DesiredProperty.Operator)'.") + $foundSettings = $false + } + + if ($DesiredProperty.AutoApplyType -ne $CurrentProperty.AutoApplyType) + { + $null = $driftedSetting.Add("Parameter 'AutoApplyType' does not match. Current: '$($CurrentProperty.AutoApplyType)'. Desired: '$($DesiredProperty.AutoApplyType)'.") + $foundSettings = $false + } + + if ($DesiredProperty.ContainsKey('PolicyTip') -and $DesiredProperty.PolicyTip -ne $CurrentProperty.PolicyTip) + { + $null = $driftedSetting.Add("Parameter 'PolicyTip' does not match. Current: '$($CurrentProperty.PolicyTip)'. Desired: '$($DesiredProperty.PolicyTip)'.") + $foundSettings = $false + } + + foreach ($group in $DesiredProperty.Groups) + { + $currentGroup = $CurrentProperty.Groups | Where-Object { $_.Name -eq $group.Name } + if ($null -eq $currentGroup) + { + $null = $driftedSetting.Add("Group '$($group.Name)' not found in the current settings.") + $foundSettings = $false + continue + } + + if ($group.Operator -ne $currentGroup.Operator) + { + $null = $driftedSetting.Add("Parameter 'Groups\$($group.Name)\Operator' does not match. Current: '$($currentGroup.Operator)'. Desired: '$($group.Operator)'.") + $foundSettings = $false + } + + foreach ($sensitiveinfotype in $group.SensitiveInformationType) + { + $currentSensitiveInfoType = $currentGroup.SensitiveInformationType | Where-Object { $_.name -eq $sensitiveinfotype.name } + if ($null -eq $currentSensitiveInfoType) + { + $null = $driftedSetting.Add("Sensitive Information Type '$($sensitiveinfotype.name)' not found in the current settings for group '$($group.Name)'.") + $foundSettings = $false + continue + } + + if ($sensitiveinfotype.ContainsKey('confidencelevel') -and $sensitiveinfotype.confidencelevel -ne $currentSensitiveInfoType.confidencelevel) + { + $null = $driftedSetting.Add("Parameter 'confidencelevel' does not match for Sensitive Information Type '$($sensitiveinfotype.name)' in group '$($group.Name)'. Current: '$($currentSensitiveInfoType.confidencelevel)'. Desired: '$($sensitiveinfotype.confidencelevel)'.") + $foundSettings = $false + } + + + if ($sensitiveinfotype.ContainsKey('classifiertype') -and $sensitiveinfotype.classifiertype -ne $currentSensitiveInfoType.classifiertype) + { + $null = $driftedSetting.Add("Parameter 'classifiertype' does not match for Sensitive Information Type '$($sensitiveinfotype.name)' in group '$($group.Name)'. Current: '$($currentSensitiveInfoType.classifiertype)'. Desired: '$($sensitiveinfotype.classifiertype)'.") + $foundSettings = $false + } + + if ($sensitiveinfotype.ContainsKey('mincount') -and $sensitiveinfotype.mincount -ne $currentSensitiveInfoType.mincount) + { + $null = $driftedSetting.Add("Parameter 'mincount' does not match for Sensitive Information Type '$($sensitiveinfotype.name)' in group '$($group.Name)'. Current: '$($currentSensitiveInfoType.mincount)'. Desired: '$($sensitiveinfotype.mincount)'.") + $foundSettings = $false + } + + if ($sensitiveinfotype.ContainsKey('maxcount') -and $sensitiveinfotype.maxcount -ne $currentSensitiveInfoType.maxcount) + { + $null = $driftedSetting.Add("Parameter 'maxcount' does not match for Sensitive Information Type '$($sensitiveinfotype.name)' in group '$($group.Name)'. Current: '$($currentSensitiveInfoType.maxcount)'. Desired: '$($sensitiveinfotype.maxcount)'.") + $foundSettings = $false + } + } + foreach ($trainableClassifier in $group.TrainableClassifier) + { + $currentTrainableClassifier = $currentGroup.trainableClassifier | Where-Object { $_.name -eq $trainableClassifier.name } + if ($null -eq $currentTrainableClassifier) + { + $null = $driftedSetting.Add("Trainable Classifier '$($trainableClassifier.name)' not found in the current settings for group '$($group.Name)'.") + $foundSettings = $false + continue + } + } + } + + foreach ($group in $CurrentProperty.Groups) + { + $desiredGroup = $DesiredProperty.Groups | Where-Object { $_.Name -eq $group.Name } + if ($null -eq $desiredGroup) + { + $null = $driftedSetting.Add("Group '$($group.Name)' not found in the desired settings.") + $foundSettings = $false + continue + } + + foreach ($sensitiveinfotype in $group.SensitiveInformationType) + { + $desiredSensitiveInfoType = $desiredGroup.SensitiveInformationType | Where-Object { $_.name -eq $sensitiveinfotype.name } + if ($null -eq $desiredSensitiveInfoType) + { + $null = $driftedSetting.Add("Sensitive Information Type '$($sensitiveinfotype.name)' not found in the desired settings for group '$($group.Name)'.") + $foundSettings = $false + continue + } + } + foreach ($trainableClassifier in $group.TrainableClassifier) + { + $desiredTrainableClassifier = $desiredGroup.trainableClassifier | Where-Object { $_.name -eq $trainableClassifier.name } + if ($null -eq $desiredTrainableClassifier) + { + $null = $driftedSetting.Add("Trainable Classifier '$($trainableClassifier.name)' not found in the desired settings for group '$($group.Name)'.") + $foundSettings = $false + continue + } + } + } + + if ($foundSettings -eq $false) + { + New-M365DSCLogEntry -Message "AutoLabelingSettings for label $Name do not match: `r`n- $($driftedSetting -join '`r`n- ')" ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + Write-Verbose -Message "Test AutoLabelingSettings returns $foundSettings" + return $foundSettings } @@ -1625,4 +2152,84 @@ function ConvertTo-LocaleSettingsString return $StringContent } +function ConvertTo-AutoLabelingSettingsString +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter(Mandatory = $true)] + $AutoLabelingSettings + ) + + $StringContent = "" + foreach ($autoLabelingSetting in $AutoLabelingSettings) + { + $StringContent += " MSFT_SCSLAutoLabelingSettings`r`n" + $StringContent += " {`r`n" + $StringContent += " Operator = '$($autoLabelingSetting.Operator)'`r`n" + if ($autoLabelingSetting.ContainsKey('PolicyTip')) + { + $StringContent += " PolicyTip = '$($autoLabelingSetting.PolicyTip.Replace("'", "''"))'`r`n" + } + $StringContent += " AutoApplyType = '$($autoLabelingSetting.AutoApplyType)'`r`n" + $StringContent += " Groups = @(`r`n" + foreach ($Group in $autoLabelingSetting.Groups) + { + $StringContent += " MSFT_SCSLSensitiveInformationGroup`r`n" + $StringContent += " {`r`n" + $StringContent += " Name = '$($Group.Name.Replace("'", "''"))'`r`n" + $StringContent += " Operator = '$($Group.Operator)'`r`n" + if ($Group.ContainsKey('SensitiveInformationType')) + { + $StringContent += " SensitiveInformationType = @(`r`n" + foreach ($sensitiveInformationType in $Group.SensitiveInformationType) + { + $StringContent += " MSFT_SCSLSensitiveInformationType`r`n" + $StringContent += " {`r`n" + $StringContent += " name = '$($sensitiveInformationType.name.Replace("'", "''"))'`r`n" + if ($sensitiveInformationType.ContainsKey('confidencelevel')) + { + $StringContent += " confidencelevel = '$($sensitiveInformationType.confidencelevel)'`r`n" + } + if ($sensitiveInformationType.ContainsKey('classifiertype')) + { + $StringContent += " classifiertype = '$($sensitiveInformationType.classifiertype)'`r`n" + } + if ($sensitiveInformationType.ContainsKey('mincount')) + { + $StringContent += " mincount = '$($sensitiveInformationType.mincount)'`r`n" + } + if ($sensitiveInformationType.ContainsKey('maxcount')) + { + $StringContent += " maxcount = '$($sensitiveInformationType.maxcount)'`r`n" + } + $StringContent += " }`r`n" + } + $StringContent += " )`r`n" + } + if ($Group.ContainsKey('TrainableClassifier')) + { + $StringContent += " TrainableClassifier = @(`r`n" + foreach ($trainableClassifier in $Group.TrainableClassifier) + { + $StringContent += " MSFT_SCSLTrainableClassifiers`r`n" + $StringContent += " {`r`n" + $StringContent += " name = '$($trainableClassifier.name.Replace("'", "''"))'`r`n" + if ($trainableClassifier.ContainsKey('id')) + { + $StringContent += " id = '$($trainableClassifier.id)'`r`n" + } + $StringContent += " }`r`n" + } + $StringContent += " )`r`n" + } + $StringContent += " }`r`n" + } + $StringContent += " )`r`n" + $StringContent += " }`r`n" + } + return $StringContent +} + Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof index 1cedd8011b..4653fd23be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof @@ -1,4 +1,35 @@ [ClassVersion("1.0.0")] +class MSFT_SCSLSensitiveInformationType +{ + [Required, Description("Name of the Sensitive Information Type")] String name; + [Write, Description("Confidence level value for the Sensitive Information"),ValueMap{"Low","Medium","High"}, Values{"Low","Medium","High"}] String confidencelevel; + [Write, Description("Type of Classifier value for the Sensitive Information")] String classifiertype; + [Write, Description("Minimum Count value for the Sensitive Information")] String mincount; + [Write, Description("Maximum Count value for the Sensitive Information")] String maxcount; +}; +[ClassVersion("1.0.0")] +class MSFT_SCSLTrainableClassifiers +{ + [Required, Description("Name of the Trainable Classifier")] String name; + [Write, Description("Id of the Trainable Classifier")] String id; +}; +[ClassVersion("1.0.0")] +class MSFT_SCSLSensitiveInformationGroup +{ + [Write, Description("Sensitive Information Content Types"),EmbeddedInstance("MSFT_SCSLSensitiveInformationType")] String SensitiveInformationType[]; + [Write, Description("Trainable Classifiers"),EmbeddedInstance("MSFT_SCSLTrainableClassifiers")] String TrainableClassifier[]; + [Required, Description("Name of the group")] String Name; + [Required, Description("How to process the Sensitive Information Types and Trainable Classifiers"),ValueMap{"And","Or"}, Values{"And","Or"}] String Operator; +}; +[ClassVersion("1.0.0")] +class MSFT_SCSLAutoLabelingSettings +{ + [Required, Description("Groups of sensitive information types."),EmbeddedInstance("MSFT_SCSLSensitiveInformationGroup")] String Groups[]; + [Required, Description("How to process the various groups"),ValueMap{"And","Or"}, Values{"And","Or"}] String Operator; + [Write, Description("Display this message to users when the label is applied")] String PolicyTip; + [Required, Description("Specifies what to do when content matches the conditions"),ValueMap{"Automatic","Recommend"}, Values{"Automatic","Recommend"}] String AutoApplyType; +}; +[ClassVersion("1.0.0")] class MSFT_SCLabelSetting { [Write, Description("Advanced settings key.")] String Key; @@ -57,6 +88,7 @@ class MSFT_SCSensitivityLabel : OMI_BaseResource [Write, Description("The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels.")] Boolean SiteAndGroupProtectionEnabled; [Write, Description("The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label."), ValueMap{"Public","Private","Unspecified"}, Values{"Public","Private","Unspecified"}] String SiteAndGroupProtectionPrivacy; [Write, Description("The SiteAndGroupExternalSharingControlType parameter specifies the external user sharing setting for the label."), ValueMap{"ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"}, Values{"ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"}] String SiteAndGroupExternalSharingControlType; + [Write, Description("The AutoLabelingSettings parameter specifies the conditions for label to be automatically applied to files and emails."), EmbeddedInstance("MSFT_SCSLAutoLabelingSettings")] String AutoLabelingSettings; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 new file mode 100644 index 0000000000..f7b15aa1e3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 @@ -0,0 +1,483 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String[]] + $RecordTypes, + + [Parameter()] + [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [System.String] + $RetentionDuration, + + [Parameter()] + [System.String[]] + $UserIds, + + [Parameter()] + [System.String[]] + $Operations, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + [array]$instances = @(Get-UnifiedAuditLogRetentionPolicy -ErrorAction SilentlyContinue | Where-Object { $_.Mode -ne 'PendingDeletion' }) + if ($null -eq $instances) + { + return $nullResult + } + + $instance = $instances | Where-Object { $_.Name -eq $Name } | Select-Object -First 1 + if ($null -eq $instance) + { + return $nullResult + } + + Write-Verbose -Message "Found an instance with Name {$Name}" + $results = @{ + Identity = $instance.Identity + Description = $instance.Description + Name = $instance.Name + Operations = $instance.Operations + Priority = $instance.Priority + RecordTypes = $instance.RecordTypes + RetentionDuration = $instance.RetentionDuration + UserIds = $instance.UserIds + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String[]] + $Operations, + + [Parameter(Mandatory = $true)] + [System.Int32] + $Priority, + + [Parameter()] + [System.String[]] + $RecordTypes, + + [Parameter(Mandatory = $true)] + [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [System.String] + $RetentionDuration, + + [Parameter()] + [System.String[]] + $UserIds, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $GetParameters = ([Hashtable]$PSBoundParameters).Clone() + + $GetParameters.Remove('Description') | Out-Null + $GetParameters.Remove('Operations') | Out-Null + $GetParameters.Remove('RecordTypes') | Out-Null + $GetParameters.Remove('UserIds') | Out-Null + + $currentInstance = Get-TargetResource @GetParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $CreateParameters = ([Hashtable]$BoundParameters).Clone() + + $CreateParameters.Remove('Verbose') | Out-Null + + $keys = $CreateParameters.Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.GetType().Name -like '*cimInstance*') + { + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.Remove($key) | Out-Null + $CreateParameters.Add($keyName, $keyValue) + } + } + Write-Verbose -Message "Creating {$Name} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" + New-UnifiedAuditLogRetentionPolicy @CreateParameters | Out-Null + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$Name}" + + $UpdateParameters = ([Hashtable]$BoundParameters).Clone() + $UpdateParameters.Remove('Verbose') | Out-Null + $UpdateParameters.Remove('Name') | Out-Null + $UpdateParameters.Add('Identity', $currentInstance.Identity) | Out-Null + + $keys = $UpdateParameters.Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.GetType().Name -like '*cimInstance*') + { + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.Remove($key) | Out-Null + $UpdateParameters.Add($keyName, $keyValue) + } + } + + Set-UnifiedAuditLogRetentionPolicy @UpdateParameters | Out-Null + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$Name}" + Remove-UnifiedAuditLogRetentionPolicy -Identity $currentInstance.Identity + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String[]] + $Operations, + + [Parameter(Mandatory = $true)] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String[]] + $RecordTypes, + + [Parameter(Mandatory = $true)] + [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [System.String] + $RetentionDuration, + + [Parameter()] + [System.String[]] + $UserIds, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$Name}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck.Remove('Name') | Out-Null + + if ($CurrentValues.Ensure -eq 'Absent') + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].GetType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + [array]$getValue = @(Get-UnifiedAuditLogRetentionPolicy -ErrorAction Stop | Where-Object { $_.Mode -ne 'PendingDeletion' }) + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Name + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Priority = $config.Priority + RetentionDuration = $config.RetentionDuration + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + } + + $Results = Get-TargetResource @Params + $Results.Remove("Identity") | Out-Null + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.schema.mof new file mode 100644 index 0000000000..f6a6fe902a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.schema.mof @@ -0,0 +1,17 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SCUnifiedAuditLogRetentionPolicy")] +class MSFT_SCUnifiedAuditLogRetentionPolicy : OMI_BaseResource +{ + [Write, Description("The description for the audit log retention policy")] String Description; + [Key, Description("Unique name for the audit log retention policy")] String Name; + [Write, Description("Specifies the audit log operations that are retained by the policy")] String Operations[]; + [Write, Description("Priority value for the policy that determines the order of policy processing.")] UInt32 Priority; + [Write, Description("Specifies the audit logs of a specific record type that are retained by the policy.")] String RecordTypes[]; + [Write, Description("How long audit log records are kept"), ValueMap{"SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears"}, Values{"SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears"}] String RetentionDuration; + [Write, Description("Specifies the audit logs that are retained by the policy based on the ID of the user who performed the action")] String UserIds[]; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/readme.md new file mode 100644 index 0000000000..2a3748febe --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/readme.md @@ -0,0 +1,6 @@ + +# SCUnifiedAuditLogRetentionPolicy + +## Description + +The resource configured the Unified Audit Log Retention Policy in the Security and Compliance. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json new file mode 100644 index 0000000000..b975389e7d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json @@ -0,0 +1,5 @@ +{ + "resourceName": "SCUnifiedAuditLogRetentionPolicy", + "description": "The resource configured the Unified Audit Log Retention Policy in the Security and Compliance.", + "permissions":[] +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index ea35a596ee..687543a436 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -45,6 +45,10 @@ function Get-TargetResource [System.UInt32] $EmailAttestationReAuthDays, + [Parameter()] + [System.Boolean] + $EnableRestrictedAccessControl, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -117,27 +121,28 @@ function Get-TargetResource $SPOAccessControlSettings = Get-PnPTenant -ErrorAction Stop return @{ - IsSingleInstance = 'Yes' - DisplayStartASiteOption = $SPOAccessControlSettings.DisplayStartASiteOption - StartASiteFormUrl = $SPOAccessControlSettings.StartASiteFormUrl - IPAddressEnforcement = $SPOAccessControlSettings.IPAddressEnforcement - IPAddressAllowList = $SPOAccessControlSettings.IPAddressAllowList - IPAddressWACTokenLifetime = $SPOAccessControlSettings.IPAddressWACTokenLifetime - DisallowInfectedFileDownload = $SPOAccessControlSettings.DisallowInfectedFileDownload - ExternalServicesEnabled = $SPOAccessControlSettings.ExternalServicesEnabled - EmailAttestationRequired = $SPOAccessControlSettings.EmailAttestationRequired - EmailAttestationReAuthDays = $SPOAccessControlSettings.EmailAttestationReAuthDays - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificatePassword = $CertificatePassword - CertificatePath = $CertificatePath - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - Ensure = 'Present' - ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + DisplayStartASiteOption = $SPOAccessControlSettings.DisplayStartASiteOption + StartASiteFormUrl = $SPOAccessControlSettings.StartASiteFormUrl + IPAddressEnforcement = $SPOAccessControlSettings.IPAddressEnforcement + IPAddressAllowList = $SPOAccessControlSettings.IPAddressAllowList + IPAddressWACTokenLifetime = $SPOAccessControlSettings.IPAddressWACTokenLifetime + DisallowInfectedFileDownload = $SPOAccessControlSettings.DisallowInfectedFileDownload + ExternalServicesEnabled = $SPOAccessControlSettings.ExternalServicesEnabled + EmailAttestationRequired = $SPOAccessControlSettings.EmailAttestationRequired + EmailAttestationReAuthDays = $SPOAccessControlSettings.EmailAttestationReAuthDays + EnableRestrictedAccessControl = $SPOAccessControlSettings.RestrictedAccessControl + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificatePassword = $CertificatePassword + CertificatePath = $CertificatePath + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + Ensure = 'Present' + ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy + AccessTokens = $AccessTokens } } catch @@ -203,6 +208,10 @@ function Set-TargetResource [System.UInt32] $EmailAttestationReAuthDays, + [Parameter()] + [System.Boolean] + $EnableRestrictedAccessControl, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -286,7 +295,31 @@ function Set-TargetResource $CurrentParameters.Remove('IPAddressEnforcement') $CurrentParameters.Remove('IPAddressAllowList') } - $tenant = Set-PnPTenant @CurrentParameters + + $EnableRestrictedAccessControlValue = $null + if ($null -ne $EnableRestrictedAccessControl) + { + $EnableRestrictedAccessControlValue = $EnableRestrictedAccessControl + $CurrentParameters.Remove('EnableRestrictedAccessControl') | Out-Null + } + + Set-PnPTenant @CurrentParameters | Out-Null + + try + { + Set-PnPTenant -EnableRestrictedAccessControl $EnableRestrictedAccessControlValue -ErrorAction Stop | Out-Null + } + catch + { + if ($_.ErrorDetails.Message.Contains("This operation can't be performed as the tenant doesn't have the required license")) + { + Write-Warning -Message "The tenant doesn't have the required license to configure Restrcited Access Control." + } + else + { + Write-Error $_.ErrorDetails.Message + } + } } function Test-TargetResource @@ -336,6 +369,10 @@ function Test-TargetResource [System.UInt32] $EmailAttestationReAuthDays, + [Parameter()] + [System.Boolean] + $EnableRestrictedAccessControl, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -414,7 +451,8 @@ function Test-TargetResource 'ExternalServicesEnabled', ` 'EmailAttestationRequired', ` 'EmailAttestationReAuthDays', - 'ConditionalAccessPolicy') + 'ConditionalAccessPolicy', ` + 'EnableRestrictedAccessControl') Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof index c3ca2476c9..f999384424 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof @@ -11,6 +11,7 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource [Write, Description("Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.")] boolean ExternalServicesEnabled; [Write, Description("Sets email attestation to required")] boolean EmailAttestationRequired; [Write, Description("Sets email attestation re-auth days")] uint32 EmailAttestationReAuthDays; + [Write, Description("Enables or disables the restricted access control.")] boolean EnableRestrictedAccessControl; [Write, Description("Only value accepted is 'Present'"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 new file mode 100644 index 0000000000..5d13b0e142 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 @@ -0,0 +1,480 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.Boolean] + $AnomaliesIsEnabled, + + [Parameter()] + [System.Boolean] + $EntityAnalyticsIsEnabled, + + [Parameter()] + [System.Boolean] + $EyesOnIsEnabled, + + [Parameter()] + [System.String[]] + $UebaDataSource, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + $ResourceGroupNameValue = $ResourceGroupName + $WorkspaceNameValue = $WorkspaceName + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $entry = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $WorkspaceName} + $instance = Get-AzSentinelSetting -ResourceGroupName $entry.ResourceGroupName ` + -WorkspaceName $entry.Name ` + -SubscriptionId $SubscriptionId ` + -ErrorAction SilentlyContinue + $ResourceGroupNameValue = $entry.ResourceGroupName + $WorkspaceNameValue = $entry.Name + } + else + { + Write-Verbose -Message "Retrieving Sentinel Settings for {$WorkspaceName}" + $instance = Get-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -ErrorAction SilentlyContinue ` + -SubscriptionId $SubscriptionId + } + if ($null -eq $instance) + { + throw "Could not find Sentinel Workspace {$WorkspaceName} in Resource Group {$ResourceGroupName}" + } + + Write-Verbose -Message "Found an instance of Sentinel Workspace {$Workspace}" + $Anomalies = $instance | Where-Object -FilterScript {$_.Name -eq 'Anomalies'} + $AnomaliesIsEnabledValue = $false + if ($null -ne $Anomalies) + { + Write-Verbose -Message "Anomalies instance found." + $AnomaliesIsEnabledValue = $Anomalies.IsEnabled + } + + $EntityAnalytics = $instance | Where-Object -FilterScript {$_.Name -eq 'EntityAnalytics'} + $EntityAnalyticsIsEnabledValue = $false + if ($null -ne $EntityAnalytics) + { + Write-Verbose -Message "EntityAnalytics instance found." + $EntityAnalyticsIsEnabledValue = $EntityAnalytics.IsEnabled + } + + $EyesOn = $instance | Where-Object -FilterScript {$_.Name -eq 'EyesOn'} + $EyesOnIsEnabledValue = $false + if ($null -ne $EyesOn) + { + Write-Verbose -Message "EyesOn instance found." + $EyesOnIsEnabledValue = $EyesOn.IsEnabled + } + + $Ueba = $instance | Where-Object -FilterScript {$_.Name -eq 'Ueba'} + $UebaDataSourceValue = $null + if ($null -ne $Ueba) + { + Write-Verbose -Message "UEBA Data source instance found." + $UebaDataSourceValue = $Ueba.DataSource + } + + $results = @{ + AnomaliesIsEnabled = [Boolean]$AnomaliesIsEnabledValue + EntityAnalyticsIsEnabled = [Boolean]$EntityAnalyticsIsEnabledValue + EyesOnIsEnabled = [Boolean]$EyesOnIsEnabledValue + UebaDataSource = $UebaDataSourceValue + ResourceGroupName = $ResourceGroupNameValue + WorkspaceName = $WorkspaceNameValue + SubscriptionId = $SubscriptionId + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.Boolean] + $AnomaliesIsEnabled, + + [Parameter()] + [System.Boolean] + $EntityAnalyticsIsEnabled, + + [Parameter()] + [System.Boolean] + $EyesOnIsEnabled, + + [Parameter()] + [System.String[]] + $UebaDataSource, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + if ($PSBoundParameters.ContainsKey('AnomaliesIsEnabled')) + { + Write-Verbose -Message "Updating Anomalies IsEnabled value to {$AnomaliesIsEnabled}" + Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -SettingsName "Anomalies" ` + -Enabled $AnomaliesIsEnabled | Out-Null + } + if ($PSBoundParameters.ContainsKey('EntityAnalyticsIsEnabled')) + { + Write-Verbose -Message "Updating Entity Analytics IsEnabled value to {$EntityAnalyticsIsEnabled}" + Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -SettingsName "EntityAnalytics" ` + -Enabled $EntityAnalyticsIsEnabled | Out-Null + } + if ($PSBoundParameters.ContainsKey('EyesOnIsEnabled')) + { + Write-Verbose -Message "Updating Eyes On IsEnabled value to {$EyesOnIsEnabled}" + Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -SettingsName "EyesOn" ` + -Enabled $EyesOnIsEnabled | Out-Null + } + if ($PSBoundParameters.ContainsKey('UebaDataSource')) + { + Write-Verbose -Message "Updating UEBA Data Source value to {$UebaDataSource}" + Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -SettingsName "Ueba" ` + -DataSource $UebaDataSource | Out-Null + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.Boolean] + $AnomaliesIsEnabled, + + [Parameter()] + [System.Boolean] + $EntityAnalyticsIsEnabled, + + [Parameter()] + [System.Boolean] + $EyesOnIsEnabled, + + [Parameter()] + [System.String[]] + $UebaDataSource, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + [array] $Script:exportedInstances = Get-AzResource -ResourceType 'Microsoft.OperationalInsights/workspaces' + + $dscContent = '' + $i = 1 + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Name + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $SubscriptionId = $config.ResourceId.Split('/')[2] + $params = @{ + ResourceGroupName = $config.ResourceGroupName + WorkspaceName = $config.Name + SubscriptionId = $SubscriptionId + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.schema.mof new file mode 100644 index 0000000000..495b1e4330 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.schema.mof @@ -0,0 +1,17 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SentinelSetting")] +class MSFT_SentinelSetting : OMI_BaseResource +{ + [Key, Description("The Resource Group Name")] String ResourceGroupName; + [Required, Description("The name of the workspace.")] String WorkspaceName; + [Write, Description("Gets subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.")] String SubscriptionId; + [Write, Description("Specififies if Anomaly detection should be enabled or not.")] Boolean AnomaliesIsEnabled; + [Write, Description("Specififies if Entity Analyticsshould be enabled or not.")] Boolean EntityAnalyticsIsEnabled; + [Write, Description("Specififies if Auditing and Health Monitoring should be enabled or not.")] Boolean EyesOnIsEnabled; + [Write, Description("The list of Data sources associated with the UEBA.")] String UebaDataSource[]; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/readme.md new file mode 100644 index 0000000000..3886ec78ee --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/readme.md @@ -0,0 +1,6 @@ + +# SentinelSetting + +## Description + +Configures settings for a Sentinel instance. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/settings.json new file mode 100644 index 0000000000..eea41c3e86 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "SentinelSetting", + "description": "Configures settings for a Sentinel instance.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 new file mode 100644 index 0000000000..38cce01c28 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 @@ -0,0 +1,741 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionId, + + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $SourceType, + + [Parameter()] + [System.String] + $ItemsSearchKey, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DefaultDuration, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.Uint32] + $NumberOfLinesToSkip, + + [Parameter()] + [System.String] + $RawContent, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ([System.String]::IsNullOrEmpty($TenantId) -and $null -ne $Credential) + { + $TenantId = $Credential.UserName.Split('@')[1] + } + + Write-Verbose -Message "Retrieving watchlist {$Name}" + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.properties.watchListId -eq $Id} + } + + if ($null -eq $instance) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.name -eq $Name} + } + } + else + { + $watchLists = Get-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` + -ResourceGroupName $ResourceName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId + + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = $watchLists | Where-Object -FilterScript {$_.properties.watchListId -eq $Id} + } + + if ($null -eq $instance) + { + $instance = $watchLists | Where-Object -FilterScript {$_.name -eq $Name} + } + } + if ($null -eq $instance) + { + Write-Verbose -Message "Watchlist {$Name} was not found" + return $nullResult + } + + Write-Verbose -Message "Found watchlist {$Name}" + $results = @{ + SubscriptionId = $SubscriptionId + ResourceGroupName = $ResourceGroupName + WorkspaceName = $WorkspaceName + Name = $instance.Name + Id = $instance.properties.watchlistId + DisplayName = $instance.properties.displayName + SourceType = $instance.properties.sourceType + ItemsSearchKey = $instance.properties.itemsSearchKey + Description = $instance.properties.description + DefaultDuration = $instance.properties.defaultDuration + Alias = $instance.properties.watchListAlias + NumberOfLinesToSkip = $instance.properties.numberOfLinesToSkip + RawContent = $RawContent + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionId, + + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $SourceType, + + [Parameter()] + [System.String] + $ItemsSearchKey, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DefaultDuration, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.Uint32] + $NumberOfLinesToSkip, + + [Parameter()] + [System.String] + $RawContent, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + if ([System.String]::IsNullOrEmpty($TenantId) -and $null -ne $Credential) + { + $TenantId = $Credential.UserName.Split('@')[1] + } + + $body = @{ + properties = @{ + displayName = $DisplayName + provider = "Microsoft" + itemsSearchKey = $ItemsSearchKey + sourceType = $SourceType + description = $Description + defaultDuration = $defaultDuration + numberOfLinesToSkip = $NumberOfLinesToSkip + watchListAlias = $Alias + } + } + + if ($null -ne $RawContent) + { + Write-Verbose -Message "Adding rawContent and contentType to the payload" + $body.properties.Add('rawContent', $RawContent) + $body.properties.Add('contentType', 'text/csv') + } + + # CREATE & UPDATE + if ($Ensure -eq 'Present') + { + Write-Verbose -Message "Configuring watchlist {$Name}" + Set-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -WatchListAlias $Alias ` + -Body $body ` + -TenantId $TenantId + } + # REMOVE + elseif ($Ensure -eq 'Absent') + { + Write-Verbose -Message "Removing watchlist {$Name}" + Remove-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -WatchListAlias $Alias ` + -TenantId $TenantId + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter(Mandatory = $true)] + [System.String] + $SubscriptionId, + + [Parameter(Mandatory = $true)] + [System.String] + $ResourceGroupName, + + [Parameter(Mandatory = $true)] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $SourceType, + + [Parameter()] + [System.String] + $ItemsSearchKey, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DefaultDuration, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.Uint32] + $NumberOfLinesToSkip, + + [Parameter()] + [System.String] + $RawContent, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'Azure' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + $workspaces = Get-AzResource -ResourceType 'Microsoft.OperationalInsights/workspaces' + $Script:exportedInstances = @() + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + + if ([System.String]::IsNullOrEmpty($TenantId) -and $null -ne $Credential) + { + $TenantId = $Credential.UserName.Split('@')[1] + } + foreach ($workspace in $workspaces) + { + Write-Host " |---[$i/$($workspaces.Length)] $($workspace.Name)" -NoNewline + $subscriptionId = $workspace.ResourceId.Split('/')[2] + $resourceGroupName = $workspace.ResourceGroupName + $workspaceName = $workspace.Name + + $currentWatchLists = Get-M365DSCSentinelWatchlist -SubscriptionId $subscriptionId ` + -ResourceGroupName $resourceGroupName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId + + $j = 1 + if ($currentWatchLists.Length -eq 0 ) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + + foreach ($watchList in $currentWatchLists) + { + $Script:exportedInstances += $watchList + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $watchList.Name + Write-Host " |---[$j/$($currentWatchLists.Length)] $displayedKey" -NoNewline + $params = @{ + SubscriptionId = $subscriptionId + ResourceGroupName = $resourceGroupName + WorkspaceName = $workspaceName + Name = $watchList.Name + Id = $watchlist.properties.watchlistId + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $j++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + $i++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Get-M365DSCSentinelWatchlist +{ + [CmdletBinding()] + [OutputType([Array])] + param( + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.String] + $ResourceGroupName, + + [Parameter()] + [System.String] + $WorkspaceName, + + [Parameter(Mandatory = $true)] + [System.String] + $TenantId + ) + + try + { + $hostUrl = Get-M365DSCAPIEndpoint -TenantId $TenantId + $uri = $hostUrl.AzureManagement + "/subscriptions/$($SubscriptionId)/resourceGroups/$($ResourceGroupName)/" + $uri += "providers/Microsoft.OperationalInsights/workspaces/$($WorkspaceName)/providers/Microsoft.SecurityInsights/watchlists?api-version=2022-06-01-preview" + $response = Invoke-AzRest -Uri $uri -Method 'GET' + $result = ConvertFrom-Json $response.Content + return $result.value + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId + throw $_ + } +} + +function Set-M365DSCSentinelWatchlist +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.String] + $ResourceGroupName, + + [Parameter()] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $WatchListAlias, + + [Parameter()] + [System.Collections.Hashtable] + $Body, + + [Parameter(Mandatory = $true)] + [System.String] + $TenantId + ) + + try + { + $hostUrl = Get-M365DSCAPIEndpoint -TenantId $TenantId + $uri = $hostUrl.AzureManagement + "/subscriptions/$($SubscriptionId)/resourceGroups/$($ResourceGroupName)/" + $uri += "providers/Microsoft.OperationalInsights/workspaces/$($WorkspaceName)/providers/Microsoft.SecurityInsights/watchlists/$($WatchListAlias)?api-version=2022-06-01-preview" + $payload = ConvertTo-Json $Body -Depth 10 -Compress + + Write-Verbose -Message "Calling Url: {$($uri)}" + Write-Verbose -Message "Payload: {$payload}" + $response = Invoke-AzRest -Uri $uri -Method 'PUT' -Payload $payload + if ($response.StatusCode -ne 200 -and $response.StatusCode -ne 201) + { + Write-Verbose -Message $($response | Out-String) + $content = ConvertFrom-Json $response.Content + throw $content.error.message + } + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId + throw $_ + } +} + +function Remove-M365DSCSentinelWatchlist +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SubscriptionId, + + [Parameter()] + [System.String] + $ResourceGroupName, + + [Parameter()] + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $WatchListAlias, + + [Parameter(Mandatory = $true)] + [System.String] + $TenantId + ) + + try + { + $hostUrl = Get-M365DSCAPIEndpoint -TenantId $TenantId + $uri = $hostUrl.AzureManagement + "/subscriptions/$($SubscriptionId)/resourceGroups/$($ResourceGroupName)/" + $uri += "providers/Microsoft.OperationalInsights/workspaces/$($WorkspaceName)/providers/Microsoft.SecurityInsights/watchlists/$($WatchListAlias)?api-version=2022-06-01-preview" + Invoke-AzRest -Uri $uri -Method 'DELETE' + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId + throw $_ + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.schema.mof new file mode 100644 index 0000000000..d46d74df89 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.schema.mof @@ -0,0 +1,24 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SentinelWatchlist")] +class MSFT_SentinelWatchlist : OMI_BaseResource +{ + [Key, Description("Tha name of the watchlist.")] String Name; + [Write, Description("The name of the resource group. The name is case insensitive.")] String SubscriptionId; + [Write, Description("The name of the resource group. The name is case insensitive.")] String ResourceGroupName; + [Write, Description("The name of the workspace.")] String WorkspaceName; + [Write, Description("The id (a Guid) of the watchlist")] String Id; + [Write, Description("The display name of the watchlist.")] String DisplayName; + [Write, Description("The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request.")] String SourceType; + [Write, Description("The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.")] String ItemsSearchKey; + [Write, Description("A description of the watchlist")] String Description; + [Write, Description("The default duration of a watchlist (in ISO 8601 duration format)")] String DefaultDuration; + [Write, Description("The watchlist alias")] String Alias; + [Write, Description("The number of lines in a csv content to skip before the header")] UInt32 NumberOfLinesToSkip; + [Write, Description("The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2")] String RawContent; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/readme.md new file mode 100644 index 0000000000..42dff9161f --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/readme.md @@ -0,0 +1,6 @@ + +# SentinelWatchlist + +## Description + +Configures watchlists in Azure Sentinel. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/settings.json new file mode 100644 index 0000000000..1c5e4917fd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "SentinelWatchlist", + "description": "Configures watchlists in Azure Sentinel.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 index 84a43c4cef..2a49baa46b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource $Identity, [Parameter()] - [System.String[]] + [Microsoft.Management.Infrastructure.CimInstance[]] $ComplianceRecordingApplications, [Parameter()] @@ -82,20 +82,40 @@ function Get-TargetResource { return $nullResult } - $recordingApplications = [Array](Get-CsTeamsComplianceRecordingApplication -Filter "$($instance.Identity)/*") - if ($null -eq $recordingApplications) + + if ($instance.ComplianceRecordingApplications.Count -gt 0) { - $recordingApplications = @() - } - $recordApplicationIds = @() - foreach ($app in $recordingApplications) { - $recordApplicationIds += $app.Id + $ComplexComplianceRecordingApplications = @() + foreach ($CurrentComplianceRecordingApplications in $instance.ComplianceRecordingApplications) + { + $MyComplianceRecordingApplications = @{} + $ComplianceRecordingPairedApplications = @() + if ($CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications.Count -gt 0) + { + foreach ($CurrentComplianceRecordingPairedApplications in $CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications) + { + $ComplianceRecordingPairedApplications += $CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications.Id + } + } + $MyComplianceRecordingApplications.Add('ComplianceRecordingPairedApplications', $ComplianceRecordingPairedApplications) + $MyComplianceRecordingApplications.Add('Id', $CurrentComplianceRecordingApplications.Id) + $MyComplianceRecordingApplications.Add('RequiredBeforeMeetingJoin', $CurrentComplianceRecordingApplications.RequiredBeforeMeetingJoin) + $MyComplianceRecordingApplications.Add('RequiredBeforeCallEstablishment', $CurrentComplianceRecordingApplications.RequiredBeforeCallEstablishment) + $MyComplianceRecordingApplications.Add('RequiredDuringMeeting', $CurrentComplianceRecordingApplications.RequiredDuringMeeting) + $MyComplianceRecordingApplications.Add('RequiredDuringCall', $CurrentComplianceRecordingApplications.RequiredDuringCall) + $MyComplianceRecordingApplications.Add('ConcurrentInvitationCount', $CurrentComplianceRecordingApplications.ConcurrentInvitationCount) + + if ($MyComplianceRecordingApplications.values.Where({ $null -ne $_ }).count -gt 0) + { + $ComplexComplianceRecordingApplications += $MyComplianceRecordingApplications + } + } } Write-Verbose -Message "Found an instance with Identity {$Identity}" $results = @{ Identity = $instance.Identity - ComplianceRecordingApplications = $recordApplicationIds + ComplianceRecordingApplications = $ComplexComplianceRecordingApplications Description = $instance.Description DisableComplianceRecordingAudioNotificationForCalls = $instance.DisableComplianceRecordingAudioNotificationForCalls Enabled = $instance.Enabled @@ -132,7 +152,7 @@ function Set-TargetResource $Identity, [Parameter()] - [System.String[]] + [Microsoft.Management.Infrastructure.CimInstance[]] $ComplianceRecordingApplications, [Parameter()] @@ -218,6 +238,7 @@ function Set-TargetResource { if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.GetType().Name -like '*cimInstance*') { + $keyName = $key.substring(0, 1).ToLower() + $key.substring(1, $key.length - 1) $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key $CreateParameters.Remove($key) | Out-Null $CreateParameters.Add($keyName, $keyValue) @@ -225,6 +246,52 @@ function Set-TargetResource } Write-Verbose -Message "Creating {$Identity} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" New-CsTeamsComplianceRecordingPolicy @CreateParameters | Out-Null + + if ($ComplianceRecordingApplications.Count -gt 0) + { + foreach ($CurrentComplianceRecordingApplications in $ComplianceRecordingApplications) + { + $Instance = $CurrentComplianceRecordingApplications.Id + $RequiredBeforeMeetingJoin = $CurrentComplianceRecordingApplications.RequiredBeforeMeetingJoin + $RequiredBeforeCallEstablishment = $CurrentComplianceRecordingApplications.RequiredBeforeCallEstablishment + $RequiredDuringMeeting = $CurrentComplianceRecordingApplications.RequiredDuringMeeting + $RequiredDuringCall = $CurrentComplianceRecordingApplications.RequiredDuringCall + $ConcurrentInvitationCount = $CurrentComplianceRecordingApplications.ConcurrentInvitationCount + + $CsTeamsComplianceRecordingApplication = Get-CsTeamsComplianceRecordingApplication -Identity $CsTeamsComplianceRecordingApplicationIdentity -ErrorAction SilentlyContinue + if ($null -eq $CsTeamsComplianceRecordingApplication) + { + New-CsTeamsComplianceRecordingApplication ` + -RequiredBeforeMeetingJoin $RequiredBeforeMeetingJoin ` + -RequiredBeforeCallEstablishment $RequiredBeforeCallEstablishment ` + -RequiredDuringMeeting $RequiredDuringMeeting ` + -RequiredDuringCall $RequiredDuringCall ` + -ConcurrentInvitationCount $ConcurrentInvitationCount ` + -Parent $Identity -Id $Instance + } + else + { + Set-CsTeamsComplianceRecordingApplication ` + -Identity $CsTeamsComplianceRecordingApplicationIdentity ` + -RequiredBeforeMeetingJoin $RequiredBeforeMeetingJoin ` + -RequiredBeforeCallEstablishment $RequiredBeforeCallEstablishment ` + -RequiredDuringMeeting $RequiredDuringMeeting ` + -RequiredDuringCall $RequiredDuringCall ` + -ConcurrentInvitationCount $ConcurrentInvitationCount + } + + if ($CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications.Count -gt 0) + { + Set-CsTeamsComplianceRecordingApplication ` + -Identity "$Identity + '/' + $Instance" ` + -ComplianceRecordingPairedApplications @(New-CsTeamsComplianceRecordingPairedApplication ` + -Id $CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications) + } + } + $NewCsTeamsComplianceRecordingApplication = Get-CsTeamsComplianceRecordingApplication | Where-Object { $_.Identity -match $Identity } + Set-CsTeamsComplianceRecordingPolicy -Identity $Identity -ComplianceRecordingApplications $NewCsTeamsComplianceRecordingApplication + } + } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -245,6 +312,51 @@ function Set-TargetResource } Set-CsTeamsComplianceRecordingPolicy @UpdateParameters | Out-Null + if ($ComplianceRecordingApplications.Count -gt 0) + { + foreach ($CurrentComplianceRecordingApplications in $ComplianceRecordingApplications) + { + $Instance = $CurrentComplianceRecordingApplications.Id + $RequiredBeforeMeetingJoin = $CurrentComplianceRecordingApplications.RequiredBeforeMeetingJoin + $RequiredBeforeCallEstablishment = $CurrentComplianceRecordingApplications.RequiredBeforeCallEstablishment + $RequiredDuringMeeting = $CurrentComplianceRecordingApplications.RequiredDuringMeeting + $RequiredDuringCall = $CurrentComplianceRecordingApplications.RequiredDuringCall + $ConcurrentInvitationCount = $CurrentComplianceRecordingApplications.ConcurrentInvitationCount + + $CsTeamsComplianceRecordingApplicationIdentity = $Identity + '/' + $Instance + + $CsTeamsComplianceRecordingApplication = Get-CsTeamsComplianceRecordingApplication -Identity $CsTeamsComplianceRecordingApplicationIdentity -ErrorAction SilentlyContinue + if ($null -eq $CsTeamsComplianceRecordingApplication) + { + New-CsTeamsComplianceRecordingApplication ` + -RequiredBeforeMeetingJoin $RequiredBeforeMeetingJoin ` + -RequiredBeforeCallEstablishment $RequiredBeforeCallEstablishment ` + -RequiredDuringMeeting $RequiredDuringMeeting ` + -RequiredDuringCall $RequiredDuringCall ` + -ConcurrentInvitationCount $ConcurrentInvitationCount ` + -Parent $Identity -Id $Instance + } + else + { + Set-CsTeamsComplianceRecordingApplication ` + -Identity $CsTeamsComplianceRecordingApplicationIdentity ` + -RequiredBeforeMeetingJoin $RequiredBeforeMeetingJoin ` + -RequiredBeforeCallEstablishment $RequiredBeforeCallEstablishment ` + -RequiredDuringMeeting $RequiredDuringMeeting ` + -RequiredDuringCall $RequiredDuringCall ` + -ConcurrentInvitationCount $ConcurrentInvitationCount + } + + if ($CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications.Count -gt 0) + { + [string]$CsTeamsComplianceRecordingApplicationIdentity = $Identity + '/' + $Instance + [string]$ComplianceRecordingPairedApplications = $CurrentComplianceRecordingApplications.ComplianceRecordingPairedApplications + Set-CsTeamsComplianceRecordingApplication -Identity $CsTeamsComplianceRecordingApplicationIdentity -ComplianceRecordingPairedApplications @(New-CsTeamsComplianceRecordingPairedApplication -Id $ComplianceRecordingPairedApplications) + } + } + $NewCsTeamsComplianceRecordingApplication = Get-CsTeamsComplianceRecordingApplication | Where-Object { $_.Identity -match $Identity } + Set-CsTeamsComplianceRecordingPolicy -Identity $Identity -ComplianceRecordingApplications $NewCsTeamsComplianceRecordingApplication + } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -264,7 +376,7 @@ function Test-TargetResource $Identity, [Parameter()] - [System.String[]] + [Microsoft.Management.Infrastructure.CimInstance[]] $ComplianceRecordingApplications, [Parameter()] @@ -336,6 +448,30 @@ function Test-TargetResource Write-Verbose -Message "Test-TargetResource returned $false" return $false } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -350,10 +486,13 @@ function Test-TargetResource } } - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $testResult" @@ -452,11 +591,42 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ($null -ne $Results.ComplianceRecordingApplications) + { + $complexMapping = @( + @{ + Name = 'ComplianceRecordingApplications' + CimInstanceName = 'TeamsComplianceRecordingApplication' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.ComplianceRecordingApplications ` + -CIMInstanceName 'TeamsComplianceRecordingApplication' ` + -ComplexTypeMapping $complexMapping + + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.ComplianceRecordingApplications = $complexTypeStringResult + } + else + { + $Results.Remove('ComplianceRecordingApplications') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + if ($Results.ComplianceRecordingApplications) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ComplianceRecordingApplications' -IsCIMArray:$True + $currentDSCBlock = $currentDSCBlock.Replace('ComplianceRecordingApplications = @("', 'ComplianceRecordingApplications = @(') + $currentDSCBlock = $currentDSCBlock.Replace(" `",`"`r`n", '') + + } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.schema.mof index e24a25c67d..60effbe662 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.schema.mof @@ -1,8 +1,20 @@ +[ClassVersion("1.0.0")] +class MSFT_TeamsComplianceRecordingApplication +{ + [Write, Description("A name that uniquely identifies the application instance of the policy-based recording application.")] String Id; + [Write, Description("Determines the other policy-based recording applications to pair with this application to achieve application resiliency. Can only have one paired application.")] String ComplianceRecordingPairedApplications[]; + [Write, Description("Indicates whether the policy-based recording application must be in the meeting before the user is allowed to join the meeting.")] Boolean RequiredBeforeMeetingJoin; + [Write, Description("Indicates whether the policy-based recording application must be in the call before the call is allowed to establish.")] Boolean RequiredBeforeCallEstablishment; + [Write, Description("Indicates whether the policy-based recording application must be in the meeting while the user is in the meeting.")] Boolean RequiredDuringMeeting; + [Write, Description("Indicates whether the policy-based recording application must be in the call while the call is active.")] Boolean RequiredDuringCall; + [Write, Description("Determines the number of invites to send out to the application instance of the policy-based recording application. Can be set to 1 or 2 only.")] String ConcurrentInvitationCount; +}; + [ClassVersion("1.0.0.0"), FriendlyName("TeamsComplianceRecordingPolicy")] class MSFT_TeamsComplianceRecordingPolicy : OMI_BaseResource { [Key, Description("Unique identifier of the application instance of a policy-based recording application to be retrieved.")] String Identity; - [Write, Description("A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet.")] String ComplianceRecordingApplications[]; + [Write, Description("A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet."), EmbeddedInstance("MSFT_TeamsComplianceRecordingApplication")] String ComplianceRecordingApplications[]; [Write, Description("Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to.")] String Description; [Write, Description("Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording.")] Boolean DisableComplianceRecordingAudioNotificationForCalls; [Write, Description("Controls whether this Teams recording policy is active or not.")] Boolean Enabled; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 index 232f63ddc3..ee499942df 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 @@ -435,7 +435,16 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-AllM365TeamsApps -ErrorAction Stop + + [array] $Script:exportedInstances = @() + try + { + [array] $Script:exportedInstances = Get-AllM365TeamsApps -ErrorAction Stop + } + catch + { + Write-Verbose $_ + } $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 717197df8f..d2d088cc8d 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -1,8 +1,28 @@ @{ Dependencies = @( + @{ + ModuleName = 'Az.Accounts' + RequiredVersion = '3.0.2' + }, + @{ + ModuleName = 'Az.ResourceGraph' + RequiredVersion = '1.0.0' + }, + @{ + ModuleName = 'Az.Resources' + RequiredVersion = '7.2.0' + }, + @{ + ModuleName = 'Az.ResourceGraph' + RequiredVersion = '1.0.0' + }, + @{ + ModuleName = 'Az.SecurityInsights' + RequiredVersion = '3.1.2' + }, @{ ModuleName = 'DSCParser' - RequiredVersion = '2.0.0.8' + RequiredVersion = '2.0.0.10' }, @{ ModuleName = 'ExchangeOnlineManagement' @@ -10,75 +30,87 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' + }, + @{ + ModuleName = 'Microsoft.Graph.Beta.Applications' + Requiredversion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.Governance' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Reports' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' + }, + @{ + ModuleName = 'Microsoft.Graph.Beta.Search' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Teams' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DirectoryObjects' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' + }, + @{ + ModuleName = 'Microsoft.Graph.Beta.Groups' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Sites' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '2.20.0' + RequiredVersion = '2.23.0' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' @@ -90,17 +122,12 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.20" + RequiredVersion = "1.1.25" }, @{ ModuleName = 'PnP.PowerShell' RequiredVersion = '1.12.0' }, - @{ - ModuleName = 'PSDesiredStateConfiguration' - RequiredVersion = '1.1' - PowerShellCore = $false - }, @{ ModuleName = 'PSDesiredStateConfiguration' RequiredVersion = '2.0.7' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 index a9e23649f8..f44ba9bed4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 @@ -29,6 +29,7 @@ Configuration Example MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False; ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 index f6e5d23508..6d08a2ef5c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 @@ -30,6 +30,7 @@ Configuration Example MembershipRule = "(user.country -eq `"US`")" # Updated Property MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 index 533b73f0bb..38cc0fb25f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 @@ -42,6 +42,14 @@ Configuration Example State = 'default' } }; + ReportSuspiciousActivitySettings = MSFT_MicrosoftGraphreportSuspiciousActivitySettings{ + VoiceReportingCode = 0 + IncludeTarget = MSFT_AADAuthenticationMethodPolicyIncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + }; ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/2-Update.ps1 new file mode 100644 index 0000000000..e2dad301f1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/2-Update.ps1 @@ -0,0 +1,51 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyHardware "AADAuthenticationMethodPolicyHardware-HardwareOath" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + Id = "HardwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + ); + State = "enabled"; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/3-Remove.ps1 new file mode 100644 index 0000000000..04fa363b5d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyHardware/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyHardware "AADAuthenticationMethodPolicyHardware-HardwareOath" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Absent"; + Id = "HardwareOath"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementSettings/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementSettings/2-Update.ps1 new file mode 100644 index 0000000000..00107cb07d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementSettings/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADEntitlementManagementSettings "AADEntitlementManagementSettings" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DaysUntilExternalUserDeletedAfterBlocked = 30; + ExternalUserLifecycleAction = "blockSignInAndDelete"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/1-Create.ps1 new file mode 100644 index 0000000000..7d729800c4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/1-Create.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + Feature = "certificateBasedAuthentication"; + IsAppliedToOrganization = $False; + IsEnabled = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/2-Update.ps1 new file mode 100644 index 0000000000..1773c749d5 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + IsAppliedToOrganization = $False; + IsEnabled = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..4f6fa5b3f4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADFeatureRolloutPolicy/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index 07b9ba1c62..0a91bf600f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -23,17 +23,22 @@ Configuration Example { AADGroup 'MyGroups' { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group Updated" # Updated Property - SecurityEnabled = $True - MailEnabled = $True - GroupTypes = @("Unified") - MailNickname = "M365DSC" - Members = @("AdeleV@$TenantId") - GroupAsMembers = @("Group1") - Visibility = "Private" - Owners = @("admin@$TenantId", "AdeleV@$TenantId") - Ensure = "Present" + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Members = @("AdeleV@$TenantId") + GroupAsMembers = @("Group1") + Visibility = "Private" + Owners = @("admin@$TenantId", "AdeleV@$TenantId") + AssignedLicenses = @( + MSFT_AADGroupLicense { + SkuId = 'AAD_PREMIUM_P2' + } + ) + Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADPasswordRuleSettings/1-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADPasswordRuleSettings/1-Update.ps1 new file mode 100644 index 0000000000..dcb58a5fa6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADPasswordRuleSettings/1-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADPasswordRuleSettings 'GeneralPasswordRuleSettings' + { + IsSingleInstance = "Yes" + LockoutThreshold = 6 + LockoutDurationInSeconds = 30 + BannedPasswordCheckOnPremisesMode = 'Audit' + EnableBannedPasswordCheckOnPremises = $false + EnableBannedPasswordCheck = $false + BannedPasswordList = $null + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ADOOrganizationOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ADOOrganizationOwner/2-Update.ps1 new file mode 100644 index 0000000000..dc94d14b31 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ADOOrganizationOwner/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOOrganizationOwner "MyOrgOwner" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + OrganizationName = "MyOrg"; + Owner = "john.smith@$TenantId"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/1-Create.ps1 new file mode 100644 index 0000000000..053c8b5b43 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/1-Create.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Present"; + Level = "Organization"; + Members = @("AdeleV@$TenantId"); + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/2-Update.ps1 new file mode 100644 index 0000000000..f4bf481b12 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Present"; + Level = "Organization"; + Members = @("AdeleV@$TenantId", "admin@$TenantId"); #Drift + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/3-Remove.ps1 new file mode 100644 index 0000000000..57f2071f19 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ADOPermissionGroup/3-Remove.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Absent"; + Level = "Organization"; + Members = @("AdeleV@$TenantId"); + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ADOSecurityPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ADOSecurityPolicy/2-Update.ps1 new file mode 100644 index 0000000000..d226a0df30 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ADOSecurityPolicy/2-Update.ps1 @@ -0,0 +1,41 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOSecurityPolicy "ADOPolicy" + { + AllowAnonymousAccess = $True; + AllowRequestAccessToken = $False; + AllowTeamAdminsInvitationsAccessToken = $True; + ApplicationId = $ApplicationId; + ArtifactsExternalPackageProtectionToken = $False; + CertificateThumbprint = $CertificateThumbprint; + DisallowAadGuestUserAccess = $True; + DisallowOAuthAuthentication = $True; + DisallowSecureShell = $False; + EnforceAADConditionalAccess = $False; + LogAuditEvents = $True; + OrganizationName = "O365DSC-Dev"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/2-Update.ps1 similarity index 59% rename from Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/1-Create.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/2-Update.ps1 index 9111f3ae5c..2c95a634c1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AzureSubscription/2-Update.ps1 @@ -19,18 +19,13 @@ Configuration Example $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC - node localhost { - EXOMailTips 'OrgWideMailTips' + AzureSubscription 'TestSubscription' { - IsSingleInstance = 'Yes' - MailTipsAllTipsEnabled = $True - MailTipsGroupMetricsEnabled = $True - #MailTipsLargeAudienceThreshold = 100 - MailTipsMailboxSourcedTipsEnabled = $True - MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" + Name = 'MyTestSubscription' + Id = 'd620d94d-916d-4dd9-9de5-179292873e20' + Enabled = $true ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/DefenderSubscriptionPlan/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/DefenderSubscriptionPlan/2-Update.ps1 new file mode 100644 index 0000000000..1d13946923 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/DefenderSubscriptionPlan/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + DefenderSubscriptionPlan 'TestSubscription' + { + SubscriptionName = 'MyTestSubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + SubscriptionId = 'd620d94d-916d-4dd9-9de5-179292873e20' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1 index a65fc01916..2166373c7b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1 @@ -45,6 +45,8 @@ Configuration Example EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1 index b5fa497a46..5a606beeaa 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1 @@ -45,6 +45,8 @@ Configuration Example EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1 index b5fa497a46..7bf9e68c43 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1 @@ -44,6 +44,8 @@ Configuration Example EnableOrganizationDomainsProtection = $null EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOArcConfig/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOArcConfig/2-Update.ps1 new file mode 100644 index 0000000000..7f1e257061 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOArcConfig/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOArcConfig "EXOArcConfig-Test" + { + ArcTrustedSealers = "contoso.com"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + ApplicationId = $ApplicationId; + } + } +} \ No newline at end of file diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/1-Create.ps1 new file mode 100644 index 0000000000..747e49a549 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/1-Create.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/2-Update.ps1 new file mode 100644 index 0000000000..1cd2df9588 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy with comments"; # Changed value + Enabled = $True; # Changed value + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/3-Remove.ps1 new file mode 100644 index 0000000000..2052e05050 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAtpProtectionPolicyRule/3-Remove.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Absent" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/1-Create.ps1 similarity index 78% rename from Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/1-Create.ps1 index ec8fa0c4ab..09e66b14c1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/1-Create.ps1 @@ -19,16 +19,15 @@ Configuration Example $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC - node localhost { - EXOMailTips 'OrgWideMailTips' + EXODnssecForVerifiedDomain "EXODnssecForVerifiedDomain-nik-charlebois.com" { - IsSingleInstance = 'Yes' - Ensure = "Absent" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/2-Update.ps1 new file mode 100644 index 0000000000..09e66b14c1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODnssecForVerifiedDomain/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXODnssecForVerifiedDomain "EXODnssecForVerifiedDomain-nik-charlebois.com" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOEmailTenantSettings/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOEmailTenantSettings/2-Update.ps1 new file mode 100644 index 0000000000..bb4c462947 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOEmailTenantSettings/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOEmailTenantSettings "EXOEmailTenantSettings-Test" + { + IsSingleInstance = "Yes" + EnablePriorityAccountProtection = $True; + Identity = $TenantId; + IsValid = $True; + ObjectState = "Unchanged" + Name = "Default" + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationId = $ApplicationId + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOFocusedInbox/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOFocusedInbox/2-Update.ps1 new file mode 100644 index 0000000000..5505182c87 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOFocusedInbox/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOFocusedInbox "EXOFocusedInbox-Test" + { + Ensure = "Present"; + FocusedInboxOn = $False; # Updated Property + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@$TenantId"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/2-Update.ps1 index 77b38d9db2..f2a92980e9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailTips/2-Update.ps1 @@ -30,7 +30,6 @@ Configuration Example #MailTipsLargeAudienceThreshold = 100 MailTipsMailboxSourcedTipsEnabled = $True MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxCalendarConfiguration/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxCalendarConfiguration/2-Update.ps1 new file mode 100644 index 0000000000..da4080f99f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxCalendarConfiguration/2-Update.ps1 @@ -0,0 +1,70 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxCalendarConfiguration "EXOMailboxCalendarConfiguration-Test" + { + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 6; # Updated Property + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@$TenantId"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/1-Create.ps1 new file mode 100644 index 0000000000..512a22ca2a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/1-Create.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOMailboxFolderPermission "EXOMailboxFolderPermission-admin:\Calendar" + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "amdin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Owner' + SharingPermissionFlags = 'Delegate' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/2-Update.ps1 new file mode 100644 index 0000000000..22c39789c9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxFolderPermission/2-Update.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxFolderPermission "EXOMailboxFolderPermission-admin:\Calendar" + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "admin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } +MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } +MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Editor' + SharingPermissionFlags = 'Delegate' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/1-Create.ps1 new file mode 100644 index 0000000000..f47d2d2105 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/1-Create.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxIRMAccess "EXOMailboxIRMAccess-qwe@testorg.onmicrosoft.com" + { + AccessLevel = "Block"; + Credential = $Credscredential; + Ensure = "Present"; + Identity = "qwe@$OrganizationName"; + User = "admin@$OrganizationName"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/2-Update.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxIRMAccess/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/1-Create.ps1 new file mode 100644 index 0000000000..ba630d844a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'Test*'"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/2-Update.ps1 new file mode 100644 index 0000000000..64528717e8 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/3-Remove.ps1 new file mode 100644 index 0000000000..3524dc103d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementScope/3-Remove.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Absent"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/1-Create.ps1 new file mode 100644 index 0000000000..937fe41382 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/1-Create.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + Policy = "fc55717b-28bb-4cf3-98ee-9ba57903c978"; + SenderIpRanges = @("192.168.1.55"); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/2-Update.ps1 new file mode 100644 index 0000000000..b55b0c65d3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Comment = "New Comment note"; + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/3-Remove.ps1 new file mode 100644 index 0000000000..5cef0b2b2f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPhishSimOverrideRule/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Ensure = "Absent"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/1-Create.ps1 new file mode 100644 index 0000000000..60526cc374 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/1-Create.ps1 @@ -0,0 +1,39 @@ + +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/2-Update.ps1 new file mode 100644 index 0000000000..327596b942 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/2-Update.ps1 @@ -0,0 +1,40 @@ + + +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); # drifted property + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..6793de2f80 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORetentionPolicy/3-Remove.ps1 @@ -0,0 +1,41 @@ + + + +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/1-Create.ps1 new file mode 100644 index 0000000000..b46fb3fead --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/1-Create.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/2-Update.ps1 new file mode 100644 index 0000000000..6382526e63 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/3-Remove.ps1 new file mode 100644 index 0000000000..bfb8dd091d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSecOpsOverrideRule/3-Remove.ps1 @@ -0,0 +1,30 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Ensure = "Absent"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/1-Create.ps1 new file mode 100644 index 0000000000..9a31d33f3a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/1-Create.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/2-Update.ps1 new file mode 100644 index 0000000000..73d5842fbd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/2-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block with updated notes"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/3-Delete.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/3-Delete.ps1 new file mode 100644 index 0000000000..2f78d5db6f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOTenantAllowBlockListItems/3-Delete.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Absent"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/1-Create.ps1 new file mode 100644 index 0000000000..c86b8d401e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/1-Create.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/2-Update.ps1 new file mode 100644 index 0000000000..9568256f2c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/2-Update.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management updated"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/3-Remove.ps1 new file mode 100644 index 0000000000..b3e94d9b6f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppCategory/3-Remove.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/1-Create.ps1 new file mode 100644 index 0000000000..02e7e70edb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/1-Create.ps1 @@ -0,0 +1,53 @@ +<# +This example creates a new Intune Firewall Policy for Windows10. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Intune Firewall Policy Windows10"; + DisableStatefulFtp = "false"; + DomainProfile_AllowLocalIpsecPolicyMerge = "false"; + DomainProfile_EnableFirewall = "true"; + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + DomainProfile_LogMaxFileSize = 1024; + ObjectAccess_AuditFilteringPlatformPacketDrop = "1"; + PrivateProfile_EnableFirewall = "true"; + PublicProfile_EnableFirewall = "true"; + Target = "wsl"; + AllowHostPolicyMerge = "false"; + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..1debf2e5b6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/2-Update.ps1 @@ -0,0 +1,53 @@ +<# +This example updates a Intune Firewall Policy for Windows10. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Intune Firewall Policy Windows10"; + DisableStatefulFtp = "false"; + DomainProfile_AllowLocalIpsecPolicyMerge = "true"; # Updated property + DomainProfile_EnableFirewall = "true"; + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + DomainProfile_LogMaxFileSize = 1024; + ObjectAccess_AuditFilteringPlatformPacketDrop = "1"; + PrivateProfile_EnableFirewall = "true"; + PublicProfile_EnableFirewall = "true"; + Target = "wsl"; + AllowHostPolicyMerge = "false"; + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..fba93ab0a3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneFirewallPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example removes a Device Control Policy. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Id = '00000000-0000-0000-0000-000000000000' + DisplayName = 'Intune Firewall Policy Windows10' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/1-Create.ps1 new file mode 100644 index 0000000000..5e052ad0e2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp"); + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/2-Update.ps1 new file mode 100644 index 0000000000..36bcc28d21 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp", "MySecondApp"); # Drift + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/3-Remove.ps1 new file mode 100644 index 0000000000..ad9474a857 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/O365ExternalConnection/3-Remove.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp"); + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Absent"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/1-Create.ps1 new file mode 100644 index 0000000000..775f239937 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/1-Create.ps1 @@ -0,0 +1,60 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/2-Update.ps1 new file mode 100644 index 0000000000..0cbf28e67d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/2-Update.ps1 @@ -0,0 +1,60 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $True; #Drift + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/3-Remove.ps1 new file mode 100644 index 0000000000..6d7c6f583b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConditionalAccessRule/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + Name = "MyPolicy{394b}"; + Policy = "MyPolicy"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/1-Create.ps1 new file mode 100644 index 0000000000..d9b2278f0c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/1-Create.ps1 @@ -0,0 +1,59 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyDeviceConfigurationPolicy{2b18}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyDeviceConfigurationPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("All Company"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/2-Update.ps1 new file mode 100644 index 0000000000..abcbc2eda7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/2-Update.ps1 @@ -0,0 +1,59 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $False; # Drift + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyDeviceConfigurationPolicy{2b18}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyDeviceConfigurationPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("All Company"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/3-Remove.ps1 new file mode 100644 index 0000000000..249a846dba --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCDeviceConfigurationRule/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + Name = "MyDeviceConfigurationPolicy{2b18}"; + Policy = "MyDeviceConfigurationPolicy"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/1-Create.ps1 new file mode 100644 index 0000000000..b1d724763e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/1-Create.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Present"; + FileTypes = @(".exe",".cmd",".bat"); + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/2-Update.ps1 new file mode 100644 index 0000000000..c230194a30 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Present"; + FileTypes = @(".exe",".txt",".bat"); # Drfit + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/3-Remove.ps1 new file mode 100644 index 0000000000..cf49044588 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskEntityList/3-Remove.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Absent"; + FileTypes = @(".exe",".cmd",".bat"); + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/1-Create.ps1 new file mode 100644 index 0000000000..b4828f8b4a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/1-Create.ps1 @@ -0,0 +1,164 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + ApplicationId = $ApplicationId; + AWSS3BlockPublicAccessDisabled = $False; + AWSS3BucketDeleted = $False; + AWSS3PublicAccessEnabled = $False; + AWSS3ServerLoggingDisabled = $False; + AzureElevateAccessToAllSubscriptions = $False; + AzureResourceThreatProtectionSettingsUpdated = $False; + AzureSQLServerAuditingSettingsUpdated = $False; + AzureSQLServerFirewallRuleDeleted = $False; + AzureSQLServerFirewallRuleUpdated = $False; + AzureStorageAccountOrContainerDeleted = $False; + BoxContentAccess = $False; + BoxContentDelete = $False; + BoxContentDownload = $False; + BoxContentExternallyShared = $False; + CCFinancialRegulatoryRiskyTextSent = $False; + CCInappropriateContentSent = $False; + CCInappropriateImagesSent = $False; + CertificateThumbprint = $CertificateThumbprint; + CopyToPersonalCloud = $False; + CopyToUSB = $False; + CumulativeExfiltrationDetector = $True; + DLPUserRiskSync = $True; + DropboxContentAccess = $False; + DropboxContentDelete = $False; + DropboxContentDownload = $False; + DropboxContentExternallyShared = $False; + EmailExternal = $False; + EmployeeAccessedEmployeePatientData = $False; + EmployeeAccessedFamilyData = $False; + EmployeeAccessedHighVolumePatientData = $False; + EmployeeAccessedNeighbourData = $False; + EmployeeAccessedRestrictedData = $False; + EnableTeam = $True; + Ensure = "Present"; + EpoBrowseToChildAbuseSites = $False; + EpoBrowseToCriminalActivitySites = $False; + EpoBrowseToCultSites = $False; + EpoBrowseToGamblingSites = $False; + EpoBrowseToHackingSites = $False; + EpoBrowseToHateIntoleranceSites = $False; + EpoBrowseToIllegalSoftwareSites = $False; + EpoBrowseToKeyloggerSites = $False; + EpoBrowseToLlmSites = $False; + EpoBrowseToMalwareSites = $False; + EpoBrowseToPhishingSites = $False; + EpoBrowseToPornographySites = $False; + EpoBrowseToUnallowedDomain = $False; + EpoBrowseToViolenceSites = $False; + EpoCopyToClipboardFromSensitiveFile = $False; + EpoCopyToNetworkShare = $False; + EpoFileArchived = $False; + EpoFileCopiedToRemoteDesktopSession = $False; + EpoFileDeleted = $False; + EpoFileDownloadedFromBlacklistedDomain = $False; + EpoFileDownloadedFromEnterpriseDomain = $False; + EpoFileRenamed = $False; + EpoFileStagedToCentralLocation = $False; + EpoHiddenFileCreated = $False; + EpoRemovableMediaMount = $False; + EpoSensitiveFileRead = $False; + FileVolCutoffLimits = "59"; + GoogleDriveContentAccess = $False; + GoogleDriveContentDelete = $False; + GoogleDriveContentExternallyShared = $False; + HistoricTimeSpan = "89"; + InScopeTimeSpan = "30"; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Mcas3rdPartyAppFileDelete = $False; + Mcas3rdPartyAppFileSharing = $False; + McasActivityFromInfrequentCountry = $False; + McasImpossibleTravel = $False; + McasMultipleFailedLogins = $False; + McasMultipleStorageDeletion = $False; + McasMultipleVMCreation = $True; + McasMultipleVMDeletion = $False; + McasSuspiciousAdminActivities = $False; + McasSuspiciousCloudCreation = $False; + McasSuspiciousCloudTrailLoggingChange = $False; + McasTerminatedEmployeeActivity = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + OdbDownload = $False; + OdbSyncDownload = $False; + OptInIRMDataExport = $True; + PeerCumulativeExfiltrationDetector = $False; + PhysicalAccess = $False; + PotentialHighImpactUser = $False; + PowerBIDashboardsDeleted = $False; + PowerBIReportsDeleted = $False; + PowerBIReportsDownloaded = $False; + PowerBIReportsExported = $False; + PowerBIReportsViewed = $False; + PowerBISemanticModelsDeleted = $False; + PowerBISensitivityLabelDowngradedForArtifacts = $False; + PowerBISensitivityLabelRemovedFromArtifacts = $False; + Print = $False; + PriorityUserGroupMember = $False; + RaiseAuditAlert = $True; + SecurityAlertDefenseEvasion = $False; + SecurityAlertUnwantedSoftware = $False; + SpoAccessRequest = $False; + SpoApprovedAccess = $False; + SpoDownload = $False; + SpoDownloadV2 = $False; + SpoFileAccessed = $False; + SpoFileDeleted = $False; + SpoFileDeletedFromFirstStageRecycleBin = $False; + SpoFileDeletedFromSecondStageRecycleBin = $False; + SpoFileLabelDowngraded = $False; + SpoFileLabelRemoved = $False; + SpoFileSharing = $True; + SpoFolderDeleted = $False; + SpoFolderDeletedFromFirstStageRecycleBin = $False; + SpoFolderDeletedFromSecondStageRecycleBin = $False; + SpoFolderSharing = $False; + SpoSiteExternalUserAdded = $False; + SpoSiteInternalUserAdded = $False; + SpoSiteLabelRemoved = $False; + SpoSiteSharing = $False; + SpoSyncDownload = $False; + TeamsChannelFileSharedExternal = $False; + TeamsChannelMemberAddedExternal = $False; + TeamsChatFileSharedExternal = $False; + TeamsFileDownload = $False; + TeamsFolderSharedExternal = $False; + TeamsMemberAddedExternal = $False; + TeamsSensitiveMessage = $False; + TenantId = $TenantId; + UserHistory = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/2-Update.ps1 new file mode 100644 index 0000000000..d3ba78ab1c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/2-Update.ps1 @@ -0,0 +1,164 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + ApplicationId = $ApplicationId; + AWSS3BlockPublicAccessDisabled = $False; + AWSS3BucketDeleted = $False; + AWSS3PublicAccessEnabled = $False; + AWSS3ServerLoggingDisabled = $False; + AzureElevateAccessToAllSubscriptions = $False; + AzureResourceThreatProtectionSettingsUpdated = $False; + AzureSQLServerAuditingSettingsUpdated = $False; + AzureSQLServerFirewallRuleDeleted = $False; + AzureSQLServerFirewallRuleUpdated = $False; + AzureStorageAccountOrContainerDeleted = $False; + BoxContentAccess = $False; + BoxContentDelete = $False; + BoxContentDownload = $False; + BoxContentExternallyShared = $False; + CCFinancialRegulatoryRiskyTextSent = $False; + CCInappropriateContentSent = $False; + CCInappropriateImagesSent = $False; + CertificateThumbprint = $CertificateThumbprint; + CopyToPersonalCloud = $False; + CopyToUSB = $False; + CumulativeExfiltrationDetector = $True; + DLPUserRiskSync = $True; + DropboxContentAccess = $False; + DropboxContentDelete = $False; + DropboxContentDownload = $False; + DropboxContentExternallyShared = $False; + EmailExternal = $False; + EmployeeAccessedEmployeePatientData = $False; + EmployeeAccessedFamilyData = $False; + EmployeeAccessedHighVolumePatientData = $False; + EmployeeAccessedNeighbourData = $False; + EmployeeAccessedRestrictedData = $False; + EnableTeam = $True; + Ensure = "Present"; + EpoBrowseToChildAbuseSites = $False; + EpoBrowseToCriminalActivitySites = $False; + EpoBrowseToCultSites = $False; + EpoBrowseToGamblingSites = $False; + EpoBrowseToHackingSites = $False; + EpoBrowseToHateIntoleranceSites = $False; + EpoBrowseToIllegalSoftwareSites = $False; + EpoBrowseToKeyloggerSites = $False; + EpoBrowseToLlmSites = $False; + EpoBrowseToMalwareSites = $False; + EpoBrowseToPhishingSites = $False; + EpoBrowseToPornographySites = $False; + EpoBrowseToUnallowedDomain = $False; + EpoBrowseToViolenceSites = $False; + EpoCopyToClipboardFromSensitiveFile = $False; + EpoCopyToNetworkShare = $False; + EpoFileArchived = $False; + EpoFileCopiedToRemoteDesktopSession = $False; + EpoFileDeleted = $False; + EpoFileDownloadedFromBlacklistedDomain = $False; + EpoFileDownloadedFromEnterpriseDomain = $False; + EpoFileRenamed = $False; + EpoFileStagedToCentralLocation = $False; + EpoHiddenFileCreated = $False; + EpoRemovableMediaMount = $False; + EpoSensitiveFileRead = $False; + FileVolCutoffLimits = "59"; + GoogleDriveContentAccess = $False; + GoogleDriveContentDelete = $False; + GoogleDriveContentExternallyShared = $False; + HistoricTimeSpan = "89"; + InScopeTimeSpan = "30"; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Mcas3rdPartyAppFileDelete = $False; + Mcas3rdPartyAppFileSharing = $False; + McasActivityFromInfrequentCountry = $False; + McasImpossibleTravel = $False; + McasMultipleFailedLogins = $False; + McasMultipleStorageDeletion = $False; + McasMultipleVMCreation = $True; + McasMultipleVMDeletion = $False; + McasSuspiciousAdminActivities = $False; + McasSuspiciousCloudCreation = $False; + McasSuspiciousCloudTrailLoggingChange = $False; + McasTerminatedEmployeeActivity = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + OdbDownload = $False; + OdbSyncDownload = $False; + OptInIRMDataExport = $True; + PeerCumulativeExfiltrationDetector = $False; + PhysicalAccess = $False; + PotentialHighImpactUser = $False; + PowerBIDashboardsDeleted = $False; + PowerBIReportsDeleted = $False; + PowerBIReportsDownloaded = $False; + PowerBIReportsExported = $False; + PowerBIReportsViewed = $False; + PowerBISemanticModelsDeleted = $False; + PowerBISensitivityLabelDowngradedForArtifacts = $False; + PowerBISensitivityLabelRemovedFromArtifacts = $False; + Print = $False; + PriorityUserGroupMember = $False; + RaiseAuditAlert = $True; + SecurityAlertDefenseEvasion = $False; + SecurityAlertUnwantedSoftware = $False; + SpoAccessRequest = $False; + SpoApprovedAccess = $False; + SpoDownload = $False; + SpoDownloadV2 = $False; + SpoFileAccessed = $False; + SpoFileDeleted = $False; + SpoFileDeletedFromFirstStageRecycleBin = $False; + SpoFileDeletedFromSecondStageRecycleBin = $False; + SpoFileLabelDowngraded = $False; + SpoFileLabelRemoved = $False; + SpoFileSharing = $True; + SpoFolderDeleted = $False; + SpoFolderDeletedFromFirstStageRecycleBin = $False; + SpoFolderDeletedFromSecondStageRecycleBin = $False; + SpoFolderSharing = $False; + SpoSiteExternalUserAdded = $False; + SpoSiteInternalUserAdded = $False; + SpoSiteLabelRemoved = $False; + SpoSiteSharing = $False; + SpoSyncDownload = $False; + TeamsChannelFileSharedExternal = $False; + TeamsChannelMemberAddedExternal = $False; + TeamsChatFileSharedExternal = $True; # Drift + TeamsFileDownload = $False; + TeamsFolderSharedExternal = $False; + TeamsMemberAddedExternal = $False; + TeamsSensitiveMessage = $False; + TenantId = $TenantId; + UserHistory = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..cd6854e02e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCInsiderRiskPolicy/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + InsiderRiskScenario = "TenantSetting"; + Name = "IRM_Tenant_Setting"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCRecordReviewNotificationTemplateConfig/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCRecordReviewNotificationTemplateConfig/2-Update.ps1 new file mode 100644 index 0000000000..f0e255b64d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCRecordReviewNotificationTemplateConfig/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCRecordReviewNotificationTemplateConfig "SCRecordReviewNotificationTemplateConfig" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + CustomizedNotificationDataString = "This is my Notification Message"; + CustomizedReminderDataString = "This is my reminder message"; + IsCustomizedNotificationTemplate = $True; + IsCustomizedReminderTemplate = $True; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/2-Update.ps1 new file mode 100644 index 0000000000..374d2e371c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/2-Update.ps1 @@ -0,0 +1,146 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + SCSensitivityLabel 'ConfigureSensitivityLabel' + { + Name = 'DemoLabel' + Comment = 'Demo Label comment' + ToolTip = 'Demo tool tip' + DisplayName = 'Demo Label' + ApplyContentMarkingFooterAlignment = 'Center' + ApplyContentMarkingFooterEnabled = $true + ApplyContentMarkingFooterFontColor = '#FF0000' + ApplyContentMarkingFooterFontSize = 10 + ApplyContentMarkingFooterMargin = 5 + ApplyContentMarkingFooterText = 'Demo footer text' + ApplyContentMarkingHeaderAlignment = 'Center' + ApplyContentMarkingHeaderEnabled = $true + ApplyContentMarkingHeaderFontColor = '#FF0000' + ApplyContentMarkingHeaderFontSize = 10 + ApplyContentMarkingHeaderMargin = 5 + ApplyContentMarkingHeaderText = 'demo header text' + ApplyWaterMarkingEnabled = $true + ApplyWaterMarkingFontColor = '#FF0000' + ApplyWaterMarkingFontSize = 10 + ApplyWaterMarkingLayout = 'Diagonal' + ApplyWaterMarkingText = 'demo watermark' + SiteAndGroupProtectionAllowAccessToGuestUsers = $true + SiteAndGroupProtectionAllowEmailFromGuestUsers = $true + SiteAndGroupProtectionAllowFullAccess = $true + SiteAndGroupProtectionAllowLimitedAccess = $true + SiteAndGroupProtectionBlockAccess = $true + SiteAndGroupProtectionEnabled = $true + SiteAndGroupProtectionPrivacy = 'Private' + LocaleSettings = @( + MSFT_SCLabelLocaleSettings + { + LocaleKey = 'DisplayName' + LabelSettings = @( + MSFT_SCLabelSetting + { + Key = 'en-us' + Value = 'English Display Names' + } + MSFT_SCLabelSetting + { + Key = 'fr-fr' + Value = "Nom da'ffichage francais" + } + ) + } + MSFT_SCLabelLocaleSettings + { + LocaleKey = 'StopColor' + LabelSettings = @( + MSFT_SCLabelSetting + { + Key = 'en-us' + Value = 'RedGreen' + } + MSFT_SCLabelSetting + { + Key = 'fr-fr' + Value = 'Rouge' + } + ) + } + ) + AdvancedSettings = @( + MSFT_SCLabelSetting + { + Key = 'AllowedLevel' + Value = @('Sensitive', 'Classified') + } + MSFT_SCLabelSetting + { + Key = 'LabelStatus' + Value = 'Enabled' + } + ) + AutoLabelingSettings = MSFT_SCSLAutoLabelingSettings + { + Operator = 'And' + AutoApplyType = 'Recommend' + PolicyTip = 'My Perfect Test Tip!' + Groups = @( + MSFT_SCSLSensitiveInformationGroup + { + Name = 'Group1' + Operator = 'Or' + SensitiveInformationType = @( + MSFT_SCSLSensitiveInformationType + { + name = 'ABA Routing Number' + confidencelevel = 'High' + maxcount = -1 + mincount = 1 + } + ) + TrainableClassifier = @( + MSFT_SCSLTrainableClassifiers + { + name = 'Legal Affairs' + } + ) + } + MSFT_SCSLSensitiveInformationGroup + { + Name = 'Group2' + Operator = 'And' + SensitiveInformationType = @( + MSFT_SCSLSensitiveInformationType + { + name = 'All Full Names' + confidencelevel = 'High' + maxcount = 100 + mincount = 10 + } + ) + TrainableClassifier = @( + MSFT_SCSLTrainableClassifiers + { + name = 'Threat' + } + ) + } + ) + } + ParentId = 'Personal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 new file mode 100644 index 0000000000..ead7b6c305 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credentials + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + SCUnifiedAuditLogRetentionPolicy 'Example' + { + Credential = $Credentials; + Ensure = "Present"; + Name = "Test Policy"; + Priority = 1; + RetentionDuration = "SevenDays"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SentinelSetting/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SentinelSetting/2-Update.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SentinelSetting/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/1-Create.ps1 new file mode 100644 index 0000000000..22d433f47b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/1-Create.ps1 @@ -0,0 +1,44 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/2-Update.ps1 new file mode 100644 index 0000000000..56e24197f5 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/2-Update.ps1 @@ -0,0 +1,44 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 0; # Drift + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/3-Remove.ps1 new file mode 100644 index 0000000000..8fc5a78c3b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SentinelWatchlist/3-Remove.ps1 @@ -0,0 +1,44 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Absent"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsComplianceRecordingPolicy/1-TeamsComplianceRecordingPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsComplianceRecordingPolicy/1-TeamsComplianceRecordingPolicy-Example.ps1 index 2c979de26e..70e5823572 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsComplianceRecordingPolicy/1-TeamsComplianceRecordingPolicy-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsComplianceRecordingPolicy/1-TeamsComplianceRecordingPolicy-Example.ps1 @@ -14,14 +14,34 @@ Configuration Example node localhost { - TeamsComplianceRecordingPolicy 'Example' + TeamsComplianceRecordingPolicy "TeamsComplianceRecordingPolicy-Tag:MyTeamsComplianceRecordingPolicy" { - ComplianceRecordingApplications = @('qwertzuio-abcd-abcd-abcd-qwertzuio'); - Credential = $Credscredential; + Credential = $credsCredential; + ComplianceRecordingApplications = @( + MSFT_TeamsComplianceRecordingApplication{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('00000000-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + MSFT_TeamsComplianceRecordingApplication{ + Id = '12345678-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('87654321-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ); + Description = "MyTeamsComplianceRecordingPolicy"; DisableComplianceRecordingAudioNotificationForCalls = $False; - Enabled = $False; + Enabled = $True; Ensure = "Present"; - Identity = "Global"; + Identity = "Tag:MyTeamsComplianceRecordingPolicy"; WarnUserOnRemoval = $True; } } diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 829a2cef89..68bd75c4a8 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-09-05 +# Generated on: 2024-10-02 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.904.1' + ModuleVersion = '1.24.1002.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -79,6 +79,7 @@ 'Modules/M365DSCDRGUtil.psm1', 'Modules/EncodingHelpers/M365DSCEmojis.psm1', 'Modules/EncodingHelpers/M365DSCStringEncoding.psm1', + 'Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1', 'Modules/WorkloadHelpers/M365DSCFabricHelper.psm1', 'Modules/M365DSCConfigurationHelper.psm1' ) @@ -143,22 +144,131 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* EXOOwaMailboxPolicy - * Add support for AccountTransferEnabled parameter -* EXOSweepRule + ReleaseNotes = '* AADApplication + * Added AppRoles + * Added AuthenticationBehavior + * Added KeyCredentials + * Added OptionalClaims + * Added PasswordCredentials + * Added PreAuthorizationApplications +* AADAuthenticationMethodPolicy + * Added ReportSuspiciousActivitySettings +* AADAuthenticationMethodPolicyHardware + * Initial release. +* AADEntitlementManagementSettings + * Initial release. +* AADFeatureRolloutPolicy + * Initial release +* AADGroup + * Fixes logic to evaluate license assignments and disabled plans. + FIXES [#5101](https://github.com/microsoft/Microsoft365DSC/issues/5101) + * Adds support to assign Service Principal as members or owners. + FIXES [#4972](https://github.com/microsoft/Microsoft365DSC/issues/4972) +* AADPasswordRuleSettings + * Initial release +* ADOOrganizationOwner + * Initial release. +* ADOPermissionGroup + * Initial release. +* ADOSecurityPolicy + * Initial release. +* AzureSubscription * Initial Release. -* FabricAdminTenantSettings +* DefenderSubscriptionDefenderPlan + * Initial release. +* EXOAntiPhishPolicy + * Use correct type integer for variable `PhishThresholdLevel` +* EXOArcConfig * Initial Release. -* IntuneDeviceControlPolicyWindows10 - * Initial Release +* EXODnssecForVerifiedDomain + * Initial Release. +* EXOEmailTenantSettings + * Initial Release. +* EXOFocusedInbox + * Initial Release. +* EXOMailboxCalendarConfiguration + * Initial Release. +* EXOMailboxIRMAccess + * Initial Release. +* EXOMailboxFolderPermission + * Initial Release. +* EXOMailboxIRMAccess + * Initial Release. +* EXOMailTips + * Remove property `Ensure` since this resource is of type `IsSingleInstance` +* EXOManagementScope + * Initial Release. +* EXORetentionPolicy + * Initial Release. +* EXOPhishSimOverrideRule + * Initial Release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Fixes an issue with invalid parameter definition. + FIXES [#5015](https://github.com/microsoft/Microsoft365DSC/issues/5015) + * Fixes an issue where the `AccessTokens` parameter was not available. + FIXES [#5121](https://github.com/microsoft/Microsoft365DSC/issues/5121) +* IntuneAppCategory + * Initial release. +* IntuneDeviceCompliancePolicyWindows10 + * Fixes an issue where the property `ValidOperatingSystemBuildRanges` was + not exported properly. + FIXES [#5030](https://github.com/microsoft/Microsoft365DSC/issues/5030) +* IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 + * Add missing `AccessTokens` parameter to `Export-TargetResource` + FIXES [#5034](https://github.com/microsoft/Microsoft365DSC/issues/5034) +* IntuneFirewallPolicyWindows10 + * Initial release + FIXES [#3033](https://github.com/microsoft/Microsoft365DSC/issues/3033) +* IntuneSettingCatalogCustomPolicyWindows10 + * Update export logic to target more specific policy types. + * Prevent thrown exception to be caught by exception handler. + FIXES [#5088](https://github.com/microsoft/Microsoft365DSC/issues/5088) * M365DSCDRGUtil - * Fixes an issue where a Intune settings catalog DSC param was not handled - correctly when it was not specified. - FIXES [#5000](https://github.com/microsoft/Microsoft365DSC/issues/5000) - * Fixes an issue where the exported nested CIM instances had too many line breaks. - * Fixes an issue where Settings Catalog properties were not correctly handled. + * Add support for more complex Intune Settings Catalog properties + * Update handling of `Update-IntuneDeviceConfigurationPolicy` to throw on error + FIXES [#5055](https://github.com/microsoft/Microsoft365DSC/issues/5055) +* M365DSCResourceGenerator + * Update Intune resource generation for the Settings Catalog. +* O365ExternalConnection + * Initial release. +* SCDeviceConditionalAccessRule + * Initial release. +* SCDeviceConfigurationRule + * Initial release. +* SCInsiderRiskEntityList + * Initial release. +* SCInsiderRiskPolicy + * Initial release. +* SCRecordReviewNotificationTemplateConfig + * Initial release. +* SCRoleGroup + * Fixes an issue with creation without specifying Displayname + * Fixes an issue with Drifts because of returned Role format + FIXES [#5036](https://github.com/microsoft/Microsoft365DSC/issues/5036) +* SCAutoSensitivityLabelRule + * Fixed issue with incorrectly applying HeaderMatchesPatterns, even when + parameter wasn`t specified. + FIXES [#4641](https://github.com/microsoft/Microsoft365DSC/issues/4641) +* SCSensitivityLabel + * Added support for Auto Labeling settings + FIXES [#3784](https://github.com/microsoft/Microsoft365DSC/issues/3784) +* SentinelSetting + * Initial release. +* SentinelWatchlist + * Initial release. +* SPOAccessControlSettings + * Added support for property EnableRestrictedAccessControl. +* M365DSCUtil + * Fixes an issue where the O365Group workload was not properly detected. + FIXES [#5095](https://github.com/microsoft/Microsoft365DSC/issues/5095) * DEPENDENCIES - * Updated MSCloudLoginAssistant to version 1.1.20.' + * Updated DSCParser to version 2.0.0.10. + * Updated Microsoft.Graph to version 2.23.0. + * Added dependencies on Az.Accounts, Az.Resources and Az.SecurityInsights + * Updated DSCParser to version 2.0.0.9. + * Updated MSCloudLoginAssistant to version 1.1.25. + * Added dependency on Microsoft.Graph.Beta.Search. + * Removed unnecessary dependency PSDesiredStateConfiguration v1.1' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 6bf838c5d6..542a206b3d 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1860,17 +1860,20 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $values = $valueResult.Value - # We iterate over all the values in the DSC params and add them to the choice setting collection - foreach ($value in $values) + if ($null -ne $values) { - $choiceSettingValueCollection += @{ - value = $value - children = @() - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue' + # We iterate over all the values in the DSC params and add them to the choice setting collection + foreach ($value in $values) + { + $choiceSettingValueCollection += @{ + value = $value + children = @() + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue' + } } - } - $settingValuesToReturn.Add('choiceSettingCollectionValue', $choiceSettingValueCollection) + $settingValuesToReturn.Add('choiceSettingCollectionValue', $choiceSettingValueCollection) + } } # SimpleSettingCollections are collections of simple settings, e.g. strings or integers { $_ -eq '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' -or $_ -eq '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionDefinition' } @@ -1968,6 +1971,7 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue { $matchCombined = $false $matchesId = $false + $matchesOffsetUri = $false $settingDefinitions = $SettingTemplates.SettingDefinitions ` | Where-Object -FilterScript { $_.Name -eq $key } @@ -1989,6 +1993,20 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue { $parentSettingName = $key.Split('_')[0] $parentDefinition = $SettingTemplates.SettingDefinitions | Where-Object -FilterScript { $_.Name -eq $parentSettingName } + + # If no parent definition is found, it might have been combined with the OffsetUri + if ($null -eq $parentDefinition) + { + $definition = Get-SettingDefinitionFromNameWithParentFromOffsetUri -OffsetUriName $key -SettingDefinitions $SettingTemplates.SettingDefinitions + if ($null -ne $definition) + { + $offsetUriFound = $true + if ($SettingDefinition.Id -eq $definition.Id) + { + $matchesOffsetUri = $true + } + } + } $childDefinition = $SettingTemplates.SettingDefinitions | Where-Object -FilterScript { $_.Name -eq $SettingName -and (($_.AdditionalProperties.dependentOn.Count -gt 0 -and $_.AdditionalProperties.dependentOn.parentSettingId -contains $parentDefinition.Id) -or @@ -2010,9 +2028,9 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue } } - if (-not $matchCombined) + if (-not $matchCombined -and -not $offsetUriFound) { - # Parent was not combined, look for the id + # Parent was not combined, look for the combination of name and id $SettingTemplates.SettingDefinitions | ForEach-Object { if ($_.Id -notin $global:excludedDefinitionIds -and $_.Name -eq $SettingName -and $_.Id -like "*$key") { @@ -2026,7 +2044,7 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue } # If there is exactly one setting with the name, the setting is combined or the id matches, we get the DSC value and update the real setting value type - if (($name.Count -eq 1 -and $SettingName -eq $key) -or $matchCombined -or $matchesId) + if (($name.Count -eq 1 -and $SettingName -eq $key) -or $matchCombined -or $matchesId -or $matchesOffsetUri) { $isArray = $false if ($SettingValueType -like "*Simple*") @@ -2084,6 +2102,156 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue } } +function Get-SettingDefinitionFromNameWithParentFromOffsetUri +{ + param( + [Parameter(Mandatory = $true)] + [System.String] + $OffsetUriName, + + [Parameter(Mandatory = $true)] + [System.Array] + $SettingDefinitions + ) + + $offsetUriParts = [System.Collections.ArrayList]::new() + $SettingDefinitions | ForEach-Object { + $splittedOffsetUri = $_.OffsetUri.Split('/') + # Remove first element since it is always empty + $splittedOffsetUri = $splittedOffsetUri[1..($splittedOffsetUri.Length - 1)] + foreach ($part in $splittedOffsetUri) + { + if (-not $offsetUriParts.Contains($part)) + { + $offsetUriParts.Add($part) | Out-Null + } + } + } + + $settingName = $OffsetUriName + $offsetUriPrefix = "" + foreach ($part in $offsetUriParts) + { + if ($settingName -like "*$($part)_*") + { + $settingName = $settingName.Replace("$($part)_", "") + # Add wildcards to match removed parts with invalid characters + $offsetUriPrefix += "*$($part)*" + } + } + + $filteredDefinitions = $SettingDefinitions | Where-Object -FilterScript { + $_.Name -eq $settingName -and $_.OffsetUri -like "*$offsetUriPrefix*" + } + + if ($filteredDefinitions.Count -eq 1) + { + return $filteredDefinitions + } + else + { + $settingsWithSameName = $filteredDefinitions + foreach ($definition in $filteredDefinitions) + { + $skip = 0 + $newSettingName = $settingName + do { + $previousSettingName = $newSettingName + $newSettingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $definition.OffsetUri -SettingName $newSettingName -Skip $skip + + $combinationMatchesWithOffsetUri = @() + $settingsWithSameName | ForEach-Object { + $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip + if ($newName -eq $newSettingName) + { + $combinationMatchesWithOffsetUri += $_ + } + } + $settingsWithSameName = $combinationMatchesWithOffsetUri + $skip++ + } while ($combinationMatchesWithOffsetUri.Count -gt 1) + + if ($newSettingName -eq $OffsetUriName) + { + return $definition + } + } + } +} + +function Get-ParentSettingDefinition { + param( + [Parameter(Mandatory = $true)] + $SettingDefinition, + + [Parameter(Mandatory = $true)] + $AllSettingDefinitions + ) + + $parentSetting = $null + if ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId.Count -gt 0) + { + $parentSetting = $AllSettingDefinitions | Where-Object -FilterScript { + $_.Id -eq ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId | Select-Object -Unique -First 1) + } + } + elseif ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0) + { + $parentSetting = $AllSettingDefinitions | Where-Object -FilterScript { + $_.Id -eq ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId | Select-Object -Unique -First 1) + } + } + + $parentSetting +} + +<# + This function also exists in M365DSCResourceGenerator.psm1. Changes here must be added there as well for compatibility. +#> +function Get-SettingDefinitionNameWithParentFromOffsetUri { + param ( + [Parameter(Mandatory = $true)] + [System.String] + $OffsetUri, + + [Parameter(Mandatory = $true)] + [System.String] + $SettingName, + + [Parameter(Mandatory = $false)] + [System.Int32] + $Skip = 0 + ) + + # If the last part of the OffsetUri is the same as the setting name or it contains invalid characters, we traverse up until we reach the first element + # Invalid characters are { and } which are used in the OffsetUri to indicate a variable + $splittedOffsetUri = $OffsetUri.Split("/") + if ([string]::IsNullOrEmpty($splittedOffsetUri[0])) + { + $splittedOffsetUri = $splittedOffsetUri[1..($splittedOffsetUri.Length - 1)] + } + $splittedOffsetUri = $splittedOffsetUri[0..($splittedOffsetUri.Length - 1 - $Skip)] + $traversed = $false + while (-not $traversed -and $splittedOffsetUri.Length -gt 1) # Prevent adding the first element of the OffsetUri + { + $traversed = $true + if ($splittedOffsetUri[-1] -eq $SettingName -or $splittedOffsetUri[-1] -match "[\{\}]" -or $SettingName.StartsWith($splittedOffsetUri[-1])) + { + $splittedOffsetUri = $splittedOffsetUri[0..($splittedOffsetUri.Length - 2)] + $traversed = $false + } + } + + if ($splittedOffsetUri.Length -gt 1) + { + $splittedOffsetUri[-1] + "_" + $SettingName + } + else + { + $SettingName + } +} + function Export-IntuneSettingCatalogPolicySettings { [CmdletBinding()] @@ -2112,6 +2280,13 @@ function Export-IntuneSettingCatalogPolicySettings )] $SettingDefinitions, + [Parameter( + Mandatory = $true, + ParameterSetName = 'Setting' + )] + [System.Array] + $AllSettingDefinitions, + [Parameter( ParameterSetName = 'Setting' )] @@ -2122,7 +2297,7 @@ function Export-IntuneSettingCatalogPolicySettings { foreach ($setting in $Settings) { - Export-IntuneSettingCatalogPolicySettings -SettingInstance $setting.SettingInstance -SettingDefinitions $setting.SettingDefinitions -ReturnHashtable $ReturnHashtable -IsRoot + Export-IntuneSettingCatalogPolicySettings -SettingInstance $setting.SettingInstance -SettingDefinitions $setting.SettingDefinitions -ReturnHashtable $ReturnHashtable -AllSettingDefinitions $Settings.SettingDefinitions -IsRoot } return $ReturnHashtable } @@ -2132,36 +2307,67 @@ function Export-IntuneSettingCatalogPolicySettings $settingName = $settingDefinition.Name # Check if the name is unique - $settingMatches = @($SettingDefinitions | Where-Object -FilterScript { $_.Name -eq $settingName }) - if ($settingMatches.Count -gt 1) + $settingsWithSameName = @($AllSettingDefinitions | Where-Object -FilterScript { $_.Name -eq $settingName }) + if ($settingsWithSameName.Count -gt 1) { - if ($settingDefinition.AdditionalProperties.dependentOn.parentSettingId.Count -gt 0) - { - $parentSetting = $SettingDefinitions | Where-Object -FilterScript { $_.Id -eq $($settingDefinition.AdditionalProperties.dependentOn.parentSettingId | Select-Object -Unique -First 1) } - } - elseif ($settingDefinition.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0) + $parentSetting = Get-ParentSettingDefinition -SettingDefinition $settingDefinition -AllSettingDefinitions $AllSettingDefinitions + + if ($null -ne $parentSetting) { - $parentSetting = $SettingDefinitions | Where-Object -FilterScript { $_.Id -eq $($settingDefinition.AdditionalProperties.options.dependentOn.parentSettingId | Select-Object -Unique -First 1) } - } + $combinationMatchesWithParent = $settingsWithSameName | Where-Object -FilterScript { + "$($parentSetting.Name)_$($_.Name)" -eq "$($parentSetting.Name)_$settingName" + } - $combinationMatches = $SettingDefinitions | Where-Object -FilterScript { - $_.Name -eq $settingName -and ` - (($_.AdditionalProperties.dependentOn.parentSettingId.Count -gt 0 -and $_.AdditionalProperties.dependentOn.parentSettingId.Contains($parentSetting.Id)) -or ` - ($_.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0 -and $_.AdditionalProperties.options.dependentOn.parentSettingId.Contains($parentSetting.Id))) - } + # If the combination of parent setting and setting name is unique, add the parent setting name to the setting name + if ($combinationMatchesWithParent.Count -eq 1) + { + $settingName = $($parentSetting.Name) + "_" + $settingName + } + # If the combination of parent setting and setting name is still not unique, do it with the OffsetUri of the current setting + else + { + $skip = 0 + $breakCounter = 0 + $newSettingName = $settingName + do { + $previousSettingName = $newSettingName + $newSettingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $settingDefinition.OffsetUri -SettingName $newSettingName -Skip $skip + + $combinationMatchesWithOffsetUri = @() + $settingsWithSameName | ForEach-Object { + $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip + if ($newName -eq $newSettingName) + { + $combinationMatchesWithOffsetUri += $_ + } + } + $settingsWithSameName = $combinationMatchesWithOffsetUri + $skip++ + $breakCounter++ + } while ($combinationMatchesWithOffsetUri.Count -gt 1 -and $breakCounter -lt 8) - # If the combination of parent setting and setting name is unique, add the parent setting name to the setting name - if ($combinationMatches.Count -eq 1) - { - $settingName = $($parentSetting.Name) + "_" + $settingName + if ($breakCounter -lt 8) + { + $settingName = $newSettingName + } + else + { + # Alternative way if no unique setting name can be found + $parentSettingIdProperty = $parentSetting.Id.Split('_')[-1] + $parentSettingIdWithoutProperty = $parentSetting.Id.Replace("_$parentSettingIdProperty", "") + # We can't use the entire setting here, because the child setting id does not have to come after the parent setting id + $settingName = $settingDefinition.Id.Replace($parentSettingIdWithoutProperty + "_", "").Replace($parentSettingIdProperty + "_", "") + } + } } - # If the combination of parent setting and setting name is still not unique, grab the last part of the setting id - else + + # When there is no parent, we can't use the parent setting name to make the setting name unique + # Instead, we traverse up the OffsetUri. Since no parent setting can only happen at the root level, the result + # of Get-SettingDefinitionNameWithParentFromOffsetUri is absolute and cannot change. There cannot be multiple settings with the same name + # in the same level of OffsetUri + if ($null -eq $parentSetting) { - $parentSettingIdProperty = $parentSetting.Id.Split('_')[-1] - $parentSettingIdWithoutProperty = $parentSetting.Id.Replace("_$parentSettingIdProperty", "") - # We can't use the entire setting here, because the child setting id does not have to come after the parent setting id - $settingName = $settingDefinition.Id.Replace($parentSettingIdWithoutProperty + "_", "").Replace($parentSettingIdProperty + "_", "") + $settingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $settingDefinition.OffsetUri -SettingName $settingName } } @@ -2179,7 +2385,7 @@ function Export-IntuneSettingCatalogPolicySettings $childSettings = if ($IsRoot) { $SettingInstance.AdditionalProperties.choiceSettingValue.children } else { $SettingInstance.choiceSettingValue.children } foreach ($childSetting in $childSettings) { - Export-IntuneSettingCatalogPolicySettings -SettingInstance $childSetting -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable + Export-IntuneSettingCatalogPolicySettings -SettingInstance $childSetting -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable -AllSettingDefinitions $AllSettingDefinitions } } '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance' @@ -2207,7 +2413,7 @@ function Export-IntuneSettingCatalogPolicySettings $childInstances = $child.children foreach ($childInstance in $childInstances) { - Export-IntuneSettingCatalogPolicySettings -SettingInstance $childInstance -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable + Export-IntuneSettingCatalogPolicySettings -SettingInstance $childInstance -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable -AllSettingDefinitions $AllSettingDefinitions } } $addToParameters = $false @@ -2226,7 +2432,7 @@ function Export-IntuneSettingCatalogPolicySettings $childHashtable = @{} foreach ($childInstance in $child.children) { - Export-IntuneSettingCatalogPolicySettings -SettingInstance $childInstance -SettingDefinitions $SettingDefinitions -ReturnHashtable $childHashtable + Export-IntuneSettingCatalogPolicySettings -SettingInstance $childInstance -SettingDefinitions $SettingDefinitions -ReturnHashtable $childHashtable -AllSettingDefinitions $AllSettingDefinitions } $childValue += $childHashtable } @@ -2237,7 +2443,7 @@ function Export-IntuneSettingCatalogPolicySettings $childSettings = $groupSettingCollectionValue.children foreach ($value in $childSettings) { - Export-IntuneSettingCatalogPolicySettings -SettingInstance $value -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable + Export-IntuneSettingCatalogPolicySettings -SettingInstance $value -SettingDefinitions $SettingDefinitions -ReturnHashtable $ReturnHashtable -AllSettingDefinitions $AllSettingDefinitions $addToParameters = $false } } @@ -2331,7 +2537,7 @@ function Update-IntuneDeviceConfigurationPolicy -TenantId $TenantId ` -Credential $Credential - return $null + throw } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDocGenerator.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDocGenerator.psm1 index a140964be6..35d03c8bef 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDocGenerator.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDocGenerator.psm1 @@ -958,6 +958,9 @@ function Update-M365DSCResourceDocumentationPage 'AAD*' { $targetFolder = 'azure-ad' } + 'Defender*' + { $targetFolder = 'Defender' + } 'EXO*' { $targetFolder = 'exchange' } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index e10606ca0c..7258cda1bd 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -382,9 +382,9 @@ function Get-IconPath { return Get-Base64EncodedImage -IconName "Intune.jpg" } - elseif ($ResourceName.StartsWith('Intune')) + elseif ($ResourceName.StartsWith('Defender')) { - return 'http://microsoft365dsc.com/Images/Intune.jpg' + return Get-Base64EncodedImage -IconName "SecurityAndCompliance.png" } return $null } @@ -1169,7 +1169,7 @@ function Compare-M365DSCConfigurations This function gets the key parameter for the specified CIMInstance .Functionality -Internal, Hidden +Public #> function Get-M365DSCCIMInstanceKey { @@ -1223,6 +1223,18 @@ function Get-M365DSCCIMInstanceKey { $primaryKey = 'dataType' } + elseif ($CIMInstance.ContainsKey("Dmn")) + { + $primaryKey = 'Dmn' + } + elseif ($CIMInstance.ContainsKey('EmergencyDialString')) + { + $primaryKey = 'EmergencyDialString' + } + else + { + $primaryKey = $CIMInstance.Keys[0] + } return $primaryKey } @@ -1931,5 +1943,6 @@ function Initialize-M365DSCReporting Export-ModuleMember -Function @( 'Compare-M365DSCConfigurations', 'New-M365DSCDeltaReport', - 'New-M365DSCReportFromConfiguration' + 'New-M365DSCReportFromConfiguration', + 'Get-M365DSCCIMInstanceKey' ) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 index 61ed490d9b..c5300bf1ec 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 @@ -41,7 +41,7 @@ function Start-M365DSCConfigurationExtract $MaxProcesses = 16, [Parameter()] - [ValidateSet('AAD', 'FABRIC', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'TEAMS', 'PP', 'PLANNER')] + [ValidateSet('AAD', 'FABRIC', 'SPO', 'DEFENDER','EXO', 'INTUNE', 'SC', 'SENTINEL', 'OD', 'O365', 'TEAMS', 'PP', 'PLANNER')] [System.String[]] $Workloads, diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index b96d480372..e843fe0807 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -52,6 +52,7 @@ function New-M365DSCStubFiles @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Mailbox' }, # This is the EXO Proxy @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Applications'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Authentication'}, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Applications'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.DeviceManagement'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration'}, @@ -59,6 +60,7 @@ function New-M365DSCStubFiles @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Identity.Governance'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns'}, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Search'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Beta.Teams'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement.Administration'}, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DirectoryObjects'}, diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index a62b0907b7..cd9fb23c62 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -292,6 +292,10 @@ function Add-M365DSCTelemetryEvent { $Data.Add('Workload', 'Azure Active Directory') } + elseif ($Data.Resource.StartsWith('MSFT_Intune') -or $Data.Resource.StartsWith('Defender')) + { + $Data.Add('Workload', 'Defender') + } elseif ($Data.Resource.StartsWith('MSFT_EXO') -or $Data.Resource.StartsWith('EXO')) { $Data.Add('Workload', 'Exchange Online') @@ -368,7 +372,10 @@ function Add-M365DSCTelemetryEvent # LCM Metadata Information try { - $LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop + if ($null -eq $Script:LCMInfo) + { + $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop + } $certificateConfigured = $false if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) @@ -377,17 +384,17 @@ function Add-M365DSCTelemetryEvent } $partialConfiguration = $false - if (-not [System.String]::IsNullOrEmpty($LCMInfo.PartialConfigurations)) + if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations)) { $partialConfiguration = $true } $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) $Data.Add('LCMCertificateConfigured', $certificateConfigured) - $Data.Add('LCMConfigurationMode', $LCMInfo.ConfigurationMode) - $Data.Add('LCMConfigurationModeFrequencyMins', $LCMInfo.ConfigurationModeFrequencyMins) - $Data.Add('LCMRefreshMode', $LCMInfo.RefreshMode) - $Data.Add('LCMState', $LCMInfo.LCMState) - $Data.Add('LCMStateDetail', $LCMInfo.LCMStateDetail) + $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode) + $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins) + $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode) + $Data.Add('LCMState', $Script:LCMInfo.LCMState) + $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail) if ([System.String]::IsNullOrEmpty($Type)) { @@ -395,18 +402,18 @@ function Add-M365DSCTelemetryEvent { $Type = 'Export' } - elseif ($LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` - $LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` - $LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') { $Type = 'MonitoringScheduled' } - elseif ($LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') { $Type = 'MonitoringManual' } - elseif ($LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` - $LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') { $Type = 'ApplyingConfiguration' } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 5dec239d62..d8e020b073 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -6,9 +6,10 @@ $Global:SessionSecurityCompliance = $null #region Extraction Modes $Global:DefaultComponents = @('SPOApp', 'SPOSiteDesign') -$Global:FullComponents = @('AADGroup', 'AADServicePrincipal', 'EXOCalendarProcessing', 'EXODistributionGroup', 'EXOMailboxAutoReplyConfiguration', ` +$Global:FullComponents = @('AADGroup', 'AADServicePrincipal', 'ADOSecurityPolicy', 'AzureSubscription','FabricAdminTenantSettings', ` + 'DefenderSubscriptionPlan', 'EXOCalendarProcessing', 'EXODistributionGroup', 'EXOMailboxAutoReplyConfiguration', ` 'EXOMailboxPermission','EXOMailboxCalendarFolder','EXOMailboxSettings', 'EXOManagementRole', 'O365Group', 'AADUser', ` - 'PlannerPlan', 'PlannerBucket', 'PlannerTask', 'PPPowerAppsEnvironment', 'PPTenantSettings', ` + 'PlannerPlan', 'PlannerBucket', 'PlannerTask', 'PPPowerAppsEnvironment', 'PPTenantSettings', 'SentinelSetting', 'SentinelWatchlist', ` 'SPOSiteAuditSettings', 'SPOSiteGroup', 'SPOSite', 'SPOUserProfileProperty', 'SPOPropertyBag', 'TeamsTeam', 'TeamsChannel', ` 'TeamsUser', 'TeamsChannelTab', 'TeamsOnlineVoicemailUserSettings', 'TeamsUserCallingSettings', 'TeamsUserPolicyAssignment') #endregion @@ -461,7 +462,7 @@ function Compare-PSCustomObjectArrays Desired = $DesiredEntry.$KeyProperty Current = $null } - $DriftedProperties += $DesiredEntry + $DriftedProperties += $result } else { @@ -495,6 +496,62 @@ function Compare-PSCustomObjectArrays } } + foreach ($currentEntry in $currentValues) + { + if ($currentEntry.GetType().Name -eq 'PSCustomObject') + { + $fixedEntry = @{} + $currentEntry.psobject.properties | Foreach { $fixedEntry[$_.Name] = $_.Value } + } + else + { + $fixedEntry = $currentEntry + } + $KeyProperty = Get-M365DSCCIMInstanceKey -CIMInstance $fixedEntry + + $EquivalentEntryInDesired = $DesiredValues | Where-Object -FilterScript { $_.$KeyProperty -eq $fixedEntry.$KeyProperty } + if ($null -eq $EquivalentEntryInDesired) + { + $result = @{ + Property = $fixedEntry + PropertyName = $KeyProperty + Desired = $fixedEntry.$KeyProperty + Current = $null + } + $DriftedProperties += $result + } + else + { + foreach ($property in $Properties) + { + $propertyName = $property.Name + + if ((-not [System.String]::IsNullOrEmpty($fixedEntry.$PropertyName) -and -not [System.String]::IsNullOrEmpty($EquivalentEntryInDesired.$PropertyName)) -and ` + $fixedEntry.$PropertyName -ne $EquivalentEntryInDesired.$PropertyName) + { + $drift = $true + if ($fixedEntry.$PropertyName.GetType().Name -eq 'String' -and $fixedEntry.$PropertyName.Contains('$OrganizationName')) + { + if ($fixedEntry.$PropertyName.Split('@')[0] -eq $EquivalentEntryInDesired.$PropertyName.Split('@')[0]) + { + $drift = $false + } + } + if ($drift) + { + $result = @{ + Property = $fixedEntry + PropertyName = $PropertyName + Desired = $fixedEntry.$PropertyName + Current = $EquivalentEntryInDesired.$PropertyName + } + $DriftedProperties += $result + } + } + } + } + } + return $DriftedProperties } @@ -699,8 +756,20 @@ function Test-M365DSCParameterState } $AllDesiredValuesAsArray += [PSCustomObject]$currentEntry } - $arrayCompare = Compare-PSCustomObjectArrays -CurrentValues $CurrentValues.$fieldName ` - -DesiredValues $AllDesiredValuesAsArray + try + { + $arrayCompare = $null + if ($CurrentValues.$fieldName.GetType().Name -ne 'CimInstance' -and ` + $CurrentValues.$fieldName.GetType().Name -ne 'CimInstance[]') + { + $arrayCompare = Compare-PSCustomObjectArrays -CurrentValues $CurrentValues.$fieldName ` + -DesiredValues $AllDesiredValuesAsArray + } + } + catch + { + Write-Verbose -Message $_ + } if ($null -ne $arrayCompare) { @@ -1161,7 +1230,7 @@ function Export-M365DSCConfiguration $Components, [Parameter(ParameterSetName = 'Export')] - [ValidateSet('AAD', 'FABRIC', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'PLANNER', 'PP', 'TEAMS')] + [ValidateSet('AAD', 'DEFENDER', 'FABRIC', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'PLANNER', 'PP', 'TEAMS')] [System.String[]] $Workloads, @@ -1579,6 +1648,58 @@ function Remove-M365DSCInvalidDependenciesFromSession } } +<# +.Description +This function retrieves the various endpoint urls based on the cloud environment. + +.Example +Get-M365DSCAPIEndpoint -TenantId 'contoso.onmicrosoft.com' + +.Functionality +Private +#> +function Get-M365DSCAPIEndpoint +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $TenantId + ) + + try + { + $webrequest = Invoke-WebRequest -Uri "https://login.windows.net/$($TenantId)/.well-known/openid-configuration" -UseBasicParsing + $response = ConvertFrom-Json $webrequest.Content + $tenantRegionScope = $response."tenant_region_scope" + + $endpoints = @{ + AzureManagement = $null + } + + switch ($tenantRegionScope) + { + 'USGov' + { + if ($null -ne $response.'tenant_region_sub_scope' -and $response.'tenant_region_sub_scope' -eq 'DODCON') + { + $endpoints.AzureManagement = "https://management.usgovcloudapi.net" + } + } + default + { + $endpoints.AzureManagement = "https://management.azure.com" + } + } + return $endpoints + } + catch + { + throw $_ + } +} + <# .Description This function gets the onmicrosoft.com name of the tenant @@ -1708,9 +1829,9 @@ function New-M365DSCConnection param ( [Parameter(Mandatory = $true)] - [ValidateSet('AzureDevOPS', 'ExchangeOnline', 'Fabric', 'Intune', ` + [ValidateSet('Azure', 'AzureDevOPS', 'Defender', 'ExchangeOnline', 'Fabric', 'Intune', ` 'SecurityComplianceCenter', 'PnP', 'PowerPlatforms', ` - 'MicrosoftTeams', 'MicrosoftGraph', 'Tasks')] + 'MicrosoftTeams', 'MicrosoftGraph', 'SharePointOnlineREST', 'Tasks')] [System.String] $Workload, @@ -2193,12 +2314,14 @@ function New-M365DSCConnection { $Global:M365DSCTelemetryConnectionToGraphParams.Add('CertificateThumbprint', $InboundParameters.CertificateThumbprint) } + Write-Verbose -Message "Calling into Connect-M365Tenant" Connect-M365Tenant -Workload $Workload ` -ApplicationId $InboundParameters.ApplicationId ` -TenantId $InboundParameters.TenantId ` -CertificateThumbprint $InboundParameters.CertificateThumbprint ` -SkipModuleReload $Global:CurrentModeIsExport ` -Url $Url + Write-Verbose -Message "Connection initiated." if (-not $Script:M365ConnectedToWorkloads -contains "$Workload-ServicePrincipalWithThumbprint") { $data.Add('ConnectionMode', 'ServicePrincipalWithThumbprint') @@ -3666,7 +3789,7 @@ function Get-M365DSCExportContentForResource { $primaryKey = '' } - elseif ($Keys.Contains('DisplayName')) + elseif ($Keys.Contains('DisplayName') -and -not [System.String]::IsNullOrEmpty($Results.DisplayName)) { $primaryKey = $Results.DisplayName } @@ -3690,6 +3813,18 @@ function Get-M365DSCExportContentForResource { $primaryKey = $Results.CDNType } + elseif ($Keys.Contains('WorkspaceName')) + { + $primaryKey = $Results.WorkspaceName + } + elseif ($Keys.Contains('OrganizationName')) + { + $primaryKey = $Results.OrganizationName + } + elseif ($Keys.Contains('DomainName')) + { + $primaryKey = $Results.DomainName + } if ([String]::IsNullOrEmpty($primaryKey) -and ` -not $Keys.Contains('IsSingleInstance')) @@ -4108,7 +4243,7 @@ function Get-M365DSCWorkloadsListFromResourceNames } 'O3' { - if (-not $workloads.Name -or -not $workloads.Name.Contains('MicrosoftGraph') -and $resource -eq 'O365Group') + if (-not $workloads.Name -or -not $workloads.Name.Contains('MicrosoftGraph') -and $resource.Name -eq 'O365Group') { $workloads += @{ Name = 'MicrosoftGraph' @@ -5020,6 +5155,7 @@ Export-ModuleMember -Function @( 'Export-M365DSCConfiguration', 'Get-AllSPOPackages', 'Get-M365DSCAllResources', + 'Get-M365DSCAPIEndpoint' 'Get-M365DSCAuthenticationMode', 'Get-M365DSCComponentsForAuthenticationType', 'Get-M365DSCComponentsWithMostSecureAuthenticationType', diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 new file mode 100644 index 0000000000..92375e9444 --- /dev/null +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 @@ -0,0 +1,47 @@ +function Invoke-M365DSCAzureDevOPSWebRequest +{ + [OutputType([PSCustomObject])] + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.String] + $Uri, + + [Parameter()] + [System.String] + $Method = 'GET', + + [Parameter()] + [System.String] + $Body, + + [Parameter()] + [System.String] + $ContentType = 'application/json-patch+json' + ) + + $headers = @{ + Authorization = $global:MsCloudLoginConnectionProfile.AzureDevOPS.AccessToken + 'Content-Type' = $ContentType + } + + $params = @{ + Headers = $headers + Uri = $Uri + Method = $Method + + } + + if ($Method -ne 'GET') + { + $params.Add('Body', $Body) + } + + $response = Invoke-WebRequest @params -UseBasicParsing + $result = $null + if (-not [System.String]::IsNullOrEmpty($response.Content)) + { + $result = ConvertFrom-Json $response.Content + } + return $result +} diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index ff560fdb1f..08ad6e8253 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -112,6 +112,11 @@ "Name": "Visibility", "Option": "Write" }, + { + "CIMType": "Boolean", + "Name": "IsMemberManagementRestricted", + "Option": "Write" + }, { "CIMType": "String", "Name": "MembershipType", @@ -204,6 +209,206 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphOptionalClaims", + "Parameters": [ + { + "CIMType": "MSFT_MicrosoftGraphOptionalClaim[]", + "Name": "AccessToken", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphOptionalClaim[]", + "Name": "IdToken", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphOptionalClaim[]", + "Name": "Saml2Token", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphOptionalClaim", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "Essential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Source", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphPreAuthorizedApplication", + "Parameters": [ + { + "CIMType": "String", + "Name": "AppId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "PermissionIds", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphApiApplication", + "Parameters": [ + { + "CIMType": "MSFT_MicrosoftGraphPreAuthorizedApplication[]", + "Name": "PreAuthorizedApplications", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphAuthenticationBehaviors", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "BlockAzureADGraphAccess", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RemoveUnverifiedEmailClaim", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequireClientServicePrincipal", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphKeyCredential", + "Parameters": [ + { + "CIMType": "String", + "Name": "CustomKeyIdentifier", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EndDateTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "KeyId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Key", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "StartDateTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Type", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Usage", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphPasswordCredential", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EndDateTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Hint", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "KeyId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "StartDateTime", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphAppRole", + "Parameters": [ + { + "CIMType": "String[]", + "Name": "AllowedMemberTypes", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Origin", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Value", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADApplication", "Parameters": [ @@ -257,6 +462,36 @@ "Name": "KnownClientApplications", "Option": "Write" }, + { + "CIMType": "MSFT_MicrosoftGraphoptionalClaims", + "Name": "OptionalClaims", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphapiApplication", + "Name": "Api", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphauthenticationBehaviors", + "Name": "AuthenticationBehaviors", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphpasswordCredential[]", + "Name": "PasswordCredentials", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphkeyCredential[]", + "Name": "KeyCredentials", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphappRole[]", + "Name": "AppRoles", + "Option": "Write" + }, { "CIMType": "string", "Name": "LogoutURL", @@ -634,6 +869,26 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphReportSuspiciousActivitySettings", + "Parameters": [ + { + "CIMType": "MSFT_AADAuthenticationMethodPolicyIncludeTarget", + "Name": "IncludeTarget", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "State", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "VoiceReportingCode", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADAuthenticationMethodPolicy", "Parameters": [ @@ -667,6 +922,11 @@ "Name": "RegistrationEnforcement", "Option": "Write" }, + { + "CIMType": "MSFT_MicrosoftGraphreportSuspiciousActivitySettings", + "Name": "ReportSuspiciousActivitySettings", + "Option": "Write" + }, { "CIMType": "MSFT_MicrosoftGraphsystemCredentialPreferences", "Name": "SystemCredentialPreferences", @@ -1115,7 +1375,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySmsExcludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget", "Parameters": [ { "CIMType": "String", @@ -1130,7 +1390,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySmsIncludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget", "Parameters": [ { "CIMType": "String", @@ -1145,15 +1405,15 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySms", + "ClassName": "MSFT_AADAuthenticationMethodPolicyHardware", "Parameters": [ { - "CIMType": "MSFT_AADAuthenticationMethodPolicySmsExcludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget[]", "Name": "ExcludeTargets", "Option": "Write" }, { - "CIMType": "MSFT_AADAuthenticationMethodPolicySmsIncludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget[]", "Name": "IncludeTargets", "Option": "Write" }, @@ -1210,7 +1470,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicySmsExcludeTarget", "Parameters": [ { "CIMType": "String", @@ -1225,7 +1485,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicySmsIncludeTarget", "Parameters": [ { "CIMType": "String", @@ -1240,15 +1500,15 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicySoftware", + "ClassName": "MSFT_AADAuthenticationMethodPolicySms", "Parameters": [ { - "CIMType": "MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicySmsExcludeTarget[]", "Name": "ExcludeTargets", "Option": "Write" }, { - "CIMType": "MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicySmsIncludeTarget[]", "Name": "IncludeTargets", "Option": "Write" }, @@ -1305,7 +1565,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget", "Parameters": [ { "CIMType": "String", @@ -1320,7 +1580,7 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget", + "ClassName": "MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget", "Parameters": [ { "CIMType": "String", @@ -1335,40 +1595,135 @@ ] }, { - "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporary", + "ClassName": "MSFT_AADAuthenticationMethodPolicySoftware", "Parameters": [ { - "CIMType": "UInt32", - "Name": "DefaultLength", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "DefaultLifetimeInMinutes", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "IsUsableOnce", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "MaximumLifetimeInMinutes", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "MinimumLifetimeInMinutes", - "Option": "Write" - }, - { - "CIMType": "MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget[]", "Name": "ExcludeTargets", "Option": "Write" }, { - "CIMType": "MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget[]", + "CIMType": "MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget[]", + "Name": "IncludeTargets", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "State", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TargetType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TargetType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADAuthenticationMethodPolicyTemporary", + "Parameters": [ + { + "CIMType": "UInt32", + "Name": "DefaultLength", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DefaultLifetimeInMinutes", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsUsableOnce", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MaximumLifetimeInMinutes", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MinimumLifetimeInMinutes", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget[]", + "Name": "ExcludeTargets", + "Option": "Write" + }, + { + "CIMType": "MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget[]", "Name": "IncludeTargets", "Option": "Write" }, @@ -3414,6 +3769,56 @@ } ] }, + { + "ClassName": "MSFT_AADEntitlementManagementSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "UInt32", + "Name": "DaysUntilExternalUserDeletedAfterBlocked", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ExternalUserLifecycleAction", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADExternalIdentityPolicy", "Parameters": [ @@ -3469,6 +3874,81 @@ } ] }, + { + "ClassName": "MSFT_AADFeatureRolloutPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Feature", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsAppliedToOrganization", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_AADGroupLicense", "Parameters": [ @@ -3920,46 +4400,126 @@ ] }, { - "ClassName": "MSFT_AADRoleDefinition", + "ClassName": "MSFT_AADPasswordRuleSettings", "Parameters": [ { "CIMType": "String", - "Name": "DisplayName", + "Name": "IsSingleInstance", "Option": "Key" }, { - "CIMType": "string", - "Name": "Id", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Description", + "CIMType": "UInt32", + "Name": "LockoutThreshold", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ResourceScopes", + "CIMType": "UInt32", + "Name": "LockoutDurationInSeconds", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IsEnabled", - "Option": "Required" + "Name": "EnableBannedPasswordCheck", + "Option": "Write" }, { "CIMType": "String[]", - "Name": "RolePermissions", - "Option": "Required" + "Name": "BannedPasswordList", + "Option": "Write" }, { "CIMType": "String", - "Name": "TemplateId", + "Name": "BannedPasswordCheckOnPremisesMode", "Option": "Write" }, { - "CIMType": "String", - "Name": "Version", + "CIMType": "Boolean", + "Name": "EnableBannedPasswordCheckOnPremises", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AADRoleDefinition", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ResourceScopes", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsEnabled", + "Option": "Required" + }, + { + "CIMType": "String[]", + "Name": "RolePermissions", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "TemplateId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Version", "Option": "Write" }, { @@ -4642,6 +5202,11 @@ "Name": "PublisherName", "Option": "Write" }, + { + "CIMType": "String[]", + "Name": "Owners", + "Option": "Write" + }, { "CIMType": "String[]", "Name": "ReplyUrls", @@ -5075,61 +5640,116 @@ ] }, { - "ClassName": "MSFT_EXOAcceptedDomain", + "ClassName": "MSFT_ADOOrganizationOwner", "Parameters": [ { "CIMType": "String", - "Name": "Identity", + "Name": "OrganizationName", "Option": "Key" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "Owner", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "DomainType", + "Name": "ApplicationId", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "MatchSubDomains", + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "OutboundOnly", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_ADOPermissionGroup", + "Parameters": [ + { + "CIMType": "String", + "Name": "OrganizationName", + "Option": "Key" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "PrincipalName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "DisplayName", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "Members", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Descriptor", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Level", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { @@ -5145,31 +5765,56 @@ ] }, { - "ClassName": "MSFT_EXOActiveSyncDeviceAccessRule", + "ClassName": "MSFT_ADOSecurityPolicy", "Parameters": [ { "CIMType": "String", - "Name": "Identity", + "Name": "OrganizationName", "Option": "Key" }, { - "CIMType": "String", - "Name": "AccessLevel", + "CIMType": "Boolean", + "Name": "DisallowAadGuestUserAccess", "Option": "Write" }, { - "CIMType": "String", - "Name": "Characteristic", + "CIMType": "Boolean", + "Name": "DisallowOAuthAuthentication", "Option": "Write" }, { - "CIMType": "String", - "Name": "QueryString", + "CIMType": "Boolean", + "Name": "DisallowSecureShell", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "LogAuditEvents", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowAnonymousAccess", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ArtifactsExternalPackageProtectionToken", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EnforceAADConditionalAccess", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowTeamAdminsInvitationsAccessToken", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowRequestAccessToken", "Option": "Write" }, { @@ -5192,14 +5837,59 @@ "Name": "CertificateThumbprint", "Option": "Write" }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_AzureSubscription", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, { "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { @@ -5215,31 +5905,241 @@ ] }, { - "ClassName": "MSFT_EXOAddressBookPolicy", + "ClassName": "MSFT_DefenderSubscriptionPlan", "Parameters": [ { "CIMType": "String", - "Name": "Name", + "Name": "SubscriptionName", "Option": "Key" }, { - "CIMType": "String[]", - "Name": "AddressLists", - "Option": "Write" + "CIMType": "String", + "Name": "PlanName", + "Option": "Key" }, { "CIMType": "String", - "Name": "GlobalAddressList", + "Name": "SubscriptionId", "Option": "Write" }, { "CIMType": "String", - "Name": "OfflineAddressBook", + "Name": "PricingTier", "Option": "Write" }, { "CIMType": "String", - "Name": "RoomList", + "Name": "SubPlanName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Extensions", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOAcceptedDomain", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DomainType", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "MatchSubDomains", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "OutboundOnly", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOActiveSyncDeviceAccessRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "AccessLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Characteristic", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "QueryString", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOAddressBookPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "AddressLists", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "GlobalAddressList", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "OfflineAddressBook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RoomList", "Option": "Write" }, { @@ -5468,7 +6368,7 @@ "Option": "Write" }, { - "CIMType": "String", + "CIMType": "UInt32", "Name": "PhishThresholdLevel", "Option": "Write" }, @@ -5627,6 +6527,16 @@ "Name": "TargetedUserQuarantineTag", "Option": "Write" }, + { + "CIMType": "String", + "Name": "DmarcQuarantineAction", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DmarcRejectAction", + "Option": "Write" + }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -5849,6 +6759,56 @@ } ] }, + { + "ClassName": "MSFT_EXOArcConfig", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Identity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ArcTrustedSealers", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOAtpPolicyForO365", "Parameters": [ @@ -5924,6 +6884,111 @@ } ] }, + { + "ClassName": "MSFT_EXOAtpProtectionPolicyRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comments", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfRecipientDomainIs", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSentTo", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSentToMemberOf", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "Priority", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RecipientDomainIs", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SafeAttachmentPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SafeLinksPolicy", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SentTo", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SentToMemberOf", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOAuthenticationPolicy", "Parameters": [ @@ -7419,6 +8484,51 @@ } ] }, + { + "ClassName": "MSFT_EXODnssecForVerifiedDomain", + "Parameters": [ + { + "CIMType": "String", + "Name": "DomainName", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "DnssecFeatureStatus", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOEmailAddressPolicy", "Parameters": [ @@ -7494,6 +8604,81 @@ } ] }, + { + "ClassName": "MSFT_EXOEmailTenantSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Identity", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EnablePriorityAccountProtection", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsValid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ObjectState", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOEOPProtectionPolicyRule", "Parameters": [ @@ -7634,6 +8819,61 @@ } ] }, + { + "ClassName": "MSFT_EXOFocusedInbox", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "FocusedInboxOn", + "Option": "Write" + }, + { + "CIMType": "DateTime", + "Name": "FocusedInboxOnLastUpdateTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOGlobalAddressList", "Parameters": [ @@ -9344,6 +10584,261 @@ } ] }, + { + "ClassName": "MSFT_EXOMailboxCalendarConfiguration", + "Parameters": [ + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "AgendaMailIntroductionEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AutoDeclineWhenBusy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CalendarFeedsPreferredLanguage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CalendarFeedsPreferredRegion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CalendarFeedsRootPageId", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConversationalSchedulingEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "CreateEventsFromEmailAsPrivate", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DefaultMinutesToReduceLongEventsBy", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DefaultMinutesToReduceShortEventsBy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DefaultOnlineMeetingProvider", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DefaultReminderTime", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DeleteMeetingRequestOnRespond", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DiningEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EntertainmentEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FirstWeekOfYear", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FlightEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HotelEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "InvoiceEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "LocationDetailsInFreeBusy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MailboxLocation", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "OnlineMeetingsByDefaultEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PackageDeliveryEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PreserveDeclinedMeetings", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RemindersEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ReminderSoundEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RentalCarEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ServiceAppointmentEventsFromEmailEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ShortenEventScopeDefault", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ShowWeekNumbers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TimeIncrement", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "UseBrightCalendarColorThemeInOwa", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WeatherEnabled", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "WeatherLocationBookmark", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "WeatherLocations", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WeatherUnit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WeekStartDay", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkDays", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkingHoursEndTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkingHoursStartTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkingHoursTimeZone", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "WorkspaceUserEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOMailboxCalendarFolder", "Parameters": [ @@ -9429,6 +10924,141 @@ } ] }, + { + "ClassName": "MSFT_EXOMailboxFolderUserPermission", + "Parameters": [ + { + "CIMType": "String[]", + "Name": "AccessRights", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "User", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SharingPermissionFlags", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOMailboxFolderPermission", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "MSFT_EXOMailboxFolderUserPermission[]", + "Name": "UserPermissions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOMailboxIRMAccess", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "User", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "AccessLevel", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOMailboxPermission", "Parameters": [ @@ -9932,11 +11562,6 @@ "Name": "MailTipsExternalRecipientsTipsEnabled", "Option": "Write" }, - { - "CIMType": "String", - "Name": "Ensure", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -10464,6 +12089,71 @@ } ] }, + { + "ClassName": "MSFT_EXOManagementScope", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RecipientRestrictionFilter", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RecipientRoot", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Exclusive", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOMessageClassification", "Parameters": [ @@ -12649,6 +14339,71 @@ } ] }, + { + "ClassName": "MSFT_EXOPhishSimOverrideRule", + "Parameters": [ + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "Domains", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SenderIpRanges", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Policy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOPlace", "Parameters": [ @@ -13524,6 +15279,76 @@ } ] }, + { + "ClassName": "MSFT_EXORetentionPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "IsDefault", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsDefaultArbitrationMailbox", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RetentionId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RetentionPolicyTagLinks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXORoleAssignmentPolicy", "Parameters": [ @@ -14090,38 +15915,8 @@ ] }, { - "ClassName": "MSFT_EXOSharedMailbox", + "ClassName": "MSFT_EXOSecOpsOverrideRule", "Parameters": [ - { - "CIMType": "string", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "string", - "Name": "Identity", - "Option": "Write" - }, - { - "CIMType": "string", - "Name": "PrimarySMTPAddress", - "Option": "Write" - }, - { - "CIMType": "string", - "Name": "Alias", - "Option": "Write" - }, - { - "CIMType": "string[]", - "Name": "EmailAddresses", - "Option": "Write" - }, - { - "CIMType": "string", - "Name": "Ensure", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -14143,52 +15938,137 @@ "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Comment", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "String", + "Name": "Policy", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "String", + "Name": "Ensure", "Option": "Write" } ] }, { - "ClassName": "MSFT_EXOSharingPolicy", + "ClassName": "MSFT_EXOSharedMailbox", "Parameters": [ { - "CIMType": "String", - "Name": "Name", + "CIMType": "string", + "Name": "DisplayName", "Option": "Key" }, { - "CIMType": "Boolean", - "Name": "Default", + "CIMType": "string", + "Name": "Identity", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "Enabled", + "CIMType": "string", + "Name": "PrimarySMTPAddress", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "Domains", + "CIMType": "string", + "Name": "Alias", "Option": "Write" }, { - "CIMType": "String", + "CIMType": "string[]", + "Name": "EmailAddresses", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_EXOSharingPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "Default", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "Domains", + "Option": "Write" + }, + { + "CIMType": "String", "Name": "Ensure", "Option": "Write" }, @@ -14324,6 +16204,81 @@ } ] }, + { + "ClassName": "MSFT_EXOTenantAllowBlockListItems", + "Parameters": [ + { + "CIMType": "String", + "Name": "Action", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Value", + "Option": "Key" + }, + { + "CIMType": "DateTime", + "Name": "ExpirationDate", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ListSubType", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ListType", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Notes", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "RemoveAfter", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SubmissionID", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOTransportConfig", "Parameters": [ @@ -17101,110 +19056,25 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphAndroidPermissionAction", - "Parameters": [ - { - "CIMType": "String", - "Name": "Action", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Permission", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphAppConfigurationSettingItem", - "Parameters": [ - { - "CIMType": "String", - "Name": "AppConfigKey", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "AppConfigKeyType", - "Option": "Write" }, { - "CIMType": "String", - "Name": "AppConfigKeyValue", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneAppConfigurationDevicePolicy", + "ClassName": "MSFT_IntuneAppCategory", "Parameters": [ - { - "CIMType": "Boolean", - "Name": "ConnectedAppsEnabled", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "PackageId", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "PayloadJson", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphandroidPermissionAction[]", - "Name": "PermissionActions", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProfileApplicability", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "EncodedSettingXml", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphappConfigurationSettingItem[]", - "Name": "Settings", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Description", - "Option": "Write" - }, { "CIMType": "String", "Name": "DisplayName", - "Option": "Required" - }, - { - "CIMType": "String[]", - "Name": "RoleScopeTagIds", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "TargetedMobileApps", - "Option": "Write" + "Option": "Key" }, { "CIMType": "String", "Name": "Id", - "Option": "Key" - }, - { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", "Option": "Write" }, { @@ -17228,13 +19098,13 @@ "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { @@ -17250,121 +19120,266 @@ ] }, { - "ClassName": "MSFT_IntuneAppConfigurationPolicyCustomSetting", + "ClassName": "MSFT_MicrosoftGraphAndroidPermissionAction", "Parameters": [ { "CIMType": "String", - "Name": "name", + "Name": "Action", "Option": "Write" }, { "CIMType": "String", - "Name": "value", + "Name": "Permission", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneAppConfigurationPolicy", + "ClassName": "MSFT_MicrosoftGraphAppConfigurationSettingItem", "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "AppConfigKey", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "AppConfigKeyType", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "AppConfigKeyValue", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_IntuneAppConfigurationDevicePolicy", + "Parameters": [ { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "Boolean", + "Name": "ConnectedAppsEnabled", "Option": "Write" }, { - "CIMType": "MSFT_IntuneAppConfigurationPolicyCustomSetting[]", - "Name": "CustomSettings", + "CIMType": "String", + "Name": "PackageId", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String", + "Name": "PayloadJson", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "MSFT_MicrosoftGraphandroidPermissionAction[]", + "Name": "PermissionActions", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "ProfileApplicability", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "EncodedSettingXml", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "MSFT_MicrosoftGraphappConfigurationSettingItem[]", + "Name": "Settings", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "Description", "Option": "Write" }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneApplicationControlPolicyWindows10", - "Parameters": [ { "CIMType": "String", "Name": "DisplayName", - "Option": "Key" + "Option": "Required" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "String[]", + "Name": "RoleScopeTagIds", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String[]", + "Name": "TargetedMobileApps", "Option": "Write" }, { "CIMType": "String", - "Name": "AppLockerApplicationControl", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "SmartScreenBlockOverrideForFiles", - "Option": "Write" + "Name": "Id", + "Option": "Key" }, { - "CIMType": "Boolean", - "Name": "SmartScreenEnableInshell", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneAppConfigurationPolicyCustomSetting", + "Parameters": [ + { + "CIMType": "String", + "Name": "name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "value", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneAppConfigurationPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "MSFT_IntuneAppConfigurationPolicyCustomSetting[]", + "Name": "CustomSettings", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneApplicationControlPolicyWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppLockerApplicationControl", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SmartScreenBlockOverrideForFiles", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SmartScreenEnableInshell", "Option": "Write" }, { @@ -17873,7 +19888,7 @@ "Option": "Write" }, { - "CIMType": "String", + "CIMType": "String[]", "Name": "TargetedAppManagementLevels", "Option": "Write" }, @@ -19354,6 +21369,26 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphOperatingSystemVersionRange", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "LowestVersion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "HighestVersion", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneDeviceCompliancePolicyWindows10", "Parameters": [ @@ -19528,7 +21563,7 @@ "Option": "Write" }, { - "CIMType": "String[]", + "CIMType": "MSFT_MicrosoftGraphOperatingSystemVersionRange[]", "Name": "ValidOperatingSystemBuildRanges", "Option": "Write" }, @@ -31650,37 +33685,7 @@ ] }, { - "ClassName": "MSFT_DeviceManagementConfigurationPolicyItems", - "Parameters": [ - { - "CIMType": "String", - "Name": "dataType", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "payloadId", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "displayName", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "itemType", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "guidedDeploymentTags", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntunePolicySets", + "ClassName": "MSFT_IntuneFirewallPolicyWindows10", "Parameters": [ { "CIMType": "String", @@ -31694,12 +33699,7 @@ }, { "CIMType": "String[]", - "Name": "GuidedDeploymentTags", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "RoleScopeTags", + "Name": "RoleScopeTagIds", "Option": "Write" }, { @@ -31708,458 +33708,393 @@ "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String", + "Name": "CRLcheck", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyItems[]", - "Name": "Items", + "CIMType": "String", + "Name": "DisableStatefulFtp", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "SInt32[]", + "Name": "EnablePacketQueue", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "SInt32[]", + "Name": "IPsecExempt", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "OpportunisticallyMatchAuthSetPerKM", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "PresharedKeyEncoding", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "SInt32", + "Name": "SaIdleTime", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "DomainProfile_EnableFirewall", "Option": "Write" }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneRoleAssignment", - "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "DomainProfile_DisableUnicastResponsesToMulticastBroadcast", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "DomainProfile_EnableLogIgnoredRules", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "String[]", - "Name": "ResourceScopes", + "Name": "DomainProfile_GlobalPortsAllowUserPrefMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ResourceScopesDisplayNames", + "CIMType": "String", + "Name": "DomainProfile_DefaultInboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "ScopeType", + "Name": "DomainProfile_DisableStealthModeIpsecSecuredPacketExemption", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "Members", + "CIMType": "String", + "Name": "DomainProfile_AllowLocalPolicyMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "MembersDisplayNames", + "CIMType": "String", + "Name": "DomainProfile_EnableLogSuccessConnections", "Option": "Write" }, { "CIMType": "String", - "Name": "RoleDefinition", + "Name": "DomainProfile_AllowLocalIpsecPolicyMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "RoleDefinitionDisplayName", + "Name": "DomainProfile_LogFilePath", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String", + "Name": "DomainProfile_DisableStealthMode", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "DomainProfile_AuthAppsAllowUserPrefMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "DomainProfile_EnableLogDroppedPackets", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "DomainProfile_Shielded", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "DomainProfile_DefaultOutboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "DomainProfile_DisableInboundNotifications", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "SInt32", + "Name": "DomainProfile_LogMaxFileSize", "Option": "Write" }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneRoleDefinition", - "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "PrivateProfile_EnableFirewall", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "PrivateProfile_AllowLocalIpsecPolicyMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "Boolean", - "Name": "IsBuiltIn", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "allowedResourceActions", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "notAllowedResourceActions", + "Name": "PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "roleScopeTagIds", - "Option": "Write" - }, - { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String", + "Name": "PrivateProfile_DisableInboundNotifications", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "PrivateProfile_Shielded", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "PrivateProfile_AllowLocalPolicyMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "PrivateProfile_DefaultOutboundAction", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "PrivateProfile_AuthAppsAllowUserPrefMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "PrivateProfile_EnableLogIgnoredRules", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "SInt32", + "Name": "PrivateProfile_LogMaxFileSize", "Option": "Write" }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneSettingCatalogASRRulesPolicyWindows10", - "Parameters": [ { "CIMType": "String", - "Name": "Identity", + "Name": "PrivateProfile_DefaultInboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "PrivateProfile_DisableUnicastResponsesToMulticastBroadcast", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "PrivateProfile_LogFilePath", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String", + "Name": "PrivateProfile_DisableStealthMode", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AttackSurfaceReductionOnlyExclusions", + "CIMType": "String", + "Name": "PrivateProfile_EnableLogSuccessConnections", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers", + "Name": "PrivateProfile_GlobalPortsAllowUserPrefMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PrivateProfile_EnableLogDroppedPackets", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockAdobeReaderFromCreatingChildProcesses", + "Name": "PublicProfile_EnableFirewall", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_DefaultOutboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses", + "Name": "PublicProfile_DisableInboundNotifications", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_DisableStealthModeIpsecSecuredPacketExemption", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem", + "Name": "PublicProfile_Shielded", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_AllowLocalPolicyMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockExecutableContentFromEmailClientAndWebmail", + "Name": "PublicProfile_AuthAppsAllowUserPrefMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_LogFilePath", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion", + "Name": "PublicProfile_DefaultInboundAction", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_DisableUnicastResponsesToMulticastBroadcast", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockExecutionOfPotentiallyObfuscatedScripts", + "Name": "PublicProfile_GlobalPortsAllowUserPrefMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_EnableLogSuccessConnections", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent", + "Name": "PublicProfile_AllowLocalIpsecPolicyMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "PublicProfile_EnableLogDroppedPackets", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockOfficeApplicationsFromCreatingExecutableContent", + "Name": "PublicProfile_EnableLogIgnoredRules", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions", + "CIMType": "SInt32", + "Name": "PublicProfile_LogMaxFileSize", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses", + "Name": "PublicProfile_DisableStealthMode", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "ObjectAccess_AuditFilteringPlatformConnection", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses", + "Name": "ObjectAccess_AuditFilteringPlatformPacketDrop", "Option": "Write" }, { "CIMType": "String[]", - "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "Name": "AllowedTlsAuthenticationEndpoints", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockPersistenceThroughWMIEventSubscription", + "Name": "ConfiguredTlsAuthenticationNetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockProcessCreationsFromPSExecAndWMICommands", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions", + "Name": "Target", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockRebootingMachineInSafeMode", + "Name": "HyperVVMSettings_DomainProfile_EnableFirewall", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB", + "Name": "HyperVVMSettings_DomainProfile_DefaultInboundAction", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_DomainProfile_DefaultOutboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockUseOfCopiedOrImpersonatedSystemTools", + "Name": "EnableLoopback", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_PublicProfile_EnableFirewall", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockWebShellCreationForServers", + "Name": "HyperVVMSettings_PublicProfile_DefaultInboundAction", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockWebshellCreationForServers_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_PublicProfile_DefaultOutboundAction", "Option": "Write" }, { "CIMType": "String", - "Name": "BlockWin32APICallsFromOfficeMacros", + "Name": "HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_PrivateProfile_EnableFirewall", "Option": "Write" }, { "CIMType": "String", - "Name": "UseAdvancedProtectionAgainstRansomware", + "Name": "HyperVVMSettings_PrivateProfile_DefaultOutboundAction", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions", + "CIMType": "String", + "Name": "HyperVVMSettings_PrivateProfile_DefaultInboundAction", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ControlledFolderAccessProtectedFolders", + "CIMType": "String", + "Name": "HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ControlledFolderAccessAllowedApplications", + "CIMType": "String", + "Name": "AllowHostPolicyMerge", "Option": "Write" }, { - "CIMType": "String", - "Name": "EnableControlledFolderAccess", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { @@ -32205,246 +34140,166 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationPolicyTemplateReference", + "ClassName": "MSFT_DeviceManagementConfigurationPolicyItems", "Parameters": [ { "CIMType": "String", - "Name": "TemplateDisplayName", + "Name": "dataType", "Option": "Write" }, { "CIMType": "String", - "Name": "TemplateDisplayVersion", + "Name": "payloadId", "Option": "Write" }, { "CIMType": "String", - "Name": "TemplateFamily", + "Name": "displayName", "Option": "Write" }, { "CIMType": "String", - "Name": "TemplateId", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSetting", - "Parameters": [ - { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance", - "Name": "SettingInstance", + "Name": "itemType", "Option": "Write" }, { - "CIMType": "String", - "Name": "Id", + "CIMType": "String[]", + "Name": "guidedDeploymentTags", "Option": "Write" } ] }, { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance", + "ClassName": "MSFT_IntunePolicySets", "Parameters": [ { "CIMType": "String", - "Name": "SettingDefinitionId", + "Name": "Description", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference", - "Name": "SettingInstanceTemplateReference", - "Option": "Write" + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue[]", - "Name": "ChoiceSettingCollectionValue", + "CIMType": "String[]", + "Name": "GuidedDeploymentTags", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue", - "Name": "ChoiceSettingValue", + "CIMType": "String[]", + "Name": "RoleScopeTags", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue[]", - "Name": "GroupSettingCollectionValue", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue", - "Name": "GroupSettingValue", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue[]", - "Name": "SimpleSettingCollectionValue", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyItems[]", + "Name": "Items", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue", - "Name": "SimpleSettingValue", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "String", - "Name": "odataType", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference", - "Parameters": [ + }, { "CIMType": "String", - "Name": "SettingInstanceTemplateId", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue", - "Parameters": [ - { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", - "Name": "Children", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "Value", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", - "Name": "SettingValueTemplateReference", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "odataType", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", - "Parameters": [ - { - "CIMType": "String", - "Name": "settingValueTemplateId", + "Name": "CertificateThumbprint", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "useTemplateDefault", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue", - "Parameters": [ - { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", - "Name": "Children", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", - "Name": "SettingValueTemplateReference", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Value", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "String", - "Name": "odataType", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue", + "ClassName": "MSFT_IntuneRoleAssignment", "Parameters": [ - { - "CIMType": "UInt32", - "Name": "IntValue", - "Option": "Write" - }, { "CIMType": "String", - "Name": "StringValue", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "ValueState", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "odataType", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", - "Name": "SettingValueTemplateReference", - "Option": "Write" + "Name": "DisplayName", + "Option": "Key" }, { - "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", - "Name": "Children", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneSettingCatalogCustomPolicyWindows10", - "Parameters": [ - { - "CIMType": "String", - "Name": "Description", + "CIMType": "String[]", + "Name": "ResourceScopes", "Option": "Write" }, { - "CIMType": "String", - "Name": "Name", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Platforms", + "CIMType": "String[]", + "Name": "ResourceScopesDisplayNames", "Option": "Write" }, { "CIMType": "String", - "Name": "Technologies", + "Name": "ScopeType", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphdeviceManagementConfigurationPolicyTemplateReference", - "Name": "TemplateReference", + "CIMType": "String[]", + "Name": "Members", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphdeviceManagementConfigurationSetting[]", - "Name": "Settings", + "CIMType": "String[]", + "Name": "MembersDisplayNames", "Option": "Write" }, { "CIMType": "String", - "Name": "Id", + "Name": "RoleDefinition", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String", + "Name": "RoleDefinitionDisplayName", "Option": "Write" }, { @@ -32490,51 +34345,41 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", + "ClassName": "MSFT_IntuneRoleDefinition", "Parameters": [ { "CIMType": "String", "Name": "Id", "Option": "Write" }, - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, { "CIMType": "String", "Name": "Description", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" }, { "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "NetworkName", + "Name": "IsBuiltIn", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "String[]", + "Name": "allowedResourceActions", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "String[]", + "Name": "notAllowedResourceActions", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String[]", + "Name": "roleScopeTagIds", "Option": "Write" }, { @@ -32580,11 +34425,11 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", + "ClassName": "MSFT_IntuneSettingCatalogASRRulesPolicyWindows10", "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "Identity", "Option": "Write" }, { @@ -32598,248 +34443,213 @@ "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "String", - "Name": "NetworkName", + "CIMType": "String[]", + "Name": "AttackSurfaceReductionOnlyExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PreSharedKeyIsSet", + "CIMType": "String[]", + "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "Name": "BlockAdobeReaderFromCreatingChildProcesses", "Option": "Write" }, { - "CIMType": "String", - "Name": "ProxyExclusionList", + "CIMType": "String[]", + "Name": "BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyManualAddress", + "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ProxyManualPort", + "CIMType": "String[]", + "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxySettings", + "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "String[]", + "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "WiFiSecurityType", - "Option": "Write" - }, - { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "Name": "BlockExecutableContentFromEmailClientAndWebmail", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "String[]", + "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "BlockExecutionOfPotentiallyObfuscatedScripts", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String[]", + "Name": "BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", - "Parameters": [ - { - "CIMType": "String", - "Name": "Id", + "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "BlockOfficeApplicationsFromCreatingExecutableContent", + "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "String[]", + "Name": "BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "CIMType": "String", + "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "String[]", + "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "String[]", + "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "WiFiSecurityType", + "Name": "BlockPersistenceThroughWMIEventSubscription", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String", + "Name": "BlockProcessCreationsFromPSExecAndWMICommands", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "BlockRebootingMachineInSafeMode", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "String[]", + "Name": "BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String[]", + "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "BlockUseOfCopiedOrImpersonatedSystemTools", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidForWork", - "Parameters": [ + }, { "CIMType": "String", - "Name": "Id", + "Name": "BlockWebShellCreationForServers", "Option": "Write" }, { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "CIMType": "String[]", + "Name": "BlockWebshellCreationForServers_ASROnlyPerRuleExclusions", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "BlockWin32APICallsFromOfficeMacros", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "CIMType": "String[]", + "Name": "BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "String", + "Name": "UseAdvancedProtectionAgainstRansomware", "Option": "Write" }, { - "CIMType": "String", - "Name": "NetworkName", + "CIMType": "String[]", + "Name": "UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "String[]", + "Name": "ControlledFolderAccessProtectedFolders", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "String[]", + "Name": "ControlledFolderAccessAllowedApplications", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "String", + "Name": "EnableControlledFolderAccess", "Option": "Write" }, { @@ -32885,176 +34695,241 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject", + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationPolicyTemplateReference", "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "TemplateDisplayName", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "TemplateDisplayVersion", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "TemplateFamily", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "CIMType": "String", + "Name": "TemplateId", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSetting", + "Parameters": [ { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance", + "Name": "SettingInstance", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "Id", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance", + "Parameters": [ { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "SettingDefinitionId", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PreSharedKeyIsSet", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference", + "Name": "SettingInstanceTemplateReference", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue[]", + "Name": "ChoiceSettingCollectionValue", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue", + "Name": "ChoiceSettingValue", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue[]", + "Name": "GroupSettingCollectionValue", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue", + "Name": "GroupSettingValue", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue[]", + "Name": "SimpleSettingCollectionValue", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue", + "Name": "SimpleSettingValue", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "odataType", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference", + "Parameters": [ { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "SettingInstanceTemplateId", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue", + "Parameters": [ + { + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", + "Name": "Children", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "Value", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", + "Name": "SettingValueTemplateReference", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "String", + "Name": "odataType", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyIOS", + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", "Parameters": [ { "CIMType": "String", - "Name": "Id", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Description", + "Name": "settingValueTemplateId", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "Name": "useTemplateDefault", "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue", + "Parameters": [ + { + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", + "Name": "Children", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DisableMacAddressRandomization", + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", + "Name": "SettingValueTemplateReference", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "Value", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "odataType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue", + "Parameters": [ + { + "CIMType": "UInt32", + "Name": "IntValue", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "Name": "StringValue", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyManualAddress", + "Name": "ValueState", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ProxyManualPort", + "CIMType": "String", + "Name": "odataType", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference", + "Name": "SettingValueTemplateReference", "Option": "Write" }, + { + "CIMType": "MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]", + "Name": "Children", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneSettingCatalogCustomPolicyWindows10", + "Parameters": [ { "CIMType": "String", - "Name": "ProxySettings", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "Ssid", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Platforms", "Option": "Write" }, { "CIMType": "String", - "Name": "WiFiSecurityType", + "Name": "Technologies", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphdeviceManagementConfigurationPolicyTemplateReference", + "Name": "TemplateReference", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphdeviceManagementConfigurationSetting[]", + "Name": "Settings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { @@ -33105,7 +34980,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyMacOS", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", "Parameters": [ { "CIMType": "String", @@ -33137,31 +35012,6 @@ "Name": "NetworkName", "Option": "Write" }, - { - "CIMType": "String", - "Name": "PreSharedKey", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxyManualAddress", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "ProxyManualPort", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxySettings", - "Option": "Write" - }, { "CIMType": "String", "Name": "Ssid", @@ -33220,7 +35070,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyWindows10", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", "Parameters": [ { "CIMType": "String", @@ -33242,39 +35092,34 @@ "Name": "ConnectAutomatically", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "ConnectToPreferredNetwork", - "Option": "Write" - }, { "CIMType": "Boolean", "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ForceFIPSCompliance", + "CIMType": "String", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "MeteredConnectionLimit", + "Name": "PreSharedKey", "Option": "Write" }, { - "CIMType": "String", - "Name": "NetworkName", + "CIMType": "Boolean", + "Name": "PreSharedKeyIsSet", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "ProxyAutomaticConfigurationUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "Name": "ProxyExclusionList", "Option": "Write" }, { @@ -33289,7 +35134,7 @@ }, { "CIMType": "String", - "Name": "ProxySetting", + "Name": "ProxySettings", "Option": "Write" }, { @@ -33299,7 +35144,7 @@ }, { "CIMType": "String", - "Name": "WifiSecurityType", + "Name": "WiFiSecurityType", "Option": "Write" }, { @@ -33350,101 +35195,101 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", "Parameters": [ { - "CIMType": "Boolean", - "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AllowDeviceUseOnInstallFailure", + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AllowLogCollectionOnInstallFailure", + "Name": "ConnectAutomatically", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "BlockDeviceSetupRetryByUser", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "CustomErrorMessage", + "Name": "NetworkName", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideInstallationProgress", + "CIMType": "String", + "Name": "Ssid", "Option": "Write" }, - { - "CIMType": "UInt32", - "Name": "InstallProgressTimeoutInMinutes", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings", - "Parameters": [ { "CIMType": "String", - "Name": "DeviceUsageType", + "Name": "WiFiSecurityType", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEscapeLink", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEULA", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HidePrivacySettings", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "SkipKeyboardSelectionPage", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "UserType", + "Name": "TenantId", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", - "Parameters": [ + }, { - "CIMType": "Boolean", - "Name": "HybridAzureADJoinSkipConnectivityCheck", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "String", - "Name": "DeviceNameTemplate", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidForWork", + "Parameters": [ { "CIMType": "String", - "Name": "DeviceType", + "Name": "Id", "Option": "Write" }, { @@ -33453,38 +35298,33 @@ "Option": "Key" }, { - "CIMType": "Boolean", - "Name": "EnableWhiteGlove", + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings", - "Name": "EnrollmentStatusScreenSettings", + "CIMType": "Boolean", + "Name": "ConnectAutomatically", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ExtractHardwareHash", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "Language", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "ManagementServiceAppId", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings", - "Name": "OutOfBoxExperienceSettings", + "Name": "Ssid", "Option": "Write" }, { "CIMType": "String", - "Name": "Id", + "Name": "WiFiSecurityType", "Option": "Write" }, { @@ -33535,136 +35375,176 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject", "Parameters": [ { - "CIMType": "Boolean", - "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AllowDeviceUseOnInstallFailure", + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AllowLogCollectionOnInstallFailure", + "Name": "ConnectAutomatically", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "BlockDeviceSetupRetryByUser", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "CustomErrorMessage", + "Name": "NetworkName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreSharedKey", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "HideInstallationProgress", + "Name": "PreSharedKeyIsSet", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "InstallProgressTimeoutInMinutes", + "CIMType": "String", + "Name": "Ssid", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings1", - "Parameters": [ + }, { "CIMType": "String", - "Name": "DeviceUsageType", + "Name": "WiFiSecurityType", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEscapeLink", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEULA", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HidePrivacySettings", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "SkipKeyboardSelectionPage", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "UserType", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyIOS", "Parameters": [ { "CIMType": "String", - "Name": "Description", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "DeviceNameTemplate", - "Option": "Write" + "Name": "DisplayName", + "Option": "Key" }, { "CIMType": "String", - "Name": "DeviceType", + "Name": "Description", "Option": "Write" }, { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" }, { "CIMType": "Boolean", - "Name": "EnableWhiteGlove", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1", - "Name": "EnrollmentStatusScreenSettings", + "CIMType": "Boolean", + "Name": "DisableMacAddressRandomization", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ExtractHardwareHash", + "CIMType": "String", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "Language", + "Name": "PreSharedKey", "Option": "Write" }, { "CIMType": "String", - "Name": "ManagementServiceAppId", + "Name": "ProxyAutomaticConfigurationUrl", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings1", - "Name": "OutOfBoxExperienceSettings", + "CIMType": "String", + "Name": "ProxyManualAddress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "ProxyManualPort", "Option": "Write" }, { "CIMType": "String", - "Name": "Id", + "Name": "ProxySettings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ssid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WiFiSecurityType", "Option": "Write" }, { @@ -33715,401 +35595,386 @@ ] }, { - "ClassName": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyMacOS", "Parameters": [ { "CIMType": "String", - "Name": "dataType", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "deviceAndAppManagementAssignmentFilterType", - "Option": "Write" + "Name": "DisplayName", + "Option": "Key" }, { "CIMType": "String", - "Name": "deviceAndAppManagementAssignmentFilterId", + "Name": "Description", "Option": "Write" }, { - "CIMType": "String", - "Name": "groupId", + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "groupDisplayName", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "collectionId", + "Name": "PreSharedKey", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate", - "Parameters": [ + }, { "CIMType": "String", - "Name": "Certificate", + "Name": "ProxyAutomaticConfigurationUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "ProxyManualAddress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "ProxyManualPort", "Option": "Write" }, { "CIMType": "String", - "Name": "ExpirationDateTime", + "Name": "ProxySettings", "Option": "Write" }, { "CIMType": "String", - "Name": "SubjectName", + "Name": "Ssid", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection", - "Parameters": [ + }, { "CIMType": "String", - "Name": "DisplayName", + "Name": "WiFiSecurityType", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "Resources", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection", - "Parameters": [ + }, { - "CIMType": "String", - "Name": "DisplayName", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphIpRange[]", - "Name": "Ranges", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphIpRange", - "Parameters": [ + }, { "CIMType": "String", - "Name": "CidrAddress", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "LowerAddress", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "String", - "Name": "UpperAddress", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "odataType", + "Name": "CertificateThumbprint", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection", - "Parameters": [ + }, { - "CIMType": "String", - "Name": "DisplayName", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphProxiedDomain[]", - "Name": "ProxiedDomains", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_MicrosoftGraphProxiedDomain", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyWindows10", "Parameters": [ { "CIMType": "String", - "Name": "IpAddressOrFQDN", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "Proxy", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionApp", - "Parameters": [ + }, { "CIMType": "Boolean", - "Name": "Denied", + "Name": "ConnectAutomatically", "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "Boolean", + "Name": "ConnectToPreferredNetwork", "Option": "Write" }, { - "CIMType": "String", - "Name": "DisplayName", + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { - "CIMType": "String", - "Name": "ProductName", + "CIMType": "Boolean", + "Name": "ForceFIPSCompliance", "Option": "Write" }, { "CIMType": "String", - "Name": "PublisherName", + "Name": "MeteredConnectionLimit", "Option": "Write" }, { "CIMType": "String", - "Name": "BinaryName", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "BinaryVersionHigh", + "Name": "PreSharedKey", "Option": "Write" }, { "CIMType": "String", - "Name": "BinaryVersionLow", + "Name": "ProxyAutomaticConfigurationUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "odataType", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", - "Parameters": [ - { - "CIMType": "String", - "Name": "Id", + "Name": "ProxyManualAddress", "Option": "Write" }, { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "Boolean", - "Name": "AzureRightsManagementServicesAllowed", + "CIMType": "UInt32", + "Name": "ProxyManualPort", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate", - "Name": "DataRecoveryCertificate", + "CIMType": "String", + "Name": "ProxySetting", "Option": "Write" }, { "CIMType": "String", - "Name": "EnforcementLevel", + "Name": "Ssid", "Option": "Write" }, { "CIMType": "String", - "Name": "EnterpriseDomain", + "Name": "WifiSecurityType", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "EnterpriseInternalProxyServers", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[]", - "Name": "EnterpriseIPRanges", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "EnterpriseIPRangesAreAuthoritative", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "EnterpriseNetworkDomainNames", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "EnterpriseProtectedDomainNames", + "CIMType": "String", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[]", - "Name": "EnterpriseProxiedDomains", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "EnterpriseProxyServers", + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "EnterpriseProxyServersAreAuthoritative", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionApp[]", - "Name": "ExemptApps", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings", + "Parameters": [ { "CIMType": "Boolean", - "Name": "IconsVisible", + "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IndexingEncryptedStoresOrItemsBlocked", + "Name": "AllowDeviceUseOnInstallFailure", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "NeutralDomainResources", + "CIMType": "Boolean", + "Name": "AllowLogCollectionOnInstallFailure", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionApp[]", - "Name": "ProtectedApps", + "CIMType": "Boolean", + "Name": "BlockDeviceSetupRetryByUser", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ProtectionUnderLockConfigRequired", + "CIMType": "String", + "Name": "CustomErrorMessage", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "RevokeOnUnenrollDisabled", + "Name": "HideInstallationProgress", "Option": "Write" }, + { + "CIMType": "UInt32", + "Name": "InstallProgressTimeoutInMinutes", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings", + "Parameters": [ { "CIMType": "String", - "Name": "RightsManagementServicesTemplateId", + "Name": "DeviceUsageType", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", - "Name": "SmbAutoEncryptedFileExtensions", + "CIMType": "Boolean", + "Name": "HideEscapeLink", "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "Boolean", + "Name": "HideEULA", "Option": "Write" }, { - "CIMType": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "Boolean", + "Name": "HidePrivacySettings", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "SkipKeyboardSelectionPage", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "UserType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "HybridAzureADJoinSkipConnectivityCheck", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "DeviceNameTemplate", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "DeviceType", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" + "Name": "DisplayName", + "Option": "Key" }, { "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "EnableWhiteGlove", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10", - "Parameters": [ - { - "CIMType": "String", - "Name": "Id", + "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings", + "Name": "EnrollmentStatusScreenSettings", "Option": "Write" }, { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "CIMType": "Boolean", + "Name": "ExtractHardwareHash", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "Language", "Option": "Write" }, { "CIMType": "String", - "Name": "ApprovalType", + "Name": "ManagementServiceAppId", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "DeploymentDeferralInDays", + "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings", + "Name": "OutOfBoxExperienceSettings", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "RoleScopeTagIds", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { @@ -34160,146 +36025,131 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphWindowsUpdateRolloutSettings", + "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1", "Parameters": [ { - "CIMType": "String", - "Name": "OfferEndDateTimeInUTC", + "CIMType": "Boolean", + "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "OfferIntervalInDays", + "CIMType": "Boolean", + "Name": "AllowDeviceUseOnInstallFailure", "Option": "Write" }, { - "CIMType": "String", - "Name": "OfferStartDateTimeInUTC", + "CIMType": "Boolean", + "Name": "AllowLogCollectionOnInstallFailure", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", - "Parameters": [ + }, { - "CIMType": "String", - "Name": "Id", + "CIMType": "Boolean", + "Name": "BlockDeviceSetupRetryByUser", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "CustomErrorMessage", + "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "Boolean", + "Name": "HideInstallationProgress", "Option": "Write" }, { - "CIMType": "String", - "Name": "FeatureUpdateVersion", + "CIMType": "UInt32", + "Name": "InstallProgressTimeoutInMinutes", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings1", + "Parameters": [ { - "CIMType": "Boolean", - "Name": "InstallFeatureUpdatesOptional", + "CIMType": "String", + "Name": "DeviceUsageType", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "InstallLatestWindows10OnWindows11IneligibleDevice", + "Name": "HideEscapeLink", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsUpdateRolloutSettings", - "Name": "RolloutSettings", + "CIMType": "Boolean", + "Name": "HideEULA", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "Boolean", + "Name": "HidePrivacySettings", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "SkipKeyboardSelectionPage", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "UserType", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined", + "Parameters": [ { "CIMType": "String", - "Name": "ApplicationId", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "DeviceNameTemplate", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "DeviceType", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" + "Name": "DisplayName", + "Option": "Key" }, { "CIMType": "Boolean", - "Name": "ManagedIdentity", + "Name": "EnableWhiteGlove", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphExpeditedWindowsQualityUpdateSettings", - "Parameters": [ - { - "CIMType": "UInt32", - "Name": "DaysUntilForcedReboot", + "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1", + "Name": "EnrollmentStatusScreenSettings", "Option": "Write" }, { - "CIMType": "String", - "Name": "QualityUpdateRelease", + "CIMType": "Boolean", + "Name": "ExtractHardwareHash", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10", - "Parameters": [ - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" }, { "CIMType": "String", - "Name": "Description", + "Name": "Language", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphexpeditedWindowsQualityUpdateSettings", - "Name": "ExpeditedUpdateSettings", + "CIMType": "String", + "Name": "ManagementServiceAppId", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "RoleScopeTagIds", + "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings1", + "Name": "OutOfBoxExperienceSettings", "Option": "Write" }, { @@ -34355,247 +36205,347 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphWindowsUpdateInstallScheduleType", + "ClassName": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments", "Parameters": [ { "CIMType": "String", - "Name": "ActiveHoursEnd", + "Name": "dataType", "Option": "Write" }, { "CIMType": "String", - "Name": "ActiveHoursStart", + "Name": "deviceAndAppManagementAssignmentFilterType", "Option": "Write" }, { "CIMType": "String", - "Name": "ScheduledInstallDay", + "Name": "deviceAndAppManagementAssignmentFilterId", "Option": "Write" }, { "CIMType": "String", - "Name": "ScheduledInstallTime", + "Name": "groupId", "Option": "Write" }, { "CIMType": "String", - "Name": "odataType", + "Name": "groupDisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "collectionId", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10", + "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate", "Parameters": [ { "CIMType": "String", - "Name": "Id", + "Name": "Certificate", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "Description", + "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AllowWindows11Upgrade", + "CIMType": "String", + "Name": "ExpirationDateTime", "Option": "Write" }, { "CIMType": "String", - "Name": "AutomaticUpdateMode", + "Name": "SubjectName", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection", + "Parameters": [ { "CIMType": "String", - "Name": "AutoRestartNotificationDismissal", + "Name": "DisplayName", "Option": "Write" }, + { + "CIMType": "String[]", + "Name": "Resources", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection", + "Parameters": [ { "CIMType": "String", - "Name": "BusinessReadyUpdatesOnly", + "Name": "DisplayName", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "DeadlineForFeatureUpdatesInDays", + "CIMType": "MSFT_MicrosoftGraphIpRange[]", + "Name": "Ranges", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphIpRange", + "Parameters": [ { - "CIMType": "UInt32", - "Name": "DeadlineForQualityUpdatesInDays", + "CIMType": "String", + "Name": "CidrAddress", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "DeadlineGracePeriodInDays", + "CIMType": "String", + "Name": "LowerAddress", "Option": "Write" }, { "CIMType": "String", - "Name": "DeliveryOptimizationMode", + "Name": "UpperAddress", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DriversExcluded", + "CIMType": "String", + "Name": "odataType", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection", + "Parameters": [ { - "CIMType": "UInt32", - "Name": "EngagedRestartDeadlineInDays", + "CIMType": "String", + "Name": "DisplayName", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "EngagedRestartSnoozeScheduleInDays", + "CIMType": "MSFT_MicrosoftGraphProxiedDomain[]", + "Name": "ProxiedDomains", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphProxiedDomain", + "Parameters": [ { - "CIMType": "UInt32", - "Name": "EngagedRestartTransitionScheduleInDays", + "CIMType": "String", + "Name": "IpAddressOrFQDN", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "FeatureUpdatesDeferralPeriodInDays", + "CIMType": "String", + "Name": "Proxy", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsInformationProtectionApp", + "Parameters": [ { "CIMType": "Boolean", - "Name": "FeatureUpdatesPaused", + "Name": "Denied", "Option": "Write" }, { "CIMType": "String", - "Name": "FeatureUpdatesPauseExpiryDateTime", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "FeatureUpdatesPauseStartDate", + "Name": "DisplayName", "Option": "Write" }, { "CIMType": "String", - "Name": "FeatureUpdatesRollbackStartDateTime", + "Name": "ProductName", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "FeatureUpdatesRollbackWindowInDays", + "CIMType": "String", + "Name": "PublisherName", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType", - "Name": "InstallationSchedule", + "CIMType": "String", + "Name": "BinaryName", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "MicrosoftUpdateServiceAllowed", + "CIMType": "String", + "Name": "BinaryVersionHigh", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PostponeRebootUntilAfterDeadline", + "CIMType": "String", + "Name": "BinaryVersionLow", "Option": "Write" }, { "CIMType": "String", - "Name": "PrereleaseFeatures", + "Name": "odataType", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", + "Parameters": [ { - "CIMType": "UInt32", - "Name": "QualityUpdatesDeferralPeriodInDays", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, { "CIMType": "Boolean", - "Name": "QualityUpdatesPaused", + "Name": "AzureRightsManagementServicesAllowed", "Option": "Write" }, { - "CIMType": "String", - "Name": "QualityUpdatesPauseExpiryDateTime", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate", + "Name": "DataRecoveryCertificate", "Option": "Write" }, { "CIMType": "String", - "Name": "QualityUpdatesPauseStartDate", + "Name": "EnforcementLevel", "Option": "Write" }, { "CIMType": "String", - "Name": "QualityUpdatesRollbackStartDateTime", + "Name": "EnterpriseDomain", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ScheduleImminentRestartWarningInMinutes", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "EnterpriseInternalProxyServers", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ScheduleRestartWarningInHours", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[]", + "Name": "EnterpriseIPRanges", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "SkipChecksBeforeRestart", + "Name": "EnterpriseIPRangesAreAuthoritative", "Option": "Write" }, { - "CIMType": "String", - "Name": "UpdateNotificationLevel", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "EnterpriseNetworkDomainNames", "Option": "Write" }, { - "CIMType": "String", - "Name": "UpdateWeeks", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "EnterpriseProtectedDomainNames", "Option": "Write" }, { - "CIMType": "String", - "Name": "UserPauseAccess", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[]", + "Name": "EnterpriseProxiedDomains", "Option": "Write" }, { - "CIMType": "String", - "Name": "UserWindowsUpdateScanAccess", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "EnterpriseProxyServers", "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "Boolean", + "Name": "EnterpriseProxyServersAreAuthoritative", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionApp[]", + "Name": "ExemptApps", "Option": "Write" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "IconsVisible", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "IndexingEncryptedStoresOrItemsBlocked", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "NeutralDomainResources", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", - "Option": "Write" + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionApp[]", + "Name": "ProtectedApps", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ProtectionUnderLockConfigRequired", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RevokeOnUnenrollDisabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RightsManagementServicesTemplateId", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]", + "Name": "SmbAutoEncryptedFileExtensions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" }, { "CIMType": "MSFT_Credential", @@ -34620,21 +36570,46 @@ ] }, { - "ClassName": "MSFT_M365DSCRuleEvaluation", + "ClassName": "MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10", "Parameters": [ { "CIMType": "String", - "Name": "ResourceName", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", "Option": "Key" }, { "CIMType": "String", - "Name": "RuleDefinition", - "Option": "Required" + "Name": "Description", + "Option": "Write" }, { "CIMType": "String", - "Name": "AfterRuleCountQuery", + "Name": "ApprovalType", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DeploymentDeferralInDays", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RoleScopeTagIds", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { @@ -34675,22 +36650,72 @@ ] }, { - "ClassName": "MSFT_O365AdminAuditLogConfig", + "ClassName": "MSFT_MicrosoftGraphWindowsUpdateRolloutSettings", "Parameters": [ { "CIMType": "String", - "Name": "IsSingleInstance", + "Name": "OfferEndDateTimeInUTC", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "OfferIntervalInDays", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "OfferStartDateTimeInUTC", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", "Option": "Key" }, { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FeatureUpdateVersion", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "InstallFeatureUpdatesOptional", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "InstallLatestWindows10OnWindows11IneligibleDevice", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphwindowsUpdateRolloutSettings", + "Name": "RolloutSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { "CIMType": "string", - "Name": "UnifiedAuditLogIngestionEnabled", - "Option": "Required" + "Name": "Ensure", + "Option": "Write" }, { "CIMType": "MSFT_Credential", @@ -34707,19 +36732,14 @@ "Name": "TenantId", "Option": "Write" }, - { - "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", + "Name": "CertificateThumbprint", "Option": "Write" }, { @@ -34735,31 +36755,51 @@ ] }, { - "ClassName": "MSFT_O365Group", + "ClassName": "MSFT_MicrosoftGraphExpeditedWindowsQualityUpdateSettings", "Parameters": [ { - "CIMType": "string", + "CIMType": "UInt32", + "Name": "DaysUntilForcedReboot", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "QualityUpdateRelease", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10", + "Parameters": [ + { + "CIMType": "String", "Name": "DisplayName", "Option": "Key" }, { - "CIMType": "string", - "Name": "MailNickName", - "Option": "Key" + "CIMType": "String", + "Name": "Description", + "Option": "Write" }, { - "CIMType": "string[]", - "Name": "ManagedBy", + "CIMType": "MSFT_MicrosoftGraphexpeditedWindowsQualityUpdateSettings", + "Name": "ExpeditedUpdateSettings", "Option": "Write" }, { - "CIMType": "string", - "Name": "Description", + "CIMType": "String[]", + "Name": "RoleScopeTagIds", "Option": "Write" }, { - "CIMType": "string[]", - "Name": "Members", + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { @@ -34805,196 +36845,231 @@ ] }, { - "ClassName": "MSFT_O365OrgCustomizationSetting", + "ClassName": "MSFT_MicrosoftGraphWindowsUpdateInstallScheduleType", "Parameters": [ { "CIMType": "String", - "Name": "IsSingleInstance", - "Option": "Key" + "Name": "ActiveHoursEnd", + "Option": "Write" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "ActiveHoursStart", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "ScheduledInstallDay", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "ScheduledInstallTime", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "odataType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "AllowWindows11Upgrade", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "String", + "Name": "AutomaticUpdateMode", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", + "Name": "AutoRestartNotificationDismissal", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "String", + "Name": "BusinessReadyUpdatesOnly", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_O365OrgSettings", - "Parameters": [ + }, + { + "CIMType": "UInt32", + "Name": "DeadlineForFeatureUpdatesInDays", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DeadlineForQualityUpdatesInDays", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DeadlineGracePeriodInDays", + "Option": "Write" + }, { "CIMType": "String", - "Name": "IsSingleInstance", - "Option": "Key" + "Name": "DeliveryOptimizationMode", + "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AppsAndServicesIsAppAndServicesTrialEnabled", + "Name": "DriversExcluded", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AppsAndServicesIsOfficeStoreEnabled", + "CIMType": "UInt32", + "Name": "EngagedRestartDeadlineInDays", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "CortanaEnabled", + "CIMType": "UInt32", + "Name": "EngagedRestartSnoozeScheduleInDays", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled", + "CIMType": "UInt32", + "Name": "EngagedRestartTransitionScheduleInDays", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled", + "CIMType": "UInt32", + "Name": "FeatureUpdatesDeferralPeriodInDays", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled", + "Name": "FeatureUpdatesPaused", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "FormsIsBingImageSearchEnabled", + "CIMType": "String", + "Name": "FeatureUpdatesPauseExpiryDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "FormsIsExternalSendFormEnabled", + "CIMType": "String", + "Name": "FeatureUpdatesPauseStartDate", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "FormsIsExternalShareCollaborationEnabled", + "CIMType": "String", + "Name": "FeatureUpdatesRollbackStartDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "FormsIsExternalShareResultEnabled", + "CIMType": "UInt32", + "Name": "FeatureUpdatesRollbackWindowInDays", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "FormsIsExternalShareTemplateEnabled", + "CIMType": "MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType", + "Name": "InstallationSchedule", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "FormsIsInOrgFormsPhishingScanEnabled", + "Name": "MicrosoftUpdateServiceAllowed", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "FormsIsRecordIdentityByDefaultEnabled", + "Name": "PostponeRebootUntilAfterDeadline", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "M365WebEnableUsersToOpenFilesFrom3PStorage", + "CIMType": "String", + "Name": "PrereleaseFeatures", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "MicrosoftVivaBriefingEmail", + "CIMType": "UInt32", + "Name": "QualityUpdatesDeferralPeriodInDays", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "VivaInsightsWebExperience", + "Name": "QualityUpdatesPaused", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "VivaInsightsDigestEmail", + "CIMType": "String", + "Name": "QualityUpdatesPauseExpiryDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "VivaInsightsOutlookAddInAndInlineSuggestions", + "CIMType": "String", + "Name": "QualityUpdatesPauseStartDate", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "VivaInsightsScheduleSendSuggestions", + "CIMType": "String", + "Name": "QualityUpdatesRollbackStartDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PlannerAllowCalendarSharing", + "CIMType": "UInt32", + "Name": "ScheduleImminentRestartWarningInMinutes", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ToDoIsExternalJoinEnabled", + "CIMType": "UInt32", + "Name": "ScheduleRestartWarningInHours", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ToDoIsExternalShareEnabled", + "Name": "SkipChecksBeforeRestart", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ToDoIsPushNotificationEnabled", + "CIMType": "String", + "Name": "UpdateNotificationLevel", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AdminCenterReportDisplayConcealedNames", + "CIMType": "String", + "Name": "UpdateWeeks", "Option": "Write" }, { "CIMType": "String", - "Name": "InstallationOptionsUpdateChannel", + "Name": "UserPauseAccess", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "InstallationOptionsAppsForWindows", + "CIMType": "String", + "Name": "UserWindowsUpdateScanAccess", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "InstallationOptionsAppsForMac", + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { @@ -35035,36 +37110,51 @@ ] }, { - "ClassName": "MSFT_O365SearchAndIntelligenceConfigurations", + "ClassName": "MSFT_M365DSCRuleEvaluation", "Parameters": [ { "CIMType": "String", - "Name": "IsSingleInstance", + "Name": "ResourceName", "Option": "Key" }, { - "CIMType": "Boolean", - "Name": "ItemInsightsIsEnabledInOrganization", - "Option": "Write" + "CIMType": "String", + "Name": "RuleDefinition", + "Option": "Required" }, { "CIMType": "String", - "Name": "ItemInsightsDisabledForGroup", + "Name": "AfterRuleCountQuery", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PersonInsightsIsEnabledInOrganization", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "PersonInsightsDisabledForGroup", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", "Option": "Write" }, { "CIMType": "MSFT_Credential", - "Name": "Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { @@ -35075,80 +37165,90 @@ ] }, { - "ClassName": "MSFT_ODSettings", + "ClassName": "MSFT_O365AdminAuditLogConfig", "Parameters": [ { - "CIMType": "string", + "CIMType": "String", "Name": "IsSingleInstance", "Option": "Key" }, { - "CIMType": "uint32", - "Name": "OneDriveStorageQuota", - "Option": "Write" - }, - { - "CIMType": "uint32", - "Name": "OrphanedPersonalSitesRetentionPeriod", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "OneDriveForGuestsEnabled", - "Option": "Write" + "CIMType": "string", + "Name": "UnifiedAuditLogIngestionEnabled", + "Option": "Required" }, { - "CIMType": "Boolean", - "Name": "NotifyOwnersWhenInvitationsAccepted", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "NotificationsInOneDriveForBusinessEnabled", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "ODBMembersCanShare", + "Name": "TenantId", "Option": "Write" }, { "CIMType": "String", - "Name": "ODBAccessRequests", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "BlockMacSync", + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DisableReportProblemDialog", + "CIMType": "String", + "Name": "CertificatePath", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "TenantRestrictionEnabled", + "Name": "ManagedIdentity", "Option": "Write" }, { "CIMType": "String[]", - "Name": "DomainGuids", + "Name": "AccessTokens", "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_O365ExternalConnection", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" }, { - "CIMType": "String[]", - "Name": "ExcludedFileExtensions", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "GrooveBlockOption", + "Name": "Description", "Option": "Write" }, { - "CIMType": "String", + "CIMType": "String[]", + "Name": "AuthorizedAppIds", + "Option": "Write" + }, + { + "CIMType": "string", "Name": "Ensure", "Option": "Write" }, @@ -35167,16 +37267,6 @@ "Name": "TenantId", "Option": "Write" }, - { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "CertificatePath", - "Option": "Write" - }, { "CIMType": "String", "Name": "CertificateThumbprint", @@ -35195,25 +37285,35 @@ ] }, { - "ClassName": "MSFT_PlannerBucket", + "ClassName": "MSFT_O365Group", "Parameters": [ { "CIMType": "string", - "Name": "Name", + "Name": "DisplayName", "Option": "Key" }, { "CIMType": "string", - "Name": "PlanId", + "Name": "MailNickName", "Option": "Key" }, + { + "CIMType": "string[]", + "Name": "ManagedBy", + "Option": "Write" + }, { "CIMType": "string", - "Name": "BucketId", + "Name": "Description", "Option": "Write" }, { - "CIMType": "String", + "CIMType": "string[]", + "Name": "Members", + "Option": "Write" + }, + { + "CIMType": "string", "Name": "Ensure", "Option": "Write" }, @@ -35246,15 +37346,465 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, { - "ClassName": "MSFT_PlannerPlan", + "ClassName": "MSFT_O365OrgCustomizationSetting", "Parameters": [ { - "CIMType": "string", - "Name": "Title", + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_O365OrgSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "AppsAndServicesIsAppAndServicesTrialEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AppsAndServicesIsOfficeStoreEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "CortanaEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsBingImageSearchEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsExternalSendFormEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsExternalShareCollaborationEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsExternalShareResultEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsExternalShareTemplateEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsInOrgFormsPhishingScanEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FormsIsRecordIdentityByDefaultEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "M365WebEnableUsersToOpenFilesFrom3PStorage", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "MicrosoftVivaBriefingEmail", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "VivaInsightsWebExperience", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "VivaInsightsDigestEmail", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "VivaInsightsOutlookAddInAndInlineSuggestions", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "VivaInsightsScheduleSendSuggestions", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PlannerAllowCalendarSharing", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ToDoIsExternalJoinEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ToDoIsExternalShareEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ToDoIsPushNotificationEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AdminCenterReportDisplayConcealedNames", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "InstallationOptionsUpdateChannel", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "InstallationOptionsAppsForWindows", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "InstallationOptionsAppsForMac", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_O365SearchAndIntelligenceConfigurations", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "ItemInsightsIsEnabledInOrganization", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ItemInsightsDisabledForGroup", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PersonInsightsIsEnabledInOrganization", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PersonInsightsDisabledForGroup", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_ODSettings", + "Parameters": [ + { + "CIMType": "string", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "uint32", + "Name": "OneDriveStorageQuota", + "Option": "Write" + }, + { + "CIMType": "uint32", + "Name": "OrphanedPersonalSitesRetentionPeriod", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "OneDriveForGuestsEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "NotifyOwnersWhenInvitationsAccepted", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "NotificationsInOneDriveForBusinessEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ODBMembersCanShare", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ODBAccessRequests", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "BlockMacSync", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DisableReportProblemDialog", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "TenantRestrictionEnabled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DomainGuids", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExcludedFileExtensions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "GrooveBlockOption", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_PlannerBucket", + "Parameters": [ + { + "CIMType": "string", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "PlanId", + "Option": "Key" + }, + { + "CIMType": "string", + "Name": "BucketId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_PlannerPlan", + "Parameters": [ + { + "CIMType": "string", + "Name": "Title", "Option": "Key" }, { @@ -36284,97 +38834,2222 @@ }, { "CIMType": "String", - "Name": "Comment", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "PublicFolderLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SharePointLocation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCCaseHoldRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Policy", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ContentMatchQuery", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Disabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCComplianceCase", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Status", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCComplianceSearch", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Case", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowNotFoundExchangeLocationsEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ContentMatchQuery", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeLocationExclusion", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "HoldNames", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IncludeUserAppContent", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Language", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "PublicFolderLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SharePointLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SharePointLocationExclusion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCComplianceSearchAction", + "Parameters": [ + { + "CIMType": "String", + "Name": "Action", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "SearchName", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "FileTypeExclusionsForUnindexedItems", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EnableDedupe", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IncludeCredential", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IncludeSharePointDocumentVersions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PurgeType", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RetryOnError", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ActionScope", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanProperty", + "Parameters": [ + { + "CIMType": "String", + "Name": "FilePlanPropertyDepartment", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FilePlanPropertyAuthority", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FilePlanPropertyCategory", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FilePlanPropertyCitation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FilePlanPropertyReferenceId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FilePlanPropertySubCategory", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCComplianceTag", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EventType", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsRecordLabel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Notes", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Regulatory", + "Option": "Write" + }, + { + "CIMType": "MSFT_SCFilePlanProperty", + "Name": "FilePlanProperty", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ReviewerEmail", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RetentionDuration", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RetentionAction", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RetentionType", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDeviceConditionalAccessPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDeviceConditionalAccessRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Policy", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "TargetGroups", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountUserName", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowAppStore", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowAssistantWhileLocked", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowConvenienceLogon", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowDiagnosticSubmission", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudBackup", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudDocSync", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudPhotoSync", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowJailbroken", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowPassbookWhileLocked", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowScreenshot", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowSimplePassword", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVideoConferencing", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVoiceAssistant", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVoiceDialing", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "AntiVirusSignatureStatus", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "AntiVirusStatus", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppsRating", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AutoUpdateStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "BluetoothEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "CameraEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EmailAddress", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EnableRemovableStorage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ExchangeActiveSyncHost", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FirewallStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ForceAppStorePassword", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ForceEncryptedBackup", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MaxPasswordAttemptsBeforeWipe", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MaxPasswordGracePeriod", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MoviesRating", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordComplexity", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordExpirationDays", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordHistoryCount", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordMinComplexChars", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordMinimumLength", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordQuality", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PasswordRequired", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PasswordTimeout", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PhoneMemoryEncrypted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RegionRatings", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequireEmailProfile", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SmartScreenEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SystemSecurityTLS", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TVShowsRating", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControlStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "WLANEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkFoldersSyncUrl", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDeviceConfigurationPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDeviceConfigurationRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Policy", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "TargetGroups", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountUserName", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowAppStore", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowAssistantWhileLocked", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowConvenienceLogon", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowDiagnosticSubmission", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudBackup", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudDocSync", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowiCloudPhotoSync", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowPassbookWhileLocked", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowScreenshot", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowSimplePassword", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVideoConferencing", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVoiceAssistant", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowVoiceDialing", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "AntiVirusSignatureStatus", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "AntiVirusStatus", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppsRating", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AutoUpdateStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "BluetoothEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "CameraEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EmailAddress", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EnableRemovableStorage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ExchangeActiveSyncHost", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "FirewallStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ForceAppStorePassword", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ForceEncryptedBackup", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MaxPasswordAttemptsBeforeWipe", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "MaxPasswordGracePeriod", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MoviesRating", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordComplexity", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordExpirationDays", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordHistoryCount", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordMinComplexChars", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordMinimumLength", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PasswordQuality", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PasswordRequired", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PasswordTimeout", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PhoneMemoryEncrypted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RegionRatings", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequireEmailProfile", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SmartScreenEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SystemSecurityTLS", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TVShowsRating", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControlStatus", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "WLANEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkFoldersSyncUrl", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDLPCompliancePolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "EndpointDlpLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "EndpointDlpLocationException", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "OnPremisesScannerDlpLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "OnPremisesScannerDlpLocationException", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "PowerBIDlpLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "PowerBIDlpLocationException", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ThirdPartyAppDlpLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ThirdPartyAppDlpLocationException", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeSenderMemberOf", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExchangeSenderMemberOfException", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Mode", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "OneDriveLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "OneDriveLocationException", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "Priority", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SharePointLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SharePointLocationException", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "TeamsLocation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "TeamsLocationException", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCDLPComplianceRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Policy", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "AccessScope", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "BlockAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockAccessScope", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Comment", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AdvancedRule", + "Option": "Write" + }, + { + "CIMType": "MSFT_SCDLPContainsSensitiveInformation", + "Name": "ContentContainsSensitiveInformation", + "Option": "Write" + }, + { + "CIMType": "MSFT_SCDLPContainsSensitiveInformation", + "Name": "ExceptIfContentContainsSensitiveInformation", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ContentPropertyContainsWords", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Disabled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "GenerateAlert", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "GenerateIncidentReport", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "IncidentReportContent", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "NotifyAllowOverride", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotifyEmailCustomText", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotifyPolicyTipCustomText", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "NotifyUser", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ReportSeverityLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RuleErrorAction", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AnyOfRecipientAddressContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AnyOfRecipientAddressMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RemoveRMSTemplate", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "StopPolicyProcessing", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DocumentIsUnsupported", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ExceptIfDocumentIsUnsupported", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HasSenderOverride", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ExceptIfHasSenderOverride", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ProcessingLimitExceeded", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ExceptIfProcessingLimitExceeded", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DocumentIsPasswordProtected", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ExceptIfDocumentIsPasswordProtected", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "MessageTypeMatches", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "FromScope", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfFromScope", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SubjectContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SubjectMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SubjectOrBodyContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SubjectOrBodyMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ContentCharacterSetContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DocumentNameMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DocumentNameMatchesWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfAnyOfRecipientAddressContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfAnyOfRecipientAddressMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfContentCharacterSetContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfContentPropertyContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfDocumentNameMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfDocumentNameMatchesWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfFromAddressContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfFromAddressMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "FromAddressContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "FromAddressMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfMessageTypeMatches", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RecipientDomainIs", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfRecipientDomainIs", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSenderDomainIs", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSenderIPRanges", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSentTo", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSubjectContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSubjectMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSubjectOrBodyContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfSubjectOrBodyMatchesPatterns", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DocumentContainsWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SentToMemberOf", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ContentIsNotLabeled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "SetHeader", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ContentExtensionMatchesWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExceptIfContentExtensionMatchesWords", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertyAuthority", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertyCategory", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertyCitation", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "CitationUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CitationJurisdiction", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertyDepartment", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertyReferenceId", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCFilePlanPropertySubCategory", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Category", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCInsiderRiskEntityListDomain", + "Parameters": [ + { + "CIMType": "String", + "Name": "Dmn", + "Option": "Required" + }, + { + "CIMType": "Boolean", + "Name": "isMLSubDmn", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCInsiderRiskEntityListSite", + "Parameters": [ + { + "CIMType": "String", + "Name": "Url", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Guid", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SCInsiderRiskEntityList", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "ListType", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "Enabled", + "CIMType": "MSFT_SCInsiderRiskEntityListDomain[]", + "Name": "Domains", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExchangeLocation", + "Name": "FilePaths", "Option": "Write" }, { "CIMType": "String[]", - "Name": "PublicFolderLocation", + "Name": "FileTypes", "Option": "Write" }, { "CIMType": "String[]", - "Name": "SharePointLocation", + "Name": "Keywords", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "SensitiveInformationTypes", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "MSFT_SCInsiderRiskEntityListSite[]", + "Name": "Sites", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "String[]", + "Name": "TrainableClassifiers", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "String[]", + "Name": "ExceptionKeyworkGroups", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "String[]", + "Name": "ExcludedClassifierGroups", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "String[]", + "Name": "ExcludedDomainGroups", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "String[]", + "Name": "ExcludedFilePathGroups", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "ExcludedFileTypeGroups", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCCaseHoldRule", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Policy", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "String[]", + "Name": "ExcludedKeyworkGroups", "Option": "Write" }, { - "CIMType": "String", - "Name": "ContentMatchQuery", + "CIMType": "String[]", + "Name": "ExcludedSensitiveInformationTypeGroups", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "Disabled", + "CIMType": "String[]", + "Name": "ExcludedSiteGroups", "Option": "Write" }, { @@ -36403,13 +41078,8 @@ "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { @@ -36420,1066 +41090,996 @@ ] }, { - "ClassName": "MSFT_SCComplianceCase", + "ClassName": "MSFT_SCInsiderRiskPolicy", "Parameters": [ { - "CIMType": "String", + "CIMType": "string", "Name": "Name", "Option": "Key" }, { - "CIMType": "String", - "Name": "Description", - "Option": "Write" + "CIMType": "string", + "Name": "InsiderRiskScenario", + "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "Anonymization", "Option": "Write" }, { - "CIMType": "String", - "Name": "Status", + "CIMType": "Boolean", + "Name": "DLPUserRiskSync", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "OptInIRMDataExport", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "RaiseAuditAlert", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "FileVolCutoffLimits", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "AlertVolume", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "AnomalyDetections", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "CopyToPersonalCloud", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "CopyToUSB", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCComplianceSearch", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Case", + "CIMType": "Boolean", + "Name": "CumulativeExfiltrationDetector", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AllowNotFoundExchangeLocationsEnabled", + "Name": "EmailExternal", "Option": "Write" }, { - "CIMType": "String", - "Name": "ContentMatchQuery", + "CIMType": "Boolean", + "Name": "EmployeeAccessedEmployeePatientData", "Option": "Write" }, { - "CIMType": "String", - "Name": "Description", + "CIMType": "Boolean", + "Name": "EmployeeAccessedFamilyData", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExchangeLocation", + "CIMType": "Boolean", + "Name": "EmployeeAccessedHighVolumePatientData", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExchangeLocationExclusion", + "CIMType": "Boolean", + "Name": "EmployeeAccessedNeighbourData", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "HoldNames", + "CIMType": "Boolean", + "Name": "EmployeeAccessedRestrictedData", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IncludeUserAppContent", + "Name": "EpoBrowseToChildAbuseSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "Language", + "CIMType": "Boolean", + "Name": "EpoBrowseToCriminalActivitySites", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "PublicFolderLocation", + "CIMType": "Boolean", + "Name": "EpoBrowseToCultSites", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SharePointLocation", + "CIMType": "Boolean", + "Name": "EpoBrowseToGamblingSites", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SharePointLocationExclusion", + "CIMType": "Boolean", + "Name": "EpoBrowseToHackingSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "EpoBrowseToHateIntoleranceSites", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "EpoBrowseToIllegalSoftwareSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "EpoBrowseToKeyloggerSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "EpoBrowseToLlmSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "EpoBrowseToMalwareSites", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "EpoBrowseToPhishingSites", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "EpoBrowseToPornographySites", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "EpoBrowseToUnallowedDomain", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCComplianceSearchAction", - "Parameters": [ - { - "CIMType": "String", - "Name": "Action", - "Option": "Key" }, { - "CIMType": "String", - "Name": "SearchName", - "Option": "Key" + "CIMType": "Boolean", + "Name": "EpoBrowseToViolenceSites", + "Option": "Write" }, { - "CIMType": "String[]", - "Name": "FileTypeExclusionsForUnindexedItems", + "CIMType": "Boolean", + "Name": "EpoCopyToClipboardFromSensitiveFile", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "EnableDedupe", + "Name": "EpoCopyToNetworkShare", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IncludeCredential", + "Name": "EpoFileArchived", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IncludeSharePointDocumentVersions", + "Name": "EpoFileCopiedToRemoteDesktopSession", "Option": "Write" }, { - "CIMType": "String", - "Name": "PurgeType", + "CIMType": "Boolean", + "Name": "EpoFileDeleted", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "RetryOnError", + "Name": "EpoFileDownloadedFromBlacklistedDomain", "Option": "Write" }, { - "CIMType": "String", - "Name": "ActionScope", + "CIMType": "Boolean", + "Name": "EpoFileDownloadedFromEnterpriseDomain", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "EpoFileRenamed", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "EpoFileStagedToCentralLocation", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "EpoHiddenFileCreated", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "EpoRemovableMediaMount", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "EpoSensitiveFileRead", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "Mcas3rdPartyAppDownload", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "Mcas3rdPartyAppFileDelete", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "Mcas3rdPartyAppFileSharing", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCFilePlanProperty", - "Parameters": [ + }, { - "CIMType": "String", - "Name": "FilePlanPropertyDepartment", + "CIMType": "Boolean", + "Name": "McasActivityFromInfrequentCountry", "Option": "Write" }, { - "CIMType": "String", - "Name": "FilePlanPropertyAuthority", + "CIMType": "Boolean", + "Name": "McasImpossibleTravel", "Option": "Write" }, { - "CIMType": "String", - "Name": "FilePlanPropertyCategory", + "CIMType": "Boolean", + "Name": "McasMultipleFailedLogins", "Option": "Write" }, { - "CIMType": "String", - "Name": "FilePlanPropertyCitation", + "CIMType": "Boolean", + "Name": "McasMultipleStorageDeletion", "Option": "Write" }, { - "CIMType": "String", - "Name": "FilePlanPropertyReferenceId", + "CIMType": "Boolean", + "Name": "McasMultipleVMCreation", "Option": "Write" }, { - "CIMType": "String", - "Name": "FilePlanPropertySubCategory", + "CIMType": "Boolean", + "Name": "McasMultipleVMDeletion", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCComplianceTag", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "McasSuspiciousAdminActivities", "Option": "Write" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "Boolean", + "Name": "McasSuspiciousCloudCreation", "Option": "Write" }, { - "CIMType": "String", - "Name": "EventType", + "CIMType": "Boolean", + "Name": "McasSuspiciousCloudTrailLoggingChange", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IsRecordLabel", + "Name": "McasTerminatedEmployeeActivity", "Option": "Write" }, { - "CIMType": "String", - "Name": "Notes", + "CIMType": "Boolean", + "Name": "OdbDownload", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "Regulatory", + "Name": "OdbSyncDownload", "Option": "Write" }, { - "CIMType": "MSFT_SCFilePlanProperty", - "Name": "FilePlanProperty", + "CIMType": "Boolean", + "Name": "PeerCumulativeExfiltrationDetector", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ReviewerEmail", + "CIMType": "Boolean", + "Name": "PhysicalAccess", "Option": "Write" }, { - "CIMType": "String", - "Name": "RetentionDuration", + "CIMType": "Boolean", + "Name": "PotentialHighImpactUser", "Option": "Write" }, { - "CIMType": "String", - "Name": "RetentionAction", + "CIMType": "Boolean", + "Name": "Print", "Option": "Write" }, { - "CIMType": "String", - "Name": "RetentionType", + "CIMType": "Boolean", + "Name": "PriorityUserGroupMember", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "SecurityAlertDefenseEvasion", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "SecurityAlertUnwantedSoftware", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "SpoAccessRequest", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "SpoApprovedAccess", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "SpoDownload", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "SpoDownloadV2", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "SpoFileAccessed", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCDeviceConditionalAccessPolicy", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "SpoFileDeleted", "Option": "Write" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "Boolean", + "Name": "SpoFileDeletedFromFirstStageRecycleBin", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "Enabled", + "Name": "SpoFileDeletedFromSecondStageRecycleBin", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "SpoFileLabelDowngraded", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "SpoFileLabelRemoved", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "SpoFileSharing", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "SpoFolderDeleted", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "SpoFolderDeletedFromFirstStageRecycleBin", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "SpoFolderDeletedFromSecondStageRecycleBin", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "SpoFolderSharing", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCDeviceConfigurationPolicy", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "SpoSiteExternalUserAdded", "Option": "Write" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "Boolean", + "Name": "SpoSiteInternalUserAdded", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "Enabled", + "Name": "SpoSiteLabelRemoved", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "SpoSiteSharing", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "SpoSyncDownload", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "TeamsChannelFileSharedExternal", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "TeamsChannelMemberAddedExternal", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "TeamsChatFileSharedExternal", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "TeamsFileDownload", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "TeamsFolderSharedExternal", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCDLPCompliancePolicy", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "Boolean", + "Name": "TeamsMemberAddedExternal", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "EndpointDlpLocation", + "CIMType": "Boolean", + "Name": "TeamsSensitiveMessage", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "EndpointDlpLocationException", + "CIMType": "Boolean", + "Name": "UserHistory", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "OnPremisesScannerDlpLocation", + "CIMType": "Boolean", + "Name": "AWSS3BlockPublicAccessDisabled", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "OnPremisesScannerDlpLocationException", + "CIMType": "Boolean", + "Name": "AWSS3BucketDeleted", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "PowerBIDlpLocation", + "CIMType": "Boolean", + "Name": "AWSS3PublicAccessEnabled", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "PowerBIDlpLocationException", + "CIMType": "Boolean", + "Name": "AWSS3ServerLoggingDisabled", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ThirdPartyAppDlpLocation", + "CIMType": "Boolean", + "Name": "AzureElevateAccessToAllSubscriptions", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ThirdPartyAppDlpLocationException", + "CIMType": "Boolean", + "Name": "AzureResourceThreatProtectionSettingsUpdated", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExchangeLocation", + "CIMType": "Boolean", + "Name": "AzureSQLServerAuditingSettingsUpdated", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExchangeSenderMemberOf", + "CIMType": "Boolean", + "Name": "AzureSQLServerFirewallRuleDeleted", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExchangeSenderMemberOfException", + "CIMType": "Boolean", + "Name": "AzureSQLServerFirewallRuleUpdated", "Option": "Write" }, { - "CIMType": "String", - "Name": "Mode", + "CIMType": "Boolean", + "Name": "AzureStorageAccountOrContainerDeleted", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "OneDriveLocation", + "CIMType": "Boolean", + "Name": "BoxContentAccess", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "OneDriveLocationException", + "CIMType": "Boolean", + "Name": "BoxContentDelete", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "Priority", + "CIMType": "Boolean", + "Name": "BoxContentDownload", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SharePointLocation", + "CIMType": "Boolean", + "Name": "BoxContentExternallyShared", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SharePointLocationException", + "CIMType": "Boolean", + "Name": "CCFinancialRegulatoryRiskyTextSent", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "TeamsLocation", + "CIMType": "Boolean", + "Name": "CCInappropriateContentSent", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "TeamsLocationException", + "CIMType": "Boolean", + "Name": "CCInappropriateImagesSent", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "Boolean", + "Name": "DropboxContentAccess", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "DropboxContentDelete", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "DropboxContentDownload", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "Boolean", + "Name": "DropboxContentExternallyShared", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "GoogleDriveContentAccess", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "GoogleDriveContentDelete", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "GoogleDriveContentExternallyShared", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "Boolean", + "Name": "PowerBIDashboardsDeleted", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCDLPComplianceRule", - "Parameters": [ + }, { - "CIMType": "String", - "Name": "Name", - "Option": "Key" + "CIMType": "Boolean", + "Name": "PowerBIReportsDeleted", + "Option": "Write" }, { - "CIMType": "String", - "Name": "Policy", - "Option": "Required" + "CIMType": "Boolean", + "Name": "PowerBIReportsDownloaded", + "Option": "Write" }, { - "CIMType": "String", - "Name": "AccessScope", + "CIMType": "Boolean", + "Name": "PowerBIReportsExported", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "BlockAccess", + "Name": "PowerBIReportsViewed", "Option": "Write" }, { - "CIMType": "String", - "Name": "BlockAccessScope", + "CIMType": "Boolean", + "Name": "PowerBISemanticModelsDeleted", "Option": "Write" }, { - "CIMType": "String", - "Name": "Comment", + "CIMType": "Boolean", + "Name": "PowerBISensitivityLabelDowngradedForArtifacts", "Option": "Write" }, { - "CIMType": "String", - "Name": "AdvancedRule", + "CIMType": "Boolean", + "Name": "PowerBISensitivityLabelRemovedFromArtifacts", "Option": "Write" }, { - "CIMType": "MSFT_SCDLPContainsSensitiveInformation", - "Name": "ContentContainsSensitiveInformation", + "CIMType": "String", + "Name": "HistoricTimeSpan", "Option": "Write" }, { - "CIMType": "MSFT_SCDLPContainsSensitiveInformation", - "Name": "ExceptIfContentContainsSensitiveInformation", + "CIMType": "String", + "Name": "InScopeTimeSpan", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ContentPropertyContainsWords", + "CIMType": "Boolean", + "Name": "EnableTeam", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "Disabled", + "Name": "AnalyticsNewInsightEnabled", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "GenerateAlert", + "CIMType": "Boolean", + "Name": "AnalyticsTurnedOffEnabled", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "GenerateIncidentReport", + "CIMType": "Boolean", + "Name": "HighSeverityAlertsEnabled", "Option": "Write" }, { "CIMType": "String[]", - "Name": "IncidentReportContent", + "Name": "HighSeverityAlertsRoleGroups", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "NotifyAllowOverride", + "CIMType": "Boolean", + "Name": "PoliciesHealthEnabled", "Option": "Write" }, { - "CIMType": "String", - "Name": "NotifyEmailCustomText", + "CIMType": "String[]", + "Name": "PoliciesHealthRoleGroups", "Option": "Write" }, { - "CIMType": "String", - "Name": "NotifyPolicyTipCustomText", + "CIMType": "Boolean", + "Name": "NotificationDetailsEnabled", "Option": "Write" }, { "CIMType": "String[]", - "Name": "NotifyUser", + "Name": "NotificationDetailsRoleGroups", "Option": "Write" }, { - "CIMType": "String", - "Name": "ReportSeverityLevel", + "CIMType": "Boolean", + "Name": "ClipDeletionEnabled", "Option": "Write" }, { - "CIMType": "String", - "Name": "RuleErrorAction", + "CIMType": "Boolean", + "Name": "SessionRecordingEnabled", "Option": "Write" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "RecordingTimeframePreEventInSec", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "RecordingTimeframePostEventInSec", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "BandwidthCapInMb", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "OfflineRecordingStorageLimitInMb", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "Boolean", + "Name": "AdaptiveProtectionEnabled", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionHighProfileSourceType", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionHighProfileConfirmedIssueSeverity", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AnyOfRecipientAddressContainsWords", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionHighProfileGeneratedIssueSeverity", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AnyOfRecipientAddressMatchesPatterns", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionHighProfileInsightSeverity", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "RemoveRMSTemplate", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionHighProfileInsightCount", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "StopPolicyProcessing", + "CIMType": "String[]", + "Name": "AdaptiveProtectionHighProfileInsightTypes", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "DocumentIsUnsupported", + "Name": "AdaptiveProtectionHighProfileConfirmedIssue", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ExceptIfDocumentIsUnsupported", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionMediumProfileSourceType", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HasSenderOverride", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionMediumProfileConfirmedIssueSeverity", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ExceptIfHasSenderOverride", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionMediumProfileGeneratedIssueSeverity", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ProcessingLimitExceeded", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionMediumProfileInsightSeverity", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ExceptIfProcessingLimitExceeded", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionMediumProfileInsightCount", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "DocumentIsPasswordProtected", + "CIMType": "String[]", + "Name": "AdaptiveProtectionMediumProfileInsightTypes", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ExceptIfDocumentIsPasswordProtected", + "Name": "AdaptiveProtectionMediumProfileConfirmedIssue", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "MessageTypeMatches", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionLowProfileSourceType", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "FromScope", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionLowProfileConfirmedIssueSeverity", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfFromScope", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionLowProfileGeneratedIssueSeverity", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SubjectContainsWords", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionLowProfileInsightSeverity", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SubjectMatchesPatterns", + "CIMType": "UInt32", + "Name": "AdaptiveProtectionLowProfileInsightCount", "Option": "Write" }, { "CIMType": "String[]", - "Name": "SubjectOrBodyContainsWords", + "Name": "AdaptiveProtectionLowProfileInsightTypes", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "SubjectOrBodyMatchesPatterns", + "CIMType": "Boolean", + "Name": "AdaptiveProtectionLowProfileConfirmedIssue", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ContentCharacterSetContainsWords", + "CIMType": "Boolean", + "Name": "RetainSeverityAfterTriage", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "DocumentNameMatchesPatterns", + "CIMType": "UInt32", + "Name": "LookbackTimeSpan", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "DocumentNameMatchesWords", + "CIMType": "UInt32", + "Name": "ProfileInScopeTimeSpan", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfAnyOfRecipientAddressContainsWords", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfAnyOfRecipientAddressMatchesPatterns", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfContentCharacterSetContainsWords", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfContentPropertyContainsWords", + "CIMType": "String", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfDocumentNameMatchesPatterns", + "CIMType": "String", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfDocumentNameMatchesWords", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfFromAddressContainsWords", + "Name": "AccessTokens", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_SCLabelSetting", + "Parameters": [ { - "CIMType": "String[]", - "Name": "ExceptIfFromAddressMatchesPatterns", + "CIMType": "String", + "Name": "Key", "Option": "Write" }, { "CIMType": "String[]", - "Name": "FromAddressContainsWords", + "Name": "Value", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_SCLabelPolicy", + "Parameters": [ { - "CIMType": "String[]", - "Name": "FromAddressMatchesPatterns", - "Option": "Write" + "CIMType": "String", + "Name": "Name", + "Option": "Key" }, { - "CIMType": "String[]", - "Name": "ExceptIfMessageTypeMatches", + "CIMType": "String", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "RecipientDomainIs", + "CIMType": "String", + "Name": "Comment", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "ExceptIfRecipientDomainIs", + "CIMType": "MSFT_SCLabelSetting[]", + "Name": "AdvancedSettings", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSenderDomainIs", + "Name": "ExchangeLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSenderIPRanges", + "Name": "ExchangeLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSentTo", + "Name": "ModernGroupLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSubjectContainsWords", + "Name": "ModernGroupLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSubjectMatchesPatterns", + "Name": "Labels", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSubjectOrBodyContainsWords", + "Name": "AddExchangeLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfSubjectOrBodyMatchesPatterns", + "Name": "AddExchangeLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "DocumentContainsWords", + "Name": "AddModernGroupLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "SentToMemberOf", + "Name": "AddModernGroupLocationException", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ContentIsNotLabeled", + "CIMType": "String[]", + "Name": "AddLabels", "Option": "Write" }, { "CIMType": "String[]", - "Name": "SetHeader", + "Name": "RemoveExchangeLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ContentExtensionMatchesWords", + "Name": "RemoveExchangeLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExceptIfContentExtensionMatchesWords", + "Name": "RemoveModernGroupLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "RemoveModernGroupLocationException", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCFilePlanPropertyAuthority", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "RemoveLabels", "Option": "Write" }, { @@ -37520,176 +42120,131 @@ ] }, { - "ClassName": "MSFT_SCFilePlanPropertyCategory", + "ClassName": "MSFT_SCProtectionAlert", "Parameters": [ { - "CIMType": "String", - "Name": "Name", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "AlertBy", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String[]", + "Name": "AlertFor", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "AggregationType", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "Category", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "Comment", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "Boolean", + "Name": "Disabled", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "Ensure", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCFilePlanPropertyCitation", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { "CIMType": "String", - "Name": "CitationUrl", + "Name": "Filter", "Option": "Write" }, { "CIMType": "String", - "Name": "CitationJurisdiction", - "Option": "Write" + "Name": "Name", + "Option": "Key" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "NotificationCulture", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "Boolean", + "Name": "NotificationEnabled", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "Boolean", + "Name": "NotifyUserOnFilterMatch", "Option": "Write" }, { - "CIMType": "String", - "Name": "TenantId", + "CIMType": "DateTime", + "Name": "NotifyUserSuppressionExpiryDate", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificateThumbprint", + "CIMType": "UInt32", + "Name": "NotifyUserThrottleThreshold", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "UInt32", + "Name": "NotifyUserThrottleWindow", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "String[]", + "Name": "NotifyUser", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "Operation", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCFilePlanPropertyDepartment", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "String[]", + "Name": "PrivacyManagementScopedSensitiveInformationTypes", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String[]", + "Name": "PrivacyManagementScopedSensitiveInformationTypesForCounting", "Option": "Write" }, { - "CIMType": "String", - "Name": "ApplicationId", + "CIMType": "UInt64", + "Name": "PrivacyManagementScopedSensitiveInformationTypesThreshold", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "Severity", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "ThreatType", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "UInt32", + "Name": "Threshold", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "UInt32", + "Name": "TimeWindow", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCFilePlanPropertyReferenceId", - "Parameters": [ - { - "CIMType": "String", - "Name": "Name", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Ensure", + "CIMType": "UInt32", + "Name": "VolumeThreshold", "Option": "Write" }, { @@ -37730,21 +42285,31 @@ ] }, { - "ClassName": "MSFT_SCFilePlanPropertySubCategory", + "ClassName": "MSFT_SCRecordReviewNotificationTemplateConfig", "Parameters": [ { "CIMType": "String", - "Name": "Name", + "Name": "IsSingleInstance", "Option": "Key" }, { "CIMType": "String", - "Name": "Category", - "Option": "Required" + "Name": "CustomizedNotificationDataString", + "Option": "Write" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "CustomizedReminderDataString", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsCustomizedNotificationTemplate", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsCustomizedReminderTemplate", "Option": "Write" }, { @@ -37768,13 +42333,8 @@ "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { @@ -37785,22 +42345,7 @@ ] }, { - "ClassName": "MSFT_SCLabelSetting", - "Parameters": [ - { - "CIMType": "String", - "Name": "Key", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "Value", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_SCLabelPolicy", + "ClassName": "MSFT_SCRetentionCompliancePolicy", "Parameters": [ { "CIMType": "String", @@ -37818,8 +42363,13 @@ "Option": "Write" }, { - "CIMType": "MSFT_SCLabelSetting[]", - "Name": "AdvancedSettings", + "CIMType": "String[]", + "Name": "DynamicScopeLocation", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", "Option": "Write" }, { @@ -37844,57 +42394,62 @@ }, { "CIMType": "String[]", - "Name": "Labels", + "Name": "OneDriveLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AddExchangeLocation", + "Name": "OneDriveLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AddExchangeLocationException", + "Name": "PublicFolderLocation", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RestrictiveRetention", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AddModernGroupLocation", + "Name": "SharePointLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AddModernGroupLocationException", + "Name": "SharePointLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "AddLabels", + "Name": "SkypeLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "RemoveExchangeLocation", + "Name": "SkypeLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "RemoveExchangeLocationException", + "Name": "TeamsChannelLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "RemoveModernGroupLocation", + "Name": "TeamsChannelLocationException", "Option": "Write" }, { "CIMType": "String[]", - "Name": "RemoveModernGroupLocationException", + "Name": "TeamsChatLocation", "Option": "Write" }, { "CIMType": "String[]", - "Name": "RemoveLabels", + "Name": "TeamsChatLocationException", "Option": "Write" }, { @@ -37935,37 +42490,17 @@ ] }, { - "ClassName": "MSFT_SCProtectionAlert", + "ClassName": "MSFT_SCRetentionComplianceRule", "Parameters": [ - { - "CIMType": "String[]", - "Name": "AlertBy", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AlertFor", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "AggregationType", - "Option": "Write" - }, { "CIMType": "String", - "Name": "Category", - "Option": "Write" + "Name": "Name", + "Option": "Key" }, { "CIMType": "String", - "Name": "Comment", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "Disabled", - "Option": "Write" + "Name": "Policy", + "Option": "Required" }, { "CIMType": "String", @@ -37974,92 +42509,37 @@ }, { "CIMType": "String", - "Name": "Filter", + "Name": "Comment", "Option": "Write" }, { "CIMType": "String", - "Name": "Name", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "NotificationCulture", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "NotificationEnabled", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "NotifyUserOnFilterMatch", - "Option": "Write" - }, - { - "CIMType": "DateTime", - "Name": "NotifyUserSuppressionExpiryDate", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "NotifyUserThrottleThreshold", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "NotifyUserThrottleWindow", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "NotifyUser", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "Operation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "PrivacyManagementScopedSensitiveInformationTypes", + "Name": "ExpirationDateOption", "Option": "Write" }, { "CIMType": "String[]", - "Name": "PrivacyManagementScopedSensitiveInformationTypesForCounting", - "Option": "Write" - }, - { - "CIMType": "UInt64", - "Name": "PrivacyManagementScopedSensitiveInformationTypesThreshold", + "Name": "ExcludedItemClasses", "Option": "Write" }, { "CIMType": "String", - "Name": "Severity", + "Name": "ContentMatchQuery", "Option": "Write" }, { "CIMType": "String", - "Name": "ThreatType", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "Threshold", + "Name": "RetentionComplianceAction", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "TimeWindow", + "CIMType": "String", + "Name": "RetentionDuration", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "VolumeThreshold", + "CIMType": "String", + "Name": "RetentionDurationDisplayHint", "Option": "Write" }, { @@ -38100,7 +42580,7 @@ ] }, { - "ClassName": "MSFT_SCRetentionCompliancePolicy", + "ClassName": "MSFT_SCRetentionEventType", "Parameters": [ { "CIMType": "String", @@ -38117,96 +42597,6 @@ "Name": "Comment", "Option": "Write" }, - { - "CIMType": "String[]", - "Name": "DynamicScopeLocation", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "Enabled", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "ExchangeLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "ExchangeLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "ModernGroupLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "ModernGroupLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "OneDriveLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "OneDriveLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "PublicFolderLocation", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "RestrictiveRetention", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "SharePointLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "SharePointLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "SkypeLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "SkypeLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "TeamsChannelLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "TeamsChannelLocationException", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "TeamsChatLocation", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "TeamsChatLocationException", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -38245,7 +42635,7 @@ ] }, { - "ClassName": "MSFT_SCRetentionComplianceRule", + "ClassName": "MSFT_SCRoleGroup", "Parameters": [ { "CIMType": "String", @@ -38254,47 +42644,22 @@ }, { "CIMType": "String", - "Name": "Policy", - "Option": "Required" - }, - { - "CIMType": "String", - "Name": "Ensure", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Comment", + "Name": "DisplayName", "Option": "Write" }, { "CIMType": "String", - "Name": "ExpirationDateOption", + "Name": "Description", "Option": "Write" }, { "CIMType": "String[]", - "Name": "ExcludedItemClasses", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ContentMatchQuery", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "RetentionComplianceAction", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "RetentionDuration", + "Name": "Roles", "Option": "Write" }, { "CIMType": "String", - "Name": "RetentionDurationDisplayHint", + "Name": "Ensure", "Option": "Write" }, { @@ -38327,6 +42692,11 @@ "Name": "CertificatePath", "Option": "Write" }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, { "CIMType": "String[]", "Name": "AccessTokens", @@ -38335,7 +42705,7 @@ ] }, { - "ClassName": "MSFT_SCRetentionEventType", + "ClassName": "MSFT_SCRoleGroupMember", "Parameters": [ { "CIMType": "String", @@ -38344,12 +42714,17 @@ }, { "CIMType": "String", - "Name": "Ensure", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "Members", "Option": "Write" }, { "CIMType": "String", - "Name": "Comment", + "Name": "Ensure", "Option": "Write" }, { @@ -38390,13 +42765,23 @@ ] }, { - "ClassName": "MSFT_SCRoleGroup", + "ClassName": "MSFT_SCSecurityFilter", "Parameters": [ { "CIMType": "String", - "Name": "Name", + "Name": "FilterName", "Option": "Key" }, + { + "CIMType": "String", + "Name": "Action", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "Users", + "Option": "Write" + }, { "CIMType": "String", "Name": "Description", @@ -38404,12 +42789,12 @@ }, { "CIMType": "String[]", - "Name": "Roles", + "Name": "Filters", "Option": "Write" }, { "CIMType": "String", - "Name": "Ensure", + "Name": "Region", "Option": "Write" }, { @@ -38433,18 +42818,18 @@ "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "CIMType": "String", + "Name": "CertificatePath", "Option": "Write" }, { - "CIMType": "String", - "Name": "CertificatePath", + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "String", + "Name": "Ensure", "Option": "Write" }, { @@ -38455,137 +42840,97 @@ ] }, { - "ClassName": "MSFT_SCRoleGroupMember", + "ClassName": "MSFT_SCSLSensitiveInformationType", "Parameters": [ { "CIMType": "String", - "Name": "Name", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Description", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "Members", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Ensure", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "Credential", - "Option": "Write" + "Name": "name", + "Option": "Required" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "confidencelevel", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "classifiertype", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "mincount", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificatePath", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", + "Name": "maxcount", "Option": "Write" } ] }, { - "ClassName": "MSFT_SCSecurityFilter", + "ClassName": "MSFT_SCSLTrainableClassifiers", "Parameters": [ { "CIMType": "String", - "Name": "FilterName", - "Option": "Key" + "Name": "name", + "Option": "Required" }, { "CIMType": "String", - "Name": "Action", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "Users", + "Name": "id", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_SCSLSensitiveInformationGroup", + "Parameters": [ { - "CIMType": "String", - "Name": "Description", + "CIMType": "MSFT_SCSLSensitiveInformationType[]", + "Name": "SensitiveInformationType", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "Filters", + "CIMType": "MSFT_SCSLTrainableClassifiers[]", + "Name": "TrainableClassifier", "Option": "Write" }, { "CIMType": "String", - "Name": "Region", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "Credential", - "Option": "Write" + "Name": "Name", + "Option": "Required" }, { "CIMType": "String", - "Name": "ApplicationId", - "Option": "Write" - }, + "Name": "Operator", + "Option": "Required" + } + ] + }, + { + "ClassName": "MSFT_SCSLAutoLabelingSettings", + "Parameters": [ { - "CIMType": "String", - "Name": "TenantId", - "Option": "Write" + "CIMType": "MSFT_SCSLSensitiveInformationGroup[]", + "Name": "Groups", + "Option": "Required" }, { "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" + "Name": "Operator", + "Option": "Required" }, { "CIMType": "String", - "Name": "CertificatePath", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "CertificatePassword", + "Name": "PolicyTip", "Option": "Write" }, { "CIMType": "String", - "Name": "Ensure", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" + "Name": "AutoApplyType", + "Option": "Required" } ] }, @@ -38827,6 +43172,11 @@ "Name": "SiteAndGroupExternalSharingControlType", "Option": "Write" }, + { + "CIMType": "MSFT_SCSLAutoLabelingSettings", + "Name": "AutoLabelingSettings", + "Option": "Write" + }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -38989,6 +43339,251 @@ } ] }, + { + "ClassName": "MSFT_SCUnifiedAuditLogRetentionPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "Operations", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "Priority", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RecordTypes", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RetentionDuration", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "UserIds", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SentinelSetting", + "Parameters": [ + { + "CIMType": "String", + "Name": "ResourceGroupName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "WorkspaceName", + "Option": "Required" + }, + { + "CIMType": "String", + "Name": "SubscriptionId", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AnomaliesIsEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EntityAnalyticsIsEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "EyesOnIsEnabled", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "UebaDataSource", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_SentinelWatchlist", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "SubscriptionId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ResourceGroupName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WorkspaceName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SourceType", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ItemsSearchKey", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DefaultDuration", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Alias", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "NumberOfLinesToSkip", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RawContent", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_SPOAccessControlSettings", "Parameters": [ @@ -39042,6 +43637,11 @@ "Name": "EmailAttestationReAuthDays", "Option": "Write" }, + { + "CIMType": "boolean", + "Name": "EnableRestrictedAccessControl", + "Option": "Write" + }, { "CIMType": "String", "Name": "Ensure", @@ -42174,6 +46774,46 @@ } ] }, + { + "ClassName": "MSFT_TeamsComplianceRecordingApplication", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ComplianceRecordingPairedApplications", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequiredBeforeMeetingJoin", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequiredBeforeCallEstablishment", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequiredDuringMeeting", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RequiredDuringCall", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConcurrentInvitationCount", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_TeamsComplianceRecordingPolicy", "Parameters": [ @@ -42183,7 +46823,7 @@ "Option": "Key" }, { - "CIMType": "String[]", + "CIMType": "MSFT_TeamsComplianceRecordingApplication[]", "Name": "ComplianceRecordingApplications", "Option": "Write" }, diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 453d98495e..ecdccf6a86 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -245,11 +245,13 @@ function New-M365DSCResource } $templateSettings = @() + $allSettingDefinitions = $SettingsCatalogSettingTemplates.SettingDefinitions foreach ($settingTemplate in $SettingsCatalogSettingTemplates) { $templateSettings += New-SettingsCatalogSettingDefinitionSettingsFromTemplate ` -FromRoot ` - -SettingTemplate $settingTemplate + -SettingTemplate $settingTemplate ` + -AllSettingDefinitions $allSettingDefinitions } $definitionSettings = @() @@ -911,10 +913,24 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments } else { - $ParametersToFilterOut = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'WhatIf', 'Confirm') + $ParametersToFilterOut = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'WhatIf', 'Confirm', 'ProgressAction') $cmdlet = Get-Command ($cmdletVerb + "-" + $cmdletNoun) $defaultParameterSetProperties = $cmdlet.ParameterSets | Where-Object -FilterScript {$_.IsDefault} + + if ($null -eq $defaultParameterSetProperties) + { + # No default parameter set, if there is only a single parameter set then use that + if ($cmdlet.ParameterSets.Count -eq 1) + { + $defaultParameterSetProperties = $cmdlet.ParameterSets[0] + } + else + { + throw "CmdLet '$($cmdletVerb + "-" + $cmdletNoun)' does not have a default parameter set" + } + } + $properties = $defaultParameterSetProperties.Parameters | Where-Object -FilterScript {-not $ParametersToFilterOut.Contains($_.Name) -and -not $_.Name.StartsWith('MsftInternal')} #region Get longest parametername @@ -1128,6 +1144,12 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments $propertyValue = $null $propertyDriftValue = $null + + if ($null -eq $fakeValues.$key) + { + continue + } + switch ($fakeValues.$key.GetType().Name) { "String" @@ -3729,6 +3751,10 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { [Parameter(ParameterSetName = "Start")] [switch] $FromRoot, + [Parameter(Mandatory = $true)] + [System.Array] + $AllSettingDefinitions, + [Parameter(ParameterSetName = "ParseChild")] [System.String]$ParentInstanceName, @@ -3746,7 +3772,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { return New-SettingsCatalogSettingDefinitionSettingsFromTemplate ` -SettingTemplate $SettingTemplate ` -RootSettingDefinitions $RootSettingDefinitions ` - -SettingDefinitionIdPrefix $settingDefinitionIdPrefix + -SettingDefinitionIdPrefix $settingDefinitionIdPrefix ` + -AllSettingDefinitions $AllSettingDefinitions } if ($PSCmdlet.ParameterSetName -eq "ParseRoot") { @@ -3757,7 +3784,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { -SettingDefinition $RootSettingDefinition ` -SettingDefinitionIdPrefix $settingDefinitionIdPrefix ` -Level 1 ` - -ParentInstanceName "MSFT_MicrosoftGraphIntuneSettingsCatalog" + -ParentInstanceName "MSFT_MicrosoftGraphIntuneSettingsCatalog" ` + -AllSettingDefinitions $AllSettingDefinitions } return $settings } @@ -3769,39 +3797,66 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { $settingName = $SettingDefinition.Name - $settingsWithSameName = $SettingTemplate.SettingDefinitions | Where-Object -FilterScript { $_.Name -eq $settingName } - if ($settingsWithSameName.Count -gt 1) { + $settingsWithSameName = $AllSettingDefinitions | Where-Object -FilterScript { $_.Name -eq $settingName } + if ($settingsWithSameName.Count -gt 1) + { # Get the parent setting of the current setting - if ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId.Count -gt 0) + $parentSetting = Get-ParentSettingDefinition -SettingDefinition $SettingDefinition -AllSettingDefinitions $AllSettingDefinitions + if ($null -ne $parentSetting) { - $parentSetting = $SettingTemplate.SettingDefinitions | Where-Object -FilterScript { - $_.Id -eq ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId | Select-Object -Unique -First 1) + $combinationMatchesWithParent = $settingsWithSameName | Where-Object -FilterScript { + "$($parentSetting.Name)_$($_.Name)" -eq "$($parentSetting.Name)_$settingName" } - } - elseif ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0) - { - $parentSetting = $SettingTemplate.SettingDefinitions | Where-Object -FilterScript { - $_.Id -eq ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId | Select-Object -Unique -First 1) + # If the combination of parent setting and setting name is unique, add the parent setting name to the setting name + if ($combinationMatchesWithParent.Count -eq 1) + { + $settingName = $parentSetting.Name + "_" + $settingName } - } + # If the combination of parent setting and setting name is still not unique, do it with the OffsetUri of the current setting + else + { + $skip = 0 + $breakCounter = 0 + $newSettingName = $settingName + do { + $previousSettingName = $newSettingName + $newSettingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $SettingDefinition.OffsetUri -SettingName $newSettingName -Skip $skip + + $combinationMatchesWithOffsetUri = @() + $settingsWithSameName | ForEach-Object { + $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip + if ($newName -eq $newSettingName) + { + $combinationMatchesWithOffsetUri += $_ + } + } + $settingsWithSameName = $combinationMatchesWithOffsetUri + $skip++ + $breakCounter++ + } while ($combinationMatchesWithOffsetUri.Count -gt 1 -and $breakCounter -lt 8) - $combinationMatches = $SettingTemplate.SettingDefinitions | Where-Object -FilterScript { - $_.Name -eq $settingName -and - (($_.AdditionalProperties.dependentOn.Count -gt 0 -and $_.AdditionalProperties.dependentOn.parentSettingId -contains $parentSetting.Id) -or - ($_.AdditionalProperties.options.dependentOn.Count -gt 0 -and $_.AdditionalProperties.options.dependentOn.parentSettingId -contains $parentSetting.Id)) + if ($breakCounter -lt 8) + { + $settingName = $newSettingName + } + else + { + # Alternative way if no unique setting name can be found + $parentSettingIdProperty = $parentSetting.Id.Split('_')[-1] + $parentSettingIdWithoutProperty = $parentSetting.Id.Replace("_$parentSettingIdProperty", "") + # We can't use the entire setting here, because the child setting id does not have to come after the parent setting id + $settingName = $settingDefinition.Id.Replace($parentSettingIdWithoutProperty + "_", "").Replace($parentSettingIdProperty + "_", "") + } + } } - # If the combination of parent setting and setting name is unique, add the parent setting name to the setting name - if ($combinationMatches.Count -eq 1) { - $settingName = $parentSetting.Name + "_" + $settingName - } - # If the combination of parent setting and setting name is still not unique, get the last part of the setting id as the name - else + # When there is no parent, we can't use the parent setting name to make the setting name unique + # Instead, we traverse up the OffsetUri. Since no parent setting can only happen at the root level, the result + # of Get-SettingDefinitionNameWithParentFromOffsetUri is absolute and cannot change. There cannot be multiple settings with the same name + # in the same level of OffsetUri + if ($null -eq $parentSetting) { - $parentSettingIdProperty = $parentSetting.Id.Split('_')[-1] - $parentSettingIdWithoutProperty = $parentSetting.Id.Replace("_$parentSettingIdProperty", "") - # We can't use the entire setting here, because the child setting id does not have to come after the parent setting id - $settingName = $SettingDefinition.Id.Replace($parentSettingIdWithoutProperty + "_", "").Replace($parentSettingIdProperty + "_", "") + $settingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $SettingDefinition.OffsetUri -SettingName $settingName } } @@ -3825,7 +3880,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { -SettingDefinition $childSetting ` -SettingDefinitionIdPrefix $SettingDefinitionIdPrefix ` -Level $($Level + 1) ` - -ParentInstanceName $instanceName + -ParentInstanceName $instanceName ` + -AllSettingDefinitions $AllSettingDefinitions } $setting = [ordered]@{ @@ -3849,6 +3905,79 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { $setting } +<# + This function also exists in M365DSCDRGUtil.psm1. Changes here must be added there as well for compatibility. +#> +function Get-SettingDefinitionNameWithParentFromOffsetUri { + param ( + [Parameter(Mandatory = $true)] + [System.String] + $OffsetUri, + + [Parameter(Mandatory = $true)] + [System.String] + $SettingName, + + [Parameter(Mandatory = $false)] + [System.Int32] + $Skip = 0 + ) + + # If the last part of the OffsetUri is the same as the setting name or it contains invalid characters, we traverse up until we reach the first element + # Invalid characters are { and } which are used in the OffsetUri to indicate a variable + $splittedOffsetUri = $OffsetUri.Split("/") + if ([string]::IsNullOrEmpty($splittedOffsetUri[0])) + { + $splittedOffsetUri = $splittedOffsetUri[1..($splittedOffsetUri.Length - 1)] + } + $splittedOffsetUri = $splittedOffsetUri[0..($splittedOffsetUri.Length - 1 - $Skip)] + $traversed = $false + while (-not $traversed -and $splittedOffsetUri.Length -gt 1) # Prevent adding the first element of the OffsetUri + { + $traversed = $true + if ($splittedOffsetUri[-1] -eq $SettingName -or $splittedOffsetUri[-1] -match "[\{\}]" -or $SettingName.StartsWith($splittedOffsetUri[-1])) + { + $splittedOffsetUri = $splittedOffsetUri[0..($splittedOffsetUri.Length - 2)] + $traversed = $false + } + } + + if ($splittedOffsetUri.Length -gt 1) + { + $splittedOffsetUri[-1] + "_" + $SettingName + } + else + { + $SettingName + } +} + +function Get-ParentSettingDefinition { + param( + [Parameter(Mandatory = $true)] + $SettingDefinition, + + [Parameter(Mandatory = $true)] + $AllSettingDefinitions + ) + + $parentSetting = $null + if ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId.Count -gt 0) + { + $parentSetting = $AllSettingDefinitions | Where-Object -FilterScript { + $_.Id -eq ($SettingDefinition.AdditionalProperties.dependentOn.parentSettingId | Select-Object -Unique -First 1) + } + } + elseif ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0) + { + $parentSetting = $AllSettingDefinitions | Where-Object -FilterScript { + $_.Id -eq ($SettingDefinition.AdditionalProperties.options.dependentOn.parentSettingId | Select-Object -Unique -First 1) + } + } + + $parentSetting +} + function New-ParameterDefinitionFromSettingsCatalogTemplateSetting { param( [Parameter(Mandatory = $true)] diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 961f04f285..d45e6582da 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -41,6 +41,7 @@ MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False; ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { @@ -290,6 +291,18 @@ Principal = "AdeleV@$TenantId"; RoleDefinition = "Catalog creator"; } + AADFeatureRolloutPolicy 'AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + Feature = "certificateBasedAuthentication"; + IsAppliedToOrganization = $False; + IsEnabled = $True; + } AADGroup 'MyGroups' { DisplayName = "DSCGroup" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index 656177cd9a..e4054cdd9c 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -85,6 +85,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADAuthenticationMethodPolicyHardware 'AADAuthenticationMethodPolicyHardware-HardwareOath' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Absent"; + Id = "HardwareOath"; + } AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' { ApplicationId = $ApplicationId @@ -199,6 +207,14 @@ Principal = "AdeleV@$TenantId"; RoleDefinition = "Catalog creator"; } + AADFeatureRolloutPolicy 'AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Absent"; + } AADGroup 'MyGroups' { MailNickname = "M365DSC" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 2567b8af3a..c9363e1d89 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -42,6 +42,7 @@ MembershipRule = "(user.country -eq `"US`")" # Updated Property MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { @@ -149,6 +150,14 @@ State = 'default' } }; + ReportSuspiciousActivitySettings = MSFT_MicrosoftGraphreportSuspiciousActivitySettings{ + VoiceReportingCode = 0 + IncludeTarget = MSFT_AADAuthenticationMethodPolicyIncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + }; ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -260,6 +269,31 @@ }; State = "enabled"; # Updated Property } + AADAuthenticationMethodPolicyHardware 'AADAuthenticationMethodPolicyHardware-HardwareOath' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + Id = "HardwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + ); + State = "enabled"; # Updated Property + } AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' { ApplicationId = $ApplicationId @@ -646,6 +680,15 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADEntitlementManagementSettings 'AADEntitlementManagementSettings' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DaysUntilExternalUserDeletedAfterBlocked = 30; + ExternalUserLifecycleAction = "blockSignInAndDelete"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + } AADExternalIdentityPolicy 'AADExternalIdentityPolicy' { AllowDeletedIdentitiesDataRemoval = $False; @@ -655,19 +698,35 @@ CertificateThumbprint = $CertificateThumbprint IsSingleInstance = "Yes"; } + AADFeatureRolloutPolicy 'AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + IsAppliedToOrganization = $False; + IsEnabled = $False; + } AADGroup 'MyGroups' { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group Updated" # Updated Property - SecurityEnabled = $True - MailEnabled = $True - GroupTypes = @("Unified") - MailNickname = "M365DSC" - Members = @("AdeleV@$TenantId") - GroupAsMembers = @("Group1") - Visibility = "Private" - Owners = @("admin@$TenantId", "AdeleV@$TenantId") - Ensure = "Present" + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Members = @("AdeleV@$TenantId") + GroupAsMembers = @("Group1") + Visibility = "Private" + Owners = @("admin@$TenantId", "AdeleV@$TenantId") + AssignedLicenses = @( + MSFT_AADGroupLicense { + SkuId = 'AAD_PREMIUM_P2' + } + ) + Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index f8f29f2774..f69b8d3f89 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -102,6 +102,8 @@ EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -129,6 +131,20 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOATPProtectionPolicyRule 'EXOATPProtectionPolicyRule-Strict Preset Security Policy' + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOAuthenticationPolicy 'ConfigureAuthenticationPolicy' { Identity = "Block Basic Auth" @@ -233,6 +249,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXODnssecForVerifiedDomain 'EXODnssecForVerifiedDomain-nik-charlebois.com' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; + } EXOEmailAddressPolicy 'ConfigureEmailAddressPolicy' { Name = "Integration Policy" @@ -385,6 +409,34 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOMailboxFolderPermission 'EXOMailboxFolderPermission-admin:\Calendar' + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "amdin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Owner' + SharingPermissionFlags = 'Delegate' + } + ); + } + EXOMailboxIRMAccess 'EXOMailboxIRMAccess-qwe@testorg.onmicrosoft.com' + { + AccessLevel = "Block"; + Credential = $Credscredential; + Ensure = "Present"; + Identity = "qwe@$OrganizationName"; + User = "admin@$OrganizationName"; + } EXOMailContact 'TestMailContact' { Alias = 'TestMailContact' @@ -406,19 +458,6 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } - EXOMailTips 'OrgWideMailTips' - { - IsSingleInstance = 'Yes' - MailTipsAllTipsEnabled = $True - MailTipsGroupMetricsEnabled = $True - #MailTipsLargeAudienceThreshold = 100 - MailTipsMailboxSourcedTipsEnabled = $True - MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - } EXOMalwareFilterPolicy 'ConfigureMalwareFilterPolicy' { Identity = "IntegrationMFP" @@ -467,6 +506,15 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOManagementScope 'EXOManagementScope-Test New DGs' + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'Test*'"; + } EXOMessageClassification 'ConfigureMessageClassification' { Identity = "Contoso Message Classification" @@ -716,6 +764,18 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOPhishSimOverrideRule 'EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b' + { + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + Policy = "fc55717b-28bb-4cf3-98ee-9ba57903c978"; + SenderIpRanges = @("192.168.1.55"); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOPlace 'TestPlace' { AudioDeviceName = "MyAudioDevice"; @@ -790,6 +850,18 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXORetentionPolicy 'EXORetentionPolicy-Test' + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } EXORoleAssignmentPolicy 'ConfigureRoleAssignmentPolicy' { Name = "Integration Policy" @@ -863,6 +935,13 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSecOpsOverrideRule 'EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245' + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + } EXOSharedMailbox 'SharedMailbox' { DisplayName = "Integration" @@ -900,6 +979,20 @@ SourceFolder = "Test2:\Inbox"; TenantId = $TenantId; } + EXOTenantAllowBlockListItems 'Example' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } EXOTransportRule 'ConfigureTransportRule' { Name = "Ethical Wall - Sales and Executives Departments" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 index e192eb32a3..331165c9c1 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 @@ -92,6 +92,8 @@ EnableOrganizationDomainsProtection = $null EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId @@ -115,6 +117,20 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOATPProtectionPolicyRule 'EXOATPProtectionPolicyRule-Strict Preset Security Policy' + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Absent" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOAuthenticationPolicy 'ConfigureAuthenticationPolicy' { Identity = "Block Basic Auth" @@ -285,14 +301,6 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } - EXOMailTips 'OrgWideMailTips' - { - IsSingleInstance = 'Yes' - Ensure = "Absent" - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - } EXOMalwareFilterPolicy 'ConfigureMalwareFilterPolicy' { Identity = "IntegrationMFP" @@ -330,6 +338,15 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOManagementScope 'EXOManagementScope-Test New DGs' + { + Credential = $Credscredential; + Ensure = "Absent"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } EXOMessageClassification 'ConfigureMessageClassification' { Identity = "Contoso Message Classification" @@ -409,6 +426,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOPhishSimOverrideRule 'EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b' + { + Ensure = "Absent"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOPlace 'TestPlace' { AudioDeviceName = "MyAudioDevice"; @@ -454,6 +479,18 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXORetentionPolicy 'EXORetentionPolicy-Test' + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } EXORoleAssignmentPolicy 'ConfigureRoleAssignmentPolicy' { Name = "Integration Policy" @@ -514,6 +551,11 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSecOpsOverrideRule 'EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245' + { + Ensure = "Absent"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + } EXOSharedMailbox 'SharedMailbox' { DisplayName = "Integration" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 index fb92ed7632..bae977e5b8 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 @@ -102,6 +102,8 @@ EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -130,6 +132,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOArcConfig 'EXOArcConfig-Test' + { + ArcTrustedSealers = "contoso.com"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + ApplicationId = $ApplicationId; + } EXOAtpPolicyForO365 'ConfigureAntiPhishPolicy' { IsSingleInstance = "Yes" @@ -139,6 +149,20 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOATPProtectionPolicyRule 'EXOATPProtectionPolicyRule-Strict Preset Security Policy' + { + Comments = "Built-in Strict Preset Security Policy with comments"; # Changed value + Enabled = $True; # Changed value + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOAuthenticationPolicy 'ConfigureAuthenticationPolicy' { Identity = "Block Basic Auth" @@ -336,6 +360,14 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXODnssecForVerifiedDomain 'EXODnssecForVerifiedDomain-nik-charlebois.com' + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; + } EXOEmailAddressPolicy 'ConfigureEmailAddressPolicy' { Name = "Integration Policy" @@ -348,6 +380,28 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOEmailTenantSettings 'EXOEmailTenantSettings-Test' + { + IsSingleInstance = "Yes" + EnablePriorityAccountProtection = $True; + Identity = $TenantId; + IsValid = $True; + ObjectState = "Unchanged" + Name = "Default" + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationId = $ApplicationId + } + EXOFocusedInbox 'EXOFocusedInbox-Test' + { + Ensure = "Present"; + FocusedInboxOn = $False; # Updated Property + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@$TenantId"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } EXOGlobalAddressList 'ConfigureGlobalAddressList' { Name = "Contoso Human Resources in Washington" @@ -565,6 +619,51 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOMailboxCalendarConfiguration 'EXOMailboxCalendarConfiguration-Test' + { + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 6; # Updated Property + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@$TenantId"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOMailboxCalendarFolder 'JohnCalendarFolder' { DetailLevel = "AvailabilityOnly"; @@ -578,6 +677,26 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOMailboxFolderPermission 'EXOMailboxFolderPermission-admin:\Calendar' + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "admin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Editor' + SharingPermissionFlags = 'Delegate' + } + ); + } EXOMailboxPermission 'TestPermission' { AccessRights = @("FullAccess","ReadPermission"); @@ -644,7 +763,6 @@ #MailTipsLargeAudienceThreshold = 100 MailTipsMailboxSourcedTipsEnabled = $True MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -705,6 +823,15 @@ Identity = "Information Rights Management\Get-BookingMailbox" Parameters = @("ANR","RecipientTypeDetails", "ResultSize") } + EXOManagementScope 'EXOManagementScope-Test New DGs' + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } EXOMessageClassification 'ConfigureMessageClassification' { Identity = "Contoso Message Classification" @@ -1029,6 +1156,15 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOPhishSimOverrideRule 'EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b' + { + Comment = "New Comment note"; + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOPlace 'TestPlace' { AudioDeviceName = "MyAudioDevice"; @@ -1132,6 +1268,18 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXORetentionPolicy 'EXORetentionPolicy-Test' + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); # drifted property + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } EXORoleAssignmentPolicy 'ConfigureRoleAssignmentPolicy' { Name = "Integration Policy" @@ -1205,6 +1353,16 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSecOpsOverrideRule 'EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245' + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOSharedMailbox 'SharedMailbox' { DisplayName = "Integration" @@ -1242,6 +1400,20 @@ SourceFolder = "Test2:\Inbox"; TenantId = $TenantId; } + EXOTenantAllowBlockListItems 'Example' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block with updated notes"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } EXOTransportConfig 'EXOTransportConfig ' { IsSingleInstance = "Yes"; diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 09a05d0878..f60efd6f58 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -106,6 +106,12 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneAppCategory 'IntuneAppCategory-Data Management' + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } IntuneAppConfigurationDevicePolicy 'IntuneAppConfigurationDevicePolicy-Example' { Assignments = @(); @@ -2444,6 +2450,34 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Intune Firewall Policy Windows10"; + DisableStatefulFtp = "false"; + DomainProfile_AllowLocalIpsecPolicyMerge = "false"; + DomainProfile_EnableFirewall = "true"; + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + DomainProfile_LogMaxFileSize = 1024; + ObjectAccess_AuditFilteringPlatformPacketDrop = "1"; + PrivateProfile_EnableFirewall = "true"; + PublicProfile_EnableFirewall = "true"; + Target = "wsl"; + AllowHostPolicyMerge = "false"; + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } IntunePolicySets 'Example' { Assignments = @( diff --git a/Tests/QA/Graph.PermissionList.txt b/Tests/QA/Graph.PermissionList.txt index c93a18fc24..3acae21c4a 100644 Binary files a/Tests/QA/Graph.PermissionList.txt and b/Tests/QA/Graph.PermissionList.txt differ diff --git a/Tests/TestHarness.psm1 b/Tests/TestHarness.psm1 index a1ccd89269..44a6eb95ee 100644 --- a/Tests/TestHarness.psm1 +++ b/Tests/TestHarness.psm1 @@ -167,7 +167,8 @@ function Get-M365DSCAllGraphPermissionsList 'Channel.Delete.All', ` 'ChannelSettings.ReadWrite.All', ` 'ChannelMember.ReadWrite.All', ` - 'ChannelSettings.Read.All') + 'ChannelSettings.Read.All', + 'EntitlementManagement.Read.All') $roles = $allPermissions | Select-Object -Unique | Sort-Object -Descending:$false return $roles } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index 2f72570e31..f9b56e9ab3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -115,7 +115,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Create the AU from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Invoke-MgGraphRequest -Exactly 1 + Should -Invoke -CommandName New-MgBetaDirectoryAdministrativeUnit -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index c801d194e8..55637d70cd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -32,6 +32,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } + Mock -CommandName Update-MgBetaApplication -MockWith { + } + Mock -CommandName Update-MgApplication -MockWith { } @@ -144,7 +147,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return values from the get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - Should -Invoke -CommandName 'Get-MgApplication' -Exactly 1 + Should -Invoke -CommandName 'Get-MgApplication' -Exactly 2 } It 'Should return false from the test method' { @@ -156,6 +159,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName 'Remove-MgApplication' -Exactly 1 } } + Context -Name 'The app exists and values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ @@ -169,10 +173,99 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { LogoutURL = 'https://app.contoso.com/logout' PublicClient = $false ReplyURLs = 'https://app.contoso.com' + AppRoles = @( + New-CimInstance -ClassName MSFT_MicrosoftGraphappRole -Property @{ + AllowedMemberTypes = @('Application') + Id = 'Task Reader' + IsEnabled = $True + Origin = 'Application' + Description = 'Readers have ability to read task' + Value = 'Task.Read' + DisplayName = 'Readers' + } -ClientOnly + New-CimInstance -ClassName MSFT_MicrosoftGraphappRole @{ + AllowedMemberTypes = @('Application') + Id = 'Task Writer' + IsEnabled = $True + Origin = 'Application' + Description = 'Writers have ability to write task' + Value = 'Task.Write' + DisplayName = 'Writers' + } -ClientOnly + ) + PasswordCredentials = @( + New-CimInstance -ClassName MSFT_MicrosoftGraphpasswordCredential -Property @{ + KeyId = 'keyid' + EndDateTime = '2025-03-15T19:50:29.0310000+00:00' + Hint = 'VsO' + DisplayName = 'Super Secret' + StartDateTime = '2024-09-16T19:50:29.0310000+00:00' + } -ClientOnly + ) + KeyCredentials = @( + New-CimInstance -ClassName MSFT_MicrosoftGraphkeyCredential -Property @{ + Usage = 'Verify' + StartDateTime = '2024-09-25T09:13:11.0000000+00:00' + Type = 'AsymmetricX509Cert' + KeyId = 'Key ID' + EndDateTime = '2025-09-25T09:33:11.0000000+00:00' + DisplayName = 'anexas_test_2' + } -ClientOnly + ) + OptionalClaims = New-CimInstance -ClassName MSFT_MicrosoftGraphoptionalClaims -Property @{ + Saml2Token = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_MicrosoftGraphOptionalClaim -Property @{ + Name = 'groups' + Essential = $False + } -ClientOnly + ) + AccessToken = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_MicrosoftGraphOptionalClaim -Property @{ + Name = 'groups' + Essential = $False + } -ClientOnly + ) + IdToken = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_MicrosoftGraphOptionalClaim -Property @{ + Name = 'acrs' + Essential = $False + } -ClientOnly + New-CimInstance -ClassName MSFT_MicrosoftGraphOptionalClaim -Property @{ + Name = 'groups' + Essential = $False + } -ClientOnly + ) + } -ClientOnly + AuthenticationBehaviors = New-CimInstance -ClassName MSFT_MicrosoftGraphAuthenticationBehaviors -Property @{ + blockAzureADGraphAccess = $false + removeUnverifiedEmailClaim = $true + requireClientServicePrincipal = $false + } -ClientOnly + Api = New-CimInstance -ClassName MSFT_MicrosoftGraphapiApplication -Property @{ + PreAuthorizedApplications = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_MicrosoftGraphPreAuthorizedApplication -Property @{ + AppId = '12345-12345-12345-12345-12345' + PermissionIds = @('12345-12345-12345-12345-12345') + } -ClientOnly + ) + + } -ClientOnly Ensure = 'Present' Credential = $Credential } + Mock -CommandName Get-MgBetaApplication -MockWith { + $AADApp = New-Object PSCustomObject + $AADApp | Add-Member -MemberType NoteProperty -Name DisplayName -Value 'App1' + $AADApp | Add-Member -MemberType NoteProperty -Name Id -Value '5dcb2237-c61b-4258-9c85-eae2aaeba9d6' + $AADApp | Add-Member -MemberType NoteProperty -Name AppId -Value '5dcb2237-c61b-4258-9c85-eae2aaeba9d6' + $AADApp | Add-Member -MemberType NoteProperty -Name AuthenticationBehaviors -Value @{ + blockAzureADGraphAccess = $false + removeUnverifiedEmailClaim = $true + requireClientServicePrincipal = $false + } + return $AADApp + } Mock -CommandName Get-MgApplication -MockWith { $AADApp = New-Object PSCustomObject $AADApp | Add-Member -MemberType NoteProperty -Name DisplayName -Value 'App1' @@ -180,15 +273,80 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $AADApp | Add-Member -MemberType NoteProperty -Name Description -Value 'App description' $AADApp | Add-Member -MemberType NoteProperty -Name GroupMembershipClaims -Value 0 $AADApp | Add-Member -MemberType NoteProperty -Name SignInAudience -Value 'AzureADMyOrg' + $AADApp | Add-Member -MemberType NoteProperty -Name OptionalClaims -Value @{ + Saml2Token = @( + @{ + Name = 'groups' + Essential = $False + } + ) + AccessToken = @( + @{ + Name = 'groups' + Essential = $False + } + ) + IdToken = @( + @{ + Name = 'acrs' + Essential = $False + } + @{ + Name = 'groups' + Essential = $False + } + ) + } $AADApp | Add-Member -MemberType NoteProperty -Name Web -Value @{ HomepageUrl = 'https://app.contoso.com' LogoutURL = 'https://app.contoso.com/logout' RedirectUris = @('https://app.contoso.com') } - $AADApp | Add-Member -MemberType NoteProperty -Name IdentifierUris -Value 'https://app.contoso.com' + $AADApp | Add-Member -MemberType NoteProperty -Name AppRoles -Value @( + @{ + AllowedMemberTypes = @('Application') + Id = 'Task Reader' + IsEnabled = $True + Origin = 'Application' + Description = 'Readers have ability to read task' + Value = 'Task.Read' + DisplayName = 'Readers' + } + @{ + AllowedMemberTypes = @('Application') + Id = 'Task Writer' + IsEnabled = $True + Origin = 'Application' + Description = 'Writers have ability to write task' + Value = 'Task.Write' + DisplayName = 'Writers' + } + ) + $AADApp | Add-Member -MemberType NoteProperty -Name KeyCredentials -Value @{ + Usage = 'Verify' + StartDateTime = '2024-09-25T09:13:11.0000000+00:00' + Type = 'AsymmetricX509Cert' + KeyId = 'Key ID' + EndDateTime = '2025-09-25T09:33:11.0000000+00:00' + DisplayName = 'anexas_test_2' + } + $AADApp | Add-Member -MemberType NoteProperty -Name PasswordCredentials -Value @{ + KeyId = 'keyid' + EndDateTime = '2025-03-15T19:50:29.0310000+00:00' + Hint = 'VsO' + DisplayName = 'Super Secret' + StartDateTime = '2024-09-16T19:50:29.0310000+00:00' + } $AADApp | Add-Member -MemberType NoteProperty -Name API -Value @{ KnownClientApplications = '' + PreAuthorizedApplications = @( + @{ + AppId = '12345-12345-12345-12345-12345' + PermissionIds = @('12345-12345-12345-12345-12345') + } + ) } + $AADApp | Add-Member -MemberType NoteProperty -Name IdentifierUris -Value 'https://app.contoso.com' $AADApp | Add-Member -MemberType NoteProperty -Name Oauth2RequirePostResponse -Value $false $AADApp | Add-Member -MemberType NoteProperty -Name PublicClient -Value $false return $AADApp @@ -197,7 +355,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return Values from the get method' { Get-TargetResource @testParams - Should -Invoke -CommandName 'Get-MgApplication' -Exactly 1 + Should -Invoke -CommandName 'Get-MgApplication' -Exactly 2 } It 'Should return true from the test method' { @@ -242,7 +400,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return values from the get method' { Get-TargetResource @testParams - Should -Invoke -CommandName 'Get-MgApplication' -Exactly 1 + Should -Invoke -CommandName 'Get-MgApplication' -Exactly 2 } It 'Should return false from the test method' { @@ -255,6 +413,63 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Context -Name 'Assigning Authentication Behaviors to a new Application' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'App1' + AvailableToOtherTenants = $false + Description = 'App description' + GroupMembershipClaims = '0' + IdentifierUris = 'https://app.contoso.com' + KnownClientApplications = '' + LogoutURL = 'https://app.contoso.com/logout' + PublicClient = $false + ReplyURLs = 'https://app.contoso.com' + AuthenticationBehaviors = New-CimInstance -ClassName MSFT_MicrosoftGraphAuthenticationBehaviors -Property @{ + blockAzureADGraphAccess = $false + removeUnverifiedEmailClaim = $true + requireClientServicePrincipal = $false + } -ClientOnly + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgApplication -MockWith { + return $null + } + + Mock -CommandName Get-MgBetaApplication -MockWith { + return @{ + id = '12345-12345-12345-12345-12345' + appId = '12345-12345-12345-12345-12345' + DisplayName = 'App1' + AuthenticationBehaviours = @{ + blockAzureADGraphAccess = $false + removeUnverifiedEmailClaim = $true + requireClientServicePrincipal = $false + } + + } + } + } + + It 'Should return values from the get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgApplication' -Exactly 1 + } + + It 'Should return false from the test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the new method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgApplication' -Exactly 1 + Should -Invoke -CommandName 'Update-MgBetaApplication' -Exactly 1 + } + + } + Context -Name 'Assigning Permissions to a new Application' -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 index 17999530eb..1246e426c3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 @@ -71,7 +71,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) ) } -ClientOnly) - } -ClientOnly) + } -ClientOnly) + ReportSuspiciousActivitySettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphreportSuspiciousActivitySettings -Property @{ + VoiceReportingCode = 0 + State = 'default' + IncludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + Id = 'a8ab05ba-6680-4f93-88ae-71099eedfda1' + TargetType = 'group' + } -ClientOnly) + } -ClientOnly); SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ State = "default" IncludeTargets = [CimInstance[]]@( @@ -131,6 +139,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } -ClientOnly) } -ClientOnly) + ReportSuspiciousActivitySettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphreportSuspiciousActivitySettings -Property @{ + VoiceReportingCode = 0 + State = 'default' + IncludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + Id = 'a8ab05ba-6680-4f93-88ae-71099eedfda1' + TargetType = 'group' + } -ClientOnly) + } -ClientOnly); SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ State = "default" IncludeTargets = [CimInstance[]]@( @@ -180,6 +196,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } + ReportSuspiciousActivitySettings = @{ + State = 'default' + IncludeTarget = @{ + TargetType = 'group' + Id = "a8ab05ba-6680-4f93-88ae-71099eedfda1" + } + VoiceReportingCode = 0 + } SystemCredentialPreferences = @{ State = "default" IncludeTargets = @( @@ -234,6 +258,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } -ClientOnly) } -ClientOnly) + ReportSuspiciousActivitySettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphreportSuspiciousActivitySettings -Property @{ + VoiceReportingCode = 0 + State = 'default' + IncludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + Id = 'a8ab05ba-6680-4f93-88ae-71099eedfda1' + TargetType = 'group' + } -ClientOnly) + } -ClientOnly); SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ State = "default" IncludeTargets = [CimInstance[]]@( @@ -280,6 +312,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } + ReportSuspiciousActivitySettings = @{ + State = "default" + IncludeTarget = @{ + TargetType = "user" #drift + Id = "a8ab05ba-6680-4f93-88ae-71099eedfda1" + } + VoiceReportingCode = 1 #drift + } SystemCredentialPreferences = @{ State = "default" IncludeTargets = @( @@ -351,6 +391,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } + ReportSuspiciousActivitySettings = @{ + State = "default" + IncludeTarget = @{ + TargetType = "user" #drift + Id = "a8ab05ba-6680-4f93-88ae-71099eedfda1" + } + VoiceReportingCode = 1 #drift + } SystemCredentialPreferences = @{ State = "default" IncludeTargets = @( diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyHardware.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyHardware.Tests.ps1 new file mode 100644 index 0000000000..0e851d7849 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyHardware.Tests.ps1 @@ -0,0 +1,311 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADAuthenticationMethodPolicyHardware" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The AADAuthenticationMethodPolicyHardware should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFTAADAuthenticationMethodPolicyHardwareExcludeTarget -Property @{ + TargetType = "group" + Id = "Fakegroup" + } -ClientOnly) + ) + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget -Property @{ + TargetType = 'group' + Id = 'Fakegroup' + } -ClientOnly) + ) + Id = "HardwareOath" + State = "enabled" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + Id = "00000000-0000-0000-0000-000000000000" + DisplayName = "Fakegroup" + } + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -Exactly 1 + } + } + + Context -Name "The AADAuthenticationMethodPolicyHardware exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFTAADAuthenticationMethodPolicyHardwareExcludeTarget -Property @{ + TargetType = "group" + Id = "Fakegroup" + } -ClientOnly) + ) + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget -Property @{ + TargetType = 'group' + Id = 'Fakegroup' + } -ClientOnly) + ) + Id = "HardwareOath" + State = "enabled" + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + IncludeTargets = @( + @{ + TargetType = 'group' + Id = 'Fakegroup' + } + ) + '@odata.type' = "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration" + } + ExcludeTargets = @( + @{ + TargetType = "group" + Id = "00000000-0000-0000-0000-000000000000" + } + ) + Id = "HardwareOath" + State = "enabled" + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -Exactly 1 + } + } + Context -Name "The AADAuthenticationMethodPolicyHardware Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFTAADAuthenticationMethodPolicyHardwareExcludeTarget -Property @{ + TargetType = "group" + Id = "Fakegroup" + } -ClientOnly) + ) + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget -Property @{ + TargetType = 'group' + Id = 'Fakegroup' + } -ClientOnly) + ) + Id = "HardwareOath" + State = "enabled" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + Id = "00000000-0000-0000-0000-000000000000" + DisplayName = "Fakegroup" + } + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + IncludeTargets = @( + @{ + TargetType = 'group' + Id = 'Fakegroup' + } + ) + '@odata.type' = "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration" + } + ExcludeTargets = @( + @{ + TargetType = "group" + Id = "00000000-0000-0000-0000-000000000000" + } + ) + Id = "HardwareOath" + State = "enabled" + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADAuthenticationMethodPolicyHardware exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFTAADAuthenticationMethodPolicyHardwareExcludeTarget -Property @{ + TargetType = "group" + Id = "Fakegroup" + } -ClientOnly) + ) + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget -Property @{ + TargetType = 'group' + Id = 'Fakegroup' + } -ClientOnly) + ) + Id = "HardwareOath" + State = "enabled" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + Id = "00000000-0000-0000-0000-000000000000" + DisplayName = "Fakegroup2" + } + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + IncludeTargets = @( + @{ + TargetType = 'group' + Id = 'Fakegroup' + } + ) + '@odata.type' = "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration" + } + ExcludeTargets = @( + @{ + TargetType = "group" + Id = "00000000-0000-0000-0000-000000000000" + } + ) + Id = "HardwareOath" + State = "enabled" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + IncludeTargets = @( + @{ + TargetType = 'group' + Id = 'Fakegroup' + } + ) + '@odata.type' = "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration" + } + ExcludeTargets = @( + @{ + TargetType = "group" + Id = "Fakegroup" + } + ) + Id = "HardwareOath" + State = "enabled" + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementSettings.Tests.ps1 new file mode 100644 index 0000000000..1ffd4c4aab --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementSettings.Tests.ps1 @@ -0,0 +1,108 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Update-MgBetaEntitlementManagementSetting { + } + + Mock -CommandName Get-MgBetaEntitlementManagementSetting { + return @{ + Id = 'singleton' + DaysUntilExternalUserDeletedAfterBlocked = 30 + ExternalUserLifecycleAction = 'BlockSignInAndDelete' + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + DaysUntilExternalUserDeletedAfterBlocked = 30 + ExternalUserLifecycleAction = 'BlockSignInAndDelete' + Credential = $Credential; + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + DaysUntilExternalUserDeletedAfterBlocked = 29 #drift + ExternalUserLifecycleAction = 'BlockSignInAndDelete' + Credential = $Credential; + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaEntitlementManagementSetting -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFeatureRolloutPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFeatureRolloutPolicy.Tests.ps1 new file mode 100644 index 0000000000..6a27a6c4e6 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFeatureRolloutPolicy.Tests.ps1 @@ -0,0 +1,233 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADFeatureRolloutPolicy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return $null + } + + Mock -CommandName New-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return $null + } + + Mock -CommandName Remove-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return $null + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The AADFeatureRolloutPolicy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaPolicyFeatureRolloutPolicy -Exactly 1 + } + } + + Context -Name "The AADFeatureRolloutPolicy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.FeatureRolloutPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaPolicyFeatureRolloutPolicy -Exactly 1 + } + } + Context -Name "The AADFeatureRolloutPolicy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.FeatureRolloutPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADFeatureRolloutPolicy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyFeatureRolloutPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaPolicyFeatureRolloutPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.FeatureRolloutPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Feature = "passthroughAuthentication" + Id = "FakeStringValue" + IsAppliedToOrganization = $True + IsEnabled = $True + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 0215457741..7aa3b6429f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -37,6 +37,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroupMember -MockWith { } + Mock -CommandName Get-MgBetaGroupMember -MockWith { + } + Mock -CommandName Get-MgGroup -MockWith { } @@ -51,6 +54,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroupOwner -MockWith { } + Mock -CommandName Get-MgBetaGroupMemberOf -MockWith { + } + + Mock -CommandName Get-MgBetaGroupOwner -MockWith { + } + Mock -CommandName Invoke-MgGraphRequest -MockWith { } @@ -69,6 +78,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-MgGroupMember -MockWith { } + Mock -CommandName New-MgBetaGroupOwnerByRef -MockWith { + } + + Mock -CommandName New-MgBetaGroupMemberByRef -MockWith { + } + + Mock -CommandName New-MgBetaGroupMember -MockWith { + } + Mock -CommandName New-MgBetaDirectoryRoleMemberByRef -MockWith { } @@ -81,6 +99,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef -MockWith { } + Mock -CommandName Invoke-MgGraphRequest -MockWith { + } + + Mock -CommandName Set-MgGroupLicense -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -240,7 +264,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { GroupTypes = @() } } - Mock -CommandName Get-MgGroupMemberOf -MockWith { + Mock -CommandName Get-MgBetaGroupMemberOf -MockWith { return @{ AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.group' @@ -267,7 +291,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return Values from the Get method' { Get-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 - Should -Invoke -CommandName 'Get-MgGroupMemberOf' -Exactly 1 + Should -Invoke -CommandName 'Get-MgBetaGroupMemberOf' -Exactly 1 } It 'Should return true from the Test method' { @@ -308,7 +332,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsAssignableToRole = $true } } - Mock -CommandName Get-MgGroupMemberOf -MockWith { + Mock -CommandName Get-MgBetaGroupMemberOf -MockWith { return @{ AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.directoryRole' @@ -321,7 +345,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return Values from the Get method' { Get-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 - Should -Invoke -CommandName 'Get-MgGroupMemberOf' -Exactly 1 + Should -Invoke -CommandName 'Get-MgBetaGroupMemberOf' -Exactly 1 } It 'Should return true from the Test method' { @@ -429,7 +453,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return Values from the Get method' { Get-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 - Should -Invoke -CommandName 'Get-MgGroupMemberOf' -Exactly 1 + Should -Invoke -CommandName 'Get-MgBetaGroupMemberOf' -Exactly 1 } It 'Should return false from the Test method' { @@ -539,7 +563,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Mock -CommandName New-MgGroupMemberByRef -MockWith { + Mock -CommandName New-MgBetaGroupMemberByRef -MockWith { } } @@ -555,7 +579,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 2 - Should -Invoke -CommandName 'New-MgGroupMemberByRef' -Exactly 1 + Should -Invoke -CommandName 'New-MgBetaGroupMemberByRef' -Exactly 1 #Should -Invoke -CommandName 'Remove-MgGroupMemberDirectoryObjectByRef' -Exactly 1 } } @@ -593,7 +617,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsAssignableToRole = $true } } - Mock -CommandName Get-MgGroupMemberOf -MockWith { + Mock -CommandName Get-MgBetaGroupMemberOf -MockWith { return @{ AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.directoryRole' @@ -612,7 +636,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return Values from the Get method' { Get-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 - Should -Invoke -CommandName 'Get-MgGroupMemberOf' -Exactly 1 + Should -Invoke -CommandName 'Get-MgBetaGroupMemberOf' -Exactly 1 } It 'Should return false from the Test method' { @@ -627,6 +651,417 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Context -Name "The Group does not exist and must be created and assigned a license. Values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + AssignedLicenses = @( + (New-CimInstance -ClassName MSFT_AADGroupLicense -Property @{ + DisabledPlans = [string[]]@() + SkuId = 'AAD_PREMIUM_P2' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '56789-56789-56789-56789' + ServicePlanName = 'Something_P2' + } + ) + SkuId = '12345-12345-12345-12345' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Set-MgGroupLicense' -Exactly 1 + } + } + + Context -Name "The Group exists and has been assigned the correct license. Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + AssignedLicenses = @( + (New-CimInstance -ClassName MSFT_AADGroupLicense -Property @{ + DisabledPlans = [string[]]@() + SkuId = 'AAD_PREMIUM_P2' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + IsAssignableToRole = $false + } + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + return @{ + value = @{ + DisabledPlans = @() + SkuId = '12345-12345-12345' + } + } + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '67890-67890-67890' + ServicePlanName = 'Something_P2' + } + ) + SkuId = '12345-12345-12345' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Invoke-MgGraphRequest' -Exactly 1 + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + Context -Name "The Group exists and has been assigned the correct license but DisabledPlans differ. Values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + AssignedLicenses = @( + (New-CimInstance -ClassName MSFT_AADGroupLicense -Property @{ + DisabledPlans = [string[]]@() + SkuId = 'AAD_PREMIUM_P2' # is really the SkuPartNumber + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + IsAssignableToRole = $false + } + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + return @{ + value = @{ + DisabledPlans = @('56789-56789-56789-56789') + SkuId = '23456-23456-23456-23456' + } + } + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '56789-56789-56789-56789' + ServicePlanName = 'AAD_PREMIUM' + }, + @{ + ServicePlanId = '67890-67890-67890-67890' + ServicePlanName = 'AAD_PREMIUM_P2' + } + ) + SkuId = '23456-23456-23456-23456' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Invoke-MgGraphRequest' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Update-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Set-MgGroupLicense' -Exactly 1 + } + } + Context -Name "The Group exists and is not assigned a license but it should be. Values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + AssignedLicenses = @( + (New-CimInstance -ClassName MSFT_AADGroupLicense -Property @{ + DisabledPlans = [string[]]@() + SkuId = 'AAD_PREMIUM_P2' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + IsAssignableToRole = $false + } + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '67890-67890-67890' + ServicePlanName = 'Something_P2' + } + ) + SkuId = '12345-12345-12345' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Invoke-MgGraphRequest' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Set-MgGroupLicense' -Exactly 1 + } + } + Context -Name "The Group exists and is assigned a license but it shouldn't be. Values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + AssignedLicenses = @() + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + IsAssignableToRole = $false + } + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + return @{ + value = @{ + DisabledPlans = @() + SkuId = '12345-12345-12345' + } + } + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '67890-67890-67890' + ServicePlanName = 'Something_P2' + } + ) + SkuId = '12345-12345-12345' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Invoke-MgGraphRequest' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Set-MgGroupLicense' -Exactly 1 + } + } + + Context -Name "The Group exists and is assigned a license. Tested values are in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $false + GroupTypes = @() + MailNickname = 'M365DSC' + IsAssignableToRole = $false + } + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + return @{ + value = @{ + DisabledPlans = @() + SkuId = '12345-12345-12345' + } + } + } + + Mock -CommandName Get-MgBetaSubscribedSku -MockWith { + return [pscustomobject]@{ + ServicePlans = @( + @{ + ServicePlanId = '67890-67890-67890' + ServicePlanName = 'Something_P2' + } + ) + SkuId = '12345-12345-12345' + SkuPartNumber = 'AAD_PREMIUM_P2' + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 + Should -Invoke -CommandName 'Invoke-MgGraphRequest' -Exactly 1 + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADPasswordRuleSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADPasswordRuleSettings.Tests.ps1 new file mode 100644 index 0000000000..28d5984aa9 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADPasswordRuleSettings.Tests.ps1 @@ -0,0 +1,422 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'AADPasswordRuleSettings' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDirectorySetting -MockWith { + } + + Mock -CommandName Remove-MgBetaDirectorySetting -MockWith { + } + + Mock -CommandName New-MgBetaDirectorySetting -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name 'The Policy should exist but it DOES NOT' -Fixture { + BeforeAll { + $Script:calledOnceAlready = $false + $testParams = @{ + BannedPasswordCheckOnPremisesMode = 'Audit' + EnableBannedPasswordCheckOnPremises = $false + EnableBannedPasswordCheck = $false + LockoutDurationInSeconds = 30 + LockoutThreshold = 6 + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + } + + BeforeEach { + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + if (-not $Script:calledOnceAlready) + { + $Script:calledOnceAlready = $true + return $null + } + else + { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Audit' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $true + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $true + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 60 + }, + @{ + Name = 'LockoutThreshold' + Value = 10 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1 + } + + It 'Should return true from the Test method' { + $Script:calledOnceAlready = $false + Test-TargetResource @testParams | Should -Be $false + } + BeforeEach { + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + if (-not $Script:calledOnceAlready) + { + $Script:calledOnceAlready = $true + return $null + } + else + { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Audit' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $true + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $true + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 60 + }, + @{ + Name = 'LockoutThreshold' + Value = 10 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + } + } + It 'Should create and set the settings in the Set method' { + $Script:calledOnceAlready = $false + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDirectorySetting' -Exactly 1 + Should -Invoke -CommandName 'Update-MgBetaDirectorySetting' -Exactly 1 + } + } + + Context -Name 'The Policy exists but it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Audit' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $true + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $true + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 60 + }, + @{ + Name = 'LockoutThreshold' + Value = 10 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Prevent Remove the Policy from the Set method' { + { Set-TargetResource @testParams } | Should -Throw 'The AADPasswordRuleSettings resource cannot delete existing Directory Setting entries. Please specify Present.' + } + } + Context -Name 'The Policy Exists and Values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + BannedPasswordCheckOnPremisesMode = 'Audit' + EnableBannedPasswordCheckOnPremises = $false + EnableBannedPasswordCheck = $false + LockoutDurationInSeconds = 30 + LockoutThreshold = 6 + BannedPasswordList = $null + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Audit' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $false + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $false + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 30 + }, + @{ + Name = 'LockoutThreshold' + Value = 6 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1 + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'Values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + BannedPasswordCheckOnPremisesMode = 'Audit' + EnableBannedPasswordCheckOnPremises = $false + EnableBannedPasswordCheck = $false + LockoutDurationInSeconds = 30 + LockoutThreshold = 6 + BannedPasswordList = $null + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Enforced' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $true + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $true + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 60 + }, + @{ + Name = 'LockoutThreshold' + Value = 10 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + } + + It 'Should return Values from the Get method' { + Get-TargetResource @testParams + Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1 + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Update-MgBetaDirectorySetting' -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDirectorySetting -MockWith { + return @{ + DisplayName = 'Password Rule Settings' + Id = '123456-1234-1234-1234-123456789012' + TemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d' + Values = @( + @{ + Name = 'BannedPasswordCheckOnPremisesMode' + Value = 'Audit' + }, + @{ + Name = 'EnableBannedPasswordCheckOnPremises' + Value = $false + }, + @{ + Name = 'EnableBannedPasswordCheck' + Value = $false + }, + @{ + Name = 'LockoutDurationInSeconds' + Value = 30 + }, + @{ + Name = 'LockoutThreshold' + Value = 6 + }, + @{ + Name = 'BannedPasswordList' + Value = $null + } + ) + } + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOOrganizationOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOOrganizationOwner.Tests.ps1 new file mode 100644 index 0000000000..83ebe6a29a --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOOrganizationOwner.Tests.ps1 @@ -0,0 +1,236 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + OrganizationName = 'MyOrg' + Owner = "john.smith@contoso.com" + Credential = $Credential; + } + + $Script:callCount = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:callCount -eq 0) + { + $Script:callCount++ + return @{ + owner = '12345-12345-12345-12345-12345' + } + } + elseif ($Script:callCount -eq 1) + { + $Script:callCount++ + return @{ + items = @( + @{ + id = '12345-12345-12345-12345-12345' + user = @{ + principalName = 'john.smith@contoso.com' + } + } + ) + } + } + else + { + return $null + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + OrganizationName = 'MyOrg' + Owner = "john.smith@contoso.com" + Credential = $Credential; + } + + $Script:callCount = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:callCount -eq 0) + { + $Script:callCount++ + return @{ + owner = '12345-12345-12345-12345-12346' + } + } + elseif ($Script:callCount -eq 1) + { + $Script:callCount++ + return @{ + items = @( + @{ + id = '12345-12345-12345-12345-12345' + user = @{ + principalName = 'john.smith@contoso.com' + } + }, + @{ + id = '12345-12345-12345-12345-12346' + user = @{ + principalName = 'bob.houle@contoso.com' + } + } + ) + } + } + elseif ($Script:callCount -eq 2) + { + $Script:callCount++ + return @{ + items = @( + @{ + id = '12345-12345-12345-12345-12345' + user = @{ + principalName = 'john.smith@contoso.com' + } + } + ) + } + } + if ($Script:callCount -eq 3) + { + $Script:callCount++ + return @{ + owner = '12345-12345-12345-12345-12345' + } + } + else + { + return $null + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-M365DSCAzureDevOPSWebRequest -Exactly 2 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + $testParams = @{ + Credential = $Credential; + } + + $Script:callCount = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:callCount -eq 0) + { + $Script:callCount++ + return @{ + id = '12345-12345-12345-12345-12346' + } + } + elseif ($Script:callCount -eq 1) + { + $Script:callCount++ + return @( + @{ + Value = @{ + accountName = 'MyOrg' + } + } + ) + } + elseif ($Script:callCount -eq 2) + { + $Script:callCount++ + return @{ + owner = '12345-12345-12345-12345-12346' + } + } + elseif ($Script:callCount -eq 3) + { + $Script:callCount++ + return @{ + items = @( + @{ + id = '12345-12345-12345-12345-12345' + user = @{ + principalName = 'john.smith@contoso.com' + } + }, + @{ + id = '12345-12345-12345-12345-12346' + user = @{ + principalName = 'bob.houle@contoso.com' + } + } + ) + } + } + else + { + return $null + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOPermissionGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOPermissionGroup.Tests.ps1 new file mode 100644 index 0000000000..eab6c2dfc5 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOPermissionGroup.Tests.ps1 @@ -0,0 +1,290 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestGroup"; + Level = "Organization"; + Members = @("john.smith@contoso.com"); + OrganizationName = "TestOrg"; + PrincipalName = "[TestOrg]\TestGroup"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestGroup"; + Level = "Organization"; + Members = @("john.smith@contoso.com"); + OrganizationName = "TestOrg"; + PrincipalName = "[TestOrg]\TestGroup"; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:count -eq 0) + { + $Script:count++ + return @{ + Value = @{ + PrincipalName = '[TestOrg]\TestGroup' + Domain = 'vstfs:///Framework/IdentityDomain/' + OriginId = '12345-12345-12345-12345-12345' + } + } + } + elseif ($Script:count -eq 1) + { + $Script:count++ + return @{ + Members = @( + @{ + User = @{ + principalName = "john.smith@contoso.com" + } + } + ) + } + } + } + } + It 'Should return Values from the Get method' { + $Script:count = 0 + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + $Script:count = 0 + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestGroup"; + Level = "Organization"; + Members = @("john.smith@contoso.com"); + OrganizationName = "TestOrg"; + PrincipalName = "[TestOrg]\TestGroup"; + Ensure = 'Present' + Credential = $Credential; + } + + $Script:count = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:count -eq 0) + { + $Script:count++ + return @{ + Value = @{ + PrincipalName = '[TestOrg]\TestGroup' + Domain = 'vstfs:///Framework/IdentityDomain/' + OriginId = '12345-12345-12345-12345-12345' + Description = 'Test Description' + DisplayName = 'TestGroup' + } + } + } + elseif ($Script:count -eq 1) + { + $Script:count++ + return @{ + Members = @( + @{ + User = @{ + principalName = "john.smith@contoso.com" + } + } + ) + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestGroup"; + Level = "Organization"; + Members = @("john.smith@contoso.com"); + OrganizationName = "TestOrg"; + PrincipalName = "[TestOrg]\TestGroup"; + Ensure = 'Present' + Credential = $Credential; + } + + $Script:count = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:count -eq 0) + { + $Script:count++ + return @{ + Value = @{ + PrincipalName = '[TestOrg]\TestGroup' + Domain = 'vstfs:///Framework/IdentityDomain/' + OriginId = '12345-12345-12345-12345-12345' + Description = 'Test Description' + DisplayName = 'TestGroup' + } + } + } + elseif ($Script:count -eq 1) + { + $Script:count++ + return @{ + Members = @( + @{ + User = @{ + principalName = "bob.houle@contoso.com" # drift + } + } + ) + } + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + $Script:count = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:count -eq 0) + { + $Script:count++ + return @{ + id = '12345-12345-12345-12345-12346' + } + } + elseif ($Script:count -eq 1) + { + $Script:count++ + return @( + @{ + Value = @{ + accountName = 'MyOrg' + } + } + ) + } + elseif ($Script:count -eq 2) + { + $Script:count++ + return @{ + Value = @{ + PrincipalName = '[TestOrg]\TestGroup' + Domain = 'vstfs:///Framework/IdentityDomain/' + OriginId = '12345-12345-12345-12345-12345' + Description = 'Test Description' + DisplayName = 'TestGroup' + } + } + } + elseif ($Script:count -eq 3) + { + $Script:count++ + return @{ + Members = @( + @{ + User = @{ + principalName = "john.smith@contoso.com" + } + } + ) + } + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOSecurityPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOSecurityPolicy.Tests.ps1 new file mode 100644 index 0000000000..1c3c5a591c --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ADOSecurityPolicy.Tests.ps1 @@ -0,0 +1,127 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + LogAuditEvents = $True; + OrganizationName = "MyOrg"; + Credential = $Credential; + } + + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + return @{ + Value = $true + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + LogAuditEvents = $True; + OrganizationName = "MyOrg"; + Credential = $Credential; + } + + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + return @{ + Value = $false + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + $Script:callCount = 0 + Mock -CommandName Invoke-M365DSCAzureDevOPSWebRequest -MockWith { + if ($Script:callCount -eq 0) + { + $Script:callCount++ + return @{ + id = '12345-12345-12345-12345' + } + } + elseif ($Script:callCount -eq 1) + { + $Script:callCount++ + return @{ + value = @{ + accountName = 'TestOrg' + } + } + } + else + { + return @{ + Value = $true + } + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureSubscription.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureSubscription.Tests.ps1 new file mode 100644 index 0000000000..4bde1dd612 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureSubscription.Tests.ps1 @@ -0,0 +1,136 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Enable-AzSubscription -MockWith { + } + + Mock -CommandName Disable-AzSubscription -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test" + Enabled = $true + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-AzSubscription -MockWith { + return @( + @{ + Id = (New-Guid).ToString() + Name = 'Test' + Enabled = $true + } + ) + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test" + Enabled = $true + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-AzSubscription -MockWith { + return @( + @{ + Id = (New-Guid).ToString() + Name = 'Test' + Enabled = $false #drift + } + ) + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Enable-AzSubscription -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-AzSubscription -MockWith { + return @( + @{ + Id = (New-Guid).ToString() + Name = 'Test' + Enabled = $false #drift + } + ) + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.DefenderSubscriptionPlan.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.DefenderSubscriptionPlan.Tests.ps1 new file mode 100644 index 0000000000..83ebbe1e43 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.DefenderSubscriptionPlan.Tests.ps1 @@ -0,0 +1,176 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length - 1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Set-AzSecurityPricing -MockWith { + } + + Mock -CommandName Set-AzContext -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances = $null + $Script:ExportMode = $false + } + # Test contexts + Context -Name 'The instance exists and values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + SubscriptionName = 'MySubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-AzSubscription -MockWith { + return @{ + Id = '2974ccf2-1e67-4b74-a102-2d921b595a89' + Name = 'MySubscription' + } + } + + Mock -CommandName Get-AzContext -MockWith { + return @{ + Subscription = @{ + Id = '2974ccf2-1e67-4b74-a102-2d921b595a89' + Name = 'MySubscription' + } + } + } + + Mock -CommandName Get-AzSecurityPricing -MockWith { + return @{ + Name = 'VirtualMachines' + SubPlan = 'P2' + PricingTier = 'Standard' + Extensions = $null + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'The instance exists and values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + SubscriptionName = 'MySubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-AzSubscription -MockWith { + return @{ + Id = '2974ccf2-1e67-4b74-a102-2d921b595a89' + Name = 'MySubscription' + } + } + + Mock -CommandName Get-AzContext -MockWith { + return @{ + Subscription = @{ + Id = '2974ccf2-1e67-4b74-a102-2d921b595a89' + Name = 'MySubscription' + } + } + } + + Mock -CommandName Get-AzSecurityPricing -MockWith { + return @{ + Name = 'VirtualMachines' + PricingTier = 'Free' # Drift + SubPlan = $null + Extensions = $null + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-AzSecurityPricing -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Search-AzGraph -MockWith { + return @{ + Data = @( + @{ + SubscriptionId = '2974ccf2-1e67-4b74-a102-2d921b595a89' + SubscriptionName = 'MySubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + Extensions = $null + } + ) + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOArcConfig.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOArcConfig.Tests.ps1 new file mode 100644 index 0000000000..a0154cb4d4 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOArcConfig.Tests.ps1 @@ -0,0 +1,121 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOArcConfig' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Set-ArcConfig -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name 'Configuration needs updating' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + ArcTrustedSealers = "cohovineyard.com,tailspintoys.com"; + Identity = "Default"; + Credential = $Credential + } + + Mock -CommandName Get-ArcConfig -MockWith { + return @{ + ArcTrustedSealers = "abc.com,cohovineyard.com,tailspintoys.com"; + } + } + + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-ArcConfig -Exactly 1 + } + } + + Context -Name 'Update not required.' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + ArcTrustedSealers = "abc.com,cohovineyard.com,tailspintoys.com"; + Identity = "Default"; + Credential = $Credential + } + + Mock -CommandName Get-ArcConfig -MockWith { + return @{ + ArcTrustedSealers = "abc.com,cohovineyard.com,tailspintoys.com"; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ArcConfig -MockWith { + return @{ + ArcTrustedSealers = "abc.com,cohovineyard.com,tailspintoys.com"; + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAtpProtectionPolicyRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAtpProtectionPolicyRule.Tests.ps1 new file mode 100644 index 0000000000..fe48cd1ed0 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAtpProtectionPolicyRule.Tests.ps1 @@ -0,0 +1,260 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return $null + } + + Mock -CommandName New-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-ATPProtectionPolicyRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + } + } + + Mock -CommandName Remove-ATPProtectionPolicyRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-ATPProtectionPolicyRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + } + } + + Mock -CommandName Set-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Comments = 'TestComment' + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + Comments = 'TestComment #DriftValue' + } + } + + Mock -CommandName Set-ATPProtectionPolicyRule -MockWith { + return $testParams + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-ATPProtectionPolicyRule -Exactly 1 + } + } + + Context -Name "The instance exists and should be disabled, but is not" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Ensure = 'Present' + Enabled = $false + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + State = 'Enabled' + } + } + + Mock -CommandName Set-ATPProtectionPolicyRule -MockWith { + return $testParams + } + + Mock -CommandName Disable-ATPProtectionPolicyRule -MockWith { + return $null + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Disable method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Disable-ATPProtectionPolicyRule -Exactly 1 + } + } + + Context -Name "The instance exists and should be enabled, but is not" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'TestRule' + Ensure = 'Present' + Enabled = $True + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + State = 'Disabled' + } + } + + Mock -CommandName Set-ATPProtectionPolicyRule -MockWith { + return $testParams + } + + Mock -CommandName Enable-ATPProtectionPolicyRule -MockWith { + return $null + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Enable method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Enable-ATPProtectionPolicyRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-ATPProtectionPolicyRule -MockWith { + return @{ + Identity = 'TestRule' + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAuthenticationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAuthenticationPolicy.Tests.ps1 index e15730e8d0..e0015545ef 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAuthenticationPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOAuthenticationPolicy.Tests.ps1 @@ -41,9 +41,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-AuthenticationPolicy { } - Mock -CommandName Set-AuthenticationPolicy { - } - Mock -CommandName Remove-AuthenticationPolicy { } @@ -195,7 +192,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Set-AuthenticationPolicy -Exactly 1 + Should -Invoke -CommandName Remove-AuthenticationPolicy -Exactly 1 + Should -Invoke -CommandName New-AuthenticationPolicy -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODnssecForVerifiedDomain.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODnssecForVerifiedDomain.Tests.ps1 new file mode 100644 index 0000000000..9b35a77676 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODnssecForVerifiedDomain.Tests.ps1 @@ -0,0 +1,168 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Enable-DnssecForVerifiedDomain -MockWith { + return $null + } + + Mock -CommandName Disable-DnssecForVerifiedDomain -MockWith { + return $null + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Enabled' + Credential = $Credential; + } + + Mock -CommandName Get-DnssecStatusForVerifiedDomain -MockWith { + return @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Enabled' + Credential = $Credential; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state - Enable" -Fixture { + BeforeAll { + $testParams = @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Enabled' + Credential = $Credential; + } + + Mock -CommandName Get-DnssecStatusForVerifiedDomain -MockWith { + return @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Disabled' + Credential = $Credential; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).DnssecFeatureStatus | Should -Be 'Disabled' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Enable-DnssecForVerifiedDomain -Exactly 1 + } + } + + Context -Name "The instance exists and values are NOT in the desired state - Disable" -Fixture { + BeforeAll { + $testParams = @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Disabled' + Credential = $Credential; + } + + Mock -CommandName Get-DnssecStatusForVerifiedDomain -MockWith { + return @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Enabled' + Credential = $Credential; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).DnssecFeatureStatus | Should -Be 'Enabled' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Disable-DnssecForVerifiedDomain -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-DnssecStatusForVerifiedDomain -MockWith { + return @{ + DomainName = 'test.com' + DnssecFeatureStatus = 'Enabled' + Credential = $Credential; + } + } + + Mock -CommandName Get-AcceptedDomain -MockWith { + return @{ + DomainName = 'test.com' + Credential = $Credential; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOEmailTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOEmailTenantSettings.Tests.ps1 new file mode 100644 index 0000000000..cec4d939c4 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOEmailTenantSettings.Tests.ps1 @@ -0,0 +1,133 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOEmailTenantSettings' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Set-EmailTenantSettings -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name 'Configuration needs updating' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + EnablePriorityAccountProtection = $True; + IsValid = $True; + ObjectState = "New" + Credential = $Credential + Name = "Default" + } + + Mock -CommandName Get-EmailTenantSettings -MockWith { + return @{ + EnablePriorityAccountProtection = $False; + IsValid = $True; + ObjectState = "New" + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-EmailTenantSettings -Exactly 1 + } + } + + Context -Name 'Update not required.' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + EnablePriorityAccountProtection = $True; + Identity = "sotmcpoc.onmicrosoft.com\Default"; + IsValid = $True; + ObjectState = "New" + Credential = $Credential + Name = "Default" + } + + Mock -CommandName Get-EmailTenantSettings -MockWith { + return @{ + EnablePriorityAccountProtection = $True; + IsValid = $True; + ObjectState = "New" + Identity = "sotmcpoc.onmicrosoft.com\Default" + Name = "Default" + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-EmailTenantSettings -MockWith { + return @{ + EnablePriorityAccountProtection = $False; + IsValid = $True; + ObjectState = "New" + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOFocusedInbox.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOFocusedInbox.Tests.ps1 new file mode 100644 index 0000000000..029fd0ad34 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOFocusedInbox.Tests.ps1 @@ -0,0 +1,173 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-FocusedInbox -MockWith { + return $null + } + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + Id = "12345-12345-12345-12345-12345" + UserPrincipalName = "admin@contoso.com" + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + + Context -Name 'Settings are not in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = "Present"; + FocusedInboxOn = $True; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + } + + Mock -CommandName Get-FocusedInbox -MockWith { + return @{ + FocusedInboxOn = $False; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-FocusedInbox -Exactly 1 + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + } + + Context -Name 'Settings are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = "Present"; + FocusedInboxOn = $True; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + } + + Mock -CommandName Get-FocusedInbox -MockWith { + return @{ + FocusedInboxOn = $True; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + } + + Context -Name "User doesn't exist" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = "Present"; + FocusedInboxOn = $True; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + } + + Mock -CommandName Get-FocusedInbox -MockWith { + return $null + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + } + + + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + Id = "12345-12345-12345-12345-12345" + UserPrincipalName = "admin@contoso.com" + } + } + Mock -CommandName Get-FocusedInbox -MockWith { + return @{ + Ensure = "Present"; + FocusedInboxOn = $True; + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@contoso.com"; + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailTips.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailTips.Tests.ps1 index b5fe8100f0..e110a243e3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailTips.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailTips.Tests.ps1 @@ -44,7 +44,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ IsSingleInstance = 'Yes' MailTipsAllTipsEnabled = $True - Ensure = 'Present' Credential = $Credential } @@ -77,7 +76,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ IsSingleInstance = 'Yes' MailTipsGroupMetricsEnabled = $True - Ensure = 'Present' Credential = $Credential } @@ -110,7 +108,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ IsSingleInstance = 'Yes' MailTipsLargeAudienceThreshold = 50 - Ensure = 'Present' Credential = $Credential } @@ -143,7 +140,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ IsSingleInstance = 'Yes' MailTipsMailboxSourcedTipsEnabled = $True - Ensure = 'Present' Credential = $Credential } @@ -172,7 +168,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ IsSingleInstance = 'Yes' MailTipsExternalRecipientsTipsEnabled = $True - Ensure = 'Present' Credential = $Credential } @@ -209,7 +204,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MailTipsMailboxSourcedTipsEnabled = $True MailTipsGroupMetricsEnabled = $True MailTipsExternalRecipientsTipsEnabled = $True - Ensure = 'Present' Credential = $Credential } @@ -225,7 +219,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + (Get-TargetResource @testParams).IsSingleInstance | Should -Be 'Yes' } It 'Should return True from the Test method' { @@ -233,25 +227,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'Organization Configuration is null' -Fixture { - BeforeAll { - $testParams = @{ - IsSingleInstance = 'Yes' - MailTipsAllTipsEnabled = $True - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-OrganizationConfig -MockWith { - return $null - } - } - - It 'Should return Ensure is Absent from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - } - Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarConfiguration.Tests.ps1 new file mode 100644 index 0000000000..66062756d8 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarConfiguration.Tests.ps1 @@ -0,0 +1,394 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-MailboxCalendarConfiguration -MockWith { + return $null + } + + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + UserPrincipalName = "admin@contoso.com" + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + + Context -Name 'Settings are not in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 5; + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + } + + Mock -CommandName Get-MailboxCalendarConfiguration -MockWith { + return @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 6; #drift + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-MailboxCalendarConfiguration -Exactly 1 + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + } + + Context -Name 'Settings are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 5; + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + } + + Mock -CommandName Get-MailboxCalendarConfiguration -MockWith { + return @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 5; + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + } + + Context -Name "User doesn't exist" -Fixture { + BeforeAll { + $testParams = @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 5; + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + } + + Mock -CommandName Get-MailboxCalendarConfiguration -MockWith { + return $null + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + } + + + + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + UserPrincipalName = "admin@contoso.com" + } + } + + Mock -CommandName Get-MailboxCalendarConfiguration -MockWith { + return @{ + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + Credential = $Credscredential; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 5; + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@contoso.com"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxFolderPermission.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxFolderPermission.Tests.ps1 new file mode 100644 index 0000000000..dfced05ad1 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxFolderPermission.Tests.ps1 @@ -0,0 +1,235 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + } + + Mock -CommandName Set-MailboxFolderPermission -MockWith { + } + + Mock -CommandName Add-MailboxFolderPermission -MockWith { + } + + Mock -CommandName Remove-MailboxFolderPermission -MockWith { + } + + Mock -CommandName Get-MailboxFolder -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'FakeStringValue1' + UserPermissions = @( + (New-CimInstance -ClassName MSFT_EXOMailboxFolderUserPermission -Property @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Add-MailboxFolderPermission -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'FakeStringValue1' + UserPermissions = @( + (New-CimInstance -ClassName MSFT_EXOMailboxFolderUserPermission -Property @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + return @( + @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } + ) + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MailboxFolderPermission -Exactly 0 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'FakeStringValue1' + UserPermissions = @( + (New-CimInstance -ClassName MSFT_EXOMailboxFolderUserPermission -Property @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + return @( + @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } + ) + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = 'FakeStringValue1' + UserPermissions = @( + (New-CimInstance -ClassName MSFT_EXOMailboxFolderUserPermission -Property @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + return @( + @{ + User = 'User' + AccessRights = @('Owner') + SharingPermissionFlags = 'Delegate' + } + ) + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MailboxFolderPermission -Exactly 1 + Should -Invoke -CommandName Add-MailboxFolderPermission -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MailboxFolderPermission -MockWith { + return @( + @{ + User = 'User' + AccessRights = @('Editor') + SharingPermissionFlags = 'Delegate' + } + ) + } + + Mock -CommandName Get-MailboxFolder -MockWith { + return @{ + Identity = "admin:/Calendar" + } + + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxIRMAccess.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxIRMAccess.Tests.ps1 new file mode 100644 index 0000000000..dd15e92933 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxIRMAccess.Tests.ps1 @@ -0,0 +1,167 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MailboxIRMAccess -MockWith { + } + + Mock -CommandName Set-MailboxIRMAccess -MockWith { + } + + Mock -CommandName Remove-MailboxIRMAccess -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AccessLevel = "Block"; + Identity = "qwe@test.org"; + User = "admin@test.org"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxIRMAccess -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-MailboxIRMAccess -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AccessLevel = "Block"; + Identity = "qwe@test.org"; + User = "admin@test.org"; + Ensure = 'Absent' + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return an instance + Mock -CommandName Get-MailboxIRMAccess -MockWith { + return @{ + AccessLevel = "Block"; + Identity = "qwe@test.org"; + User = "admin@test.org"; + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MailboxIRMAccess -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AccessLevel = "Block"; + Identity = "qwe@test.org"; + User = "admin@test.org"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MailboxIRMAccess -MockWith { + return @{ + AccessLevel = "Block"; + Identity = "qwe@test.org"; + User = "admin@test.org"; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MailboxIRMAccess -MockWith { + return @{ + Identity = "john.smith@contoso.com"; + AccessLevel = "Block"; + User = "admin@contoso.com"; + } + } + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + UserPrincipalName = "john.smith@contoso.com"; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementScope.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementScope.Tests.ps1 new file mode 100644 index 0000000000..1ebcd0c4ad --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementScope.Tests.ps1 @@ -0,0 +1,204 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName New-ManagementScope -MockWith { + } + + Mock -CommandName Set-ManagementScope -MockWith { + } + + Mock -CommandName Remove-ManagementScope -MockWith { + } + + Mock -CommandName Get-ManagementScope -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientRestrictionFilter = "Name -like 'Nik*'"; + } + + Mock -CommandName Get-ManagementScope -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-ManagementScope -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Credential = $Credscredential; + Ensure = "Absent"; + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientRestrictionFilter = "Name -like 'Nik*'"; + } + + Mock -CommandName Get-ManagementScope -MockWith { + return @{ + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientFilter = "Name -like 'Nik*'"; + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-ManagementScope -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientRestrictionFilter = "Name -like 'Nik*'"; + } + + Mock -CommandName Get-ManagementScope -MockWith { + return @{ + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientFilter = "Name -like 'Nik*'"; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientRestrictionFilter = "Name -like 'Nik*'"; + } + + Mock -CommandName Get-ManagementScope -MockWith { + return @{ + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs Drift"; + RecipientFilter = "Name -like 'Nik*'"; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-ManagementScope -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-ManagementScope -MockWith { + return @{ + Exclusive = $False; + Identity = "Nik DGs"; + Name = "Nik DGs"; + RecipientFilter = "Name -like 'Nik*'"; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPhishSimOverrideRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPhishSimOverrideRule.Tests.ps1 new file mode 100644 index 0000000000..b7ac8ca276 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPhishSimOverrideRule.Tests.ps1 @@ -0,0 +1,214 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-EXOPhishSimOverrideRule -MockWith { + return $null + } + + Mock -CommandName Remove-EXOPhishSimOverrideRule -MockWith { + return $null + } + + Mock -CommandName New-EXOPhishSimOverrideRule -MockWith { + return $null + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + + Mock -CommandName Get-EXOPhishSimOverrideRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-EXOPhishSimOverrideRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + + Mock -CommandName Get-EXOPhishSimOverrideRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-EXOPhishSimOverrideRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + + Mock -CommandName Get-EXOPhishSimOverrideRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + + ##TODO - Mock the Get-Cmdlet to return a drift + Mock -CommandName Get-EXOPhishSimOverrideRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com", "newdomain.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.56"); + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-EXOPhishSimOverrideRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-EXOPhishSimOverrideRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential; + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + SenderIpRanges = @("192.168.1.55"); + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORetentionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORetentionPolicy.Tests.ps1 new file mode 100644 index 0000000000..b3b827c6d9 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORetentionPolicy.Tests.ps1 @@ -0,0 +1,227 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + + Mock -CommandName New-RetentionPolicy -MockWith { + return $null + } + + Mock -CommandName Remove-RetentionPolicy -MockWith { + return $null + } + + Mock -CommandName Set-RetentionPolicy -MockWith { + return $null + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = "Present"; + Credential = $Credential; + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + } + + Mock -CommandName Get-RetentionPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-RetentionPolicy -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent'; + Credential = $Credential; + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + } + + Mock -CommandName Get-RetentionPolicy -MockWith { + return @{ + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-RetentionPolicy -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present'; + Credential = $Credential; + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + + } + + Mock -CommandName Get-RetentionPolicy -MockWith { + return @{ + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present'; + Credential = $Credential; + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + + } + + Mock -CommandName Get-RetentionPolicy -MockWith { + return @{ + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $True; # drift + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-RetentionPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-RetentionPolicy -MockWith { + return @{ + Identity = "Ritik"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + Name = "Ritik"; + RetentionId = "559f68de-1e58-4dcc-9d40-ba5ff0e4253e"; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSecOpsOverrideRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSecOpsOverrideRule.Tests.ps1 new file mode 100644 index 0000000000..9195f5b3fc --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSecOpsOverrideRule.Tests.ps1 @@ -0,0 +1,204 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-EXOSecOpsOverrideRule -MockWith { + return $null + } + + Mock -CommandName Remove-EXOSecOpsOverrideRule -MockWith { + return $null + } + + Mock -CommandName New-EXOSecOpsOverrideRule -MockWith { + return $null + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-EXOSecOpsOverrideRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-EXOSecOpsOverrideRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Absent'; + Credential = $Credential; + } + + Mock -CommandName Get-EXOSecOpsOverrideRule -MockWith { + return @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present'; + Credential = $Credential; + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-EXOSecOpsOverrideRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-EXOSecOpsOverrideRule -MockWith { + return @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present'; + Credential = $Credential; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1g"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-EXOSecOpsOverrideRule -MockWith { + return @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present'; + Credential = $Credential; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-EXOSecOpsOverrideRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-EXOSecOpsOverrideRule -MockWith { + return @{ + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Comment = "TestComment"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + Ensure = 'Present'; + Credential = $Credential; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTenantAllowBlockListItems.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTenantAllowBlockListItems.Tests.ps1 new file mode 100644 index 0000000000..e7f1ba251a --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTenantAllowBlockListItems.Tests.ps1 @@ -0,0 +1,235 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "EXOTenantAllowBlockListItems" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Set-TenantAllowBlockListItems -MockWith { + } + + Mock -CommandName New-TenantAllowBlockListItems -MockWith { + } + + Mock -CommandName Remove-TenantAllowBlockListItems -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The EXOTenantAllowBlockListItems should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = "Present"; + Credential = $Credential; + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-TenantAllowBlockListItems -Exactly 1 + } + } + + Context -Name "The EXOTenantAllowBlockListItems exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return @{ + SubmissionID = "FakeStringValue" + RemoveAfter = 3 + Notes = "FakeStringValue" + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-TenantAllowBlockListItems -Exactly 1 + } + } + Context -Name "The EXOTenantAllowBlockListItems Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = 'Present' + SubmissionID = "FakeStringValue"; + Notes = "FakeStringValue"; + Credential = $Credential; + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = 'Present'; + SubmissionID = "FakeStringValue"; + Notes = "FakeStringValue"; + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The EXOTenantAllowBlockListItems exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = 'Present' + Notes = "FakeStringValueDrift" + SubmissionID = "FakeStringValue"; + Credential = $Credential; + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Notes = "FakeStringValueDrift #Drift"; + SubmissionID = "FakeStringValue"; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-TenantAllowBlockListItems -Exactly 1 + } + } + + Context -Name 'Disallowed Updates' -Fixture { + BeforeAll { + $testParams = @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + Ensure = 'Present' + SubmissionID = "SubmissionID" + Credential = $Credential; + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + SubmissionID = "SubmissionID" + } + } + } + It 'Should throw if SubmissionID is changed' { + $testParams['SubmissionID'] = "SubmissionID 2" + { Set-TargetResource @testParams } | Should -Throw + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-TenantAllowBlockListItems -MockWith { + return @{ + Action = "Block"; + ListType = "Url"; + Value = "example.com"; + SubmissionID = "FakeStringValue" + RemoveAfter = 3 + Notes = "FakeStringValue" + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppCategory.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppCategory.Tests.ps1 new file mode 100644 index 0000000000..ba70ad5206 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppCategory.Tests.ps1 @@ -0,0 +1,189 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + } + Mock -CommandName New-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + } + Mock -CommandName Update-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + } + + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + #Test contexts + + Context -Name '1. The instance should exist but it DOES NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + return $null + } + } + + It '1.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It '1.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '1.3 Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileAppCategory -Exactly 1 + } + } + + Context -Name '2. The instance exists but it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '2.1 Should return values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It '2.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It '2.3 Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileAppCategory -Exactly 1 + } + } + + Context -Name '3. The instance exists and values are already in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + return @{ + Id = '046e0b16-76ce-4b49-bf1b-1cc5bd94fb47' + DisplayName = 'Data Management' + } + } + } + + It '3.0 Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name '4. The instance exists and values are NOT in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management 1" #drift + } + } + } + + It '4.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It '4.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It '4.3 Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileAppCategory -Exactly 1 + } + } + + Context -Name '5. ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppCategory -MockWith { + return @{ + Id = "046e0b16-76ce-4b49-bf1b-1cc5bd94fb47" + DisplayName = "Data Management" + } + } + } + + It '5.1 Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index 79eaf337e1..58a7cc4997 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -99,6 +99,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return $null @@ -160,6 +161,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { @@ -198,6 +200,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -305,6 +308,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { @@ -343,6 +347,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -441,6 +446,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { @@ -479,6 +485,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -589,6 +596,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { SaveAsBlocked = $True SimplePinBlocked = $False id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCategory.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCategory.Tests.ps1 index 45d4c1bbc7..86aeb31a54 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCategory.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCategory.Tests.ps1 @@ -77,19 +77,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ DisplayName = 'Test Category' Description = 'Test Definition' - Ensure = 'Present' + Ensure = 'Absent' Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDeviceCategory -MockWith { return @{ DisplayName = 'Test Category' - Description = 'Different Value' + Description = 'Test Definition' Id = '12345-12345-12345-12345-12345' } } @@ -99,13 +99,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should update the category from the Set method' { + It 'Should remove the category from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceCategory -Exactly 1 + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceCategory -Exactly 1 } } @@ -132,19 +132,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { BeforeAll { $testParams = @{ DisplayName = 'Test Category' Description = 'Test Definition' - Ensure = 'Absent' + Ensure = 'Present' Credential = $Credential } Mock -CommandName Get-MgBetaDeviceManagementDeviceCategory -MockWith { return @{ DisplayName = 'Test Category' - Description = 'Test Definition' + Description = 'Different Value' Id = '12345-12345-12345-12345-12345' } } @@ -154,13 +154,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return true from the Test method' { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should remove the category from the Set method' { + It 'Should update the category from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceCategory -Exactly 1 + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceCategory -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCompliancePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCompliancePolicyWindows10.Tests.ps1 index e2694a7aa2..aeb1f9982d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCompliancePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCompliancePolicyWindows10.Tests.ps1 @@ -56,6 +56,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Write-Verbose -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 index 31712d60ea..efe2f33002 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 @@ -260,6 +260,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { @{ Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_id' Name = 'Id' + OffsetUri = '/configuration/devicecontrol/policyrules/{0}/ruledata' AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' dependentOn = @( @@ -353,6 +354,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { @{ Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_id' Name = 'Id' + OffsetUri = '/configuration/devicecontrol/policyrules/{0}/ruledata' AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' dependentOn = @( diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 index 7bf483c06c..d074c4be78 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 @@ -38,6 +38,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Write-Verbose -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..1c18557eb3 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 @@ -0,0 +1,444 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneFirewallPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + } + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Description = "FakeStringValue" + Id = "619bd4a4-3b3b-4441-bd6f-3f4c0c444870" + Name = "IntuneFirewallPolicyWindows10_1" + Platforms = "windows10" + RoleScopeTagIds = @("FakeStringValue") + Technologies = "mdm,microsoftSense" + TemplateReference = @{ + templateId = "6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1" + } + } + } + + Mock -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName Update-IntuneDeviceConfigurationPolicy -MockWith { + } + + Mock -CommandName Get-IntuneSettingCatalogPolicySetting -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicySetting -MockWith { + return @( + @{ + Id = '0' + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp' + Name = 'DisableStatefulFtp' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '38329af6-2670-4a71-972d-482010ca97fc' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + children = @() + value = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp_false' + } + } + } + }, + @{ + Id = '1' + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/DomainProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/PublicProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '7714c373-a19a-4b64-ba6d-2e9db04a7684' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + value = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true' + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '%systemroot%\system32\LogFiles\Firewall\pfirewall.log' + } + } + ) + } + } + } + }, + @{ + Id = '2' + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + Name = 'Target' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/Target' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + } + ) + name = 'WSL' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + Name = '{VMCreatorId}' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + ) + maximumCount = 1 + minimumCount = 0 + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '24805bd4-1133-4790-82ae-4caa63e16aa6' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @( + @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + value = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall' + choiceSettingValue = @{ + children = @() + value = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true' + } + } + ) + } + settingDefinitionId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + } + } + ) + } + + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyAssignment -MockWith { + return @(@{ + Id = '12345-12345-12345-12345-12345' + Source = 'direct' + SourceId = '12345-12345-12345-12345-12345' + Target = @{ + DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' + DeviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @( + @{ + '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + } + ) + } + }) + } + } + # Test contexts + Context -Name "The IntuneFirewallPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "FakeStringValue" + Id = "619bd4a4-3b3b-4441-bd6f-3f4c0c444870" + DisplayName = "IntuneFirewallPolicyWindows10_1" + RoleScopeTagIds = @("FakeStringValue") + Ensure = "Present" + Credential = $Credential; + DisableStatefulFtp = "false"; + DomainProfile_EnableFirewall = "true" + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + HyperVVMSettings_DomainProfile_EnableFirewall = "true" + Target = "wsl" + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + + Context -Name "The IntuneFirewallPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "FakeStringValue" + Id = "619bd4a4-3b3b-4441-bd6f-3f4c0c444870" + DisplayName = "IntuneFirewallPolicyWindows10_1" + RoleScopeTagIds = @("FakeStringValue") + Ensure = 'Absent' + Credential = $Credential + DisableStatefulFtp = "false"; + DomainProfile_EnableFirewall = "true" + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + HyperVVMSettings_DomainProfile_EnableFirewall = "true" + Target = "wsl" + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + Context -Name "The IntuneFirewallPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "FakeStringValue" + Id = "619bd4a4-3b3b-4441-bd6f-3f4c0c444870" + DisplayName = "IntuneFirewallPolicyWindows10_1" + RoleScopeTagIds = @("FakeStringValue") + Ensure = 'Present' + Credential = $Credential + DisableStatefulFtp = "false"; + DomainProfile_EnableFirewall = "true" + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + HyperVVMSettings_DomainProfile_EnableFirewall = "true" + Target = "wsl" + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneFirewallPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "FakeStringValue" + Id = "619bd4a4-3b3b-4441-bd6f-3f4c0c444870" + DisplayName = "IntuneFirewallPolicyWindows10_1" + RoleScopeTagIds = @("FakeStringValue") + Ensure = 'Present' + Credential = $Credential + DisableStatefulFtp = "true" + DomainProfile_EnableFirewall = "true" + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall_old.log"; # Updated value + HyperVVMSettings_DomainProfile_EnableFirewall = "true" + Target = "wsl" + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-IntuneDeviceConfigurationPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 index 9468a1b899..d8b2b14c14 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 @@ -320,6 +320,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } ) Technologies = 'mdm' + TemplateReference = @{ + TemplateFamily = 'none' + } } } } @@ -508,6 +511,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } ) Technologies = 'mdm' + TemplateReference = @{ + TemplateFamily = 'none' + } } } } @@ -689,6 +695,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } ) Technologies = 'mdm' + TemplateReference = @{ + TemplateFamily = 'none' + } } } @@ -806,6 +815,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } ) Technologies = 'mdm' + TemplateReference = @{ + TemplateFamily = 'none' + } } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365ExternalConnection.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365ExternalConnection.Tests.ps1 new file mode 100644 index 0000000000..f3dac80dd4 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365ExternalConnection.Tests.ps1 @@ -0,0 +1,211 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Update-MgBetaExternalConnection -MockWith{} + Mock -CommandName New-MgBetaExternalConnection -MockWith{} + Mock -CommandName Remove-MgBetaExternalConnection -MockWith{} + + Mock -CommandName Get-MgApplication -MockWith { + return @{ + DisplayName = 'MyApp' + AppId = "12345-12345-12345-12345-12345" + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AuthorizedAppIds = @("MyApp"); + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR"; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaExternalConnection -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaExternalConnection -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AuthorizedAppIds = @("MyApp"); + Description = "Connection to index Contoso HR system"; + Ensure = "Absent"; + Id = "contosohr"; + Name = "Contoso HR"; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaExternalConnection -MockWith { + return @{ + Name = 'Contoso Hr' + Id = "contosohr" + Description = 'Connection to index Contoso HR system' + Configuration = @{ + AuthorizedAppIds = @('12345-12345-12345-12345-12345') + } + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaExternalConnection -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AuthorizedAppIds = @("MyApp"); + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR"; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaExternalConnection -MockWith { + return @{ + Name = 'Contoso Hr' + Id = "contosohr" + Description = 'Connection to index Contoso HR system' + Configuration = @{ + AuthorizedAppIds = @('12345-12345-12345-12345-12345') + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AuthorizedAppIds = @("MyApp"); + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR Nik"; # drift + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaExternalConnection -MockWith { + return @{ + Name = 'Contoso Hr' + Id = "contosohr" + Description = 'Connection to index Contoso HR system' + Configuration = @{ + AuthorizedAppIds = @('12345-12345-12345-12345-12345') + } + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaExternalConnection -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaExternalConnection -MockWith { + return @{ + Name = 'Contoso Hr' + Id = "contosohr" + Description = 'Connection to index Contoso HR system' + Configuration = @{ + AuthorizedAppIds = @('12345-12345-12345-12345-12345') + } + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConditionalAccessRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConditionalAccessRule.Tests.ps1 new file mode 100644 index 0000000000..486829be73 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConditionalAccessRule.Tests.ps1 @@ -0,0 +1,407 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName New-DeviceConditionalAccessRule -MockWith { + } + + Mock -CommandName Set-DeviceConditionalAccessRule -MockWith { + } + + Mock -CommandName Remove-DeviceConditionalAccessRule -MockWith { + } + + Mock -Command Get-MgGroup -MockWith { + return @{ + Id = "33333-33333-33333-33333-33333" + DisplayName = 'Communications' + } + } + + Mock -CommandName Get-DeviceConditionalAccessPolicy -MockWith { + return @{ + Name = 'MyPolicy' + Id = '12345-12345-12345-12345-12345' + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConditionalAccessRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-DeviceConditionalAccessRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConditionalAccessRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-DeviceConditionalAccessRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConditionalAccessRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConditionalAccessRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $False; #Drift + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-DeviceConditionalAccessRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConditionalAccessRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $False; #Drift + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConfigurationRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConfigurationRule.Tests.ps1 new file mode 100644 index 0000000000..de92d8b2e6 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCDeviceConfigurationRule.Tests.ps1 @@ -0,0 +1,399 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName New-DeviceConfigurationRule -MockWith { + } + + Mock -CommandName Set-DeviceConfigurationRule -MockWith { + } + + Mock -CommandName Remove-DeviceConfigurationRule -MockWith { + } + + Mock -Command Get-MgGroup -MockWith { + return @{ + Id = "33333-33333-33333-33333-33333" + DisplayName = 'Communications' + } + } + + Mock -CommandName Get-DeviceCOnfigurationPolicy -MockWith { + return @{ + Name = 'MyPolicy' + Id = '12345-12345-12345-12345-12345' + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConfigurationRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-DeviceConfigurationRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConfigurationRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-DeviceConfigurationRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConfigurationRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + WLANEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConfigurationRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $False; #Drift + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-DeviceConfigurationRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-DeviceConfigurationRule -MockWith { + return @{ + Id = '11111-11111-11111-11111-11111' + Name = 'MyPolicy{394b}' + TargetGroups = @('22222-22222-22222-22222-22222') + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $False; #Drift + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + BluetoothEnabled = $True; + CameraEnabled = $True; + EnableRemovableStorage = $True; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + WLANEnabled = $True; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskEntityList.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskEntityList.Tests.ps1 new file mode 100644 index 0000000000..8fb7fa383d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskEntityList.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-InsiderRiskEntityList -MockWith { + } + + Mock -CommandName New-InsiderRiskEntityList -MockWith { + } + + Mock -CommandName Remove-InsiderRiskEntityList -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestFileTypeList"; + Ensure = "Present"; + FileTypes = @(".exe",".cmd",".bat"); + ListType = "CustomFileTypeLists"; + Name = "TestName"; + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskEntityList -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-InsiderRiskEntityList -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestFileTypeList"; + Ensure = "Absent"; + FileTypes = @(".exe",".cmd",".bat"); + ListType = "CustomFileTypeLists"; + Name = "TestName"; + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskEntityList -MockWith { + return @{ + ListType = 'CustomFileTypeLists' + Name = 'TestName'; + DisplayName = "TestFileTypeList"; + Description = "Test Description"; + Entities = @( + '{"Ext":".exe"}', + '{"Ext":".cmd"}', + '{"Ext":".bat"}' + ) + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-InsiderRiskEntityList -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestFileTypeList"; + Ensure = "Present"; + FileTypes = @(".exe",".cmd",".bat"); + ListType = "CustomFileTypeLists"; + Name = "TestName"; + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskEntityList -MockWith { + return @{ + ListType = 'CustomFileTypeLists' + Name = 'TestName'; + DisplayName = "TestFileTypeList"; + Description = "Test Description"; + Entities = @( + '{"Ext":".exe"}', + '{"Ext":".cmd"}', + '{"Ext":".bat"}' + ) + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "Test Description"; + DisplayName = "TestFileTypeList"; + Ensure = "Present"; + FileTypes = @(".exe",".cmd",".bat"); + ListType = "CustomFileTypeLists"; + Name = "TestName"; + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskEntityList -MockWith { + return @{ + ListType = 'CustomFileTypeLists' + Name = 'TestName'; + DisplayName = "TestFileTypeList"; + Description = "Test Description"; + Entities = @( + '{"Ext":".exe"}', + '{"Ext":".txt"}', #drift + '{"Ext":".bat"}' + ) + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-InsiderRiskEntityList -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskEntityList -MockWith { + return @{ + ListType = 'CustomFileTypeLists' + Name = 'TestName'; + DisplayName = "TestFileTypeList"; + Description = "Test Description"; + Entities = @( + '{"Ext":".exe"}', + '{"Ext":".cmd"}', + '{"Ext":".bat"}' + ) + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskPolicy.Tests.ps1 new file mode 100644 index 0000000000..a70f94592a --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCInsiderRiskPolicy.Tests.ps1 @@ -0,0 +1,221 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Set-InsiderRiskPolicy -MockWith {} + Mock -CommandName New-InsiderRiskPolicy -MockWith {} + Mock -CommandName Remove-InsiderRiskPolicy -MockWith {} + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + AzureStorageAccountOrContainerDeleted = $False; + CCInappropriateContentSent = $False; + EnableTeam = $True; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-InsiderRiskPolicy -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + AzureStorageAccountOrContainerDeleted = $False; + CCInappropriateContentSent = $False; + EnableTeam = $True; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskPolicy -MockWith { + return @{ + TenantSetting = @( + '{"Region":"WW","IndicatorVersion":"1.1","Indicators":[{"Name":"AnomalyDetections","Enabled":false},{"Name":"CopyToPersonalCloud","Enabled":false},{"Name":"CopyToUSB","Enabled":false},{"Name":"CumulativeExfiltrationDetector","Enabled":true},{"Name":"EmailExternal","Enabled":false},{"Name":"EmployeeAccessedEmployeePatientData","Enabled":false},{"Name":"EmployeeAccessedFamilyData","Enabled":false},{"Name":"EmployeeAccessedHighVolumePatientData","Enabled":false},{"Name":"EmployeeAccessedNeighbourData","Enabled":false},{"Name":"EmployeeAccessedRestrictedData","Enabled":false},{"Name":"EpoBrowseToChildAbuseSites","Enabled":false},{"Name":"EpoBrowseToCriminalActivitySites","Enabled":false},{"Name":"EpoBrowseToCultSites","Enabled":false},{"Name":"EpoBrowseToGamblingSites","Enabled":false},{"Name":"EpoBrowseToHackingSites","Enabled":false},{"Name":"EpoBrowseToHateIntoleranceSites","Enabled":false},{"Name":"EpoBrowseToIllegalSoftwareSites","Enabled":false},{"Name":"EpoBrowseToKeyloggerSites","Enabled":false},{"Name":"EpoBrowseToLlmSites","Enabled":false},{"Name":"EpoBrowseToMalwareSites","Enabled":false},{"Name":"EpoBrowseToPhishingSites","Enabled":false},{"Name":"EpoBrowseToPornographySites","Enabled":false},{"Name":"EpoBrowseToUnallowedDomain","Enabled":false},{"Name":"EpoBrowseToViolenceSites","Enabled":false},{"Name":"EpoCopyToClipboardFromSensitiveFile","Enabled":false},{"Name":"EpoCopyToNetworkShare","Enabled":false},{"Name":"EpoFileArchived","Enabled":false},{"Name":"EpoFileCopiedToRemoteDesktopSession","Enabled":false},{"Name":"EpoFileDeleted","Enabled":false},{"Name":"EpoFileDownloadedFromBlacklistedDomain","Enabled":false},{"Name":"EpoFileDownloadedFromEnterpriseDomain","Enabled":false},{"Name":"EpoFileRenamed","Enabled":false},{"Name":"EpoFileStagedToCentralLocation","Enabled":false},{"Name":"EpoHiddenFileCreated","Enabled":false},{"Name":"EpoRemovableMediaMount","Enabled":false},{"Name":"EpoSensitiveFileRead","Enabled":false},{"Name":"Mcas3rdPartyAppDownload","Enabled":false},{"Name":"Mcas3rdPartyAppFileDelete","Enabled":false},{"Name":"Mcas3rdPartyAppFileSharing","Enabled":false},{"Name":"McasActivityFromInfrequentCountry","Enabled":false},{"Name":"McasImpossibleTravel","Enabled":false},{"Name":"McasMultipleFailedLogins","Enabled":false},{"Name":"McasMultipleStorageDeletion","Enabled":false},{"Name":"McasMultipleVMCreation","Enabled":true},{"Name":"McasMultipleVMDeletion","Enabled":false},{"Name":"McasSuspiciousAdminActivities","Enabled":false},{"Name":"McasSuspiciousCloudCreation","Enabled":false},{"Name":"McasSuspiciousCloudTrailLoggingChange","Enabled":false},{"Name":"McasTerminatedEmployeeActivity","Enabled":false},{"Name":"OdbDownload","Enabled":false},{"Name":"OdbSyncDownload","Enabled":false},{"Name":"PeerCumulativeExfiltrationDetector","Enabled":false},{"Name":"PhysicalAccess","Enabled":false},{"Name":"PotentialHighImpactUser","Enabled":false},{"Name":"Print","Enabled":false},{"Name":"PriorityUserGroupMember","Enabled":false},{"Name":"SecurityAlertDefenseEvasion","Enabled":false},{"Name":"SecurityAlertUnwantedSoftware","Enabled":false},{"Name":"SpoAccessRequest","Enabled":false},{"Name":"SpoApprovedAccess","Enabled":false},{"Name":"SpoDownload","Enabled":false},{"Name":"SpoDownloadV2","Enabled":false},{"Name":"SpoFileAccessed","Enabled":false},{"Name":"SpoFileDeleted","Enabled":false},{"Name":"SpoFileDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFileDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFileLabelDowngraded","Enabled":false},{"Name":"SpoFileLabelRemoved","Enabled":false},{"Name":"SpoFileSharing","Enabled":true},{"Name":"SpoFolderDeleted","Enabled":false},{"Name":"SpoFolderDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFolderDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFolderSharing","Enabled":false},{"Name":"SpoSiteExternalUserAdded","Enabled":false},{"Name":"SpoSiteInternalUserAdded","Enabled":false},{"Name":"SpoSiteLabelRemoved","Enabled":false},{"Name":"SpoSiteSharing","Enabled":false},{"Name":"SpoSyncDownload","Enabled":false},{"Name":"TeamsChannelFileSharedExternal","Enabled":false},{"Name":"TeamsChannelMemberAddedExternal","Enabled":false},{"Name":"TeamsChatFileSharedExternal","Enabled":false},{"Name":"TeamsFileDownload","Enabled":false},{"Name":"TeamsFolderSharedExternal","Enabled":false},{"Name":"TeamsMemberAddedExternal","Enabled":false},{"Name":"TeamsSensitiveMessage","Enabled":false},{"Name":"UserHistory","Enabled":false}],"ExtensibleIndicators":[{"Name":"AWSS3BlockPublicAccessDisabled","Enabled":false},{"Name":"AWSS3BucketDeleted","Enabled":false},{"Name":"AWSS3PublicAccessEnabled","Enabled":false},{"Name":"AWSS3ServerLoggingDisabled","Enabled":false},{"Name":"AzureElevateAccessToAllSubscriptions","Enabled":false},{"Name":"AzureResourceThreatProtectionSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerAuditingSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerFirewallRuleDeleted","Enabled":false},{"Name":"AzureSQLServerFirewallRuleUpdated","Enabled":false},{"Name":"AzureStorageAccountOrContainerDeleted","Enabled":false},{"Name":"BoxContentAccess","Enabled":false},{"Name":"BoxContentDelete","Enabled":false},{"Name":"BoxContentDownload","Enabled":false},{"Name":"BoxContentExternallyShared","Enabled":false},{"Name":"CCFinancialRegulatoryRiskyTextSent","Enabled":false},{"Name":"CCInappropriateContentSent","Enabled":false},{"Name":"CCInappropriateImagesSent","Enabled":false},{"Name":"DropboxContentAccess","Enabled":false},{"Name":"DropboxContentDelete","Enabled":false},{"Name":"DropboxContentDownload","Enabled":false},{"Name":"DropboxContentExternallyShared","Enabled":false},{"Name":"GoogleDriveContentAccess","Enabled":false},{"Name":"GoogleDriveContentDelete","Enabled":false},{"Name":"GoogleDriveContentExternallyShared","Enabled":false},{"Name":"PowerBIDashboardsDeleted","Enabled":false},{"Name":"PowerBIReportsDeleted","Enabled":false},{"Name":"PowerBIReportsDownloaded","Enabled":false},{"Name":"PowerBIReportsExported","Enabled":false},{"Name":"PowerBIReportsViewed","Enabled":false},{"Name":"PowerBISemanticModelsDeleted","Enabled":false},{"Name":"PowerBISensitivityLabelDowngradedForArtifacts","Enabled":false},{"Name":"PowerBISensitivityLabelRemovedFromArtifacts","Enabled":false}],"TimeSpan":{"InScopeTimeSpan":"30","HistoricTimeSpan":"89","FutureTerminationWindow":"5","PastTerminationWindow":"5","PostTerminationActivity":"False"},"IntelligentDetections":{"FileVolCutoffLimits":"59","AlertVolume":"Medium"},"FeatureSettings":{"Anonymization":"false","DLPUserRiskSync":"true","OptInIRMDataExport":"true","RaiseAuditAlert":"true","EnableTeam":"true"},"NotificationPreferences":null,"DynamicRiskPreventionSettings":null,"InterpretedSettings":null}' + ) + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-InsiderRiskPolicy -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AnomalyDetections = $False; + InsiderRiskScenario = "TenantSetting"; + Name = "IRM_Tenant_Setting"; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskPolicy -MockWith { + return @{ + Name = "IRM_Tenant_Setting" + InsiderRiskScenario = "TenantSetting" + TenantSettings = @( + '{"Region":"WW","IndicatorVersion":"1.1","Indicators":[{"Name":"AnomalyDetections","Enabled":false},{"Name":"CumulativeExfiltrationDetector","Enabled":true},{"Name":"EmailExternal","Enabled":false},{"Name":"EmployeeAccessedEmployeePatientData","Enabled":false},{"Name":"EmployeeAccessedFamilyData","Enabled":false},{"Name":"EmployeeAccessedHighVolumePatientData","Enabled":false},{"Name":"EmployeeAccessedNeighbourData","Enabled":false},{"Name":"EmployeeAccessedRestrictedData","Enabled":false},{"Name":"EpoBrowseToChildAbuseSites","Enabled":false},{"Name":"EpoBrowseToCriminalActivitySites","Enabled":false},{"Name":"EpoBrowseToCultSites","Enabled":false},{"Name":"EpoBrowseToGamblingSites","Enabled":false},{"Name":"EpoBrowseToHackingSites","Enabled":false},{"Name":"EpoBrowseToHateIntoleranceSites","Enabled":false},{"Name":"EpoBrowseToIllegalSoftwareSites","Enabled":false},{"Name":"EpoBrowseToKeyloggerSites","Enabled":false},{"Name":"EpoBrowseToLlmSites","Enabled":false},{"Name":"EpoBrowseToMalwareSites","Enabled":false},{"Name":"EpoBrowseToPhishingSites","Enabled":false},{"Name":"EpoBrowseToPornographySites","Enabled":false},{"Name":"EpoBrowseToUnallowedDomain","Enabled":false},{"Name":"EpoBrowseToViolenceSites","Enabled":false},{"Name":"EpoCopyToClipboardFromSensitiveFile","Enabled":false},{"Name":"EpoCopyToNetworkShare","Enabled":false},{"Name":"EpoFileArchived","Enabled":false},{"Name":"EpoFileCopiedToRemoteDesktopSession","Enabled":false},{"Name":"EpoFileDeleted","Enabled":false},{"Name":"EpoFileDownloadedFromBlacklistedDomain","Enabled":false},{"Name":"EpoFileDownloadedFromEnterpriseDomain","Enabled":false},{"Name":"EpoFileRenamed","Enabled":false},{"Name":"EpoFileStagedToCentralLocation","Enabled":false},{"Name":"EpoHiddenFileCreated","Enabled":false},{"Name":"EpoRemovableMediaMount","Enabled":false},{"Name":"EpoSensitiveFileRead","Enabled":false},{"Name":"Mcas3rdPartyAppDownload","Enabled":false},{"Name":"Mcas3rdPartyAppFileDelete","Enabled":false},{"Name":"Mcas3rdPartyAppFileSharing","Enabled":false},{"Name":"McasActivityFromInfrequentCountry","Enabled":false},{"Name":"McasImpossibleTravel","Enabled":false},{"Name":"McasMultipleFailedLogins","Enabled":false},{"Name":"McasMultipleStorageDeletion","Enabled":false},{"Name":"McasMultipleVMCreation","Enabled":true},{"Name":"McasMultipleVMDeletion","Enabled":false},{"Name":"McasSuspiciousAdminActivities","Enabled":false},{"Name":"McasSuspiciousCloudCreation","Enabled":false},{"Name":"McasSuspiciousCloudTrailLoggingChange","Enabled":false},{"Name":"McasTerminatedEmployeeActivity","Enabled":false},{"Name":"OdbDownload","Enabled":false},{"Name":"OdbSyncDownload","Enabled":false},{"Name":"PeerCumulativeExfiltrationDetector","Enabled":false},{"Name":"PhysicalAccess","Enabled":false},{"Name":"PotentialHighImpactUser","Enabled":false},{"Name":"Print","Enabled":false},{"Name":"PriorityUserGroupMember","Enabled":false},{"Name":"SecurityAlertDefenseEvasion","Enabled":false},{"Name":"SecurityAlertUnwantedSoftware","Enabled":false},{"Name":"SpoAccessRequest","Enabled":false},{"Name":"SpoApprovedAccess","Enabled":false},{"Name":"SpoDownload","Enabled":false},{"Name":"SpoDownloadV2","Enabled":false},{"Name":"SpoFileAccessed","Enabled":false},{"Name":"SpoFileDeleted","Enabled":false},{"Name":"SpoFileDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFileDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFileLabelDowngraded","Enabled":false},{"Name":"SpoFileLabelRemoved","Enabled":false},{"Name":"SpoFileSharing","Enabled":true},{"Name":"SpoFolderDeleted","Enabled":false},{"Name":"SpoFolderDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFolderDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFolderSharing","Enabled":false},{"Name":"SpoSiteExternalUserAdded","Enabled":false},{"Name":"SpoSiteInternalUserAdded","Enabled":false},{"Name":"SpoSiteLabelRemoved","Enabled":false},{"Name":"SpoSiteSharing","Enabled":false},{"Name":"SpoSyncDownload","Enabled":false},{"Name":"TeamsChannelFileSharedExternal","Enabled":false},{"Name":"TeamsChannelMemberAddedExternal","Enabled":false},{"Name":"TeamsChatFileSharedExternal","Enabled":false},{"Name":"TeamsFileDownload","Enabled":false},{"Name":"TeamsFolderSharedExternal","Enabled":false},{"Name":"TeamsMemberAddedExternal","Enabled":false},{"Name":"TeamsSensitiveMessage","Enabled":false},{"Name":"UserHistory","Enabled":false}],"ExtensibleIndicators":[{"Name":"AWSS3BlockPublicAccessDisabled","Enabled":false},{"Name":"AWSS3BucketDeleted","Enabled":false},{"Name":"AWSS3PublicAccessEnabled","Enabled":false},{"Name":"AWSS3ServerLoggingDisabled","Enabled":false},{"Name":"AzureElevateAccessToAllSubscriptions","Enabled":false},{"Name":"AzureResourceThreatProtectionSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerAuditingSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerFirewallRuleDeleted","Enabled":false},{"Name":"AzureSQLServerFirewallRuleUpdated","Enabled":false},{"Name":"AzureStorageAccountOrContainerDeleted","Enabled":false},{"Name":"BoxContentAccess","Enabled":false},{"Name":"BoxContentDelete","Enabled":false},{"Name":"BoxContentDownload","Enabled":false},{"Name":"BoxContentExternallyShared","Enabled":false},{"Name":"CCFinancialRegulatoryRiskyTextSent","Enabled":false},{"Name":"CCInappropriateContentSent","Enabled":false},{"Name":"CCInappropriateImagesSent","Enabled":false},{"Name":"DropboxContentAccess","Enabled":false},{"Name":"DropboxContentDelete","Enabled":false},{"Name":"DropboxContentDownload","Enabled":false},{"Name":"DropboxContentExternallyShared","Enabled":false},{"Name":"GoogleDriveContentAccess","Enabled":false},{"Name":"GoogleDriveContentDelete","Enabled":false},{"Name":"GoogleDriveContentExternallyShared","Enabled":false},{"Name":"PowerBIDashboardsDeleted","Enabled":false},{"Name":"PowerBIReportsDeleted","Enabled":false},{"Name":"PowerBIReportsDownloaded","Enabled":false},{"Name":"PowerBIReportsExported","Enabled":false},{"Name":"PowerBIReportsViewed","Enabled":false},{"Name":"PowerBISemanticModelsDeleted","Enabled":false},{"Name":"PowerBISensitivityLabelDowngradedForArtifacts","Enabled":false},{"Name":"PowerBISensitivityLabelRemovedFromArtifacts","Enabled":false}],"TimeSpan":{"InScopeTimeSpan":"30","HistoricTimeSpan":"89","FutureTerminationWindow":"5","PastTerminationWindow":"5","PostTerminationActivity":"False"},"IntelligentDetections":{"FileVolCutoffLimits":"59","AlertVolume":"Medium"},"FeatureSettings":{"Anonymization":"false","DLPUserRiskSync":"true","OptInIRMDataExport":"true","RaiseAuditAlert":"true","EnableTeam":"true"},"NotificationPreferences":null,"DynamicRiskPreventionSettings":null,"InterpretedSettings":null}' + ) + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + AzureStorageAccountOrContainerDeleted = $True; #Drift + CCInappropriateContentSent = $False; + EnableTeam = $True; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskPolicy -MockWith { + return @{ + Name = "IRM_Tenant_Setting" + InsiderRiskScenario = "TenantSetting" + TenantSettings = @( + '{"Region":"WW","IndicatorVersion":"1.1","Indicators":[{"Name":"AnomalyDetections","Enabled":false},{"Name":"CopyToPersonalCloud","Enabled":false},{"Name":"CopyToUSB","Enabled":false},{"Name":"CumulativeExfiltrationDetector","Enabled":true},{"Name":"EmailExternal","Enabled":false},{"Name":"EmployeeAccessedEmployeePatientData","Enabled":false},{"Name":"EmployeeAccessedFamilyData","Enabled":false},{"Name":"EmployeeAccessedHighVolumePatientData","Enabled":false},{"Name":"EmployeeAccessedNeighbourData","Enabled":false},{"Name":"EmployeeAccessedRestrictedData","Enabled":false},{"Name":"EpoBrowseToChildAbuseSites","Enabled":false},{"Name":"EpoBrowseToCriminalActivitySites","Enabled":false},{"Name":"EpoBrowseToCultSites","Enabled":false},{"Name":"EpoBrowseToGamblingSites","Enabled":false},{"Name":"EpoBrowseToHackingSites","Enabled":false},{"Name":"EpoBrowseToHateIntoleranceSites","Enabled":false},{"Name":"EpoBrowseToIllegalSoftwareSites","Enabled":false},{"Name":"EpoBrowseToKeyloggerSites","Enabled":false},{"Name":"EpoBrowseToLlmSites","Enabled":false},{"Name":"EpoBrowseToMalwareSites","Enabled":false},{"Name":"EpoBrowseToPhishingSites","Enabled":false},{"Name":"EpoBrowseToPornographySites","Enabled":false},{"Name":"EpoBrowseToUnallowedDomain","Enabled":false},{"Name":"EpoBrowseToViolenceSites","Enabled":false},{"Name":"EpoCopyToClipboardFromSensitiveFile","Enabled":false},{"Name":"EpoCopyToNetworkShare","Enabled":false},{"Name":"EpoFileArchived","Enabled":false},{"Name":"EpoFileCopiedToRemoteDesktopSession","Enabled":false},{"Name":"EpoFileDeleted","Enabled":false},{"Name":"EpoFileDownloadedFromBlacklistedDomain","Enabled":false},{"Name":"EpoFileDownloadedFromEnterpriseDomain","Enabled":false},{"Name":"EpoFileRenamed","Enabled":false},{"Name":"EpoFileStagedToCentralLocation","Enabled":false},{"Name":"EpoHiddenFileCreated","Enabled":false},{"Name":"EpoRemovableMediaMount","Enabled":false},{"Name":"EpoSensitiveFileRead","Enabled":false},{"Name":"Mcas3rdPartyAppDownload","Enabled":false},{"Name":"Mcas3rdPartyAppFileDelete","Enabled":false},{"Name":"Mcas3rdPartyAppFileSharing","Enabled":false},{"Name":"McasActivityFromInfrequentCountry","Enabled":false},{"Name":"McasImpossibleTravel","Enabled":false},{"Name":"McasMultipleFailedLogins","Enabled":false},{"Name":"McasMultipleStorageDeletion","Enabled":false},{"Name":"McasMultipleVMCreation","Enabled":true},{"Name":"McasMultipleVMDeletion","Enabled":false},{"Name":"McasSuspiciousAdminActivities","Enabled":false},{"Name":"McasSuspiciousCloudCreation","Enabled":false},{"Name":"McasSuspiciousCloudTrailLoggingChange","Enabled":false},{"Name":"McasTerminatedEmployeeActivity","Enabled":false},{"Name":"OdbDownload","Enabled":false},{"Name":"OdbSyncDownload","Enabled":false},{"Name":"PeerCumulativeExfiltrationDetector","Enabled":false},{"Name":"PhysicalAccess","Enabled":false},{"Name":"PotentialHighImpactUser","Enabled":false},{"Name":"Print","Enabled":false},{"Name":"PriorityUserGroupMember","Enabled":false},{"Name":"SecurityAlertDefenseEvasion","Enabled":false},{"Name":"SecurityAlertUnwantedSoftware","Enabled":false},{"Name":"SpoAccessRequest","Enabled":false},{"Name":"SpoApprovedAccess","Enabled":false},{"Name":"SpoDownload","Enabled":false},{"Name":"SpoDownloadV2","Enabled":false},{"Name":"SpoFileAccessed","Enabled":false},{"Name":"SpoFileDeleted","Enabled":false},{"Name":"SpoFileDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFileDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFileLabelDowngraded","Enabled":false},{"Name":"SpoFileLabelRemoved","Enabled":false},{"Name":"SpoFileSharing","Enabled":true},{"Name":"SpoFolderDeleted","Enabled":false},{"Name":"SpoFolderDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFolderDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFolderSharing","Enabled":false},{"Name":"SpoSiteExternalUserAdded","Enabled":false},{"Name":"SpoSiteInternalUserAdded","Enabled":false},{"Name":"SpoSiteLabelRemoved","Enabled":false},{"Name":"SpoSiteSharing","Enabled":false},{"Name":"SpoSyncDownload","Enabled":false},{"Name":"TeamsChannelFileSharedExternal","Enabled":false},{"Name":"TeamsChannelMemberAddedExternal","Enabled":false},{"Name":"TeamsChatFileSharedExternal","Enabled":false},{"Name":"TeamsFileDownload","Enabled":false},{"Name":"TeamsFolderSharedExternal","Enabled":false},{"Name":"TeamsMemberAddedExternal","Enabled":false},{"Name":"TeamsSensitiveMessage","Enabled":false},{"Name":"UserHistory","Enabled":false}],"ExtensibleIndicators":[{"Name":"AWSS3BlockPublicAccessDisabled","Enabled":false},{"Name":"AWSS3BucketDeleted","Enabled":false},{"Name":"AWSS3PublicAccessEnabled","Enabled":false},{"Name":"AWSS3ServerLoggingDisabled","Enabled":false},{"Name":"AzureElevateAccessToAllSubscriptions","Enabled":false},{"Name":"AzureResourceThreatProtectionSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerAuditingSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerFirewallRuleDeleted","Enabled":false},{"Name":"AzureSQLServerFirewallRuleUpdated","Enabled":false},{"Name":"AzureStorageAccountOrContainerDeleted","Enabled":false},{"Name":"BoxContentAccess","Enabled":false},{"Name":"BoxContentDelete","Enabled":false},{"Name":"BoxContentDownload","Enabled":false},{"Name":"BoxContentExternallyShared","Enabled":false},{"Name":"CCFinancialRegulatoryRiskyTextSent","Enabled":false},{"Name":"CCInappropriateContentSent","Enabled":false},{"Name":"CCInappropriateImagesSent","Enabled":false},{"Name":"DropboxContentAccess","Enabled":false},{"Name":"DropboxContentDelete","Enabled":false},{"Name":"DropboxContentDownload","Enabled":false},{"Name":"DropboxContentExternallyShared","Enabled":false},{"Name":"GoogleDriveContentAccess","Enabled":false},{"Name":"GoogleDriveContentDelete","Enabled":false},{"Name":"GoogleDriveContentExternallyShared","Enabled":false},{"Name":"PowerBIDashboardsDeleted","Enabled":false},{"Name":"PowerBIReportsDeleted","Enabled":false},{"Name":"PowerBIReportsDownloaded","Enabled":false},{"Name":"PowerBIReportsExported","Enabled":false},{"Name":"PowerBIReportsViewed","Enabled":false},{"Name":"PowerBISemanticModelsDeleted","Enabled":false},{"Name":"PowerBISensitivityLabelDowngradedForArtifacts","Enabled":false},{"Name":"PowerBISensitivityLabelRemovedFromArtifacts","Enabled":false}],"TimeSpan":{"InScopeTimeSpan":"30","HistoricTimeSpan":"89","FutureTerminationWindow":"5","PastTerminationWindow":"5","PostTerminationActivity":"False"},"IntelligentDetections":{"FileVolCutoffLimits":"59","AlertVolume":"Medium"},"FeatureSettings":{"Anonymization":"false","DLPUserRiskSync":"true","OptInIRMDataExport":"true","RaiseAuditAlert":"true","EnableTeam":"true"},"NotificationPreferences":null,"DynamicRiskPreventionSettings":null,"InterpretedSettings":null}' + ) + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-InsiderRiskPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-InsiderRiskPolicy -MockWith { + return @{ + Name = "IRM_Tenant_Setting" + InsiderRiskScenario = "TenantSetting" + TenantSettings = @( + '{"Region":"WW","IndicatorVersion":"1.1","Indicators":[{"Name":"AnomalyDetections","Enabled":false},{"Name":"CopyToPersonalCloud","Enabled":false},{"Name":"CopyToUSB","Enabled":false},{"Name":"CumulativeExfiltrationDetector","Enabled":true},{"Name":"EmailExternal","Enabled":false},{"Name":"EmployeeAccessedEmployeePatientData","Enabled":false},{"Name":"EmployeeAccessedFamilyData","Enabled":false},{"Name":"EmployeeAccessedHighVolumePatientData","Enabled":false},{"Name":"EmployeeAccessedNeighbourData","Enabled":false},{"Name":"EmployeeAccessedRestrictedData","Enabled":false},{"Name":"EpoBrowseToChildAbuseSites","Enabled":false},{"Name":"EpoBrowseToCriminalActivitySites","Enabled":false},{"Name":"EpoBrowseToCultSites","Enabled":false},{"Name":"EpoBrowseToGamblingSites","Enabled":false},{"Name":"EpoBrowseToHackingSites","Enabled":false},{"Name":"EpoBrowseToHateIntoleranceSites","Enabled":false},{"Name":"EpoBrowseToIllegalSoftwareSites","Enabled":false},{"Name":"EpoBrowseToKeyloggerSites","Enabled":false},{"Name":"EpoBrowseToLlmSites","Enabled":false},{"Name":"EpoBrowseToMalwareSites","Enabled":false},{"Name":"EpoBrowseToPhishingSites","Enabled":false},{"Name":"EpoBrowseToPornographySites","Enabled":false},{"Name":"EpoBrowseToUnallowedDomain","Enabled":false},{"Name":"EpoBrowseToViolenceSites","Enabled":false},{"Name":"EpoCopyToClipboardFromSensitiveFile","Enabled":false},{"Name":"EpoCopyToNetworkShare","Enabled":false},{"Name":"EpoFileArchived","Enabled":false},{"Name":"EpoFileCopiedToRemoteDesktopSession","Enabled":false},{"Name":"EpoFileDeleted","Enabled":false},{"Name":"EpoFileDownloadedFromBlacklistedDomain","Enabled":false},{"Name":"EpoFileDownloadedFromEnterpriseDomain","Enabled":false},{"Name":"EpoFileRenamed","Enabled":false},{"Name":"EpoFileStagedToCentralLocation","Enabled":false},{"Name":"EpoHiddenFileCreated","Enabled":false},{"Name":"EpoRemovableMediaMount","Enabled":false},{"Name":"EpoSensitiveFileRead","Enabled":false},{"Name":"Mcas3rdPartyAppDownload","Enabled":false},{"Name":"Mcas3rdPartyAppFileDelete","Enabled":false},{"Name":"Mcas3rdPartyAppFileSharing","Enabled":false},{"Name":"McasActivityFromInfrequentCountry","Enabled":false},{"Name":"McasImpossibleTravel","Enabled":false},{"Name":"McasMultipleFailedLogins","Enabled":false},{"Name":"McasMultipleStorageDeletion","Enabled":false},{"Name":"McasMultipleVMCreation","Enabled":true},{"Name":"McasMultipleVMDeletion","Enabled":false},{"Name":"McasSuspiciousAdminActivities","Enabled":false},{"Name":"McasSuspiciousCloudCreation","Enabled":false},{"Name":"McasSuspiciousCloudTrailLoggingChange","Enabled":false},{"Name":"McasTerminatedEmployeeActivity","Enabled":false},{"Name":"OdbDownload","Enabled":false},{"Name":"OdbSyncDownload","Enabled":false},{"Name":"PeerCumulativeExfiltrationDetector","Enabled":false},{"Name":"PhysicalAccess","Enabled":false},{"Name":"PotentialHighImpactUser","Enabled":false},{"Name":"Print","Enabled":false},{"Name":"PriorityUserGroupMember","Enabled":false},{"Name":"SecurityAlertDefenseEvasion","Enabled":false},{"Name":"SecurityAlertUnwantedSoftware","Enabled":false},{"Name":"SpoAccessRequest","Enabled":false},{"Name":"SpoApprovedAccess","Enabled":false},{"Name":"SpoDownload","Enabled":false},{"Name":"SpoDownloadV2","Enabled":false},{"Name":"SpoFileAccessed","Enabled":false},{"Name":"SpoFileDeleted","Enabled":false},{"Name":"SpoFileDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFileDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFileLabelDowngraded","Enabled":false},{"Name":"SpoFileLabelRemoved","Enabled":false},{"Name":"SpoFileSharing","Enabled":true},{"Name":"SpoFolderDeleted","Enabled":false},{"Name":"SpoFolderDeletedFromFirstStageRecycleBin","Enabled":false},{"Name":"SpoFolderDeletedFromSecondStageRecycleBin","Enabled":false},{"Name":"SpoFolderSharing","Enabled":false},{"Name":"SpoSiteExternalUserAdded","Enabled":false},{"Name":"SpoSiteInternalUserAdded","Enabled":false},{"Name":"SpoSiteLabelRemoved","Enabled":false},{"Name":"SpoSiteSharing","Enabled":false},{"Name":"SpoSyncDownload","Enabled":false},{"Name":"TeamsChannelFileSharedExternal","Enabled":false},{"Name":"TeamsChannelMemberAddedExternal","Enabled":false},{"Name":"TeamsChatFileSharedExternal","Enabled":false},{"Name":"TeamsFileDownload","Enabled":false},{"Name":"TeamsFolderSharedExternal","Enabled":false},{"Name":"TeamsMemberAddedExternal","Enabled":false},{"Name":"TeamsSensitiveMessage","Enabled":false},{"Name":"UserHistory","Enabled":false}],"ExtensibleIndicators":[{"Name":"AWSS3BlockPublicAccessDisabled","Enabled":false},{"Name":"AWSS3BucketDeleted","Enabled":false},{"Name":"AWSS3PublicAccessEnabled","Enabled":false},{"Name":"AWSS3ServerLoggingDisabled","Enabled":false},{"Name":"AzureElevateAccessToAllSubscriptions","Enabled":false},{"Name":"AzureResourceThreatProtectionSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerAuditingSettingsUpdated","Enabled":false},{"Name":"AzureSQLServerFirewallRuleDeleted","Enabled":false},{"Name":"AzureSQLServerFirewallRuleUpdated","Enabled":false},{"Name":"AzureStorageAccountOrContainerDeleted","Enabled":false},{"Name":"BoxContentAccess","Enabled":false},{"Name":"BoxContentDelete","Enabled":false},{"Name":"BoxContentDownload","Enabled":false},{"Name":"BoxContentExternallyShared","Enabled":false},{"Name":"CCFinancialRegulatoryRiskyTextSent","Enabled":false},{"Name":"CCInappropriateContentSent","Enabled":false},{"Name":"CCInappropriateImagesSent","Enabled":false},{"Name":"DropboxContentAccess","Enabled":false},{"Name":"DropboxContentDelete","Enabled":false},{"Name":"DropboxContentDownload","Enabled":false},{"Name":"DropboxContentExternallyShared","Enabled":false},{"Name":"GoogleDriveContentAccess","Enabled":false},{"Name":"GoogleDriveContentDelete","Enabled":false},{"Name":"GoogleDriveContentExternallyShared","Enabled":false},{"Name":"PowerBIDashboardsDeleted","Enabled":false},{"Name":"PowerBIReportsDeleted","Enabled":false},{"Name":"PowerBIReportsDownloaded","Enabled":false},{"Name":"PowerBIReportsExported","Enabled":false},{"Name":"PowerBIReportsViewed","Enabled":false},{"Name":"PowerBISemanticModelsDeleted","Enabled":false},{"Name":"PowerBISensitivityLabelDowngradedForArtifacts","Enabled":false},{"Name":"PowerBISensitivityLabelRemovedFromArtifacts","Enabled":false}],"TimeSpan":{"InScopeTimeSpan":"30","HistoricTimeSpan":"89","FutureTerminationWindow":"5","PastTerminationWindow":"5","PostTerminationActivity":"False"},"IntelligentDetections":{"FileVolCutoffLimits":"59","AlertVolume":"Medium"},"FeatureSettings":{"Anonymization":"false","DLPUserRiskSync":"true","OptInIRMDataExport":"true","RaiseAuditAlert":"true","EnableTeam":"true"},"NotificationPreferences":null,"DynamicRiskPreventionSettings":null,"InterpretedSettings":null}' + ) + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRecordReviewNotificationTemplateConfig.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRecordReviewNotificationTemplateConfig.Tests.ps1 new file mode 100644 index 0000000000..f25c01c095 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRecordReviewNotificationTemplateConfig.Tests.ps1 @@ -0,0 +1,113 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-RecordReviewNotificationTemplateConfig -MockWith { + return @{ + IsCustomizedNotificationTemplate = $true + IsCustomizedReminderTemplate = $true + CustomizedNotificationDataString = "This is my Notification Message"; + CustomizedReminderDataString = "This is my reminder message"; + } + } + + Mock -CommandName Set-RecordReviewNotificationTemplateConfig -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + CustomizedNotificationDataString = "This is my Notification Message"; + CustomizedReminderDataString = "This is my reminder message"; + IsCustomizedNotificationTemplate = $True; + IsCustomizedReminderTemplate = $True; + IsSingleInstance = "Yes"; + Credential = $Credential; + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + CustomizedNotificationDataString = "This is my Notification Message"; + CustomizedReminderDataString = "This is my reminder message"; + IsCustomizedNotificationTemplate = $False; # drift + IsCustomizedReminderTemplate = $True; + IsSingleInstance = "Yes"; + Credential = $Credential; + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-RecordReviewNotificationTemplateConfig -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRoleGroupMember.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRoleGroupMember.Tests.ps1 index 7da44936c3..a9b7311eb3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRoleGroupMember.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRoleGroupMember.Tests.ps1 @@ -169,9 +169,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-RoleGroupMember -MockWith { - return @{ - Name = @('Group1','User1','User2') - } + return @( + [PSCustomObject]@{Name = 'Group1' }, + [PSCustomObject]@{Name = 'User1' }, + [PSCustomObject]@{Name = 'User2' } + ) } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 index 8aff682552..4a9fbac0d0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 @@ -55,6 +55,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Start-Sleep -MockWith { } + Mock -CommandName Get-DlpSensitiveInformationType -MockWith { + return @( + [PSCustomObject]@{Name = 'ABA Routing Number'; Id = 'cb353f78-2b72-4c3c-8827-92ebe4f69fdf'; RulePackId = '00000000-0000-0000-0000-000000000000' }, + [PSCustomObject]@{Name = 'All Full Names'; Id = '50b8b56b-4ef8-44c2-a924-03374f5831ce'; RulePackId = '00000000-0000-0000-0000-000000000004' } + ) + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -82,6 +89,47 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Value = 'English DisplayName' } -ClientOnly) } -ClientOnly) + AutoLabelingSettings = New-CimInstance -ClassName MSFT_SCSLAutoLabelingSettings -Property @{ + Operator = 'And' + AutoApplyType = 'Recommend' + PolicyTip = 'My Perfect Test Tip!' + Groups = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group1' + Operator = 'Or' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'ABA Routing Number' + confidencelevel = 'High' + mincount = 1 + maxcount = -1 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group2' + Operator = 'And' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'All Full Names' + confidencelevel = 'High' + mincount = 10 + maxcount = 100 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + ) + } -ClientOnly Credential = $Credential Ensure = 'Present' } @@ -104,7 +152,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'Label already exists' -Fixture { + Context -Name 'Label already exists, but is incorrectly configured' -Fixture { BeforeAll { $testParams = @{ Name = 'TestLabel' @@ -126,6 +174,48 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) } -ClientOnly) + AutoLabelingSettings = New-CimInstance -ClassName MSFT_SCSLAutoLabelingSettings -Property @{ + Operator = 'And' + AutoApplyType = 'Recommend' + PolicyTip = 'My Perfect Test Tip!' + Groups = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group1' + Operator = 'Or' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'ABA Routing Number' + confidencelevel = 'High' + mincount = 1 + maxcount = -1 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group2' + Operator = 'And' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'All Full Names' + confidencelevel = 'High' + mincount = 1 + maxcount = 100 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + ) + } -ClientOnly + Credential = $Credential Ensure = 'Present' } @@ -138,11 +228,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'Test label' ParentId = 'MyLabel' Priority = '2' - Settings = '{"Key": "LabelStatus", - "Value": "Enabled"}' - LocaleSettings = '{"LocaleKey":"DisplayName", - "LabelSettings":[ - {"Key":"en-us","Value":"English Display Names"}]}' + Settings = '[LabelStatus, Enabled]' + LocaleSettings = '{"LocaleKey":"DisplayName","Settings":[{"Key":"en-us","Value":"English Display Names"}]}' + Conditions = '{"And":[{"Or":[{"Key":"CCSI","Value":"cb353f78-2b72-4c3c-8827-92ebe4f69fdf","Properties":null,"Settings":[{"Key":"mincount","Value":"1"},{"Key":"maxconfidence","Value":"100"},{"Key":"rulepackage","Value":"00000000-0000-0000-0000-000000000000"},{"Key":"name","Value":"ABA Routing Number"},{"Key":"groupname","Value":"Group1"},{"Key":"minconfidence","Value":"85"},{"Key":"maxcount","Value":"-1"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"confidencelevel","Value":"High"},{"Key":"autoapplytype","Value":"Recommend"}]},{"Key":"ContentMatchesModule","Value":"ba38aa0f-8c86-4c73-87db-95147a0f4420","Properties":null,"Settings":[{"Key":"name","Value":"Legal Affairs"},{"Key":"groupname","Value":"Group1"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"autoapplytype","Value":"Recommend"}]}]},{"And":[{"Key":"CCSI","Value":"50b8b56b-4ef8-44c2-a924-03374f5831ce","Properties":null,"Settings":[{"Key":"mincount","Value":"10"},{"Key":"maxconfidence","Value":"100"},{"Key":"rulepackage","Value":"00000000-0000-0000-0000-000000000004"},{"Key":"name","Value":"All Full Names"},{"Key":"groupname","Value":"Group2"},{"Key":"minconfidence","Value":"85"},{"Key":"maxcount","Value":"100"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"confidencelevel","Value":"High"},{"Key":"autoapplytype","Value":"Recommend"}]},{"Key":"ContentMatchesModule","Value":"ba38aa0f-8c86-4c73-87db-95147a0f4420","Properties":null,"Settings":[{"Key":"name","Value":"Legal Affairs"},{"Key":"groupname","Value":"Group2"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"autoapplytype","Value":"Recommend"}]}]}]}' } } } @@ -160,6 +248,100 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Context -Name 'Label already exists and is correctly configured' -Fixture { + BeforeAll { + $testParams = @{ + Name = 'TestLabel' + Comment = 'This is a test label' + ToolTip = 'Test tool tip' + DisplayName = 'Test label' + ParentId = 'MyLabel' + + AdvancedSettings = (New-CimInstance -ClassName MSFT_SCLabelSetting -Property @{ + Key = 'LabelStatus' + Value = 'Enabled' + } -ClientOnly) + + LocaleSettings = (New-CimInstance -ClassName MSFT_SCLabelLocaleSettings -Property @{ + LocaleKey = 'DisplayName' + LabelSettings = (New-CimInstance -ClassName MSFT_SCLabelSetting -Property @{ + Key = 'en-us' + Value = 'English Display Names' + } -ClientOnly) + } -ClientOnly) + + AutoLabelingSettings = New-CimInstance -ClassName MSFT_SCSLAutoLabelingSettings -Property @{ + Operator = 'And' + AutoApplyType = 'Recommend' + PolicyTip = 'My Perfect Test Tip!' + Groups = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group1' + Operator = 'Or' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'ABA Routing Number' + confidencelevel = 'High' + mincount = 1 + maxcount = -1 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationGroup -Property @{ + Name = 'Group2' + Operator = 'And' + SensitiveInformationType = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLSensitiveInformationType -Property @{ + name = 'All Full Names' + confidencelevel = 'High' + mincount = 10 + maxcount = 100 + } -ClientOnly + ) + TrainableClassifier = [CimInstance[]]@( + New-CimInstance -ClassName MSFT_SCSLTrainableClassifiers -Property @{ + name = 'Legal Affairs' + } -ClientOnly + ) + } -ClientOnly + ) + } -ClientOnly + + Credential = $Credential + Ensure = 'Present' + } + + Mock -CommandName Get-Label -MockWith { + return @{ + Name = 'TestLabel' + Comment = 'This is a test label' + ToolTip = 'Test tool tip' + DisplayName = 'Test label' + ParentId = 'MyLabel' + Priority = '2' + Settings = '[LabelStatus, Enabled]' + LocaleSettings = '{"LocaleKey":"DisplayName","Settings":[{"Key":"en-us","Value":"English Display Names"}]}' + Conditions = '{"And":[{"Or":[{"Key":"CCSI","Value":"cb353f78-2b72-4c3c-8827-92ebe4f69fdf","Properties":null,"Settings":[{"Key":"mincount","Value":"1"},{"Key":"maxconfidence","Value":"100"},{"Key":"rulepackage","Value":"00000000-0000-0000-0000-000000000000"},{"Key":"name","Value":"ABA Routing Number"},{"Key":"groupname","Value":"Group1"},{"Key":"minconfidence","Value":"85"},{"Key":"maxcount","Value":"-1"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"confidencelevel","Value":"High"},{"Key":"autoapplytype","Value":"Recommend"}]},{"Key":"ContentMatchesModule","Value":"ba38aa0f-8c86-4c73-87db-95147a0f4420","Properties":null,"Settings":[{"Key":"name","Value":"Legal Affairs"},{"Key":"groupname","Value":"Group1"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"autoapplytype","Value":"Recommend"}]}]},{"And":[{"Key":"CCSI","Value":"50b8b56b-4ef8-44c2-a924-03374f5831ce","Properties":null,"Settings":[{"Key":"mincount","Value":"10"},{"Key":"maxconfidence","Value":"100"},{"Key":"rulepackage","Value":"00000000-0000-0000-0000-000000000004"},{"Key":"name","Value":"All Full Names"},{"Key":"groupname","Value":"Group2"},{"Key":"minconfidence","Value":"85"},{"Key":"maxcount","Value":"100"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"confidencelevel","Value":"High"},{"Key":"autoapplytype","Value":"Recommend"}]},{"Key":"ContentMatchesModule","Value":"ba38aa0f-8c86-4c73-87db-95147a0f4420","Properties":null,"Settings":[{"Key":"name","Value":"Legal Affairs"},{"Key":"groupname","Value":"Group2"},{"Key":"policytip","Value":"My Perfect Test Tip!"},{"Key":"autoapplytype","Value":"Recommend"}]}]}]}' + } + } -ParameterFilter { $Identity -eq 'TestLabel' } + + Mock -CommandName Get-Label -MockWith { + return @{ + Name = 'MyLabel' + } + } -ParameterFilter { $Identity -eq 'MyLabel' } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + Context -Name 'Label should not exist' -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCUnifiedAuditLogRetentionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCUnifiedAuditLogRetentionPolicy.Tests.ps1 new file mode 100644 index 0000000000..d49c73a33d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCUnifiedAuditLogRetentionPolicy.Tests.ps1 @@ -0,0 +1,227 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "SCUnifiedAuditLogRetentionPolicy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Set-UnifiedAuditLogRetentionPolicy -MockWith { + } + + Mock -CommandName New-UnifiedAuditLogRetentionPolicy -MockWith { + } + + Mock -CommandName Remove-UnifiedAuditLogRetentionPolicy -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The SCUnifiedAuditLogRetentionPolicy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the Unified Audit Log Retention Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-UnifiedAuditLogRetentionPolicy -Exactly 1 + } + } + + Context -Name "The SCUnifiedAuditLogRetentionPolicy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return @{ + Identity = "TestIdentity" + Priority = $testParams.Priority + Name = $testParams.Name + RetentionDuration = $testParams.RetentionDuration + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-UnifiedAuditLogRetentionPolicy -Exactly 1 + } + } + Context -Name "The SCUnifiedAuditLogRetentionPolicy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The SCUnifiedAuditLogRetentionPolicy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Description = "FakeStringValueDrift" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return @{ + Identity = "TestIdentity" + Name = $testParams.Name + Priority = $testParams.Priority + RetentionDuration = $testParams.RetentionDuration + Description = $testParams.RetentionDescription + "#Drift" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-UnifiedAuditLogRetentionPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return @{ + Priority = 3 + Name = "FakeStringValue" + Description = "FakeStringValue" + RetentionDuration = "SevenDays" + Identity = "FakeIdentity" + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + + Context -Name 'Does not return resources that are pending deletion' -Fixture { + BeforeAll { + $testParams = @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-UnifiedAuditLogRetentionPolicy -MockWith { + return @{ + Name = "Test Policy" + Priority = 42 + RetentionDuration = "SevenDays" + Mode = "PendingDeletion" + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 index 3cf66e0d06..2c48f1841d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 @@ -38,6 +38,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 index 64b8e2e90c..d082a08989 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 @@ -101,7 +101,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-PnPUserProfileProperty -MockWith { return @{ AccountName = 'john.smith@contoso.com' - UserProfileProperties = @{'MyOldKey' = 'MyValue' } + UserProfileProperties = @( + @{ + MyOldKey = 'MyValue' + } + ) } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelSetting.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelSetting.Tests.ps1 new file mode 100644 index 0000000000..fe6c03151d --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelSetting.Tests.ps1 @@ -0,0 +1,131 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Update-AzSentinelSetting -MockWith { + } + + Mock -CommandName Get-AzResource -MockWith { + return @{ + ResourceGroupName = "MyResourceGroup" + Name = 'MySentinelWorkspace' + ResourceId = "name/part/resourceId/" + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ResourceGroupName = 'MyResourceGroup' + WorkspaceName = 'MySentinelWorkspace' + AnomaliesIsEnabled = $true + Credential = $Credential; + } + + Mock -CommandName Get-AzSentinelSetting -MockWith { + return @{ + Name = 'Anomalies' + IsEnabled = $true + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ResourceGroupName = 'MyResourceGroup' + WorkspaceName = 'MySentinelWorkspace' + AnomaliesIsEnabled = $true + Credential = $Credential; + } + + Mock -CommandName Get-AzSentinelSetting -MockWith { + return @{ + Name = 'Anomalies' + IsEnabled = $false #drift + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-AzSentinelSetting -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + BeforeAll { + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-AzSentinelSetting -MockWith { + return @{ + Name = 'Anomalies' + IsEnabled = $true + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelWatchlist.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelWatchlist.Tests.ps1 new file mode 100644 index 0000000000..9e1b039434 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SentinelWatchlist.Tests.ps1 @@ -0,0 +1,370 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@o365DSC.onmicrosoft.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-AzResource -MockWith { + return @{ + ResourceGroupName = "MyResourceGroup" + Name = 'MySentinelWorkspace' + ResourceId = "name/part/resourceId/" + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Alias = "MyAlias"; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + Credential = $Credential; + } + + Mock -CommandName Invoke-AzRest -MockWith { + return @{ + statuscode = 200 + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-AzRest -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Alias = "MyAlias"; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Absent"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + Credential = $Credential; + } + + Mock -CommandName Invoke-AzRest -MockWith { + return @{ + StatusCode = '200' + Content = @" +{"value":[ +{ + "id": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.OperationalInsights/workspaces/xxxx/providers/Microsoft.SecurityInsights/Watchlists/xxxx", + "name": "MyWatchList", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "xxxx", + "displayName": "My Display Name", + "provider": "Microsoft", + "sourceType": "Local", + "itemsSearchKey": "Test", + "created": "2024-10-01T16:40:07.5468197-04:00", + "updated": "2024-10-01T16:58:54.4225042-04:00", + "createdBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "updatedBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "description": "My description", + "watchlistType": "watchlist", + "watchlistAlias": "MyAlias", + "isDeleted": false, + "labels": [], + "defaultDuration": "P1DT3H", + "tenantId": "xxx", + "numberOfLinesToSkip": 1, + "provisioningState": "Succeeded", + "sasUri": "", + "watchlistCategory": "General" + } + }]} +"@ + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-AzRest -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Alias = "MyAlias"; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + Credential = $Credential; + } + + Mock -CommandName Invoke-AzRest -MockWith { + return @{ + StatusCode = '200' + Content = @" +{"value":[ +{ + "id": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.OperationalInsights/workspaces/xxxx/providers/Microsoft.SecurityInsights/Watchlists/xxxx", + "name": "MyWatchList", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "xxxx", + "displayName": "My Display Name", + "provider": "Microsoft", + "sourceType": "Local", + "itemsSearchKey": "Test", + "created": "2024-10-01T16:40:07.5468197-04:00", + "updated": "2024-10-01T16:58:54.4225042-04:00", + "createdBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "updatedBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "description": "My description", + "watchlistType": "watchlist", + "watchlistAlias": "MyAlias", + "isDeleted": false, + "labels": [], + "defaultDuration": "P1DT3H", + "tenantId": "xxx", + "numberOfLinesToSkip": 1, + "provisioningState": "Succeeded", + "sasUri": "", + "watchlistCategory": "General" + } + }]} +"@ + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Alias = "MyAlias"; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 0; # Drift + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + Credential = $Credential; + } + + Mock -CommandName Invoke-AzRest -MockWith { + return @{ + StatusCode = '200' + Content = @" +{"value":[ +{ + "id": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.OperationalInsights/workspaces/xxxx/providers/Microsoft.SecurityInsights/Watchlists/xxxx", + "name": "MyWatchList", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "xxxx", + "displayName": "My Display Name", + "provider": "Microsoft", + "sourceType": "Local", + "itemsSearchKey": "Test", + "created": "2024-10-01T16:40:07.5468197-04:00", + "updated": "2024-10-01T16:58:54.4225042-04:00", + "createdBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "updatedBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "description": "My description", + "watchlistType": "watchlist", + "watchlistAlias": "MyAlias", + "isDeleted": false, + "labels": [], + "defaultDuration": "P1DT3H", + "tenantId": "xxx", + "numberOfLinesToSkip": 1, + "provisioningState": "Succeeded", + "sasUri": "", + "watchlistCategory": "General" + } + }]} +"@ + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-AzRest -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Invoke-AzRest -MockWith { + return @{ + StatusCode = '200' + Content = @" +{"value":[ +{ + "id": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.OperationalInsights/workspaces/xxxx/providers/Microsoft.SecurityInsights/Watchlists/xxxx", + "name": "MyWatchList", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "xxxx", + "displayName": "My Display Name", + "provider": "Microsoft", + "sourceType": "Local", + "itemsSearchKey": "Test", + "created": "2024-10-01T16:40:07.5468197-04:00", + "updated": "2024-10-01T16:58:54.4225042-04:00", + "createdBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "updatedBy": { + "objectId": "xxxx", + "name": "xxxx" + }, + "description": "My description", + "watchlistType": "watchlist", + "watchlistAlias": "MyAlias", + "isDeleted": false, + "labels": [], + "defaultDuration": "P1DT3H", + "tenantId": "xxx", + "numberOfLinesToSkip": 1, + "provisioningState": "Succeeded", + "sasUri": "", + "watchlistCategory": "General" + } + }]} +"@ + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 index 01c660ea09..cefb7bcf73 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 @@ -67,7 +67,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = @("123456") Identity = 'FakeStringValue' Ensure = 'Present' Credential = $Credential @@ -99,7 +98,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = @('123456') Identity = 'FakeStringValue' Ensure = 'Absent' Credential = $Credential @@ -111,14 +109,29 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = "Microsoft.Teams.Policy.Aministration.Cmdlets.Core.CompianceRecordingApplication" + ComplianceRecordingApplications = @( + @{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ) Identity = 'FakeStringValue' } } Mock -CommandName Get-CsTeamsComplianceRecordingApplication -MockWith { return @{ - Identity = 'FakeStringValue/123456' - Id = '123456' + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True } } @@ -128,9 +141,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Result = (Get-TargetResource @testParams) $Result.Ensure | Should -Be 'Present' $Result.ComplianceRecordingApplications.Length | Should -Be 1 - $Result.ComplianceRecordingApplications[0] | Should -Be '123456' Should -Invoke -CommandName Get-CsTeamsComplianceRecordingPolicy -Exactly 1 - Should -Invoke -CommandName Get-CsTeamsComplianceRecordingApplication -ParameterFilter {$Filter -eq 'FakeStringValue/*'} -Exactly 1 } @@ -151,7 +162,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = @('123456') Identity = 'FakeStringValue' Ensure = 'Present' Credential = $Credential @@ -163,15 +173,29 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = "Microsoft.Teams.Policy.Aministration.Cmdlets.Core.CompianceRecordingApplication" + ComplianceRecordingApplications = @( + @{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ) Identity = 'FakeStringValue' - } } Mock -CommandName Get-CsTeamsComplianceRecordingApplication -MockWith { return @{ - Identity = 'FakeStringValue/123456' - Id = '123456' + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True } } } @@ -188,7 +212,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = @('123456') Identity = 'FakeStringValue' Ensure = 'Present' Credential = $Credential @@ -197,18 +220,33 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsComplianceRecordingPolicy -MockWith { return @{ WarnUserOnRemoval = $False - Description = 'FakeStringValueDrift' #Drift - Enabled = $False - DisableComplianceRecordingAudioNotificationForCalls = $False - ComplianceRecordingApplications = "Microsoft.Teams.Policy.Aministration.Cmdlets.Core.CompianceRecordingApplication" + Description = 'FakeStringValue' + Enabled = $True + DisableComplianceRecordingAudioNotificationForCalls = $True + ComplianceRecordingApplications = @( + @{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ) Identity = 'FakeStringValue' } } Mock -CommandName Get-CsTeamsComplianceRecordingApplication -MockWith { return @{ - Identity = 'FakeStringValue/123456Drift' - Id = '123456Drift' #Drift + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True } } } @@ -241,18 +279,20 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'FakeStringValue' Enabled = $True DisableComplianceRecordingAudioNotificationForCalls = $True - ComplianceRecordingApplications = "Microsoft.Teams.Policy.Aministration.Cmdlets.Core.CompianceRecordingApplication" + ComplianceRecordingApplications = @( + @{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @() + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ) Identity = 'FakeStringValue' - } } - Mock -CommandName Get-CsTeamsComplianceRecordingApplication -MockWith { - return @{ - Identity = 'FakeStringValue/123456' - Id = '123456' - } - } - } It 'Should Reverse Engineer resource from the Export method' { diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index d8d8db6694..af684909f3 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,586 +1,674 @@ -# region ExchangeOnlineManagement -function Get-SweepRule +#region Azure +function Invoke-AzRest { [CmdletBinding()] param( [Parameter()] - [System.Int32] - $SkipCount, + [System.String] + $Uri, [Parameter()] [System.String] - $Provider, + $Payload, [Parameter()] - [System.Object] - $Mailbox, + [System.String] + $Method + ) +} +#endregion + +#region Microsoft.Graph.Beta.Applications +function Get-MgBetaApplication +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $BypassScopeCheck, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $Identity, + [System.Int32] + $PageSize, [Parameter()] - [System.Object] - $ResultSize - ) -} + [PSObject] + $HttpPipelinePrepend, -function New-SweepRule -{ - [CmdletBinding()] - param( [Parameter()] - [System.String] - $Name, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $DestinationFolder, + [System.Int32] + $Top, [Parameter()] [System.String] - $Provider, + $CountVariable, [Parameter()] - [System.Object] - $SystemCategory, + [System.String] + $ApplicationId, [Parameter()] - [System.Object] - $KeepLatest, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $SourceFolder, + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $ConsistencyLevel, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [System.Object] - $Mailbox, + [System.String] + $Filter, [Parameter()] - [System.Object] - $Sender, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $KeepForDays, + [System.String] + $Search, [Parameter()] - [System.Boolean] - $Enabled - ) -} -function Remove-SweepRule -{ - [CmdletBinding()] - param( + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Object] - $Mailbox, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $Identity + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Set-SweepRule +function Update-MgBetaApplication { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $HomeRealmDiscoveryPolicies, + + [Parameter()] + [PSObject] + $Spa, + + [Parameter()] + [PSObject] + $Synchronization, + [Parameter()] [System.String] - $Name, + $DefaultRedirectUri, [Parameter()] - [System.Object] - $Sender, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $Provider, + $SignInAudience, [Parameter()] - [System.Object] - $SystemCategory, + [PSObject] + $VerifiedPublisher, [Parameter()] - [System.Object] - $KeepLatest, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Object] - $SourceFolder, + [PSObject] + $OptionalClaims, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $IdentifierUris, [Parameter()] - [System.Object] - $Mailbox, + [PSObject] + $AuthenticationBehaviors, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $IsDeviceOnlyAuthSupported, [Parameter()] - [System.Object] - $DestinationFolder, + [System.String] + $TokenEncryptionKeyId, [Parameter()] - [System.Object] - $KeepForDays, + [System.String] + $UniqueName, [Parameter()] - [System.Boolean] - $Enabled - ) -} + [System.String] + $Description, -function Get-DefaultTenantBriefingConfig -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $ResultSize - ) -} -function Get-DefaultTenantMyAnalyticsFeatureConfig -{ - [CmdletBinding()] - param( + $TokenIssuancePolicies, + + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [PSObject] - $ResultSize - ) -} -function Set-DefaultTenantBriefingConfig -{ - [CmdletBinding()] - param( + $Api, + [Parameter()] [System.String] - $IsEnabledByDefault, + $PublisherDomain, [Parameter()] - [PSObject] - $ResultSize - ) -} -function Set-DefaultTenantMyAnalyticsFeatureConfig -{ - [CmdletBinding()] - param( + [System.String] + $GroupMembershipClaims, + [Parameter()] [System.String] - $Feature, + $Id, [Parameter()] - [System.Boolean] - $IsEnabled, + [System.String[]] + $Tags, [Parameter()] [PSObject] - $ResultSize, + $HttpPipelineAppend, [Parameter()] - [System.Nullable`1[System.Double]] - $SamplingRate - ) -} -#endregion -#region ExchangeOnlineManagement -function Add-AvailabilityAddressSpace -{ - [CmdletBinding()] - param( + [PSObject] + $Owners, + [Parameter()] - [System.Management.Automation.PSCredential] - $Credentials, + [PSObject] + $FederatedIdentityCredentials, + + [Parameter()] + [PSObject] + $TokenLifetimePolicies, + + [Parameter()] + [PSObject] + $AppManagementPolicies, [Parameter()] [System.String] - $ForestName, + $DisabledByMicrosoftStatus, [Parameter()] - [System.Uri] - $TargetAutodiscoverEpr, + [PSObject] + $PasswordCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $PublicClient, [Parameter()] [System.String] - $TargetTenantId, + $Notes, [Parameter()] - [System.String] - $TargetServiceEpr, + [PSObject] + $RequiredResourceAccess, [Parameter()] - [System.Object] - $AccessMethod - ) -} -function Add-MailboxPermission -{ - [CmdletBinding()] - param( + [PSObject] + $ParentalControlSettings, + [Parameter()] - [System.Object] - $Owner, + [PSObject] + $Web, [Parameter()] - [System.Object[]] - $AccessRights, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $GroupMailbox, + $IsFallbackPublicClient, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Deny, + [System.String] + $NativeAuthenticationApisEnabled, [Parameter()] - [System.Object] - $AutoMapping, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $RequestSignatureVerification, [Parameter()] - [System.Object] - $User, + [System.String] + $LogoInputFile, [Parameter()] - [System.Object] - $Identity, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.String] + $ApplicationId, [Parameter()] - [System.DirectoryServices.ActiveDirectorySecurityInheritance] - $InheritanceType - ) -} -function Add-RecipientPermission -{ - [CmdletBinding()] - param( + [PSObject] + $AppRoles, + [Parameter()] - [System.Object] - $AccessRights, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $ExtensionProperties, [Parameter()] - [System.Object] - $Trustee - ) -} -function Disable-JournalRule -{ - [CmdletBinding()] - param( + [PSObject] + $Windows, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $Identity - ) -} -function Enable-JournalRule -{ - [CmdletBinding()] - param( + [PSObject] + $CreatedOnBehalfOf, + + [Parameter()] + [PSObject] + $ConnectorGroup, + + [Parameter()] + [PSObject] + $ServicePrincipalLockConfiguration, + + [Parameter()] + [System.String] + $ServiceManagementReference, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [PSObject] + $KeyCredentials, + + [Parameter()] + [PSObject] + $Certification, + + [Parameter()] + [PSObject] + $OnPremisesPublishing, + + [Parameter()] + [System.String] + $SamlMetadataUrl, + + [Parameter()] + [PSObject] + $Info, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $Identity - ) -} -function Enable-OrganizationCustomization -{ - [CmdletBinding()] - param( + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $AppId, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm + $Break ) } -function Get-AcceptedDomain +#endregion + +#region Azure +function Get-AzSentinelSetting { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity, + [System.String] + $ResourceGroupName, [Parameter()] - [System.Object] - $ResultSize + [System.String] + $WorkspaceName, + + [Parameter()] + [System.String] + $SubscriptionId ) } -function Get-ActiveSyncDevice + +function Update-AzSentinelSetting { [CmdletBinding()] param( [Parameter()] [System.String] - $SortBy, + $ResourceGroupName, [Parameter()] - [System.Object] - $Mailbox, + [System.String] + $WorkspaceName, [Parameter()] - [System.Object] - $OrganizationalUnit, + [System.Boolean] + $Enabled, [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Object] - $Identity, + $SettingsName, [Parameter()] - [System.Object] - $ResultSize - ) -} -function Get-ActiveSyncDeviceAccessRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity + [System.String] + $DataSource ) } -function Get-AddressBookPolicy + +function Get-AzResource { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity + [System.String] + $ResourceType ) } -function Get-AddressList + +function Get-AzSubscription { [CmdletBinding()] param( [Parameter()] [System.String] - $SearchText, - - [Parameter()] - [System.Object] - $Identity, + $SubscriptionId, [Parameter()] - [System.Object] - $Container + [System.String] + $SubscriptionName ) } -function Get-AdminAuditLogConfig + +function Get-AzSecurityPricing { [CmdletBinding()] param( - + [Parameter()] + [System.String] + $Name ) } -function Get-AntiPhishPolicy + +function Set-AzSecurityPricing { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Impersonation, + [System.String] + $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Advanced, + [System.String] + $PricingTier, [Parameter()] - [System.Object] - $Identity, + [System.String] + $SubPlan, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Spoof + [System.String] + $Extension ) } -function Get-AntiPhishRule + +function Get-AzContext { [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, + param() +} +function Set-AzContext +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $State + [System.String] + $Subscription ) } -function Get-App + +function Search-AzGraph { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Mailbox, + [System.String] + $Query, [Parameter()] - [System.Object] - $Identity, + [System.Int32] + $First, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationApp, + [System.String] + $SkipToken, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrivateCatalog + $UseTenantScope ) } -function Get-ApplicationAccessPolicy + + +function Enable-ATPProtectionPolicyRule { [CmdletBinding()] param( [Parameter()] - [System.Object] + [System.String] $Identity ) } -function Get-AtpPolicyForO365 + +function Enable-AzSubscription { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity + [System.String] + $Id ) } -function Get-AuditConfig + +function Disable-ATPProtectionPolicyRule { [CmdletBinding()] param( - - ) -} -function Get-AuditConfigurationPolicy + [Parameter()] + [System.String] + $Identity + ) +} + +function Disable-AzSubscription { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity + [System.String] + $Id ) } -function Get-AuthenticationPolicy +#endregion + +# region ExchangeOnlineManagement +function Get-EmailTenantSettings +{ + [CmdletBinding()] + param( + ) +} + +function Set-EmailTenantSettings +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnablePriorityAccountProtection + ) +} + +function Get-DnssecStatusForVerifiedDomain { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity + $DomainName ) } -function Get-AvailabilityAddressSpace + +function Enable-DnssecForVerifiedDomain { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity + $DomainName ) } -function Get-AvailabilityConfig + +function Disable-DnssecForVerifiedDomain { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity + $DomainName ) } -function Get-CalendarProcessing + +function Get-MailboxIRMAccess { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity, + $User, [Parameter()] [System.Object] - $ResultSize + $Identity ) } -function Get-CASMailbox + +function Set-MailboxIRMAccess { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $RecalculateHasActiveSyncDevicePartnership, + [System.Object] + $User, [Parameter()] - [System.String] - $SortBy, + [System.Object] + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtocolSettings, + [System.Object] + $AccessLevel + ) +} + +function Remove-MailboxIRMAccess +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $User, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ReadIsOptimizedForAccessibility, + [System.Object] + $Identity + ) +} + +function Get-ArcConfig +{ + [CmdletBinding()] + param() +} +function Set-ArcConfig +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.String[]] + $ArcTrustedSealers, [Parameter()] [System.Object] - $OrganizationalUnit, + $Identity + ) +} +function Get-ManagementScope +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ActiveSyncDebugLogging, + [System.Boolean] + $Exclusive, [Parameter()] [System.Object] @@ -588,59 +676,71 @@ function Get-CASMailbox [Parameter()] [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + $Orphan + ) +} +function New-ManagementScope +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $RecipientTypeDetails, + [System.Management.Automation.SwitchParameter] + $Exclusive, [Parameter()] [System.Object] - $ResultSize, + $RecipientRoot, [Parameter()] [System.String] - $Filter, + $Name, [Parameter()] [System.Management.Automation.SwitchParameter] - $ActiveSyncSuppressReadReceipt, + $Confirm, [Parameter()] [System.String] - $Anr + $RecipientRestrictionFilter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force ) } -function Get-CASMailboxPlan + +function Set-ManagementScope { [CmdletBinding()] param( [Parameter()] - [System.String] - $SortBy, + [System.Object] + $RecipientRoot, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.String] + $Name, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.String] + $RecipientRestrictionFilter, [Parameter()] [System.Object] - $ResultSize, + $Identity, [Parameter()] - [System.String] - $Filter + [System.Management.Automation.SwitchParameter] + $Force ) } -function Get-ClientAccessRule + +function Remove-ManagementScope { [CmdletBinding()] param( @@ -653,43 +753,32 @@ function Get-ClientAccessRule $Identity, [Parameter()] - [System.Object] - $DomainController + [System.Management.Automation.SwitchParameter] + $Force ) } -function Get-ComplianceTag + +function Get-FocusedInbox { [CmdletBinding()] param( [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludingLabelState, + $UseCustomRouting, [Parameter()] [System.Object] $Identity ) } -function Get-DataClassification -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - [Parameter()] - [System.Object] - $ClassificationRuleCollectionIdentity - ) -} -function Get-DataEncryptionPolicy +function Set-FocusedInbox { [CmdletBinding()] param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $UseCustomRouting, [Parameter()] [System.Object] @@ -697,248 +786,229 @@ function Get-DataEncryptionPolicy [Parameter()] [System.Object] - $DomainController + $FocusedInboxOn ) } -function Get-DeviceConditionalAccessPolicy + +function Get-MailboxCalendarConfiguration { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity - ) -} -function Get-DeviceConfigurationPolicy -{ - [CmdletBinding()] - param( + $MailboxLocation, + [Parameter()] [System.Object] $Identity ) } -function Get-DistributionGroup + +function Set-MailboxCalendarConfiguration { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, + [System.Int32] + $WeatherLocationBookmark, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromWithDisplayNames, + [System.Object] + $WorkspaceUserEnabled, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Boolean] + $ConversationalSchedulingEnabled, [Parameter()] - [System.Object] - $OrganizationalUnit, + [System.Boolean] + $HotelEventsFromEmailEnabled, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $SkipAgendaMailOnFreeDays, [Parameter()] - [System.Object[]] - $RecipientTypeDetails, + [System.Boolean] + $DiningEventsFromEmailEnabled, [Parameter()] [System.Object] - $ManagedBy, + $Identity, + + [Parameter()] + [System.Boolean] + $CreateEventsFromEmailAsPrivate, [Parameter()] [System.String] - $Filter, + $CalendarFeedsPreferredLanguage, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, + [System.Boolean] + $PackageDeliveryEventsFromEmailEnabled, [Parameter()] [System.Object] - $ResultSize, + $WorkingHoursTimeZone, [Parameter()] - [System.String] - $Anr, + [System.Object] + $WeatherLocations, [Parameter()] - [System.String] - $SortBy - ) -} -function Get-DistributionGroupMember -{ - [CmdletBinding()] - param( + [System.Boolean] + $FlightEventsFromEmailEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeSoftDeletedObjects, + [System.Boolean] + $RentalCarEventsFromEmailEnabled, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $DeleteMeetingRequestOnRespond, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Int32] + $DefaultMeetingDuration, [Parameter()] - [System.Object] - $ResultSize - ) -} -function Get-DkimSigningConfig -{ - [CmdletBinding()] - param( + [System.Boolean] + $ReminderSoundEnabled, + [Parameter()] - [System.Object] - $Identity - ) -} -function Get-EmailAddressPolicy -{ - [CmdletBinding()] - param( + [System.TimeSpan] + $WorkingHoursEndTime, + [Parameter()] [System.Object] - $Identity - ) -} -function Get-GlobalAddressList -{ - [CmdletBinding()] - param( + $ShortenEventScopeDefault, + + [Parameter()] + [System.Boolean] + $InvoiceEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $UseBrightCalendarColorThemeInOwa, + + [Parameter()] + [System.TimeSpan] + $DefaultReminderTime, + [Parameter()] [System.Object] - $Identity, + $LocationDetailsInFreeBusy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DefaultOnly - ) -} -function Get-Group -{ - [CmdletBinding()] - param( + [System.Object] + $WeatherEnabled, + [Parameter()] [System.String] - $SortBy, + $CalendarFeedsPreferredRegion, + + [Parameter()] + [System.Boolean] + $ServiceAppointmentEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $ShowWeekNumbers, + + [Parameter()] + [System.Boolean] + $RemindersEnabled, [Parameter()] [System.Object] - $OrganizationalUnit, + $WeekStartDay, [Parameter()] [System.Object] - $Identity, + $FirstWeekOfYear, [Parameter()] - [System.Object[]] - $RecipientTypeDetails, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $ResultSize, + [System.Boolean] + $AgendaMailIntroductionEnabled, [Parameter()] - [System.String] - $Filter, + [System.TimeSpan] + $WorkingHoursStartTime, [Parameter()] [System.String] - $Anr - ) -} -function Get-HostedConnectionFilterPolicy -{ - [CmdletBinding()] - param( + $CalendarFeedsRootPageId, + [Parameter()] [System.Object] - $Identity - ) -} -function Get-HostedContentFilterPolicy -{ - [CmdletBinding()] - param( + $DailyAgendaMailSchedule, + [Parameter()] - [System.Object] - $Identity - ) -} -function Get-HostedContentFilterRule -{ - [CmdletBinding()] - param( + [System.Int32] + $DefaultMinutesToReduceLongEventsBy, + [Parameter()] - [System.Object] - $Identity, + [System.Int32] + $DefaultMinutesToReduceShortEventsBy, [Parameter()] - [System.Object] - $State - ) -} -function Get-HostedOutboundSpamFilterPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $AutoDeclineWhenBusy, + [Parameter()] [System.Object] - $Identity - ) -} -function Get-HostedOutboundSpamFilterRule -{ - [CmdletBinding()] - param( + $OnlineMeetingsByDefaultEnabled, + + [Parameter()] + [System.Boolean] + $PreserveDeclinedMeetings, + [Parameter()] [System.Object] - $Identity, + $TimeIncrement, [Parameter()] [System.Object] - $State - ) -} -function Get-InboundConnector -{ - [CmdletBinding()] - param( + $WorkDays, + + [Parameter()] + [System.Boolean] + $EntertainmentEventsFromEmailEnabled, + + [Parameter()] + [System.Boolean] + $EventsFromEmailEnabled, + [Parameter()] [System.Object] - $Identity, + $WeatherUnit, [Parameter()] [System.Object] - $ResultSize - ) -} -function Get-IntraOrganizationConnector -{ - [CmdletBinding()] - param( + $DefaultOnlineMeetingProvider, + [Parameter()] [System.Object] - $Identity - ) -} -function Get-IRMConfiguration -{ - [CmdletBinding()] - param( + $MailboxLocation, + [Parameter()] + [System.Boolean] + $AgendaMailEnabled, + + [Parameter()] + [System.Boolean] + $AgendaPaneEnabled ) } -function Get-JournalRule + + + +function Get-RetentionPolicy { [CmdletBinding()] param( @@ -947,102 +1017,114 @@ function Get-JournalRule $Identity ) } -function Get-Mailbox + +function New-RetentionPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $SortBy, + $Name, [Parameter()] - [System.Object] - $Identity, + [System.Object[]] + $RetentionPolicyTagLinks, [Parameter()] [System.Management.Automation.SwitchParameter] - $InactiveMailboxOnly, + $IsDefaultArbitrationMailbox, [Parameter()] [System.Management.Automation.SwitchParameter] - $PublicFolder, + $IsDefault, [Parameter()] - [System.String] - $Anr, + [System.Guid] + $RetentionId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Archive, + $Confirm + ) +} - [Parameter()] - [System.Management.Automation.SwitchParameter] - $SoftDeletedMailbox, +function Remove-RetentionPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromWithDisplayNames, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, + $Force + ) +} - [Parameter()] - [System.Object] - $ResultSize, +function Set-RetentionPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $MailboxPlan, + [System.String] + $Name, [Parameter()] [System.Object[]] - $RecipientTypeDetails, + $RetentionPolicyTagLinks, [Parameter()] [System.Management.Automation.SwitchParameter] - $Migration, + $IsDefault, [Parameter()] - [System.String] - $Filter, + [System.Object] + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GroupMailbox, + [System.Guid] + $RetentionId, [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeInactiveMailbox, + $IsDefaultArbitrationMailbox, [Parameter()] - [System.Object] - $OrganizationalUnit, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeEmailAddressDisplayNames + $Force ) } -function Get-MailboxAutoReplyConfiguration + +function Get-SweepRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ReadFromDomainController, + [System.Int32] + $SkipCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, + [System.String] + $Provider, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Object] + $Mailbox, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassScopeCheck, [Parameter()] [System.Object] @@ -1053,491 +1135,376 @@ function Get-MailboxAutoReplyConfiguration $ResultSize ) } -function Get-MailboxCalendarFolder +function New-SweepRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, + [System.String] + $Name, [Parameter()] [System.Object] - $Identity - ) -} -function Get-MailboxFolder -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MailFolderOnly, + $DestinationFolder, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GetChildren, + [System.String] + $Provider, [Parameter()] [System.Object] - $Identity, + $SystemCategory, [Parameter()] [System.Object] - $ResultSize, + $KeepLatest, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Recurse - ) -} -function Get-MailboxFolderStatistics -{ - [CmdletBinding()] - param( [Parameter()] [System.Object] - $Database, + $SourceFolder, [Parameter()] - [System.String] - $DiagnosticInfo, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $StoreMailboxIdentity, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeOldestAndNewestItems, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, + $Mailbox, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Archive, + [System.Object] + $Sender, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeSoftDeletedRecipients, + [System.Object] + $KeepForDays, [Parameter()] - [System.Int32] - $SkipCount, - + [System.Boolean] + $Enabled + ) +} +function Remove-SweepRule +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeAnalysis, - - [Parameter()] - [System.Object] - $ResultSize, + $Confirm, [Parameter()] [System.Object] - $FolderScope, + $Mailbox, [Parameter()] [System.Object] $Identity ) } -function Get-MailboxPermission +function Set-SweepRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ReadFromDomainController, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeUnresolvedPermissions, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $GroupMailbox, + [System.String] + $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, + [System.Object] + $Sender, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeSoftDeletedUserPermissions, + [System.String] + $Provider, [Parameter()] [System.Object] - $User, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Owner, + $SystemCategory, [Parameter()] [System.Object] - $Identity, + $KeepLatest, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Object] + $SourceFolder, [Parameter()] [System.Management.Automation.SwitchParameter] - $SoftDeletedMailbox, + $Confirm, [Parameter()] [System.Object] - $ResultSize - ) -} -function Get-MailboxPlan -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $SortBy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $Filter, + $Mailbox, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.Object] + $Identity, [Parameter()] [System.Object] - $ResultSize, + $DestinationFolder, [Parameter()] [System.Object] - $Identity, + $KeepForDays, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllMailboxPlanReleases + [System.Boolean] + $Enabled ) } -function Get-MailboxRegionalConfiguration + +function Get-ExoPhishSimOverrideRule { [CmdletBinding()] param( [Parameter()] [System.Management.Automation.SwitchParameter] - $VerifyDefaultFolderNameLanguage, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Archive, + $Confirm, [Parameter()] [System.Object] $Identity, [Parameter()] - [System.Object] - $MailboxLocation + [System.String] + $Policy ) } -function Get-MailContact + +function New-ExoPhishSimOverrideRule { [CmdletBinding()] param( [Parameter()] [System.String] - $SortBy, - - [Parameter()] - [System.Object] - $OrganizationalUnit, + $Name, [Parameter()] [System.Object] - $Identity, + $SenderIpRanges, [Parameter()] - [System.Object[]] - $RecipientTypeDetails, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $ResultSize, + $Domains, [Parameter()] [System.String] - $Filter, + $Comment, [Parameter()] [System.String] - $Anr + $Policy ) } -function Get-MalwareFilterPolicy + +function Remove-ExoPhishSimOverrideRule { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] $Identity ) } -function Get-MalwareFilterRule + +function Set-ExoPhishSimOverrideRule { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity, + $AddDomains, [Parameter()] - [System.Object] - $State - ) -} + [System.Management.Automation.SwitchParameter] + $Confirm, -function Get-ManagementRoleEntry -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Identity, + $Comment, [Parameter()] - [System.String] - $ResultSize - ) -} + [System.Object] + $AddSenderIpRanges, -function Get-MgBetaRoleManagementEntitlementManagementRoleAssignment -{ - [CmdletBinding()] - param( [Parameter()] - [System.String] - $UnifiedRoleAssignmentId, + [System.Object] + $Identity, [Parameter()] - [System.String] - $Filter, + [System.Object] + $RemoveDomains, [Parameter()] - [Switch] - $All + [System.Object] + $RemoveSenderIpRanges ) } -function Get-MgBetaRoleManagementEntitlementManagementRoleDefinition +function Get-DefaultTenantBriefingConfig { [CmdletBinding()] param( [Parameter()] - [System.String] - $UnifiedRoleDefinitionId, - - [Parameter()] - [System.String] - $Filter, - - [Parameter()] - [Switch] - $All + [PSObject] + $ResultSize ) } - -function Get-MgBetaPolicyAuthenticationFlowPolicy -{ - [CmdletBinding()] - param() -} - -function Update-MgBetaPolicyAuthenticationFlowPolicy +function Get-DefaultTenantMyAnalyticsFeatureConfig { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $SelfServiceSignUp + [PSObject] + $ResultSize ) } - -function New-MgBetaRoleManagementEntitlementManagementRoleAssignment +function Set-DefaultTenantBriefingConfig { [CmdletBinding()] param( [Parameter()] [System.String] - $AppScopeId, - - [Parameter()] - [System.String] - $DirectoryScopeId, - - [Parameter()] - [System.String] - $PrincipalId, - - [Parameter()] - [System.String] - $RoleDefinitionId - ) -} + $IsEnabledByDefault, -function Remove-MgBetaRoleManagementEntitlementManagementRoleAssignment -{ - [CmdletBinding()] - param( [Parameter()] - [System.String] - $UnifiedRoleAssignmentId + [PSObject] + $ResultSize ) } - -function Set-ManagementRoleEntry +function Set-DefaultTenantMyAnalyticsFeatureConfig { [CmdletBinding()] param( [Parameter()] [System.String] - $Identity, + $Feature, [Parameter()] - [System.String[]] - $Parameters, + [System.Boolean] + $IsEnabled, [Parameter()] - [Switch] - $AddParameter, + [PSObject] + $ResultSize, [Parameter()] - [Switch] - $RemoveParameter + [System.Nullable`1[System.Double]] + $SamplingRate ) } - -function Get-ManagementRole +#endregion +#region ExchangeOnlineManagement +function Add-AvailabilityAddressSpace { [CmdletBinding()] param( [Parameter()] - [System.Object] - $RoleType, + [System.Management.Automation.PSCredential] + $Credentials, [Parameter()] - [System.String[]] - $CmdletParameters, + [System.String] + $ForestName, [Parameter()] - [System.String[]] - $ScriptParameters, + [System.Uri] + $TargetAutodiscoverEpr, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $Cmdlet, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Recurse, + $TargetTenantId, [Parameter()] [System.String] - $Script, + $TargetServiceEpr, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GetChildren + [System.Object] + $AccessMethod ) } -function Get-ManagementRoleAssignment +function Add-MailboxPermission { [CmdletBinding()] param( [Parameter()] [System.Object] - $RoleAssigneeType, - - [Parameter()] - [System.Object] - $CustomRecipientWriteScope, + $Owner, [Parameter()] - [System.Object] - $Identity, + [System.Object[]] + $AccessRights, [Parameter()] - [System.Object] - $RecipientGroupScope, + [System.Management.Automation.SwitchParameter] + $GroupMailbox, [Parameter()] - [System.Boolean] - $Enabled, + [System.Management.Automation.SwitchParameter] + $Deny, [Parameter()] [System.Object] - $RecipientWriteScope, + $AutoMapping, [Parameter()] - [System.Object] - $WritableRecipient, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $ConfigWriteScope, - - [Parameter()] - [System.Boolean] - $Delegating, - - [Parameter()] - [System.Boolean] - $Exclusive, + $User, [Parameter()] - [System.Object[]] - $AssignmentMethod, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $GetEffectiveUsers, + $IgnoreDefaultScope, [Parameter()] - [System.Object] - $Role, - + [System.DirectoryServices.ActiveDirectorySecurityInheritance] + $InheritanceType + ) +} +function Add-RecipientPermission +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $RecipientAdministrativeUnitScope, + $AccessRights, [Parameter()] - [System.Object] - $ExclusiveRecipientWriteScope, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $RecipientOrganizationalUnitScope, + $Identity, [Parameter()] [System.Object] - $RoleAssignee + $Trustee ) } -function Get-MessageClassification +function Get-ExoSecOpsOverrideRule { [CmdletBinding()] param( @@ -1546,138 +1513,129 @@ function Get-MessageClassification $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeLocales + [System.Object] + $Policy ) } -function Get-MobileDevice + +function New-ExoSecOpsOverrideRule { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $OWAforDevices, - [Parameter()] [System.String] - $SortBy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $UniversalOutlook, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ActiveSync, - - [Parameter()] - [System.Object] - $Mailbox, - - [Parameter()] - [System.Object] - $OrganizationalUnit, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $RestApi, + $Name, [Parameter()] [System.Object] - $ResultSize, + $Policy, [Parameter()] [System.String] - $Filter + $Comment ) } -function Get-MobileDeviceMailboxPolicy +function Remove-ExoSecOpsOverrideRule { [CmdletBinding()] param( + [Parameter()] [System.Object] $Identity ) } -function Get-OfflineAddressBook +function Set-ExoSecOpsOverrideRule { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Comment, + [Parameter()] [System.Object] $Identity ) } -function Get-OMEConfiguration +function Disable-JournalRule { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] $Identity ) } -function Get-OnPremisesOrganization +function Enable-JournalRule { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] $Identity ) } -function Get-OrganizationConfig +function Enable-OrganizationCustomization { [CmdletBinding()] param( - + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function Get-OrganizationRelationship +function Get-AcceptedDomain { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } -function Get-OutboundConnector +function Get-ActiveSyncDevice { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $IncludeTestModeConnectors, + [System.String] + $SortBy, [Parameter()] [System.Object] - $Identity, + $Mailbox, [Parameter()] [System.Object] - $ResultSize, + $OrganizationalUnit, [Parameter()] - [System.Boolean] - $IsTransportRuleScoped - ) -} -function Get-OwaMailboxPolicy -{ - [CmdletBinding()] - param( + [System.String] + $Filter, + [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } -function Get-PartnerApplication +function Get-ActiveSyncDeviceAccessRule { [CmdletBinding()] param( @@ -1686,7 +1644,7 @@ function Get-PartnerApplication $Identity ) } -function Get-PerimeterConfig +function Get-AddressBookPolicy { [CmdletBinding()] param( @@ -1695,17 +1653,13 @@ function Get-PerimeterConfig $Identity ) } -function Get-Place +function Get-AddressList { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Type, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $SearchText, [Parameter()] [System.Object] @@ -1713,31 +1667,38 @@ function Get-Place [Parameter()] [System.Object] - $ResultSize + $Container ) } -function Get-PolicyTipConfig +function Get-AdminAuditLogConfig { [CmdletBinding()] param( - [Parameter()] - [System.Object] - $Action, + ) +} +function Get-AntiPhishPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Original, + $Impersonation, [Parameter()] - [System.Globalization.CultureInfo] - $Locale, + [System.Management.Automation.SwitchParameter] + $Advanced, [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Spoof ) } -function Get-QuarantinePolicy +function Get-AntiPhishRule { [CmdletBinding()] param( @@ -1747,117 +1708,80 @@ function Get-QuarantinePolicy [Parameter()] [System.Object] - $QuarantinePolicyType + $State ) } -function Get-Recipient +function Get-App { [CmdletBinding()] param( [Parameter()] - [System.String] - $SortBy, + [System.Object] + $Mailbox, [Parameter()] [System.Object] $Identity, [Parameter()] - [System.String] - $RecipientPreviewFilter, + [System.Management.Automation.SwitchParameter] + $OrganizationApp, [Parameter()] - [System.String] - $Anr, - - [Parameter()] - [System.String] - $BookmarkDisplayName, - - [Parameter()] - [System.Object] - $Capabilities, - - [Parameter()] - [System.Object] - $ResultSize, - - [Parameter()] - [System.Object[]] - $RecipientTypeDetails, - - [Parameter()] - [System.String[]] - $Properties, - - [Parameter()] - [System.Object] - $PropertySet, - + [System.Management.Automation.SwitchParameter] + $PrivateCatalog + ) +} +function Get-ApplicationAccessPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $AuthenticationType, + $Identity + ) +} +function Get-ATPProtectionPolicyRule +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeSoftDeletedRecipients, + $Identity, [Parameter()] - [System.Object[]] - $RecipientType, + [System.String] + $State + ) +} +function Get-AtpPolicyForO365 +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $OrganizationalUnit, - - [Parameter()] - [System.Boolean] - $IncludeBookmarkObject + $Identity ) } -function Get-RecipientPermission +function Get-AuditConfig { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ReadFromDomainController, - - [Parameter()] - [System.Object] - $AccessRights, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $ResultSize, - [Parameter()] - [System.Object] - $Trustee ) } -function Get-RemoteDomain +function Get-AuditConfigurationPolicy { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $ResultSize + $Identity ) } -function Get-ReportSubmissionPolicy +function Get-AuthenticationPolicy { [CmdletBinding()] param( @@ -1866,105 +1790,158 @@ function Get-ReportSubmissionPolicy $Identity ) } -function Get-ReportSubmissionRule +function Get-AvailabilityAddressSpace { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $State + $Identity ) } -function Get-ResourceConfig +function Get-AvailabilityConfig { [CmdletBinding()] param( - + [Parameter()] + [System.Object] + $Identity ) } -function Get-RoleAssignmentPolicy +function Get-CalendarProcessing { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } -function Get-RoleGroup +function Get-CASMailbox { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RecalculateHasActiveSyncDevicePartnership, + [Parameter()] [System.String] $SortBy, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $ProtocolSettings, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ReadIsOptimizedForAccessibility, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] [System.Object] - $ResultSize, + $OrganizationalUnit, [Parameter()] [System.Management.Automation.SwitchParameter] - $ShowPartnerLinked, + $ActiveSyncDebugLogging, [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, + + [Parameter()] + [System.Object[]] + $RecipientTypeDetails, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ActiveSyncSuppressReadReceipt, + + [Parameter()] + [System.String] + $Anr ) } -function Get-RoleGroupMember +function Get-CASMailboxPlan { [CmdletBinding()] param( + [Parameter()] + [System.String] + $SortBy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + [Parameter()] [System.Object] $Identity, [Parameter()] - [System.Object] - $ResultSize - ) -} -function Get-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, + [Parameter()] [System.Object] - $Identity + $ResultSize, + + [Parameter()] + [System.String] + $Filter ) } -function Get-SafeAttachmentRule +function Get-ClientAccessRule { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] $Identity, [Parameter()] [System.Object] - $State + $DomainController ) } -function Get-SafeLinksPolicy +function Get-ComplianceTag { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludingLabelState, + [Parameter()] [System.Object] $Identity ) } -function Get-SafeLinksRule +function Get-DataClassification { [CmdletBinding()] param( @@ -1974,23 +1951,27 @@ function Get-SafeLinksRule [Parameter()] [System.Object] - $State + $ClassificationRuleCollectionIdentity ) } -function Get-ServicePrincipal +function Get-DataEncryptionPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] $Identity, [Parameter()] [System.Object] - $Organization + $DomainController ) } -function Get-SharingPolicy +function Get-DeviceConditionalAccessPolicy { [CmdletBinding()] param( @@ -1999,803 +1980,914 @@ function Get-SharingPolicy $Identity ) } -function Get-SupervisoryReviewPolicyV2 +function Get-DeviceConditionalAccessRule { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity - ) -} -function Get-SupervisoryReviewRule -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $CompareToWorkload, + [Parameter()] [System.Object] $Identity, [Parameter()] [System.Object] - $Policy - ) -} -function Get-TransportConfig -{ - [CmdletBinding()] - param( - + $DomainController ) } -function Get-TransportRule +function New-DeviceConditionalAccessRule { [CmdletBinding()] param( - [Parameter()] - [System.String] - $DlpPolicy, - [Parameter()] [System.Object] - $ResultSize, + $CameraEnabled, [Parameter()] - [System.Boolean] - $ExcludeConditionActionDetails, + [System.Object] + $EnableRemovableStorage, [Parameter()] - [System.String] - $Filter, + [System.Object] + $AntiVirusSignatureStatus, [Parameter()] [System.Object] - $State, + $FirewallStatus, [Parameter()] [System.Object] - $Identity - ) -} -function Get-UnifiedGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $SortBy, + $AllowAppStore, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeSoftDeletedGroups, + [System.Object] + $AllowAssistantWhileLocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeAllProperties, + [System.Object] + $AllowiCloudBackup, [Parameter()] - [System.String] - $Filter, + [System.Object] + $AppsRating, [Parameter()] [System.Object] - $Identity, + $PasswordHistoryCount, [Parameter()] [System.Object] - $ResultSize, + $PasswordQuality, [Parameter()] - [System.String] - $Anr - ) -} -function Get-User -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $SortBy, + [System.Object] + $PasswordMinComplexChars, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PublicFolder, + [System.Object] + $PhoneMemoryEncrypted, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsVIP, + [System.String] + $EmailAddress, [Parameter()] [System.Object] - $OrganizationalUnit, + $BluetoothEnabled, [Parameter()] [System.Object] - $Identity, + $AllowConvenienceLogon, [Parameter()] - [System.Object[]] - $RecipientTypeDetails, + [System.Object] + $MaxPasswordGracePeriod, [Parameter()] [System.Object] - $ResultSize, + $AllowiCloudDocSync, [Parameter()] - [System.String] - $Filter, + [System.Object] + $ForceAppStorePassword, [Parameter()] - [System.String] - $Anr - ) -} -function New-ActiveSyncDeviceAccessRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $QueryString, + [System.Object] + $Policy, [Parameter()] [System.Object] - $Characteristic, + $TVShowsRating, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AllowJailbroken, [Parameter()] [System.Object] - $AccessLevel - ) -} -function New-AddressBookPolicy -{ - [CmdletBinding()] - param( + $RequireEmailProfile, + [Parameter()] [System.Object] - $RoomList, + $AllowDiagnosticSubmission, [Parameter()] [System.Object] - $OfflineAddressBook, + $AutoUpdateStatus, [Parameter()] [System.String] - $Name, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $AccountUserName, [Parameter()] [System.Object] - $GlobalAddressList, + $WLANEnabled, [Parameter()] - [System.Object[]] - $AddressLists - ) -} -function New-AddressList -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AllowVoiceDialing, [Parameter()] [System.String] - $RecipientFilter, + $AccountName, [Parameter()] [System.Object] - $ConditionalCustomAttribute8, + $PasswordExpirationDays, [Parameter()] - [System.String] - $DisplayName, + [System.Object] + $PasswordTimeout, [Parameter()] [System.Object] - $ConditionalCustomAttribute10, + $AllowiCloudPhotoSync, [Parameter()] - [System.String] - $Name, + [System.Object] + $AllowSimplePassword, [Parameter()] [System.Object] - $ConditionalCustomAttribute9, + $AllowPassbookWhileLocked, [Parameter()] [System.Object] - $ConditionalCustomAttribute2, + $PasswordMinimumLength, [Parameter()] [System.Object] - $IncludedRecipients, + $AllowVideoConferencing, [Parameter()] [System.Object] - $ConditionalCompany, + $PasswordRequired, [Parameter()] [System.Object] - $ConditionalCustomAttribute6, + $MaxPasswordAttemptsBeforeWipe, [Parameter()] [System.Object] - $ConditionalCustomAttribute3, + $MoviesRating, [Parameter()] - [System.Object] - $ConditionalCustomAttribute12, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $Container, + $DomainController, [Parameter()] [System.Object] - $ConditionalCustomAttribute13, + $AntiVirusStatus, + + [Parameter()] + [System.String] + $WorkFoldersSyncUrl, [Parameter()] [System.Object] - $ConditionalCustomAttribute15, + $UserAccountControlStatus, [Parameter()] [System.Object] - $ConditionalDepartment, + $ForceEncryptedBackup, + + [Parameter()] + [System.String] + $ExchangeActiveSyncHost, [Parameter()] [System.Object] - $ConditionalStateOrProvince, + $AllowScreenshot, [Parameter()] [System.Object] - $ConditionalCustomAttribute7, + $PasswordComplexity, [Parameter()] [System.Object] - $ConditionalCustomAttribute14, + $TargetGroups, [Parameter()] [System.Object] - $ConditionalCustomAttribute4, + $AllowVoiceAssistant, [Parameter()] [System.Object] - $ConditionalCustomAttribute11, + $SystemSecurityTLS, [Parameter()] [System.Object] - $ConditionalCustomAttribute1, + $RegionRatings, [Parameter()] [System.Object] - $ConditionalCustomAttribute5 + $SmartScreenEnabled ) } -function New-AntiPhishPolicy +function Remove-DeviceConditionalAccessRule { [CmdletBinding()] param( - [Parameter()] - [System.Boolean] - $EnableFirstContactSafetyTips, - [Parameter()] [System.Management.Automation.SwitchParameter] - $MakeDefault, + $Confirm, [Parameter()] [System.Object] - $DmarcRejectAction, - + $Identity + ) +} +function Set-DeviceConditionalAccessRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $PhishThresholdLevel, + [System.Object] + $CameraEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $EnableRemovableStorage, [Parameter()] - [System.Boolean] - $EnableTargetedDomainsProtection, + [System.Object] + $AntiVirusSignatureStatus, [Parameter()] - [System.Boolean] - $HonorDmarcPolicy, + [System.Object] + $FirewallStatus, [Parameter()] - [System.Boolean] - $Enabled, + [System.Object] + $AllowAppStore, [Parameter()] - [System.Boolean] - $EnableViaTag, + [System.Object] + $AllowAssistantWhileLocked, [Parameter()] - [System.String] - $Name, + [System.Object] + $AllowiCloudBackup, [Parameter()] [System.Object] - $TargetedDomainsToProtect, + $AppsRating, [Parameter()] - [System.Boolean] - $EnableSpoofIntelligence, + [System.Object] + $PasswordHistoryCount, [Parameter()] - [System.Boolean] - $EnableSimilarUsersSafetyTips, + [System.Object] + $PasswordQuality, [Parameter()] [System.Object] - $ExcludedDomains, + $PasswordMinComplexChars, [Parameter()] [System.Object] - $MailboxIntelligenceProtectionAction, + $PhoneMemoryEncrypted, [Parameter()] - [System.Object] - $TargetedDomainActionRecipients, + [System.String] + $EmailAddress, [Parameter()] [System.Object] - $DmarcQuarantineAction, + $BluetoothEnabled, [Parameter()] - [System.Boolean] - $EnableMailboxIntelligence, + [System.Object] + $Identity, [Parameter()] - [System.String] - $TargetedDomainQuarantineTag, + [System.Object] + $AllowConvenienceLogon, [Parameter()] - [System.String] - $SimilarUsersSafetyTipsCustomText, + [System.Object] + $MaxPasswordGracePeriod, [Parameter()] [System.Object] - $ImpersonationProtectionState, + $AllowiCloudDocSync, [Parameter()] [System.Object] - $TargetedDomainProtectionAction, + $ForceAppStorePassword, [Parameter()] - [System.String] - $AdminDisplayName, + [System.Object] + $TVShowsRating, [Parameter()] [System.Object] - $TargetedUsersToProtect, + $AllowJailbroken, [Parameter()] [System.Object] - $TargetedUserProtectionAction, + $RequireEmailProfile, [Parameter()] [System.Object] - $RecommendedPolicyType, + $AllowDiagnosticSubmission, [Parameter()] [System.Object] - $MailboxIntelligenceProtectionActionRecipients, + $AutoUpdateStatus, [Parameter()] [System.String] - $MailboxIntelligenceQuarantineTag, + $AccountUserName, [Parameter()] - [System.String] - $UnusualCharactersSafetyTipsCustomText, + [System.Object] + $WLANEnabled, [Parameter()] - [System.Boolean] - $EnableSimilarDomainsSafetyTips, + [System.Object] + $AllowVoiceDialing, [Parameter()] [System.String] - $SpoofQuarantineTag, + $AccountName, [Parameter()] - [System.Boolean] - $EnableUnauthenticatedSender, + [System.Object] + $PasswordExpirationDays, [Parameter()] - [System.String] - $PolicyTag, + [System.Object] + $PasswordTimeout, [Parameter()] - [System.String] - $TargetedUserQuarantineTag, + [System.Object] + $AllowiCloudPhotoSync, [Parameter()] - [System.Boolean] - $EnableOrganizationDomainsProtection, + [System.Object] + $AllowSimplePassword, [Parameter()] - [System.Boolean] - $EnableMailboxIntelligenceProtection, + [System.Object] + $AllowPassbookWhileLocked, [Parameter()] - [System.Boolean] - $EnableUnusualCharactersSafetyTips, + [System.Object] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $EnableTargetedUserProtection, + [System.Object] + $AllowVideoConferencing, [Parameter()] [System.Object] - $AuthenticationFailAction, + $PasswordRequired, [Parameter()] [System.Object] - $TargetedUserActionRecipients, + $MaxPasswordAttemptsBeforeWipe, [Parameter()] [System.Object] - $ExcludedSenders - ) -} -function New-AntiPhishRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, + $MoviesRating, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $AntiPhishPolicy, + $DomainController, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Object] + $AntiVirusStatus, [Parameter()] - [System.Object[]] - $SentTo, + [System.String] + $WorkFoldersSyncUrl, [Parameter()] - [System.String] - $Comments, + [System.Object] + $UserAccountControlStatus, [Parameter()] - [System.Object[]] - $RecipientDomainIs, + [System.Object] + $ForceEncryptedBackup, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.String] + $ExchangeActiveSyncHost, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.Object] + $AllowScreenshot, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $PasswordComplexity, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, + [System.Object] + $TargetGroups, [Parameter()] - [System.Boolean] - $Enabled + [System.Object] + $AllowVoiceAssistant, + + [Parameter()] + [System.Object] + $SystemSecurityTLS, + + [Parameter()] + [System.Object] + $RegionRatings, + + [Parameter()] + [System.Object] + $SmartScreenEnabled ) } -function New-App + +function Get-DeviceConfigurationPolicy { [CmdletBinding()] param( [Parameter()] - [System.Uri] - $Url, - + [System.Object] + $Identity + ) +} +function Get-DistributionGroup +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $Identity, + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, [Parameter()] - [System.Boolean] - $Enabled, + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromWithDisplayNames, [Parameter()] - [System.Object] - $AddInOverrides, + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] [System.Object] - $Mailbox, + $OrganizationalUnit, [Parameter()] - [System.IO.Stream] - $FileStream, + [System.Object] + $Identity, [Parameter()] - [System.String] - $MarketplaceServicesUrl, + [System.Object[]] + $RecipientTypeDetails, [Parameter()] - [System.String] - $Etoken, + [System.Object] + $ManagedBy, [Parameter()] [System.String] - $MarketplaceCorrelationID, + $Filter, [Parameter()] - [System.String] - $Version, + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, [Parameter()] [System.Object] - $DefaultStateForUser, + $ResultSize, [Parameter()] [System.String] - $MarketplaceQueryMarket, + $Anr, [Parameter()] [System.String] - $MarketplaceUserProfileType, + $SortBy + ) +} +function Get-DistributionGroupMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedObjects, [Parameter()] [System.Object] - $AllowSetting, + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DownloadOnly, + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] [System.Object] - $ProvidedTo, - + $ResultSize + ) +} +function Get-DkimSigningConfig +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $UserList, - + $Identity + ) +} +function Get-EmailAddressPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $AppState, + [System.Object] + $Identity + ) +} +function Get-GlobalAddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $OrganizationApp, - + $DefaultOnly + ) +} +function Get-Group +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $AppType, + $SortBy, [Parameter()] - [System.String] - $MarketplaceAssetID, + [System.Object] + $OrganizationalUnit, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $Identity, [Parameter()] - [System.Byte[]] - $FileData, + [System.Object[]] + $RecipientTypeDetails, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowReadWriteMailbox, + [System.Object] + $ResultSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrivateCatalog, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UpdateAppState + [System.String] + $Anr ) } -function New-ApplicationAccessPolicy +function Get-HostedConnectionFilterPolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Object] + $Identity + ) +} +function Get-HostedContentFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-HostedContentFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, [Parameter()] [System.Object] - $PolicyScopeGroupId, + $State + ) +} +function Get-HostedOutboundSpamFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-HostedOutboundSpamFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $State + ) +} +function Get-InboundConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, [Parameter()] [System.Object] - $AccessRight, + $ResultSize + ) +} +function Get-IntraOrganizationConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-IRMConfiguration +{ + [CmdletBinding()] + param( + ) +} +function Get-JournalRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.String[]] - $AppId + [System.Object] + $Identity ) } -function New-AuthenticationPolicy +function Get-Mailbox { [CmdletBinding()] param( [Parameter()] [System.String] - $Name, + $SortBy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthPop, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthSmtp, + $InactiveMailboxOnly, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthMapi, + $PublicFolder, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthImap, + [System.String] + $Anr, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthAutodiscover, + $Archive, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthPowershell, + $SoftDeletedMailbox, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthRpc, + $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthOfflineAddressBook, + $IncludeAcceptMessagesOnlyFromWithDisplayNames, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthReportingWebServices, + $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Object] + $MailboxPlan, + + [Parameter()] + [System.Object[]] + $RecipientTypeDetails, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthOutlookService, + $Migration, + + [Parameter()] + [System.String] + $Filter, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $GroupMailbox, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthActiveSync, + $IncludeInactiveMailbox, + + [Parameter()] + [System.Object] + $OrganizationalUnit, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowBasicAuthWebServices + $IncludeEmailAddressDisplayNames ) } -function New-AvailabilityConfig +function Get-MailboxAutoReplyConfiguration { [CmdletBinding()] param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ReadFromDomainController, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] [System.Object] - $OrgWideAccount, + $Identity, [Parameter()] [System.Object] - $AllowedTenantIds + $ResultSize ) } -function New-ClientAccessRule +function Get-MailboxCalendarFolder { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Action, + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, [Parameter()] [System.Object] - $AnyOfClientIPAddressesOrRanges, + $Identity + ) +} +function Get-MailboxFolder +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MailFolderOnly, [Parameter()] - [System.Boolean] - $Enabled, + [System.Management.Automation.SwitchParameter] + $GetChildren, [Parameter()] [System.Object] - $ExceptAnyOfClientIPAddressesOrRanges, + $Identity, [Parameter()] - [System.String] - $Name, + [System.Object] + $ResultSize, [Parameter()] - [System.String] - $UserRecipientFilter, + [System.Management.Automation.SwitchParameter] + $Recurse + ) +} +function Get-MailboxFolderPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $SkipCount, [Parameter()] - [System.Object] - $ExceptAnyOfProtocols, + [System.Management.Automation.SwitchParameter] + $GroupMailbox, [Parameter()] - [System.Int32] - $Priority, + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, [Parameter()] [System.Object] - $ExceptUsernameMatchesAnyOfPatterns, + $User, [Parameter()] [System.Object] - $UsernameMatchesAnyOfPatterns, + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $ResultSize + ) +} +function Set-MailboxFolderPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object[]] + $AccessRights, [Parameter()] [System.Object] - $AnyOfAuthenticationTypes, + $SharingPermissionFlags, [Parameter()] - [System.Object] - $AnyOfProtocols, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $ExceptAnyOfAuthenticationTypes, + $User, [Parameter()] [System.Object] - $Scope + $Identity, + + [Parameter()] + [System.Boolean] + $SendNotificationToUser ) } -function New-DataEncryptionPolicy +function Add-MailboxFolderPermission { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $Name, + [System.Object[]] + $AccessRights, [Parameter()] [System.Object] - $DomainController, + $SharingPermissionFlags, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -2803,757 +2895,764 @@ function New-DataEncryptionPolicy [Parameter()] [System.Object] - $AzureKeyIDs, + $User, + + [Parameter()] + [System.Object] + $Identity, [Parameter()] [System.Boolean] - $Enabled + $SendNotificationToUser ) } -function New-DistributionGroup +function Remove-MailboxFolderPermission { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Object] - $ModeratedBy, + $User, [Parameter()] - [System.Boolean] - $RequireSenderAuthenticationEnabled, + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ResetDelegateUserCollection, [Parameter()] [System.Boolean] - $ModerationEnabled, + $SendNotificationToUser, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Get-MailboxFolderStatistics +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Database, [Parameter()] [System.String] - $DisplayName, + $DiagnosticInfo, [Parameter()] [System.Object] - $MemberDepartRestriction, + $StoreMailboxIdentity, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $IncludeOldestAndNewestItems, [Parameter()] [System.Management.Automation.SwitchParameter] - $IgnoreNamingPolicy, + $UseCustomRouting, [Parameter()] [System.Management.Automation.SwitchParameter] - $RoomList, + $Archive, [Parameter()] [System.Management.Automation.SwitchParameter] - $HiddenGroupMembershipEnabled, + $IncludeSoftDeletedRecipients, [Parameter()] - [System.Boolean] - $BypassNestedModerationEnabled, + [System.Int32] + $SkipCount, [Parameter()] [System.Management.Automation.SwitchParameter] - $CopyOwnerToMember, + $IncludeAnalysis, [Parameter()] - [System.Boolean] - $BccBlocked, + [System.Object] + $ResultSize, [Parameter()] [System.Object] - $Members, + $FolderScope, [Parameter()] [System.Object] - $Description, + $Identity + ) +} +function Get-MailboxPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ReadFromDomainController, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $IncludeUnresolvedPermissions, [Parameter()] - [System.String] - $Notes, + [System.Management.Automation.SwitchParameter] + $GroupMailbox, [Parameter()] - [System.Object] - $MemberJoinRestriction, + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, [Parameter()] - [System.Object] - $Type, + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedUserPermissions, [Parameter()] [System.Object] - $ManagedBy, + $User, [Parameter()] - [System.String] - $Alias, + [System.Management.Automation.SwitchParameter] + $Owner, [Parameter()] [System.Object] - $PrimarySmtpAddress, + $Identity, [Parameter()] - [System.Object] - $SendModerationNotifications, + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SoftDeletedMailbox, [Parameter()] [System.Object] - $OrganizationalUnit + $ResultSize ) } -function New-DkimSigningConfig +function Get-MailboxPlan { [CmdletBinding()] param( [Parameter()] [System.String] - $AdminDisplayName, + $SortBy, [Parameter()] - [System.Object] - $BodyCanonicalization, + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] - [System.Object] - $HeaderCanonicalization, + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, [Parameter()] - [System.UInt16] - $KeySize, + [System.Object] + $ResultSize, [Parameter()] [System.Object] - $DomainName, + $Identity, [Parameter()] - [System.Boolean] - $Enabled + [System.Management.Automation.SwitchParameter] + $AllMailboxPlanReleases ) } -function New-EmailAddressPolicy +function Get-MailboxRegionalConfiguration { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object] - $EnabledEmailAddressTemplates, + [System.Management.Automation.SwitchParameter] + $VerifyDefaultFolderNameLanguage, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $UseCustomRouting, [Parameter()] - [System.String] - $EnabledPrimarySMTPAddressTemplate, + [System.Management.Automation.SwitchParameter] + $Archive, [Parameter()] - [System.String] - $ManagedByFilter, + [System.Object] + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeUnifiedGroupRecipients + [System.Object] + $MailboxLocation ) } -function New-GlobalAddressList +function Get-MailContact { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.String] - $RecipientFilter, + $SortBy, [Parameter()] [System.Object] - $ConditionalCustomAttribute8, + $OrganizationalUnit, [Parameter()] [System.Object] - $ConditionalCustomAttribute10, + $Identity, [Parameter()] - [System.String] - $Name, + [System.Object[]] + $RecipientTypeDetails, [Parameter()] [System.Object] - $ConditionalCustomAttribute9, + $ResultSize, [Parameter()] - [System.Object] - $ConditionalCustomAttribute2, + [System.String] + $Filter, [Parameter()] - [System.Object] - $IncludedRecipients, - + [System.String] + $Anr + ) +} +function Get-MalwareFilterPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $ConditionalCompany, - + $Identity + ) +} +function Get-MalwareFilterRule +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $ConditionalCustomAttribute6, + $Identity, [Parameter()] [System.Object] - $ConditionalCustomAttribute3, + $State + ) +} +function Get-ManagementRoleEntry +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $ConditionalCustomAttribute12, + [System.String] + $Identity, [Parameter()] - [System.Object] - $ConditionalCustomAttribute13, + [System.String] + $ResultSize + ) +} +function Get-MgBetaRoleManagementEntitlementManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $ConditionalCustomAttribute15, + [System.String] + $UnifiedRoleAssignmentId, [Parameter()] - [System.Object] - $ConditionalDepartment, + [System.String] + $Filter, [Parameter()] - [System.Object] - $ConditionalStateOrProvince, - + [Switch] + $All + ) +} +function Update-MgBetaEntitlementManagementSetting +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $ConditionalCustomAttribute7, + [System.String] + $Id, [Parameter()] - [System.Object] - $ConditionalCustomAttribute14, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $ConditionalCustomAttribute4, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $ConditionalCustomAttribute11, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ConditionalCustomAttribute1, + [System.Management.Automation.PSCredential] + $ProxyCredential, - [Parameter()] - [System.Object] - $ConditionalCustomAttribute5 - ) -} -function New-HostedConnectionFilterPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $ConfigurationXmlRaw, + $ResponseHeadersVariable, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $AdminDisplayName, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $EnableSafeList, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Object] - $IPBlockList, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object] - $IPAllowList + [System.Int32] + $DaysUntilExternalUserDeletedAfterBlocked, + + [Parameter()] + [System.String] + $ExternalUserLifecycleAction ) } -function New-HostedContentFilterPolicy + +function Get-MgBetaEntitlementManagementSetting { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $InlineSafetyTipsEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $BulkSpamAction, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String[]] + $ExpandProperty, [Parameter()] [System.String] - $HighConfidencePhishQuarantineTag, + $ResponseHeadersVariable, [Parameter()] - [System.Int32] - $EndUserSpamNotificationFrequency, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Int32] - $EndUserSpamNotificationLimit, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $BulkThreshold, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Object] - $TestModeBccToRecipients, + [System.String[]] + $Property, [Parameter()] - [System.String] - $PhishQuarantineTag, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaRoleManagementEntitlementManagementRoleDefinition +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $AddXHeaderValue, + $UnifiedRoleDefinitionId, [Parameter()] - [System.Object] - $MarkAsSpamEmbedTagsInHtml, + [System.String] + $Filter, [Parameter()] - [System.Object] - $MarkAsSpamFramesInHtml, + [Switch] + $All + ) +} - [Parameter()] - [System.Object] - $IncreaseScoreWithImageLinks, +function Get-MgBetaPolicyAuthenticationFlowPolicy +{ + [CmdletBinding()] + param() +} +function Update-MgBetaPolicyAuthenticationFlowPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Boolean] - $EnableLanguageBlockList, - - [Parameter()] - [System.Object] - $PhishSpamAction, + $SelfServiceSignUp + ) +} +function New-MgBetaRoleManagementEntitlementManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $EndUserSpamNotificationCustomFromName, + $AppScopeId, [Parameter()] - [System.Object] - $MarkAsSpamSensitiveWordList, + [System.String] + $DirectoryScopeId, [Parameter()] [System.String] - $SpamQuarantineTag, + $PrincipalId, [Parameter()] - [System.Object] - $MarkAsSpamNdrBackscatter, + [System.String] + $RoleDefinitionId + ) +} +function Remove-MgBetaRoleManagementEntitlementManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $BlockedSenders, + [System.String] + $UnifiedRoleAssignmentId + ) +} +function Set-ManagementRoleEntry +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $LanguageBlockList, + [System.String] + $Identity, [Parameter()] - [System.Object] - $HighConfidenceSpamAction, + [System.String[]] + $Parameters, [Parameter()] - [System.Object] - $AllowedSenderDomains, + [Switch] + $AddParameter, [Parameter()] - [System.Object] - $IncreaseScoreWithBizOrInfoUrls, + [Switch] + $RemoveParameter + ) +} +function Get-ManagementRole +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $MarkAsSpamWebBugsInHtml, - - [Parameter()] - [System.String] - $AdminDisplayName, + $RoleType, [Parameter()] - [System.Object] - $IntraOrgFilterState, + [System.String[]] + $CmdletParameters, [Parameter()] - [System.Object] - $RegionBlockList, + [System.String[]] + $ScriptParameters, [Parameter()] [System.Object] - $MarkAsSpamFromAddressAuthFail, + $Identity, [Parameter()] [System.String] - $Name, + $Cmdlet, [Parameter()] - [System.Object] - $MarkAsSpamEmptyMessages, + [System.Management.Automation.SwitchParameter] + $Recurse, [Parameter()] [System.String] - $BulkQuarantineTag, - - [Parameter()] - [System.Object] - $MarkAsSpamFormTagsInHtml, + $Script, [Parameter()] - [System.Object] - $MarkAsSpamObjectTagsInHtml, - + [System.Management.Automation.SwitchParameter] + $GetChildren + ) +} +function Get-ManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $EndUserSpamNotificationLanguage, + $RoleAssigneeType, [Parameter()] [System.Object] - $IncreaseScoreWithRedirectToOtherPort, - - [Parameter()] - [System.Int32] - $QuarantineRetentionPeriod, + $CustomRecipientWriteScope, [Parameter()] [System.Object] - $HighConfidencePhishAction, + $Identity, [Parameter()] [System.Object] - $RedirectToRecipients, + $RecipientGroupScope, [Parameter()] [System.Boolean] - $SpamZapEnabled, + $Enabled, [Parameter()] [System.Object] - $TestModeAction, - - [Parameter()] - [System.Boolean] - $EnableRegionBlockList, - - [Parameter()] - [System.String] - $EndUserSpamNotificationCustomSubject, + $RecipientWriteScope, [Parameter()] [System.Object] - $MarkAsSpamSpfRecordHardFail, + $WritableRecipient, [Parameter()] [System.Object] - $EndUserSpamNotificationCustomFromAddress, + $ConfigWriteScope, [Parameter()] [System.Boolean] - $DownloadLink, + $Delegating, [Parameter()] - [System.Object] - $SpamAction, + [System.Boolean] + $Exclusive, [Parameter()] - [System.String] - $ModifySubjectValue, + [System.Object[]] + $AssignmentMethod, [Parameter()] - [System.Object] - $IncreaseScoreWithNumericIps, + [System.Management.Automation.SwitchParameter] + $GetEffectiveUsers, [Parameter()] [System.Object] - $AllowedSenders, + $Role, [Parameter()] [System.Object] - $MarkAsSpamJavaScriptInHtml, + $RecipientAdministrativeUnitScope, [Parameter()] [System.Object] - $MarkAsSpamBulkMail, + $ExclusiveRecipientWriteScope, [Parameter()] [System.Object] - $BlockedSenderDomains, + $RecipientOrganizationalUnitScope, [Parameter()] [System.Object] - $RecommendedPolicyType, - - [Parameter()] - [System.Boolean] - $PhishZapEnabled, - - [Parameter()] - [System.Boolean] - $EnableEndUserSpamNotifications, - - [Parameter()] - [System.String] - $HighConfidenceSpamQuarantineTag + $RoleAssignee ) } -function New-HostedContentFilterRule +function Get-MessageClassification { [CmdletBinding()] param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - [Parameter()] [System.Object] - $HostedContentFilterPolicy, - - [Parameter()] - [System.Object[]] - $SentTo, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, - - [Parameter()] - [System.Boolean] - $Enabled + $IncludeLocales ) } -function New-HostedOutboundSpamFilterPolicy +function Get-MobileDevice { [CmdletBinding()] param( [Parameter()] - [System.Object] - $RecommendedPolicyType, + [System.Management.Automation.SwitchParameter] + $OWAforDevices, [Parameter()] [System.String] - $Name, + $SortBy, [Parameter()] - [System.String] - $AdminDisplayName, + [System.Management.Automation.SwitchParameter] + $UniversalOutlook, [Parameter()] - [System.Object] - $BccSuspiciousOutboundAdditionalRecipients, + [System.Management.Automation.SwitchParameter] + $ActiveSync, [Parameter()] [System.Object] - $NotifyOutboundSpamRecipients, - - [Parameter()] - [System.UInt32] - $RecipientLimitPerDay, + $Mailbox, [Parameter()] [System.Object] - $ActionWhenThresholdReached, + $OrganizationalUnit, [Parameter()] [System.Object] - $AutoForwardingMode, - - [Parameter()] - [System.Boolean] - $NotifyOutboundSpam, + $Identity, [Parameter()] - [System.Boolean] - $BccSuspiciousOutboundMail, + [System.Management.Automation.SwitchParameter] + $RestApi, [Parameter()] - [System.UInt32] - $RecipientLimitInternalPerHour, + [System.Object] + $ResultSize, [Parameter()] - [System.UInt32] - $RecipientLimitExternalPerHour + [System.String] + $Filter ) } -function New-HostedOutboundSpamFilterRule +function Get-MobileDeviceMailboxPolicy { [CmdletBinding()] param( [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $ExceptIfFromMemberOf, - - [Parameter()] - [System.Object[]] - $ExceptIfFrom, - - [Parameter()] - [System.Object[]] - $ExceptIfSenderDomainIs, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $FromMemberOf, - - [Parameter()] - [System.Object[]] - $SenderDomainIs, - + [System.Object] + $Identity + ) +} +function Get-OfflineAddressBook +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $HostedOutboundSpamFilterPolicy, - - [Parameter()] - [System.Object[]] - $From, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + $Identity ) } -function New-InboundConnector +function Get-OMEConfiguration { [CmdletBinding()] param( - [Parameter()] - [System.Boolean] - $RestrictDomainsToIPAddresses, - - [Parameter()] - [System.Boolean] - $CloudServicesMailEnabled, - - [Parameter()] - [System.Boolean] - $Enabled, - [Parameter()] [System.Object] - $EFSkipMailGateway, - - [Parameter()] - [System.Boolean] - $EFTestMode, - + $Identity + ) +} +function Get-OnPremisesOrganization +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $TrustedOrganizations, + $Identity + ) +} +function Get-OrganizationConfig +{ + [CmdletBinding()] + param( + ) +} +function Get-OrganizationRelationship +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $TlsSenderCertificateName, - + $Identity + ) +} +function Get-OutboundConnector +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $ScanAndDropRecipients, + [System.Boolean] + $IncludeTestModeConnectors, [Parameter()] [System.Object] - $AssociatedAcceptedDomains, + $Identity, [Parameter()] - [System.String] - $Comment, + [System.Object] + $ResultSize, [Parameter()] [System.Boolean] - $RequireTls, - + $IsTransportRuleScoped + ) +} +function Get-OwaMailboxPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $SenderDomains, - + $Identity + ) +} +function Get-PartnerApplication +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $SenderIPAddresses, - + $Identity + ) +} +function Get-PerimeterConfig +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $EFSkipLastIP, - + [System.Object] + $Identity + ) +} +function Get-Place +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $EFUsers, + $Type, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -3561,470 +3660,483 @@ function New-InboundConnector [Parameter()] [System.Object] - $ConnectorType, - - [Parameter()] - [System.Boolean] - $RestrictDomainsToCertificate, - - [Parameter()] - [System.Object] - $EFSkipIPs, - - [Parameter()] - [System.Boolean] - $TreatMessagesAsInternal, + $Identity, [Parameter()] [System.Object] - $ConnectorSource, - - [Parameter()] - [System.String] - $Name + $ResultSize ) } -function New-IntraOrganizationConnector +function Get-PolicyTipConfig { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Name, - [Parameter()] [System.Object] - $TargetAddressDomains, + $Action, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Uri] - $TargetSharingEpr, + $Original, [Parameter()] - [System.Uri] - $DiscoveryEndpoint, + [System.Globalization.CultureInfo] + $Locale, [Parameter()] - [System.Boolean] - $Enabled + [System.Object] + $Identity ) } -function New-JournalRule +function Get-QuarantinePolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object] - $Scope, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Object] - $JournalEmailAddress, + $Identity, [Parameter()] [System.Object] - $Recipient, - - [Parameter()] - [System.Boolean] - $Enabled + $QuarantinePolicyType ) } -function New-Mailbox +function Get-Recipient { [CmdletBinding()] param( [Parameter()] [System.String] - $MailboxRegion, + $SortBy, [Parameter()] [System.Object] - $ModeratedBy, - - [Parameter()] - [System.Boolean] - $ModerationEnabled, - - [Parameter()] - [System.Boolean] - $EnableRoomMailboxAccount, + $Identity, [Parameter()] [System.String] - $Office, + $RecipientPreviewFilter, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [System.Security.SecureString] - $Password, + $Anr, [Parameter()] [System.String] - $Name, + $BookmarkDisplayName, [Parameter()] [System.Object] - $RemovedMailbox, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PublicFolder, + $Capabilities, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Object] + $ResultSize, [Parameter()] - [System.String] - $LastName, + [System.Object[]] + $RecipientTypeDetails, [Parameter()] - [System.Management.Automation.SwitchParameter] - $TargetAllMDBs, + [System.String[]] + $Properties, [Parameter()] [System.Object] - $RoleAssignmentPolicy, + $PropertySet, [Parameter()] [System.Object] - $ResourceCapacity, + $AuthenticationType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Archive, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.SwitchParameter] - $Equipment, + $IncludeSoftDeletedRecipients, [Parameter()] - [System.String] - $ImmutableId, + [System.Object[]] + $RecipientType, [Parameter()] - [System.Security.SecureString] - $RoomMailboxPassword, + [System.Object] + $OrganizationalUnit, + [Parameter()] + [System.Boolean] + $IncludeBookmarkObject + ) +} +function Get-RecipientPermission +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Shared, + $ReadFromDomainController, [Parameter()] - [System.Boolean] - $IsExcludedFromServingHierarchy, + [System.Object] + $AccessRights, [Parameter()] [System.Object] - $MailboxPlan, + $Identity, [Parameter()] [System.Object] - $MicrosoftOnlineServicesID, + $ResultSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Migration, - + [System.Object] + $Trustee + ) +} +function Get-RemoteDomain +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Room, + [System.Object] + $Identity, [Parameter()] - [System.String] - $Initials, - + [System.Object] + $ResultSize + ) +} +function Get-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $InactiveMailbox, - + $Identity + ) +} +function Get-ReportSubmissionRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $FederatedIdentity, + [System.Object] + $Identity, [Parameter()] [System.Object] - $ActiveSyncMailboxPolicy, + $State + ) +} +function Get-ResourceConfig +{ + [CmdletBinding()] + param( + ) +} +function Get-RoleAssignmentPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $OrganizationalUnit, + $Identity + ) +} +function Get-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $HoldForMigration, + [System.Object] + $ResultSize, [Parameter()] [System.Management.Automation.SwitchParameter] - $Discovery, + $ShowPartnerLinked, [Parameter()] - [System.Boolean] - $ResetPasswordOnNextLogon, - + [System.Object] + $Identity + ) +} +function Get-RoleGroupMember +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $FirstName, + [System.Object] + $Identity, [Parameter()] - [System.String] - $Phone, - + [System.Object] + $ResultSize + ) +} +function Get-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $PrimarySmtpAddress, - + $Identity + ) +} +function Get-SafeAttachmentRule +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $SendModerationNotifications, + $Identity, [Parameter()] - [System.String] - $Alias, - + [System.Object] + $State + ) +} +function Get-SafeLinksPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $RemotePowerShellEnabled + [System.Object] + $Identity ) } -function New-MailContact +function Get-SafeLinksRule { [CmdletBinding()] param( [Parameter()] [System.Object] - $ModeratedBy, + $Identity, [Parameter()] - [System.Boolean] - $ModerationEnabled, - + [System.Object] + $State + ) +} +function Get-ServicePrincipal +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $MacAttachmentFormat, + $Identity, [Parameter()] - [System.String] - $DisplayName, - + [System.Object] + $Organization + ) +} +function Get-SharingPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $Name, - + [System.Object] + $Identity + ) +} +function Get-SupervisoryReviewPolicyV2 +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $LastName, - + [System.Object] + $Identity + ) +} +function Get-SupervisoryReviewRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $UsePreferMessageFormat, + [System.Object] + $Identity, [Parameter()] [System.Object] - $MessageBodyFormat, + $Policy + ) +} +function Get-TransportConfig +{ + [CmdletBinding()] + param( + ) +} +function Get-TransportRule +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Initials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $DlpPolicy, [Parameter()] [System.Object] - $ExternalEmailAddress, - - [Parameter()] - [System.String] - $Alias, + $ResultSize, [Parameter()] - [System.Object] - $MessageFormat, + [System.Boolean] + $ExcludeConditionActionDetails, [Parameter()] [System.String] - $FirstName, + $Filter, [Parameter()] [System.Object] - $SendModerationNotifications, + $State, [Parameter()] [System.Object] - $OrganizationalUnit + $Identity ) } -function New-MalwareFilterPolicy + +function Get-UnifiedAuditLogRetentionPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $CustomFromName, + $Operation, [Parameter()] [System.String] - $AdminDisplayName, + $RecordType, [Parameter()] [System.String] - $Name, + $RetentionDuration, [Parameter()] [System.String] - $CustomExternalBody, + $UserId + ) +} +function Get-UnifiedGroup +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $QuarantineTag, - - [Parameter()] - [System.Boolean] - $CustomNotifications, + $SortBy, [Parameter()] - [System.Boolean] - $EnableExternalSenderAdminNotifications, + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedGroups, [Parameter()] - [System.Object] - $InternalSenderAdminAddress, + [System.Management.Automation.SwitchParameter] + $IncludeAllProperties, [Parameter()] - [System.String[]] - $FileTypes, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $EnableInternalSenderAdminNotifications, + [System.Object] + $Identity, [Parameter()] [System.Object] - $CustomFromAddress, + $ResultSize, [Parameter()] [System.String] - $CustomExternalSubject, + $Anr + ) +} +function Get-User +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, [Parameter()] - [System.Boolean] - $ZapEnabled, + [System.Management.Automation.SwitchParameter] + $PublicFolder, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $IsVIP, [Parameter()] [System.Object] - $ExternalSenderAdminAddress, + $OrganizationalUnit, [Parameter()] [System.Object] - $RecommendedPolicyType, + $Identity, [Parameter()] - [System.Object] - $FileTypeAction, + [System.Object[]] + $RecipientTypeDetails, [Parameter()] - [System.String] - $CustomInternalSubject, + [System.Object] + $ResultSize, [Parameter()] [System.String] - $CustomInternalBody, + $Filter, [Parameter()] - [System.Boolean] - $EnableFileFilter + [System.String] + $Anr ) } -function New-MalwareFilterRule +function New-ActiveSyncDeviceAccessRule { [CmdletBinding()] param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - - [Parameter()] - [System.Object[]] - $SentTo, - [Parameter()] [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, + $QueryString, [Parameter()] [System.Object] - $MalwareFilterPolicy, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + $Characteristic, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, - - [Parameter()] - [System.Boolean] - $Enabled + [System.Object] + $AccessLevel ) } -function New-ManagementRole +function New-AddressBookPolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Object] + $RoomList, [Parameter()] - [System.String[]] - $EnabledCmdlets, + [System.Object] + $OfflineAddressBook, [Parameter()] [System.String] @@ -4036,816 +4148,805 @@ function New-ManagementRole [Parameter()] [System.Object] - $Parent, + $GlobalAddressList, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force + [System.Object[]] + $AddressLists ) } -function New-ManagementRoleAssignment +function New-AddressList { [CmdletBinding()] param( [Parameter()] - [System.Object] - $CustomRecipientWriteScope, - - [Parameter()] - [System.Object] - $RecipientGroupScope, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $Name, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + $RecipientFilter, [Parameter()] [System.Object] - $RecipientAdministrativeUnitScope, + $ConditionalCustomAttribute8, [Parameter()] - [System.Object] - $SecurityGroup, + [System.String] + $DisplayName, [Parameter()] [System.Object] - $ExclusiveRecipientWriteScope, + $ConditionalCustomAttribute10, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Delegating, + [System.String] + $Name, [Parameter()] [System.Object] - $User, + $ConditionalCustomAttribute9, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $ConditionalCustomAttribute2, [Parameter()] [System.Object] - $App, + $IncludedRecipients, [Parameter()] [System.Object] - $Role, + $ConditionalCompany, [Parameter()] [System.Object] - $CustomResourceScope, + $ConditionalCustomAttribute6, [Parameter()] [System.Object] - $Policy, + $ConditionalCustomAttribute3, [Parameter()] [System.Object] - $RecipientOrganizationalUnitScope, + $ConditionalCustomAttribute12, [Parameter()] [System.Object] - $RecipientRelativeWriteScope - ) -} -function New-MessageClassification -{ - [CmdletBinding()] - param( + $Container, + [Parameter()] - [System.String] - $SenderDescription, + [System.Object] + $ConditionalCustomAttribute13, [Parameter()] - [System.String] - $DisplayName, + [System.Object] + $ConditionalCustomAttribute15, [Parameter()] - [System.String] - $RecipientDescription, + [System.Object] + $ConditionalDepartment, [Parameter()] - [System.String] - $Name, + [System.Object] + $ConditionalStateOrProvince, [Parameter()] - [System.Globalization.CultureInfo] - $Locale, + [System.Object] + $ConditionalCustomAttribute7, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $ConditionalCustomAttribute14, [Parameter()] - [System.Boolean] - $RetainClassificationEnabled, + [System.Object] + $ConditionalCustomAttribute4, [Parameter()] - [System.Boolean] - $PermissionMenuVisible, + [System.Object] + $ConditionalCustomAttribute11, [Parameter()] - [System.Guid] - $ClassificationID, + [System.Object] + $ConditionalCustomAttribute1, [Parameter()] [System.Object] - $DisplayPrecedence + $ConditionalCustomAttribute5 ) } -function New-MobileDeviceMailboxPolicy +function New-AntiPhishPolicy { [CmdletBinding()] param( [Parameter()] [System.Boolean] - $AllowMicrosoftPushNotifications, - - [Parameter()] - [System.Boolean] - $AllowUnsignedApplications, + $EnableFirstContactSafetyTips, [Parameter()] - [System.Boolean] - $AllowUnsignedInstallationPackages, + [System.Management.Automation.SwitchParameter] + $MakeDefault, [Parameter()] [System.Object] - $MaxPasswordFailedAttempts, + $DmarcRejectAction, [Parameter()] - [System.Boolean] - $AllowExternalDeviceManagement, + [System.Int32] + $PhishThresholdLevel, [Parameter()] - [System.Boolean] - $AllowIrDA, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $RequireSignedSMIMEMessages, + $EnableTargetedDomainsProtection, [Parameter()] [System.Boolean] - $AllowStorageCard, + $HonorDmarcPolicy, [Parameter()] - [System.Int32] - $PasswordHistory, + [System.Boolean] + $Enabled, [Parameter()] [System.Boolean] - $AllowNonProvisionableDevices, + $EnableViaTag, [Parameter()] - [System.Object] - $UnapprovedInROMApplicationList, + [System.String] + $Name, [Parameter()] - [System.Boolean] - $RequireEncryptedSMIMEMessages, + [System.Object] + $TargetedDomainsToProtect, [Parameter()] [System.Boolean] - $RequireDeviceEncryption, + $EnableSpoofIntelligence, [Parameter()] [System.Boolean] - $AllowInternetSharing, + $EnableSimilarUsersSafetyTips, [Parameter()] - [System.Boolean] - $PasswordEnabled, + [System.Object] + $ExcludedDomains, [Parameter()] [System.Object] - $RequireSignedSMIMEAlgorithm, + $MailboxIntelligenceProtectionAction, [Parameter()] [System.Object] - $MaxEmailHTMLBodyTruncationSize, + $TargetedDomainActionRecipients, [Parameter()] - [System.Int32] - $MinPasswordComplexCharacters, + [System.Object] + $DmarcQuarantineAction, [Parameter()] [System.Boolean] - $UNCAccessEnabled, + $EnableMailboxIntelligence, [Parameter()] - [System.Boolean] - $AllowCamera, + [System.String] + $TargetedDomainQuarantineTag, [Parameter()] - [System.Boolean] - $IrmEnabled, + [System.String] + $SimilarUsersSafetyTipsCustomText, [Parameter()] [System.Object] - $PasswordExpiration, - - [Parameter()] - [System.Boolean] - $AllowBrowser, + $ImpersonationProtectionState, [Parameter()] [System.Object] - $MaxEmailAgeFilter, - - [Parameter()] - [System.Boolean] - $RequireManualSyncWhenRoaming, + $TargetedDomainProtectionAction, [Parameter()] - [System.Boolean] - $AlphanumericPasswordRequired, + [System.String] + $AdminDisplayName, [Parameter()] [System.Object] - $AllowSMIMEEncryptionAlgorithmNegotiation, + $TargetedUsersToProtect, [Parameter()] [System.Object] - $MaxEmailBodyTruncationSize, + $TargetedUserProtectionAction, [Parameter()] [System.Object] - $AllowBluetooth, + $RecommendedPolicyType, [Parameter()] [System.Object] - $RequireEncryptionSMIMEAlgorithm, + $MailboxIntelligenceProtectionActionRecipients, [Parameter()] - [System.Object] - $DevicePolicyRefreshInterval, + [System.String] + $MailboxIntelligenceQuarantineTag, [Parameter()] - [System.Boolean] - $AllowGooglePushNotifications, + [System.String] + $UnusualCharactersSafetyTipsCustomText, [Parameter()] [System.Boolean] - $AllowMobileOTAUpdate, + $EnableSimilarDomainsSafetyTips, [Parameter()] [System.String] - $Name, - - [Parameter()] - [System.Object] - $MaxAttachmentSize, + $SpoofQuarantineTag, [Parameter()] [System.Boolean] - $AllowSimplePassword, + $EnableUnauthenticatedSender, [Parameter()] - [System.Boolean] - $AllowConsumerEmail, + [System.String] + $PolicyTag, [Parameter()] - [System.Boolean] - $AllowDesktopSync, + [System.String] + $TargetedUserQuarantineTag, [Parameter()] [System.Boolean] - $RequireStorageCardEncryption, + $EnableOrganizationDomainsProtection, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $EnableMailboxIntelligenceProtection, [Parameter()] [System.Boolean] - $AttachmentsEnabled, + $EnableUnusualCharactersSafetyTips, [Parameter()] [System.Boolean] - $AllowSMIMESoftCerts, + $EnableTargetedUserProtection, [Parameter()] - [System.Boolean] - $AllowRemoteDesktop, + [System.Object] + $AuthenticationFailAction, [Parameter()] - [System.Boolean] - $PasswordRecoveryEnabled, + [System.Object] + $TargetedUserActionRecipients, [Parameter()] [System.Object] - $MaxCalendarAgeFilter, + $ExcludedSenders + ) +} +function New-AntiPhishRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, [Parameter()] - [System.Boolean] - $AllowWiFi, + [System.String] + $Name, [Parameter()] - [System.Boolean] - $AllowApplePushNotifications, + [System.Object] + $AntiPhishPolicy, [Parameter()] - [System.Boolean] - $AllowPOPIMAPEmail, + [System.Object[]] + $SentToMemberOf, [Parameter()] - [System.Boolean] - $IsDefault, + [System.Object[]] + $SentTo, [Parameter()] - [System.Object] - $MaxInactivityTimeLock, + [System.String] + $Comments, [Parameter()] - [System.Object] - $ApprovedApplicationList, + [System.Object[]] + $RecipientDomainIs, [Parameter()] - [System.Boolean] - $AllowTextMessaging, + [System.Object[]] + $ExceptIfRecipientDomainIs, [Parameter()] - [System.Boolean] - $WSSAccessEnabled, + [System.Object[]] + $ExceptIfSentTo, [Parameter()] - [System.Boolean] - $DeviceEncryptionEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $MinPasswordLength, + [System.Object[]] + $ExceptIfSentToMemberOf, [Parameter()] [System.Boolean] - $AllowHTMLEmail + $Enabled ) } -function New-OfflineAddressBook +function New-App { [CmdletBinding()] param( [Parameter()] - [System.String] - $Name, + [System.Uri] + $Url, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Identity, [Parameter()] [System.Boolean] - $IsDefault, + $Enabled, [Parameter()] [System.Object] - $DiffRetentionPeriod, + $AddInOverrides, [Parameter()] - [System.Object[]] - $AddressLists - ) -} -function New-OMEConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Double] - $ExternalMailExpiryInDays, + [System.Object] + $Mailbox, [Parameter()] - [System.String] - $ReadButtonText, + [System.IO.Stream] + $FileStream, [Parameter()] [System.String] - $PortalText, - - [Parameter()] - [System.Byte[]] - $Image, + $MarketplaceServicesUrl, [Parameter()] [System.String] - $IntroductionText, + $Etoken, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $MarketplaceCorrelationID, [Parameter()] [System.String] - $BackgroundColor, + $Version, [Parameter()] - [System.String] - $DisclaimerText, + [System.Object] + $DefaultStateForUser, [Parameter()] [System.String] - $PrivacyStatementUrl, + $MarketplaceQueryMarket, [Parameter()] - [System.Boolean] - $SocialIdSignIn, + [System.String] + $MarketplaceUserProfileType, [Parameter()] - [System.String] - $EmailText, + [System.Object] + $AllowSetting, [Parameter()] - [System.Boolean] - $OTPEnabled, + [System.Management.Automation.SwitchParameter] + $DownloadOnly, [Parameter()] [System.Object] - $Identity - ) -} -function New-OnPremisesOrganization -{ - [CmdletBinding()] - param( + $ProvidedTo, + [Parameter()] [System.Object] - $InboundConnector, + $UserList, [Parameter()] [System.String] - $Name, + $AppState, [Parameter()] - [System.Object] - $OutboundConnector, + [System.Management.Automation.SwitchParameter] + $OrganizationApp, [Parameter()] [System.String] - $OrganizationName, + $AppType, + + [Parameter()] + [System.String] + $MarketplaceAssetID, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $Comment, + [System.Byte[]] + $FileData, [Parameter()] - [System.Guid] - $OrganizationGuid, + [System.Management.Automation.SwitchParameter] + $AllowReadWriteMailbox, [Parameter()] - [System.Object] - $OrganizationRelationship, + [System.Management.Automation.SwitchParameter] + $PrivateCatalog, [Parameter()] - [System.Object] - $HybridDomains + [System.Management.Automation.SwitchParameter] + $UpdateAppState ) } -function New-OrganizationRelationship +function New-ApplicationAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.Object] - $MailTipsAccessLevel, + [System.String] + $Description, [Parameter()] - [System.Uri] - $TargetAutodiscoverEpr, + [System.Object] + $PolicyScopeGroupId, [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $FreeBusyAccessScope, + $AccessRight, [Parameter()] - [System.Boolean] - $DeliveryReportEnabled, + [System.String[]] + $AppId + ) +} +function New-ATPProtectionPolicyRule +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $OAuthApplicationId, - - [Parameter()] - [System.Boolean] - $MailTipsAccessEnabled, - - [Parameter()] - [System.Object] - $OrganizationContact, - - [Parameter()] - [System.Boolean] - $ArchiveAccessEnabled, - - [Parameter()] - [System.Boolean] - $FreeBusyAccessEnabled, + $Name, [Parameter()] - [System.Object] - $MailTipsAccessScope, + [System.String] + $SafeAttachmentPolicy, [Parameter()] - [System.Uri] - $TargetOwaURL, + [System.String] + $SafeLinksPolicy, [Parameter()] - [System.Uri] - $TargetApplicationUri, + [System.String] + $Comments, [Parameter()] [System.Boolean] - $PhotosEnabled, + $Enabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $ExceptIfRecipientDomainIs, [Parameter()] - [System.Object] - $MailboxMovePublishedScopes, + [System.String[]] + $ExceptIfSentTo, [Parameter()] - [System.Boolean] - $MailboxMoveEnabled, + [System.String[]] + $ExceptIfSentToMemberOf, [Parameter()] - [System.Object] - $MailboxMoveCapability, + [System.UInt32] + $Priority, [Parameter()] - [System.Uri] - $TargetSharingEpr, + [System.String[]] + $RecipientDomainIs, [Parameter()] - [System.Object] - $FreeBusyAccessLevel, + [System.String[]] + $SentTo, [Parameter()] - [System.Object] - $DomainNames + [System.String[]] + $SentToMemberOf ) } -function New-OutboundConnector + +function New-AuthenticationPolicy { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $RouteAllMessagesViaOnPremises, + [System.String] + $Name, [Parameter()] - [System.Object] - $RecipientDomains, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthPop, [Parameter()] - [System.Boolean] - $CloudServicesMailEnabled, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthSmtp, [Parameter()] - [System.Boolean] - $Enabled, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthMapi, [Parameter()] - [System.Guid] - $LinkForModifiedConnector, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthImap, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthAutodiscover, [Parameter()] - [System.Boolean] - $AllAcceptedDomains, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthPowershell, [Parameter()] - [System.Object] - $TlsDomain, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthRpc, [Parameter()] - [System.String] - $Comment, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthOfflineAddressBook, [Parameter()] - [System.Boolean] - $IsTransportRuleScoped, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthReportingWebServices, [Parameter()] - [System.Boolean] - $UseMXRecord, + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthOutlookService, [Parameter()] - [System.Object] - $TlsSettings, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthActiveSync, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthWebServices + ) +} +function New-AvailabilityConfig +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.Object] - $ConnectorType, + $OrgWideAccount, [Parameter()] [System.Object] - $SmartHosts, + $AllowedTenantIds + ) +} +function New-ClientAccessRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Action, [Parameter()] - [System.Boolean] - $SenderRewritingEnabled, + [System.Object] + $AnyOfClientIPAddressesOrRanges, [Parameter()] [System.Boolean] - $TestMode, + $Enabled, [Parameter()] [System.Object] - $ConnectorSource - ) -} -function New-OwaMailboxPolicy -{ - [CmdletBinding()] - param( + $ExceptAnyOfClientIPAddressesOrRanges, + [Parameter()] [System.String] $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $UserRecipientFilter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsDefault - ) -} -function New-PartnerApplication -{ - [CmdletBinding()] - param( + [System.Object] + $ExceptAnyOfProtocols, + [Parameter()] - [System.String] - $ApplicationIdentifier, + [System.Int32] + $Priority, [Parameter()] - [System.String] - $Name, + [System.Object] + $ExceptUsernameMatchesAnyOfPatterns, [Parameter()] [System.Object] - $LinkedAccount, + $UsernameMatchesAnyOfPatterns, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Boolean] - $AcceptSecurityIdentifierInformation, + [System.Object] + $AnyOfAuthenticationTypes, [Parameter()] - [System.Boolean] - $Enabled, + [System.Object] + $AnyOfProtocols, [Parameter()] [System.Object] - $AccountType + $ExceptAnyOfAuthenticationTypes, + + [Parameter()] + [System.Object] + $Scope ) } -function New-PolicyTipConfig +function New-DataEncryptionPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $Value, + $Description, [Parameter()] [System.String] $Name, + [Parameter()] + [System.Object] + $DomainController, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm + $Confirm, + + [Parameter()] + [System.Object] + $AzureKeyIDs, + + [Parameter()] + [System.Boolean] + $Enabled ) } -function New-QuarantinePolicy +function New-DistributionGroup { [CmdletBinding()] param( [Parameter()] [System.Object] - $MultiLanguageCustomDisclaimer, + $ModeratedBy, [Parameter()] - [System.Object] - $AdminNotificationLanguage, + [System.Boolean] + $RequireSenderAuthenticationEnabled, [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromAddress, + [System.Boolean] + $ModerationEnabled, [Parameter()] [System.String] - $AdminDisplayName, + $DisplayName, [Parameter()] - [System.Int32] - $EndUserSpamNotificationFrequencyInDays, + [System.Object] + $MemberDepartRestriction, [Parameter()] [System.String] - $CustomDisclaimer, + $Name, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.SwitchParameter] + $IgnoreNamingPolicy, [Parameter()] - [System.Int32] - $EndUserQuarantinePermissionsValue, + [System.Management.Automation.SwitchParameter] + $RoomList, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $HiddenGroupMembershipEnabled, [Parameter()] [System.Boolean] - $ESNEnabled, + $BypassNestedModerationEnabled, [Parameter()] - [System.Object] - $EndUserQuarantinePermissions, + [System.Management.Automation.SwitchParameter] + $CopyOwnerToMember, [Parameter()] [System.Boolean] - $AdminNotificationsEnabled, + $BccBlocked, [Parameter()] [System.Object] - $EndUserSpamNotificationLanguage, + $Members, [Parameter()] [System.Object] - $DomainController, + $Description, [Parameter()] - [System.Object] - $MultiLanguageSenderName, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $AdminQuarantinePermissionsList, + [System.String] + $Notes, [Parameter()] [System.Object] - $MultiLanguageSetting, + $MemberJoinRestriction, [Parameter()] - [System.TimeSpan] - $EndUserSpamNotificationFrequency, + [System.Object] + $Type, [Parameter()] - [System.Int32] - $QuarantineRetentionDays, + [System.Object] + $ManagedBy, [Parameter()] - [System.Object] - $EsnCustomSubject, + [System.String] + $Alias, [Parameter()] - [System.Boolean] - $OrganizationBrandingEnabled, + [System.Object] + $PrimarySmtpAddress, [Parameter()] - [System.Int32] - $AdminNotificationFrequencyInDays, + [System.Object] + $SendModerationNotifications, [Parameter()] [System.Object] - $QuarantinePolicyType + $OrganizationalUnit ) } -function New-RemoteDomain +function New-DkimSigningConfig { [CmdletBinding()] param( [Parameter()] [System.String] - $Name, + $AdminDisplayName, + + [Parameter()] + [System.Object] + $BodyCanonicalization, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -4853,392 +4954,395 @@ function New-RemoteDomain [Parameter()] [System.Object] - $DomainName + $HeaderCanonicalization, + + [Parameter()] + [System.UInt16] + $KeySize, + + [Parameter()] + [System.Object] + $DomainName, + + [Parameter()] + [System.Boolean] + $Enabled ) } -function New-ReportSubmissionPolicy +function New-EmailAddressPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Object] + $Priority, + [Parameter()] [System.String] - $PostSubmitMessage, + $Name, [Parameter()] [System.Object] - $ReportJunkAddresses, + $EnabledEmailAddressTemplates, [Parameter()] - [System.Boolean] - $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $PhishingReviewResultMessage, + $EnabledPrimarySMTPAddressTemplate, [Parameter()] [System.String] - $PostSubmitMessageTitle, + $ManagedByFilter, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForNotJunk, + [System.Management.Automation.SwitchParameter] + $IncludeUnifiedGroupRecipients + ) +} +function New-GlobalAddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $EnableCustomizedMsg, + [System.String] + $RecipientFilter, [Parameter()] [System.Object] - $NotificationSenderAddress, + $ConditionalCustomAttribute8, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageButtonTextForJunk, + [System.Object] + $ConditionalCustomAttribute10, [Parameter()] - [System.Boolean] - $NotificationsForSpamSubmissionAirInvestigationsEnabled, + [System.String] + $Name, [Parameter()] - [System.String] - $PostSubmitMessageForJunk, + [System.Object] + $ConditionalCustomAttribute9, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageForPhishing, + [System.Object] + $ConditionalCustomAttribute2, [Parameter()] - [System.Boolean] - $EnableThirdPartyAddress, + [System.Object] + $IncludedRecipients, [Parameter()] - [System.String] - $PreSubmitMessageTitleForPhishing, + [System.Object] + $ConditionalCompany, [Parameter()] - [System.String] - $PreSubmitMessageForJunk, + [System.Object] + $ConditionalCustomAttribute6, [Parameter()] - [System.Int32] - $UserSubmissionOptions, + [System.Object] + $ConditionalCustomAttribute3, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageButtonTextForPhishing, + [System.Object] + $ConditionalCustomAttribute12, [Parameter()] - [System.String] - $PreSubmitMessageForNotJunk, + [System.Object] + $ConditionalCustomAttribute13, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageTitleForPhishing, + [System.Object] + $ConditionalCustomAttribute15, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForNotJunk, + [System.Object] + $ConditionalDepartment, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForJunk, + [System.Object] + $ConditionalStateOrProvince, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageForNotJunk, + [System.Object] + $ConditionalCustomAttribute7, [Parameter()] - [System.Boolean] - $ReportJunkToCustomizedAddress, + [System.Object] + $ConditionalCustomAttribute14, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageButtonLinkForPhishing, + [System.Object] + $ConditionalCustomAttribute4, [Parameter()] - [System.Boolean] - $ReportNotJunkToCustomizedAddress, + [System.Object] + $ConditionalCustomAttribute11, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute1, + [Parameter()] + [System.Object] + $ConditionalCustomAttribute5 + ) +} +function New-HostedConnectionFilterPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $PostSubmitMessageTitleForJunk, + $ConfigurationXmlRaw, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageForPhishing, + [System.String] + $Name, [Parameter()] [System.String] - $NotificationFooterMessage, + $AdminDisplayName, [Parameter()] [System.Boolean] - $EnableOrganizationBranding, + $EnableSafeList, [Parameter()] - [System.String] - $PreSubmitMessageForPhishing, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, + [System.Object] + $IPBlockList, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForPhishing, + [System.Object] + $IPAllowList + ) +} +function New-HostedContentFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $EnableReportToMicrosoft, + $InlineSafetyTipsEnabled, + + [Parameter()] + [System.Object] + $BulkSpamAction, [Parameter()] [System.String] - $PreSubmitMessageTitleForJunk, + $HighConfidencePhishQuarantineTag, [Parameter()] - [System.Boolean] - $ReportChatMessageEnabled, + [System.Int32] + $EndUserSpamNotificationFrequency, [Parameter()] - [System.Object] - $ThirdPartyReportAddresses, + [System.Int32] + $EndUserSpamNotificationLimit, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForJunk, + [System.Int32] + $BulkThreshold, [Parameter()] - [System.Boolean] - $NotificationsForCleanSubmissionAirInvestigationsEnabled, + [System.Object] + $TestModeBccToRecipients, [Parameter()] [System.String] - $PostSubmitMessageForNotJunk, + $PhishQuarantineTag, [Parameter()] - [System.Object] - $MultiLanguageSetting, + [System.String] + $AddXHeaderValue, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageForJunk, + [System.Object] + $MarkAsSpamEmbedTagsInHtml, [Parameter()] - [System.Boolean] - $DisableQuarantineReportingOption, + [System.Object] + $MarkAsSpamFramesInHtml, [Parameter()] [System.Object] - $ReportNotJunkAddresses, + $IncreaseScoreWithImageLinks, [Parameter()] [System.Boolean] - $EnableUserEmailNotification, + $EnableLanguageBlockList, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageForJunk, + [System.Object] + $PhishSpamAction, [Parameter()] [System.String] - $PostSubmitMessageTitleForPhishing, - - [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForJunk, - - [Parameter()] - [System.Boolean] - $DisableUserSubmissionOptions, + $EndUserSpamNotificationCustomFromName, [Parameter()] - [System.Boolean] - $OnlyShowPhishingDisclaimer, + [System.Object] + $MarkAsSpamSensitiveWordList, [Parameter()] [System.String] - $PostSubmitMessageTitleForNotJunk, + $SpamQuarantineTag, [Parameter()] - [System.String] - $PreSubmitMessage, + [System.Object] + $MarkAsSpamNdrBackscatter, [Parameter()] - [System.String] - $PreSubmitMessageTitleForNotJunk, + [System.Object] + $BlockedSenders, [Parameter()] - [System.String] - $JunkReviewResultMessage, + [System.Object] + $LanguageBlockList, [Parameter()] - [System.Boolean] - $EnableCustomNotificationSender, + [System.Object] + $HighConfidenceSpamAction, [Parameter()] - [System.Boolean] - $ReportChatMessageToCustomizedAddressEnabled, + [System.Object] + $AllowedSenderDomains, [Parameter()] [System.Object] - $ReportPhishAddresses, + $IncreaseScoreWithBizOrInfoUrls, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageTitleForJunk, + [System.Object] + $MarkAsSpamWebBugsInHtml, [Parameter()] [System.String] - $NotJunkReviewResultMessage, + $AdminDisplayName, [Parameter()] - [System.Boolean] - $NotificationsForSubmissionAirInvestigationsEnabled, + [System.Object] + $IntraOrgFilterState, [Parameter()] - [System.Boolean] - $PreSubmitMessageEnabled, + [System.Object] + $RegionBlockList, [Parameter()] - [System.Boolean] - $PostSubmitMessageEnabled, + [System.Object] + $MarkAsSpamFromAddressAuthFail, [Parameter()] [System.String] - $PreSubmitMessageTitle, - - [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForPhishing, + $Name, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForPhishing, + [System.Object] + $MarkAsSpamEmptyMessages, [Parameter()] [System.String] - $UserSubmissionOptionsMessage, + $BulkQuarantineTag, [Parameter()] - [System.String] - $PostSubmitMessageForPhishing, + [System.Object] + $MarkAsSpamFormTagsInHtml, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageButtonLinkForJunk, + [System.Object] + $MarkAsSpamObjectTagsInHtml, [Parameter()] - [System.Boolean] - $ReportPhishToCustomizedAddress - ) -} -function New-ReportSubmissionRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Name, + [System.Object] + $EndUserSpamNotificationLanguage, [Parameter()] - [System.Object[]] - $SentTo, + [System.Object] + $IncreaseScoreWithRedirectToOtherPort, [Parameter()] - [System.String] - $Comments, + [System.Int32] + $QuarantineRetentionPeriod, [Parameter()] [System.Object] - $ReportSubmissionPolicy, + $HighConfidencePhishAction, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $RedirectToRecipients, [Parameter()] [System.Boolean] - $Enabled - ) -} -function New-RoleAssignmentPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, + $SpamZapEnabled, [Parameter()] - [System.String] - $Name, + [System.Object] + $TestModeAction, [Parameter()] - [System.Object[]] - $Roles, + [System.Boolean] + $EnableRegionBlockList, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $EndUserSpamNotificationCustomSubject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsDefault - ) -} -function New-RoleGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, + [System.Object] + $MarkAsSpamSpfRecordHardFail, [Parameter()] [System.Object] - $CustomRecipientWriteScope, + $EndUserSpamNotificationCustomFromAddress, [Parameter()] - [System.String] - $DisplayName, + [System.Boolean] + $DownloadLink, [Parameter()] [System.Object] - $Members, + $SpamAction, [Parameter()] [System.String] - $Name, + $ModifySubjectValue, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $IncreaseScoreWithNumericIps, [Parameter()] - [System.String] - $WellKnownObject, + [System.Object] + $AllowedSenders, [Parameter()] [System.Object] - $ManagedBy, + $MarkAsSpamJavaScriptInHtml, [Parameter()] - [System.Object[]] - $Roles, + [System.Object] + $MarkAsSpamBulkMail, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force - ) -} -function New-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.Object] - $Action, + $BlockedSenderDomains, [Parameter()] [System.Object] @@ -5246,38 +5350,18 @@ function New-SafeAttachmentPolicy [Parameter()] [System.Boolean] - $Redirect, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeBuiltInProtection, + $PhishZapEnabled, [Parameter()] [System.Boolean] - $Enable, - - [Parameter()] - [System.Object] - $RedirectAddress, + $EnableEndUserSpamNotifications, [Parameter()] [System.String] - $QuarantineTag, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + $HighConfidenceSpamQuarantineTag ) } -function New-SafeAttachmentRule +function New-HostedContentFilterRule { [CmdletBinding()] param( @@ -5293,6 +5377,10 @@ function New-SafeAttachmentRule [System.Object[]] $SentToMemberOf, + [Parameter()] + [System.Object] + $HostedContentFilterPolicy, + [Parameter()] [System.Object[]] $SentTo, @@ -5305,10 +5393,6 @@ function New-SafeAttachmentRule [System.Object[]] $RecipientDomainIs, - [Parameter()] - [System.Object] - $SafeAttachmentPolicy, - [Parameter()] [System.Object[]] $ExceptIfRecipientDomainIs, @@ -5330,84 +5414,60 @@ function New-SafeAttachmentRule $Enabled ) } -function New-SafeLinksPolicy +function New-HostedOutboundSpamFilterPolicy { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $EnableOrganizationBranding, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Boolean] - $UseTranslatedNotificationText, + [System.Object] + $RecommendedPolicyType, [Parameter()] [System.String] $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeBuiltInProtection, + [System.String] + $AdminDisplayName, [Parameter()] [System.Object] - $DoNotRewriteUrls, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForTeams, - - [Parameter()] - [System.Boolean] - $DisableUrlRewrite, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForOffice, + $BccSuspiciousOutboundAdditionalRecipients, [Parameter()] - [System.Boolean] - $TrackClicks, + [System.Object] + $NotifyOutboundSpamRecipients, [Parameter()] - [System.Boolean] - $AllowClickThrough, + [System.UInt32] + $RecipientLimitPerDay, [Parameter()] [System.Object] - $RecommendedPolicyType, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $ActionWhenThresholdReached, [Parameter()] - [System.String] - $CustomNotificationText, + [System.Object] + $AutoForwardingMode, [Parameter()] [System.Boolean] - $DeliverMessageAfterScan, + $NotifyOutboundSpam, [Parameter()] [System.Boolean] - $EnableSafeLinksForEmail, + $BccSuspiciousOutboundMail, [Parameter()] - [System.Boolean] - $ScanUrls, + [System.UInt32] + $RecipientLimitInternalPerHour, [Parameter()] - [System.Boolean] - $EnableForInternalSenders + [System.UInt32] + $RecipientLimitExternalPerHour ) } -function New-SafeLinksRule +function New-HostedOutboundSpamFilterRule { [CmdletBinding()] param( @@ -5421,11 +5481,15 @@ function New-SafeLinksRule [Parameter()] [System.Object[]] - $SentToMemberOf, + $ExceptIfFromMemberOf, [Parameter()] [System.Object[]] - $SentTo, + $ExceptIfFrom, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderDomainIs, [Parameter()] [System.String] @@ -5433,1654 +5497,8512 @@ function New-SafeLinksRule [Parameter()] [System.Object[]] - $RecipientDomainIs, + $FromMemberOf, [Parameter()] [System.Object[]] - $ExceptIfRecipientDomainIs, + $SenderDomainIs, [Parameter()] [System.Object] - $SafeLinksPolicy, + $HostedOutboundSpamFilterPolicy, [Parameter()] [System.Object[]] - $ExceptIfSentTo, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $From, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, + [System.Boolean] + $Enabled, [Parameter()] - [System.Boolean] - $Enabled + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function New-SharingPolicy +function New-InboundConnector { [CmdletBinding()] param( [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Domains, + [System.Boolean] + $RestrictDomainsToIPAddresses, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Default, + [System.Boolean] + $CloudServicesMailEnabled, [Parameter()] [System.Boolean] - $Enabled - ) -} -function New-TransportRule -{ - [CmdletBinding()] - param( + $Enabled, + [Parameter()] [System.Object] - $ActivationDate, + $EFSkipMailGateway, [Parameter()] - [System.Object[]] - $AddToRecipients, + [System.Boolean] + $EFTestMode, [Parameter()] [System.Object] - $ApplyHtmlDisclaimerFallbackAction, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientADAttributeContainsWords, + $TrustedOrganizations, [Parameter()] [System.Object] - $AttachmentSizeOver, + $TlsSenderCertificateName, [Parameter()] - [System.Object[]] - $ExceptIfSenderADAttributeContainsWords, + [System.Object] + $ScanAndDropRecipients, [Parameter()] [System.Object] - $SetSCL, + $AssociatedAcceptedDomains, [Parameter()] - [System.Object[]] - $AnyOfToHeaderMemberOf, + [System.String] + $Comment, [Parameter()] [System.Boolean] - $Disconnect, + $RequireTls, [Parameter()] - [System.Int32] - $Priority, + [System.Object] + $SenderDomains, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, + [System.Object] + $SenderIPAddresses, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfCcHeader, + [System.Boolean] + $EFSkipLastIP, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentMatchesPatterns, + [System.Object] + $EFUsers, [Parameter()] - [System.Object[]] - $RecipientDomainIs, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $ManagerForEvaluatedUser, + $ConnectorType, [Parameter()] - [System.Object[]] - $ExceptIfHeaderMatchesPatterns, + [System.Boolean] + $RestrictDomainsToCertificate, [Parameter()] [System.Object] - $ExceptIfFromScope, + $EFSkipIPs, [Parameter()] - [System.Object] - $AdComparisonAttribute, + [System.Boolean] + $TreatMessagesAsInternal, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentContainsWords, + [System.Object] + $ConnectorSource, [Parameter()] - [System.Object[]] - $ExceptIfHeaderContainsWords, - + [System.String] + $Name + ) +} +function New-IntraOrganizationConnector +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $HeaderMatchesPatterns, + [System.String] + $Name, [Parameter()] [System.Object] - $AddManagerAsRecipientType, + $TargetAddressDomains, [Parameter()] - [System.Boolean] - $DeleteMessage, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $HasSenderOverride, + [System.Uri] + $TargetSharingEpr, [Parameter()] - [System.Object] - $SmtpRejectMessageRejectStatusCode, + [System.Uri] + $DiscoveryEndpoint, + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-JournalRule +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $ExceptIfHasClassification, + $Name, [Parameter()] - [System.Boolean] - $Quarantine, + [System.Object] + $Scope, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfRecipientAddressMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfRecipientInSenderList, + [System.Object] + $JournalEmailAddress, [Parameter()] [System.Object] - $RecipientAddressType, + $Recipient, [Parameter()] - [System.Object[]] - $ExceptIfContentCharacterSetContainsWords, - + [System.Boolean] + $Enabled + ) +} +function New-Mailbox +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $BlindCopyTo, + [System.String] + $MailboxRegion, [Parameter()] [System.Object] - $ApplyHtmlDisclaimerLocation, + $ModeratedBy, [Parameter()] - [System.Object] - $ExceptIfMessageTypeMatches, + [System.Boolean] + $ModerationEnabled, [Parameter()] - [System.Object] - $SenderIpRanges, + [System.Boolean] + $EnableRoomMailboxAccount, [Parameter()] - [System.Collections.Hashtable[]] - $ExceptIfMessageContainsDataClassifications, + [System.String] + $Office, [Parameter()] - [System.Object[]] - $ModerateMessageByUser, + [System.String] + $DisplayName, [Parameter()] - [System.Boolean] - $HasNoClassification, + [System.Security.SecureString] + $Password, [Parameter()] - [System.Object[]] - $ExceptIfSenderInRecipientList, + [System.String] + $Name, [Parameter()] [System.Object] - $HeaderContainsMessageHeader, + $RemovedMailbox, [Parameter()] - [System.Object] - $RemoveHeader, + [System.Management.Automation.SwitchParameter] + $PublicFolder, [Parameter()] - [System.String] - $HasClassification, + [System.Management.Automation.SwitchParameter] + $Force, [Parameter()] - [System.Collections.Hashtable[]] - $MessageContainsDataClassifications, + [System.String] + $LastName, [Parameter()] - [System.Object[]] - $ExceptIfFromMemberOf, + [System.Management.Automation.SwitchParameter] + $TargetAllMDBs, [Parameter()] [System.Object] - $RuleSubType, + $RoleAssignmentPolicy, [Parameter()] [System.Object] - $SentToScope, + $ResourceCapacity, [Parameter()] - [System.Object[]] - $AnyOfToCcHeaderMemberOf, + [System.Management.Automation.SwitchParameter] + $Archive, [Parameter()] - [System.Object[]] - $From, + [System.Management.Automation.SwitchParameter] + $Equipment, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfRecipientAddressContainsWords, + [System.String] + $ImmutableId, [Parameter()] - [System.Object] - $ExceptIfWithImportance, + [System.Security.SecureString] + $RoomMailboxPassword, [Parameter()] - [System.Object[]] - $ContentCharacterSetContainsWords, + [System.Management.Automation.SwitchParameter] + $Shared, [Parameter()] - [System.Object[]] - $SubjectContainsWords, + [System.Boolean] + $IsExcludedFromServingHierarchy, [Parameter()] [System.Object] - $RejectMessageEnhancedStatusCode, - - [Parameter()] - [System.Object[]] - $SenderADAttributeMatchesPatterns, - - [Parameter()] - [System.Object[]] - $ExceptIfSenderADAttributeMatchesPatterns, + $MailboxPlan, [Parameter()] - [System.Object[]] - $IncidentReportContent, + [System.Object] + $MicrosoftOnlineServicesID, [Parameter()] - [System.Boolean] - $UseLegacyRegex, + [System.Management.Automation.SwitchParameter] + $Migration, [Parameter()] - [System.Object[]] - $FromMemberOf, + [System.Management.Automation.SwitchParameter] + $Room, [Parameter()] - [System.Object[]] - $AttachmentContainsWords, + [System.String] + $Initials, [Parameter()] [System.Object] - $ExceptIfSCLOver, + $InactiveMailbox, [Parameter()] - [System.Object[]] - $ExceptIfBetweenMemberOf1, + [System.String] + $FederatedIdentity, [Parameter()] [System.Object] - $GenerateNotification, + $ActiveSyncMailboxPolicy, [Parameter()] [System.Object] - $NotifySender, + $OrganizationalUnit, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentIsPasswordProtected, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentNameMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $HoldForMigration, [Parameter()] - [System.Object] - $ExceptIfSenderManagementRelationship, + [System.Management.Automation.SwitchParameter] + $Discovery, [Parameter()] - [System.String] - $SetAuditSeverity, + [System.Boolean] + $ResetPasswordOnNextLogon, [Parameter()] - [System.Object[]] - $AttachmentPropertyContainsWords, + [System.String] + $FirstName, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToHeader, + [System.String] + $Phone, [Parameter()] [System.Object] - $ApplyRightsProtectionCustomizationTemplate, + $PrimarySmtpAddress, [Parameter()] [System.Object] - $SetHeaderName, + $SendModerationNotifications, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Alias, [Parameter()] [System.Boolean] - $RouteMessageOutboundRequireTls, - + $RemotePowerShellEnabled + ) +} +function New-MailContact +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $WithImportance, + $ModeratedBy, [Parameter()] - [System.Object] - $RuleErrorAction, + [System.Boolean] + $ModerationEnabled, [Parameter()] [System.Object] - $FromScope, + $MacAttachmentFormat, [Parameter()] - [System.Object[]] - $AttachmentNameMatchesPatterns, + [System.String] + $DisplayName, [Parameter()] - [System.Object[]] - $SentTo, + [System.String] + $Name, [Parameter()] - [System.Object[]] - $ExceptIfFromAddressMatchesPatterns, + [System.String] + $LastName, [Parameter()] [System.Boolean] - $Enabled, + $UsePreferMessageFormat, [Parameter()] [System.Object] - $ExceptIfAttachmentSizeOver, + $MessageBodyFormat, [Parameter()] - [System.Object] - $ExceptIfManagerForEvaluatedUser, + [System.String] + $Initials, [Parameter()] - [System.Boolean] - $RemoveOMEv2, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfFromAddressContainsWords, + [System.Object] + $ExternalEmailAddress, [Parameter()] - [System.Boolean] - $AttachmentHasExecutableContent, + [System.String] + $Alias, [Parameter()] [System.Object] - $RouteMessageOutboundConnector, + $MessageFormat, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.String] + $FirstName, [Parameter()] - [System.Object[]] - $ExceptIfSenderDomainIs, + [System.Object] + $SendModerationNotifications, [Parameter()] [System.Object] - $SenderManagementRelationship, + $OrganizationalUnit + ) +} +function New-MalwareFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $CustomFromName, [Parameter()] - [System.Object[]] - $ExceptIfBetweenMemberOf2, + [System.String] + $AdminDisplayName, [Parameter()] - [System.Object[]] - $RedirectMessageTo, + [System.String] + $Name, [Parameter()] - [System.Boolean] - $ApplyOME, + [System.String] + $CustomExternalBody, [Parameter()] - [System.Object[]] - $SenderDomainIs, + [System.String] + $QuarantineTag, [Parameter()] - [System.Object[]] - $SenderADAttributeContainsWords, + [System.Boolean] + $CustomNotifications, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfCcHeaderMemberOf, + [System.Boolean] + $EnableExternalSenderAdminNotifications, [Parameter()] [System.Object] - $ApplyHtmlDisclaimerText, + $InternalSenderAdminAddress, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentHasExecutableContent, + [System.String[]] + $FileTypes, [Parameter()] [System.Boolean] - $ExceptIfAttachmentIsUnsupported, + $EnableInternalSenderAdminNotifications, + + [Parameter()] + [System.Object] + $CustomFromAddress, + + [Parameter()] + [System.String] + $CustomExternalSubject, [Parameter()] [System.Boolean] - $RemoveOME, + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $RejectMessageReasonText, + $ExternalSenderAdminAddress, [Parameter()] - [System.Object[]] - $RecipientAddressContainsWords, + [System.Object] + $RecommendedPolicyType, [Parameter()] [System.Object] - $GenerateIncidentReport, + $FileTypeAction, [Parameter()] - [System.Object[]] - $FromAddressContainsWords, + [System.String] + $CustomInternalSubject, [Parameter()] - [System.Boolean] - $RemoveRMSAttachmentEncryption, + [System.String] + $CustomInternalBody, [Parameter()] - [System.Object[]] - $RecipientAddressMatchesPatterns, + [System.Boolean] + $EnableFileFilter + ) +} +function New-MalwareFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, [Parameter()] - [System.Object[]] - $ExceptIfSubjectContainsWords, + [System.String] + $Name, [Parameter()] [System.Object[]] - $ExceptIfFrom, + $SentToMemberOf, [Parameter()] [System.Object[]] - $AnyOfToCcHeader, + $SentTo, [Parameter()] - [System.Object] - $ExceptIfSentToScope, + [System.String] + $Comments, [Parameter()] [System.Object[]] - $ExceptIfAnyOfToCcHeaderMemberOf, - - [Parameter()] - [System.Boolean] - $ModerateMessageByManager, + $RecipientDomainIs, [Parameter()] [System.Object] - $AdComparisonOperator, + $MalwareFilterPolicy, [Parameter()] - [System.Object] - $MessageSizeOver, + [System.Object[]] + $ExceptIfRecipientDomainIs, [Parameter()] [System.Object[]] - $BetweenMemberOf2, + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object[]] - $SubjectMatchesPatterns, + $ExceptIfSentToMemberOf, [Parameter()] [System.Boolean] - $AttachmentProcessingLimitExceeded, + $Enabled + ) +} +function New-ManagementRole +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [System.Object[]] - $ExceptIfSubjectMatchesPatterns, + [System.String[]] + $EnabledCmdlets, [Parameter()] [System.String] $Name, [Parameter()] - [System.Object[]] - $ExceptIfRecipientAddressContainsWords, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $HeaderMatchesMessageHeader, + $Parent, [Parameter()] - [System.Object[]] - $AnyOfRecipientAddressContainsWords, + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function New-ManagementRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $CustomRecipientWriteScope, [Parameter()] - [System.Object[]] - $HeaderContainsWords, + [System.Object] + $RecipientGroupScope, [Parameter()] [System.String] - $Comments, + $Name, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Management.Automation.SwitchParameter] + $Force, [Parameter()] [System.Object] - $ExceptIfAdComparisonAttribute, + $RecipientAdministrativeUnitScope, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.Object] + $SecurityGroup, [Parameter()] [System.Object] - $ExceptIfAdComparisonOperator, + $ExclusiveRecipientWriteScope, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToHeaderMemberOf, + [System.Management.Automation.SwitchParameter] + $Delegating, [Parameter()] [System.Object] - $Mode, + $User, [Parameter()] - [System.Object[]] - $RecipientInSenderList, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $SubjectOrBodyMatchesPatterns, + [System.Object] + $App, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentExtensionMatchesWords, + [System.Object] + $Role, [Parameter()] - [System.Object[]] - $ExceptIfSubjectOrBodyMatchesPatterns, + [System.Object] + $CustomResourceScope, [Parameter()] - [System.Object[]] - $ExceptIfRecipientAddressMatchesPatterns, + [System.Object] + $Policy, [Parameter()] - [System.Boolean] - $ExceptIfHasNoClassification, + [System.Object] + $RecipientOrganizationalUnitScope, [Parameter()] [System.Object] - $ExceptIfSenderIpRanges, + $RecipientRelativeWriteScope + ) +} +function New-MessageClassification +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SenderDescription, [Parameter()] - [System.Object[]] - $ExceptIfRecipientADAttributeMatchesPatterns, + [System.String] + $DisplayName, [Parameter()] - [System.Boolean] - $StopRuleProcessing, + [System.String] + $RecipientDescription, [Parameter()] - [System.Object[]] - $RecipientADAttributeContainsWords, + [System.String] + $Name, [Parameter()] - [System.Boolean] - $AttachmentIsUnsupported, + [System.Globalization.CultureInfo] + $Locale, [Parameter()] - [System.Object] - $ExpiryDate, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $AttachmentExtensionMatchesWords, + [System.Boolean] + $RetainClassificationEnabled, [Parameter()] - [System.Object[]] - $ExceptIfSubjectOrBodyContainsWords, + [System.Boolean] + $PermissionMenuVisible, + + [Parameter()] + [System.Guid] + $ClassificationID, [Parameter()] [System.Object] - $LogEventText, + $DisplayPrecedence + ) +} +function New-MobileDeviceMailboxPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $AllowMicrosoftPushNotifications, [Parameter()] - [System.Object[]] - $ExceptIfManagerAddresses, + [System.Boolean] + $AllowUnsignedApplications, [Parameter()] - [System.Object[]] - $SenderInRecipientList, + [System.Boolean] + $AllowUnsignedInstallationPackages, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToCcHeader, + [System.Object] + $MaxPasswordFailedAttempts, [Parameter()] - [System.Object[]] - $AttachmentMatchesPatterns, + [System.Boolean] + $AllowExternalDeviceManagement, [Parameter()] - [System.String] - $DlpPolicy, + [System.Boolean] + $AllowIrDA, [Parameter()] - [System.Object[]] - $ManagerAddresses, + [System.Boolean] + $RequireSignedSMIMEMessages, [Parameter()] - [System.Object] - $SenderAddressLocation, + [System.Boolean] + $AllowStorageCard, [Parameter()] - [System.Object[]] - $CopyTo, + [System.Int32] + $PasswordHistory, [Parameter()] - [System.Object[]] - $SubjectOrBodyContainsWords, + [System.Boolean] + $AllowNonProvisionableDevices, [Parameter()] - [System.String] - $ApplyClassification, + [System.Object] + $UnapprovedInROMApplicationList, [Parameter()] - [System.Object[]] - $RecipientADAttributeMatchesPatterns, + [System.Boolean] + $RequireEncryptedSMIMEMessages, [Parameter()] - [System.Object] - $SetHeaderValue, + [System.Boolean] + $RequireDeviceEncryption, [Parameter()] [System.Boolean] - $AttachmentIsPasswordProtected, + $AllowInternetSharing, [Parameter()] - [System.Object[]] - $BetweenMemberOf1, + [System.Boolean] + $PasswordEnabled, [Parameter()] [System.Object] - $ExceptIfMessageSizeOver, + $RequireSignedSMIMEAlgorithm, [Parameter()] - [System.Object[]] - $AnyOfCcHeader, + [System.Object] + $MaxEmailHTMLBodyTruncationSize, + + [Parameter()] + [System.Int32] + $MinPasswordComplexCharacters, [Parameter()] [System.Boolean] - $ExceptIfAttachmentProcessingLimitExceeded, + $UNCAccessEnabled, [Parameter()] - [System.Object[]] - $FromAddressMatchesPatterns, + [System.Boolean] + $AllowCamera, [Parameter()] - [System.Object] - $ExceptIfHeaderMatchesMessageHeader, + [System.Boolean] + $IrmEnabled, [Parameter()] [System.Object] - $SmtpRejectMessageRejectText, + $PasswordExpiration, [Parameter()] - [System.Object[]] - $AnyOfCcHeaderMemberOf, + [System.Boolean] + $AllowBrowser, [Parameter()] - [System.Object[]] - $AnyOfToHeader, + [System.Object] + $MaxEmailAgeFilter, [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $RequireManualSyncWhenRoaming, + + [Parameter()] + [System.Boolean] + $AlphanumericPasswordRequired, [Parameter()] [System.Object] - $SCLOver, + $AllowSMIMEEncryptionAlgorithmNegotiation, [Parameter()] [System.Object] - $PrependSubject, + $MaxEmailBodyTruncationSize, [Parameter()] [System.Object] - $ApplyRightsProtectionTemplate, + $AllowBluetooth, [Parameter()] [System.Object] - $MessageTypeMatches, + $RequireEncryptionSMIMEAlgorithm, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentPropertyContainsWords, + [System.Object] + $DevicePolicyRefreshInterval, [Parameter()] - [System.Object[]] - $AnyOfRecipientAddressMatchesPatterns, + [System.Boolean] + $AllowGooglePushNotifications, [Parameter()] - [System.Object] - $ExceptIfHeaderContainsMessageHeader - ) -} -function Remove-ActiveSyncDevice -{ - [CmdletBinding()] - param( + [System.Boolean] + $AllowMobileOTAUpdate, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Name, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-ActiveSyncDeviceAccessRule -{ - [CmdletBinding()] - param( + $MaxAttachmentSize, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowSimplePassword, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-AddressBookPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $AllowConsumerEmail, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowDesktopSync, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-AddressList -{ - [CmdletBinding()] - param( + [System.Boolean] + $RequireStorageCardEncryption, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $AttachmentsEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Recursive - ) -} -function Remove-AntiPhishPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $AllowSMIMESoftCerts, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Boolean] + $AllowRemoteDesktop, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $PasswordRecoveryEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-AntiPhishRule -{ - [CmdletBinding()] - param( + $MaxCalendarAgeFilter, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowWiFi, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-App -{ - [CmdletBinding()] - param( + [System.Boolean] + $AllowApplePushNotifications, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowPOPIMAPEmail, [Parameter()] - [System.Object] - $Mailbox, + [System.Boolean] + $IsDefault, [Parameter()] [System.Object] - $Identity, + $MaxInactivityTimeLock, [Parameter()] - [System.String] - $AppType, + [System.Object] + $ApprovedApplicationList, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationApp, + [System.Boolean] + $AllowTextMessaging, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrivateCatalog - ) -} -function Remove-ApplicationAccessPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $WSSAccessEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $DeviceEncryptionEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-AuditConfigurationPolicy -{ - [CmdletBinding()] - param( + $MinPasswordLength, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + [System.Boolean] + $AllowHTMLEmail ) } -function Remove-AuthenticationPolicy +function New-OfflineAddressBook { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Name, - [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-AvailabilityAddressSpace -{ - [CmdletBinding()] - param( [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Boolean] + $IsDefault, + [Parameter()] [System.Object] - $Identity + $DiffRetentionPeriod, + + [Parameter()] + [System.Object[]] + $AddressLists ) } -function Remove-AvailabilityConfig +function New-OMEConfiguration { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Double] + $ExternalMailExpiryInDays, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-ClientAccessRule -{ - [CmdletBinding()] - param( + [System.String] + $ReadButtonText, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $PortalText, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-DataClassification -{ - [CmdletBinding()] - param( + [System.Byte[]] + $Image, + + [Parameter()] + [System.String] + $IntroductionText, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-DistributionGroup -{ - [CmdletBinding()] - param( + [System.String] + $BackgroundColor, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $DisclaimerText, [Parameter()] - [System.Object] - $Identity, + [System.String] + $PrivacyStatementUrl, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BypassSecurityGroupManagerCheck - ) -} -function Remove-EmailAddressPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $SocialIdSignIn, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $EmailText, + + [Parameter()] + [System.Boolean] + $OTPEnabled, [Parameter()] [System.Object] $Identity ) } -function Remove-GlobalAddressList +function New-OnPremisesOrganization { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $InboundConnector, + + [Parameter()] + [System.String] + $Name, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-HostedConnectionFilterPolicy -{ - [CmdletBinding()] - param( + $OutboundConnector, + + [Parameter()] + [System.String] + $OrganizationName, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-HostedContentFilterPolicy -{ - [CmdletBinding()] - param( + [System.String] + $Comment, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Guid] + $OrganizationGuid, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-HostedContentFilterRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $OrganizationRelationship, [Parameter()] [System.Object] - $Identity + $HybridDomains ) } -function Remove-HostedOutboundSpamFilterPolicy +function New-OrganizationRelationship { [CmdletBinding()] param( [Parameter()] [System.Object] - $Identity, + $MailTipsAccessLevel, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force - ) -} -function Remove-HostedOutboundSpamFilterRule -{ - [CmdletBinding()] - param( + [System.Uri] + $TargetAutodiscoverEpr, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String] + $Name, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-InboundConnector -{ - [CmdletBinding()] - param( + $FreeBusyAccessScope, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $DeliveryReportEnabled, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-IntraOrganizationConnector -{ - [CmdletBinding()] - param( + [System.String] + $OAuthApplicationId, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $MailTipsAccessEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-JournalRule -{ - [CmdletBinding()] - param( + $OrganizationContact, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ArchiveAccessEnabled, + + [Parameter()] + [System.Boolean] + $FreeBusyAccessEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-Mailbox -{ - [CmdletBinding()] - param( + $MailTipsAccessScope, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Uri] + $TargetOwaURL, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PublicFolder, + [System.Uri] + $TargetApplicationUri, + + [Parameter()] + [System.Boolean] + $PhotosEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PermanentlyDelete, + [System.Object] + $MailboxMovePublishedScopes, + + [Parameter()] + [System.Boolean] + $MailboxMoveEnabled, [Parameter()] [System.Object] - $Identity, + $MailboxMoveCapability, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RemoveCNFPublicFolderMailboxPermanently, + [System.Uri] + $TargetSharingEpr, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Migration + [System.Object] + $FreeBusyAccessLevel, + + [Parameter()] + [System.Object] + $DomainNames ) } -function Remove-MailboxPermission +function New-OutboundConnector { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ClearAutoMapping, + [System.Boolean] + $RouteAllMessagesViaOnPremises, [Parameter()] - [System.Object[]] - $AccessRights, + [System.Object] + $RecipientDomains, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GroupMailbox, + [System.Boolean] + $CloudServicesMailEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Deny, + [System.Boolean] + $Enabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Guid] + $LinkForModifiedConnector, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BypassMasterAccountSid, + [System.String] + $Name, [Parameter()] - [System.Object] - $User, + [System.Boolean] + $AllAcceptedDomains, [Parameter()] [System.Object] - $Identity, + $TlsDomain, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.String] + $Comment, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SoftDeletedMailbox, + [System.Boolean] + $IsTransportRuleScoped, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ResetDefault, + [System.Boolean] + $UseMXRecord, [Parameter()] - [System.DirectoryServices.ActiveDirectorySecurityInheritance] - $InheritanceType - ) -} -function Remove-MailContact -{ - [CmdletBinding()] - param( + [System.Object] + $TlsSettings, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-MalwareFilterPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $ConnectorType, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-MalwareFilterRule -{ - [CmdletBinding()] - param( + $SmartHosts, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $SenderRewritingEnabled, + + [Parameter()] + [System.Boolean] + $TestMode, [Parameter()] [System.Object] - $Identity + $ConnectorSource ) } -function Remove-ManagementRole +function New-OwaMailboxPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $Name, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Object] - $Identity, - [Parameter()] [System.Management.Automation.SwitchParameter] - $Recurse + $IsDefault ) } -function Remove-ManagementRoleAssignment +function New-PartnerApplication { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $ApplicationIdentifier, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Name, [Parameter()] [System.Object] - $Identity + $LinkedAccount, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $AcceptSecurityIdentifierInformation, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Object] + $AccountType ) } -function Remove-MessageClassification +function New-PolicyTipConfig { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Value, + + [Parameter()] + [System.String] + $Name, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Confirm + ) +} +function New-QuarantinePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $MultiLanguageCustomDisclaimer, [Parameter()] [System.Object] - $Identity + $AdminNotificationLanguage, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomFromAddress, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationFrequencyInDays, + + [Parameter()] + [System.String] + $CustomDisclaimer, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Int32] + $EndUserQuarantinePermissionsValue, + + [Parameter()] + [System.Boolean] + $ESNEnabled, + + [Parameter()] + [System.Object] + $EndUserQuarantinePermissions, + + [Parameter()] + [System.Boolean] + $AdminNotificationsEnabled, + + [Parameter()] + [System.Object] + $EndUserSpamNotificationLanguage, + + [Parameter()] + [System.Object] + $DomainController, + + [Parameter()] + [System.Object] + $MultiLanguageSenderName, + + [Parameter()] + [System.Object] + $AdminQuarantinePermissionsList, + + [Parameter()] + [System.Object] + $MultiLanguageSetting, + + [Parameter()] + [System.TimeSpan] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] + $QuarantineRetentionDays, + + [Parameter()] + [System.Object] + $EsnCustomSubject, + + [Parameter()] + [System.Boolean] + $OrganizationBrandingEnabled, + + [Parameter()] + [System.Int32] + $AdminNotificationFrequencyInDays, + + [Parameter()] + [System.Object] + $QuarantinePolicyType ) } -function Remove-MobileDevice +function New-RemoteDomain { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Name, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.Object] - $Identity + $DomainName ) } -function Remove-MobileDeviceMailboxPolicy +function New-ReportSubmissionPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $PostSubmitMessage, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $ReportJunkAddresses, + + [Parameter()] + [System.Boolean] + $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForNotJunk, + + [Parameter()] + [System.Boolean] + $EnableCustomizedMsg, [Parameter()] [System.Object] - $Identity + $NotificationSenderAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForJunk, + + [Parameter()] + [System.Boolean] + $NotificationsForSpamSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForPhishing, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String] + $PreSubmitMessageForJunk, + + [Parameter()] + [System.Int32] + $UserSubmissionOptions, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForPhishing, + + [Parameter()] + [System.String] + $PreSubmitMessageForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForNotJunk, + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForPhishing, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.String] + $PreSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Object] + $ThirdPartyReportAddresses, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Boolean] + $NotificationsForCleanSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageForNotJunk, + + [Parameter()] + [System.Object] + $MultiLanguageSetting, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForJunk, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Object] + $ReportNotJunkAddresses, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForJunk, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $DisableUserSubmissionOptions, + + [Parameter()] + [System.Boolean] + $OnlyShowPhishingDisclaimer, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, + + [Parameter()] + [System.Object] + $ReportPhishAddresses, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.Boolean] + $NotificationsForSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForPhishing, + + [Parameter()] + [System.String] + $UserSubmissionOptionsMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress ) } -function Remove-OfflineAddressBook +function New-ReportSubmissionRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object] + $ReportSubmissionPolicy, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity + [System.Boolean] + $Enabled ) } -function Remove-OMEConfiguration +function New-RoleAssignmentPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $Roles, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Identity + [System.Management.Automation.SwitchParameter] + $IsDefault ) } -function Remove-OnPremisesOrganization +function New-RoleGroup { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Object] + $CustomRecipientWriteScope, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Object] + $Members, + + [Parameter()] + [System.String] + $Name, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $WellKnownObject, + [Parameter()] [System.Object] - $Identity + $ManagedBy, + + [Parameter()] + [System.Object[]] + $Roles, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force ) } -function Remove-OrganizationRelationship +function New-SafeAttachmentPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Object] + $Action, + + [Parameter()] + [System.Object] + $RecommendedPolicyType, + + [Parameter()] + [System.Boolean] + $Redirect, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $AdminDisplayName, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $MakeBuiltInProtection, + + [Parameter()] + [System.Boolean] + $Enable, + + [Parameter()] + [System.Object] + $RedirectAddress, + + [Parameter()] + [System.String] + $QuarantineTag, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function New-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $SafeAttachmentPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Boolean] + $UseTranslatedNotificationText, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeBuiltInProtection, + + [Parameter()] + [System.Object] + $DoNotRewriteUrls, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForTeams, + + [Parameter()] + [System.Boolean] + $DisableUrlRewrite, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForOffice, + + [Parameter()] + [System.Boolean] + $TrackClicks, + + [Parameter()] + [System.Boolean] + $AllowClickThrough, + + [Parameter()] + [System.Object] + $RecommendedPolicyType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $CustomNotificationText, + + [Parameter()] + [System.Boolean] + $DeliverMessageAfterScan, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForEmail, + + [Parameter()] + [System.Boolean] + $ScanUrls, + + [Parameter()] + [System.Boolean] + $EnableForInternalSenders + ) +} +function New-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object] + $SafeLinksPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-SharingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Domains, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Default, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-TransportRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $ActivationDate, + + [Parameter()] + [System.Object[]] + $AddToRecipients, + + [Parameter()] + [System.Object] + $ApplyHtmlDisclaimerFallbackAction, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientADAttributeContainsWords, + + [Parameter()] + [System.Object] + $AttachmentSizeOver, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderADAttributeContainsWords, + + [Parameter()] + [System.Object] + $SetSCL, + + [Parameter()] + [System.Object[]] + $AnyOfToHeaderMemberOf, + + [Parameter()] + [System.Boolean] + $Disconnect, + + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfCcHeader, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentMatchesPatterns, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $ManagerForEvaluatedUser, + + [Parameter()] + [System.Object[]] + $ExceptIfHeaderMatchesPatterns, + + [Parameter()] + [System.Object] + $ExceptIfFromScope, + + [Parameter()] + [System.Object] + $AdComparisonAttribute, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentContainsWords, + + [Parameter()] + [System.Object[]] + $ExceptIfHeaderContainsWords, + + [Parameter()] + [System.Object[]] + $HeaderMatchesPatterns, + + [Parameter()] + [System.Object] + $AddManagerAsRecipientType, + + [Parameter()] + [System.Boolean] + $DeleteMessage, + + [Parameter()] + [System.Boolean] + $HasSenderOverride, + + [Parameter()] + [System.Object] + $SmtpRejectMessageRejectStatusCode, + + [Parameter()] + [System.String] + $ExceptIfHasClassification, + + [Parameter()] + [System.Boolean] + $Quarantine, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientInSenderList, + + [Parameter()] + [System.Object] + $RecipientAddressType, + + [Parameter()] + [System.Object[]] + $ExceptIfContentCharacterSetContainsWords, + + [Parameter()] + [System.Object[]] + $BlindCopyTo, + + [Parameter()] + [System.Object] + $ApplyHtmlDisclaimerLocation, + + [Parameter()] + [System.Object] + $ExceptIfMessageTypeMatches, + + [Parameter()] + [System.Object] + $SenderIpRanges, + + [Parameter()] + [System.Collections.Hashtable[]] + $ExceptIfMessageContainsDataClassifications, + + [Parameter()] + [System.Object[]] + $ModerateMessageByUser, + + [Parameter()] + [System.Boolean] + $HasNoClassification, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderInRecipientList, + + [Parameter()] + [System.Object] + $HeaderContainsMessageHeader, + + [Parameter()] + [System.Object] + $RemoveHeader, + + [Parameter()] + [System.String] + $HasClassification, + + [Parameter()] + [System.Collections.Hashtable[]] + $MessageContainsDataClassifications, + + [Parameter()] + [System.Object[]] + $ExceptIfFromMemberOf, + + [Parameter()] + [System.Object] + $RuleSubType, + + [Parameter()] + [System.Object] + $SentToScope, + + [Parameter()] + [System.Object[]] + $AnyOfToCcHeaderMemberOf, + + [Parameter()] + [System.Object[]] + $From, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.Object] + $ExceptIfWithImportance, + + [Parameter()] + [System.Object[]] + $ContentCharacterSetContainsWords, + + [Parameter()] + [System.Object[]] + $SubjectContainsWords, + + [Parameter()] + [System.Object] + $RejectMessageEnhancedStatusCode, + + [Parameter()] + [System.Object[]] + $SenderADAttributeMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderADAttributeMatchesPatterns, + + [Parameter()] + [System.Object[]] + $IncidentReportContent, + + [Parameter()] + [System.Boolean] + $UseLegacyRegex, + + [Parameter()] + [System.Object[]] + $FromMemberOf, + + [Parameter()] + [System.Object[]] + $AttachmentContainsWords, + + [Parameter()] + [System.Object] + $ExceptIfSCLOver, + + [Parameter()] + [System.Object[]] + $ExceptIfBetweenMemberOf1, + + [Parameter()] + [System.Object] + $GenerateNotification, + + [Parameter()] + [System.Object] + $NotifySender, + + [Parameter()] + [System.Boolean] + $ExceptIfAttachmentIsPasswordProtected, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentNameMatchesPatterns, + + [Parameter()] + [System.Object] + $ExceptIfSenderManagementRelationship, + + [Parameter()] + [System.String] + $SetAuditSeverity, + + [Parameter()] + [System.Object[]] + $AttachmentPropertyContainsWords, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfToHeader, + + [Parameter()] + [System.Object] + $ApplyRightsProtectionCustomizationTemplate, + + [Parameter()] + [System.Object] + $SetHeaderName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $RouteMessageOutboundRequireTls, + + [Parameter()] + [System.Object] + $WithImportance, + + [Parameter()] + [System.Object] + $RuleErrorAction, + + [Parameter()] + [System.Object] + $FromScope, + + [Parameter()] + [System.Object[]] + $AttachmentNameMatchesPatterns, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.Object[]] + $ExceptIfFromAddressMatchesPatterns, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Object] + $ExceptIfAttachmentSizeOver, + + [Parameter()] + [System.Object] + $ExceptIfManagerForEvaluatedUser, + + [Parameter()] + [System.Boolean] + $RemoveOMEv2, + + [Parameter()] + [System.Object[]] + $ExceptIfFromAddressContainsWords, + + [Parameter()] + [System.Boolean] + $AttachmentHasExecutableContent, + + [Parameter()] + [System.Object] + $RouteMessageOutboundConnector, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderDomainIs, + + [Parameter()] + [System.Object] + $SenderManagementRelationship, + + [Parameter()] + [System.Object[]] + $ExceptIfBetweenMemberOf2, + + [Parameter()] + [System.Object[]] + $RedirectMessageTo, + + [Parameter()] + [System.Boolean] + $ApplyOME, + + [Parameter()] + [System.Object[]] + $SenderDomainIs, + + [Parameter()] + [System.Object[]] + $SenderADAttributeContainsWords, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfCcHeaderMemberOf, + + [Parameter()] + [System.Object] + $ApplyHtmlDisclaimerText, + + [Parameter()] + [System.Boolean] + $ExceptIfAttachmentHasExecutableContent, + + [Parameter()] + [System.Boolean] + $ExceptIfAttachmentIsUnsupported, + + [Parameter()] + [System.Boolean] + $RemoveOME, + + [Parameter()] + [System.Object] + $RejectMessageReasonText, + + [Parameter()] + [System.Object[]] + $RecipientAddressContainsWords, + + [Parameter()] + [System.Object] + $GenerateIncidentReport, + + [Parameter()] + [System.Object[]] + $FromAddressContainsWords, + + [Parameter()] + [System.Boolean] + $RemoveRMSAttachmentEncryption, + + [Parameter()] + [System.Object[]] + $RecipientAddressMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfSubjectContainsWords, + + [Parameter()] + [System.Object[]] + $ExceptIfFrom, + + [Parameter()] + [System.Object[]] + $AnyOfToCcHeader, + + [Parameter()] + [System.Object] + $ExceptIfSentToScope, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfToCcHeaderMemberOf, + + [Parameter()] + [System.Boolean] + $ModerateMessageByManager, + + [Parameter()] + [System.Object] + $AdComparisonOperator, + + [Parameter()] + [System.Object] + $MessageSizeOver, + + [Parameter()] + [System.Object[]] + $BetweenMemberOf2, + + [Parameter()] + [System.Object[]] + $SubjectMatchesPatterns, + + [Parameter()] + [System.Boolean] + $AttachmentProcessingLimitExceeded, + + [Parameter()] + [System.Object[]] + $ExceptIfSubjectMatchesPatterns, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientAddressContainsWords, + + [Parameter()] + [System.Object] + $HeaderMatchesMessageHeader, + + [Parameter()] + [System.Object[]] + $AnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.Object[]] + $HeaderContainsWords, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object] + $ExceptIfAdComparisonAttribute, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Object] + $ExceptIfAdComparisonOperator, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfToHeaderMemberOf, + + [Parameter()] + [System.Object] + $Mode, + + [Parameter()] + [System.Object[]] + $RecipientInSenderList, + + [Parameter()] + [System.Object[]] + $SubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentExtensionMatchesWords, + + [Parameter()] + [System.Object[]] + $ExceptIfSubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.Boolean] + $ExceptIfHasNoClassification, + + [Parameter()] + [System.Object] + $ExceptIfSenderIpRanges, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientADAttributeMatchesPatterns, + + [Parameter()] + [System.Boolean] + $StopRuleProcessing, + + [Parameter()] + [System.Object[]] + $RecipientADAttributeContainsWords, + + [Parameter()] + [System.Boolean] + $AttachmentIsUnsupported, + + [Parameter()] + [System.Object] + $ExpiryDate, + + [Parameter()] + [System.Object[]] + $AttachmentExtensionMatchesWords, + + [Parameter()] + [System.Object[]] + $ExceptIfSubjectOrBodyContainsWords, + + [Parameter()] + [System.Object] + $LogEventText, + + [Parameter()] + [System.Object[]] + $ExceptIfManagerAddresses, + + [Parameter()] + [System.Object[]] + $SenderInRecipientList, + + [Parameter()] + [System.Object[]] + $ExceptIfAnyOfToCcHeader, + + [Parameter()] + [System.Object[]] + $AttachmentMatchesPatterns, + + [Parameter()] + [System.String] + $DlpPolicy, + + [Parameter()] + [System.Object[]] + $ManagerAddresses, + + [Parameter()] + [System.Object] + $SenderAddressLocation, + + [Parameter()] + [System.Object[]] + $CopyTo, + + [Parameter()] + [System.Object[]] + $SubjectOrBodyContainsWords, + + [Parameter()] + [System.String] + $ApplyClassification, + + [Parameter()] + [System.Object[]] + $RecipientADAttributeMatchesPatterns, + + [Parameter()] + [System.Object] + $SetHeaderValue, + + [Parameter()] + [System.Boolean] + $AttachmentIsPasswordProtected, + + [Parameter()] + [System.Object[]] + $BetweenMemberOf1, + + [Parameter()] + [System.Object] + $ExceptIfMessageSizeOver, + + [Parameter()] + [System.Object[]] + $AnyOfCcHeader, + + [Parameter()] + [System.Boolean] + $ExceptIfAttachmentProcessingLimitExceeded, + + [Parameter()] + [System.Object[]] + $FromAddressMatchesPatterns, + + [Parameter()] + [System.Object] + $ExceptIfHeaderMatchesMessageHeader, + + [Parameter()] + [System.Object] + $SmtpRejectMessageRejectText, + + [Parameter()] + [System.Object[]] + $AnyOfCcHeaderMemberOf, + + [Parameter()] + [System.Object[]] + $AnyOfToHeader, + + [Parameter()] + [System.Boolean] + $ExceptIfHasSenderOverride, + + [Parameter()] + [System.Object] + $SCLOver, + + [Parameter()] + [System.Object] + $PrependSubject, + + [Parameter()] + [System.Object] + $ApplyRightsProtectionTemplate, + + [Parameter()] + [System.Object] + $MessageTypeMatches, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentPropertyContainsWords, + + [Parameter()] + [System.Object[]] + $AnyOfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.Object] + $ExceptIfHeaderContainsMessageHeader + ) +} + +function New-UnifiedAuditLogRetentionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String] + $RetentionDuration, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $Operations, + + [Parameter()] + [System.String[]] + $RecordTypes, + + [Parameter()] + [System.String[]] + $UserIds + ) +} + +function Remove-ActiveSyncDevice +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ActiveSyncDeviceAccessRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-AddressBookPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-AddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Recursive + ) +} +function Remove-AntiPhishPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-AntiPhishRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-App +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Mailbox, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $AppType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $OrganizationApp, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PrivateCatalog + ) +} +function Remove-ApplicationAccessPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} + +function Remove-ATPProtectionPolicyRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity + ) +} + +function Remove-AuditConfigurationPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Remove-AuthenticationPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-AvailabilityAddressSpace +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-AvailabilityConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ClientAccessRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-DataClassification +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-DistributionGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck + ) +} +function Remove-EmailAddressPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-GlobalAddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-HostedConnectionFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-HostedContentFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-HostedContentFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-HostedOutboundSpamFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Remove-HostedOutboundSpamFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-InboundConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-IntraOrganizationConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-JournalRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-Mailbox +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PublicFolder, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PermanentlyDelete, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RemoveCNFPublicFolderMailboxPermanently, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Migration + ) +} +function Remove-MailboxPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ClearAutoMapping, + + [Parameter()] + [System.Object[]] + $AccessRights, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $GroupMailbox, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Deny, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassMasterAccountSid, + + [Parameter()] + [System.Object] + $User, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SoftDeletedMailbox, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ResetDefault, + + [Parameter()] + [System.DirectoryServices.ActiveDirectorySecurityInheritance] + $InheritanceType + ) +} +function Remove-MailContact +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-MalwareFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-MalwareFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ManagementRole +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Recurse + ) +} +function Remove-ManagementRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-MessageClassification +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-MobileDevice +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-MobileDeviceMailboxPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OfflineAddressBook +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OMEConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OnPremisesOrganization +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OrganizationRelationship +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OutboundConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-OwaMailboxPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-PartnerApplication +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-PolicyTipConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-QuarantinePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $DomainController + ) +} +function Remove-RecipientPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForMailContact, + + [Parameter()] + [System.Object] + $AccessRights, + + [Parameter()] + [System.Object] + $Trustee, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Deny, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForMailUser, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForSharedMailbox + ) +} +function Remove-RemoteDomain +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-RoleAssignmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck + ) +} +function Remove-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SharingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-TransportRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} + +function Remove-UnifiedAuditLogRetentionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity + ) +} + +function Set-AcceptedDomain +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $CanHaveCloudCache, + + [Parameter()] + [System.Boolean] + $EnableNego2Authentication, + + [Parameter()] + [System.Boolean] + $OutboundOnly, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $SendingFromDomainDisabled, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $MatchSubDomains, + + [Parameter()] + [System.Object] + $DomainType + ) +} +function Set-ActiveSyncDeviceAccessRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $AccessLevel + ) +} +function Set-AddressBookPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $RoomList, + + [Parameter()] + [System.Object] + $OfflineAddressBook, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $GlobalAddressList, + + [Parameter()] + [System.Object[]] + $AddressLists + ) +} +function Set-AddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute8, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute10, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute9, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute2, + + [Parameter()] + [System.Object] + $IncludedRecipients, + + [Parameter()] + [System.Object] + $ConditionalCompany, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute6, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute3, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute12, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute13, + + [Parameter()] + [System.String] + $RecipientFilter, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute15, + + [Parameter()] + [System.Object] + $ConditionalDepartment, + + [Parameter()] + [System.Object] + $ConditionalStateOrProvince, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute7, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute14, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute4, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute11, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute1, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute5 + ) +} +function Set-AdminAuditLogConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $UnifiedAuditLogIngestionEnabled + ) +} +function Set-AntiPhishPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnableFirstContactSafetyTips, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault, + + [Parameter()] + [System.Object] + $DmarcRejectAction, + + [Parameter()] + [System.Int32] + $PhishThresholdLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $EnableTargetedDomainsProtection, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Boolean] + $EnableViaTag, + + [Parameter()] + [System.Object] + $MailboxIntelligenceProtectionAction, + + [Parameter()] + [System.Object] + $TargetedDomainsToProtect, + + [Parameter()] + [System.Boolean] + $EnableSpoofIntelligence, + + [Parameter()] + [System.Boolean] + $EnableSimilarUsersSafetyTips, + + [Parameter()] + [System.Object] + $ExcludedDomains, + + [Parameter()] + [System.String] + $PolicyTag, + + [Parameter()] + [System.Object] + $TargetedDomainActionRecipients, + + [Parameter()] + [System.Object] + $DmarcQuarantineAction, + + [Parameter()] + [System.Boolean] + $EnableMailboxIntelligence, + + [Parameter()] + [System.String] + $TargetedDomainQuarantineTag, + + [Parameter()] + [System.Object] + $ImpersonationProtectionState, + + [Parameter()] + [System.Object] + $TargetedDomainProtectionAction, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Object] + $TargetedUsersToProtect, + + [Parameter()] + [System.Object] + $TargetedUserProtectionAction, + + [Parameter()] + [System.Object] + $MailboxIntelligenceProtectionActionRecipients, + + [Parameter()] + [System.String] + $MailboxIntelligenceQuarantineTag, + + [Parameter()] + [System.Boolean] + $EnableSimilarDomainsSafetyTips, + + [Parameter()] + [System.String] + $SpoofQuarantineTag, + + [Parameter()] + [System.Boolean] + $EnableUnauthenticatedSender, + + [Parameter()] + [System.String] + $TargetedUserQuarantineTag, + + [Parameter()] + [System.Boolean] + $EnableOrganizationDomainsProtection, + + [Parameter()] + [System.Boolean] + $EnableMailboxIntelligenceProtection, + + [Parameter()] + [System.Boolean] + $EnableUnusualCharactersSafetyTips, + + [Parameter()] + [System.Boolean] + $EnableTargetedUserProtection, + + [Parameter()] + [System.Object] + $AuthenticationFailAction, + + [Parameter()] + [System.Object] + $TargetedUserActionRecipients, + + [Parameter()] + [System.Object] + $ExcludedSenders + ) +} +function Set-AntiPhishRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object] + $AntiPhishPolicy, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf + ) +} +function Set-App +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $UserList, + + [Parameter()] + [System.Object] + $DefaultStateForUser, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $OrganizationApp, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PrivateCatalog, + + [Parameter()] + [System.Object] + $ProvidedTo + ) +} +function Set-ApplicationAccessPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-AtpPolicyForO365 +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnableATPForSPOTeamsODB, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $EnableSafeDocs, + + [Parameter()] + [System.Boolean] + $AllowSafeDocsOpen, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Set-ATPProtectionPolicyRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String] + $ExceptIfSentTo, + + [Parameter()] + [System.String] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.String] + $String, + + [Parameter()] + [System.UInt32] + $Priority, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String[]] + $SentToMemberOf + ) +} + +function Set-AuthenticationPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthPop, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthSmtp, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthMapi, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthImap, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthAutodiscover, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthPowershell, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthRpc, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthOfflineAddressBook, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthReportingWebServices, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthOutlookService, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthActiveSync, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowBasicAuthWebServices + ) +} +function Set-AvailabilityConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $OrgWideAccount, + + [Parameter()] + [System.Object] + $AllowedTenantIds + ) +} +function Set-CalendarProcessing +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $MaximumConflictInstances, + + [Parameter()] + [System.Object] + $BookingType, + + [Parameter()] + [System.Boolean] + $ForwardRequestsToDelegates, + + [Parameter()] + [System.Boolean] + $RemoveCanceledMeetings, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $ResourceDelegates, + + [Parameter()] + [System.Boolean] + $DeleteNonCalendarItems, + + [Parameter()] + [System.Boolean] + $RemovePrivateProperty, + + [Parameter()] + [System.Boolean] + $DeleteComments, + + [Parameter()] + [System.Boolean] + $EnforceSchedulingHorizon, + + [Parameter()] + [System.Boolean] + $EnableResponseDetails, + + [Parameter()] + [System.Object[]] + $RequestInPolicy, + + [Parameter()] + [System.Boolean] + $EnforceCapacity, + + [Parameter()] + [System.Boolean] + $AllowConflicts, + + [Parameter()] + [System.Boolean] + $AllRequestInPolicy, + + [Parameter()] + [System.Boolean] + $AddOrganizerToSubject, + + [Parameter()] + [System.Object[]] + $BookInPolicy, + + [Parameter()] + [System.Int32] + $ConflictPercentageAllowed, + + [Parameter()] + [System.Object] + $AutomateProcessing, + + [Parameter()] + [System.Boolean] + $AllRequestOutOfPolicy, + + [Parameter()] + [System.Boolean] + $AddNewRequestsTentatively, + + [Parameter()] + [System.Boolean] + $EnableAutoRelease, + + [Parameter()] + [System.Int32] + $PostReservationMaxClaimTimeInMinutes, + + [Parameter()] + [System.Boolean] + $AllBookInPolicy, + + [Parameter()] + [System.Boolean] + $ProcessExternalMeetingMessages, + + [Parameter()] + [System.Boolean] + $DeleteAttachments, + + [Parameter()] + [System.Boolean] + $ScheduleOnlyDuringWorkHours, + + [Parameter()] + [System.String] + $AdditionalResponse, + + [Parameter()] + [System.Boolean] + $TentativePendingApproval, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Int32] + $MaximumDurationInMinutes, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, + + [Parameter()] + [System.Object[]] + $RequestOutOfPolicy, + + [Parameter()] + [System.Boolean] + $RemoveOldMeetingMessages, + + [Parameter()] + [System.Boolean] + $OrganizerInfo, + + [Parameter()] + [System.Boolean] + $AddAdditionalResponse, + + [Parameter()] + [System.Boolean] + $RemoveForwardedMeetingNotifications, + + [Parameter()] + [System.Int32] + $MinimumDurationInMinutes, + + [Parameter()] + [System.Int32] + $BookingWindowInDays, + + [Parameter()] + [System.Boolean] + $AllowRecurringMeetings, + + [Parameter()] + [System.Boolean] + $DeleteSubject + ) +} +function Set-CASMailbox +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $IsOptimizedForAccessibility, + + [Parameter()] + [System.Boolean] + $ImapEnabled, + + [Parameter()] + [System.Boolean] + $ImapSuppressReadReceipt, + + [Parameter()] + [System.Boolean] + $ActiveSyncSuppressReadReceipt, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $EwsBlockList, + + [Parameter()] + [System.Object] + $EwsAllowEntourage, + + [Parameter()] + [System.Object] + $OwaMailboxPolicy, + + [Parameter()] + [System.Boolean] + $PopUseProtocolDefaults, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $SmtpClientAuthenticationDisabled, + + [Parameter()] + [System.Boolean] + $PopForceICalForCalendarRetrievalOption, + + [Parameter()] + [System.Boolean] + $ImapForceICalForCalendarRetrievalOption, + + [Parameter()] + [System.Boolean] + $ShowGalAsDefaultView, + + [Parameter()] + [System.Object] + $ActiveSyncBlockedDeviceIDs, + + [Parameter()] + [System.Boolean] + $MAPIEnabled, + + [Parameter()] + [System.Object] + $EwsAllowOutlook, + + [Parameter()] + [System.Boolean] + $PopEnabled, + + [Parameter()] + [System.Object] + $ActiveSyncAllowedDeviceIDs, + + [Parameter()] + [System.Object] + $EwsEnabled, + + [Parameter()] + [System.Object] + $OutlookMobileEnabled, + + [Parameter()] + [System.Object] + $EwsAllowMacOutlook, + + [Parameter()] + [System.Object] + $EwsApplicationAccessPolicy, + + [Parameter()] + [System.Object] + $OneWinNativeOutlookEnabled, + + [Parameter()] + [System.Boolean] + $OWAEnabled, + + [Parameter()] + [System.Boolean] + $PublicFolderClientAccess, + + [Parameter()] + [System.Object] + $ActiveSyncMailboxPolicy, + + [Parameter()] + [System.Object] + $UniversalOutlookEnabled, + + [Parameter()] + [System.Boolean] + $ImapUseProtocolDefaults, + + [Parameter()] + [System.Boolean] + $ActiveSyncDebugLogging, + + [Parameter()] + [System.Boolean] + $OWAforDevicesEnabled, + + [Parameter()] + [System.Object] + $ImapMessagesRetrievalMimeFormat, + + [Parameter()] + [System.Boolean] + $ActiveSyncEnabled, + + [Parameter()] + [System.Object] + $MacOutlookEnabled, + + [Parameter()] + [System.Boolean] + $PopSuppressReadReceipt, + + [Parameter()] + [System.Object] + $EwsAllowList, + + [Parameter()] + [System.Object] + $PopMessagesRetrievalMimeFormat + ) +} +function set-CASMailboxPlan +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $ImapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $OwaMailboxPolicy, + + [Parameter()] + [System.Boolean] + $PopEnabled, + + [Parameter()] + [System.Boolean] + $ActiveSyncEnabled + ) +} +function Set-ClientAccessRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $UsernameMatchesAnyOfPatterns, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $Action, + + [Parameter()] + [System.Object] + $AnyOfClientIPAddressesOrRanges, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Object] + $ExceptAnyOfClientIPAddressesOrRanges, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $UserRecipientFilter, + + [Parameter()] + [System.Object] + $ExceptAnyOfProtocols, + + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.Object] + $ExceptUsernameMatchesAnyOfPatterns, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $AnyOfAuthenticationTypes, + + [Parameter()] + [System.Object] + $AnyOfProtocols, + + [Parameter()] + [System.Object] + $ExceptAnyOfAuthenticationTypes, + + [Parameter()] + [System.Object] + $Scope + ) +} +function Set-DataClassification +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Globalization.CultureInfo] + $Locale, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsDefault, + + [Parameter()] + [System.Object] + $Fingerprints, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-DataEncryptionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $DomainController, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PermanentDataPurgeRequested, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $PermanentDataPurgeReason, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String] + $PermanentDataPurgeContact, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Refresh + ) +} +function Set-DistributionGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $EmailAddresses, + + [Parameter()] + [System.Object] + $RejectMessagesFromDLMembers, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RoomList, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.Boolean] + $BccBlocked, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromDLMembers, + + [Parameter()] + [System.String] + $SimpleDisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IgnoreNamingPolicy, + + [Parameter()] + [System.Boolean] + $ReportToManagerEnabled, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.Object] + $ModeratedBy, + + [Parameter()] + [System.Object] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ResetMigrationToUnifiedGroup, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFrom, + + [Parameter()] + [System.Boolean] + $BypassNestedModerationEnabled, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.Object] + $MemberDepartRestriction, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.Object] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.Object] + $WindowsEmailAddress, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $ReportToOriginatorEnabled, + + [Parameter()] + [System.Object] + $BypassModerationFromSendersOrMembers, + + [Parameter()] + [System.Object] + $RejectMessagesFrom, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ForceUpgrade, + + [Parameter()] + [System.Object] + $ManagedBy, + + [Parameter()] + [System.Object] + $Description, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.Boolean] + $SendOofMessageToOriginatorEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.Object] + $PrimarySmtpAddress, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $SendModerationNotifications, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $HiddenGroupMembershipEnabled, + + [Parameter()] + [System.Object] + $MemberJoinRestriction, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.Object] + $MailTipTranslations, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-DkimSigningConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Object] + $BodyCanonicalization, + + [Parameter()] + [System.Object] + $HeaderCanonicalization, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PublishTxtRecords, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function Set-EmailAddressPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $EnabledEmailAddressTemplates, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ForceUpgrade, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $EnabledPrimarySMTPAddressTemplate, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-GlobalAddressList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute8, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute10, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute9, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute2, + + [Parameter()] + [System.Object] + $IncludedRecipients, + + [Parameter()] + [System.Object] + $ConditionalCompany, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute6, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute3, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute12, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute13, + + [Parameter()] + [System.String] + $RecipientFilter, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute15, + + [Parameter()] + [System.Object] + $ConditionalDepartment, + + [Parameter()] + [System.Object] + $ConditionalStateOrProvince, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute7, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute14, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute4, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute1, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute5, + + [Parameter()] + [System.Object] + $ConditionalCustomAttribute11 + ) +} +function Set-HostedConnectionFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $ConfigurationXmlRaw, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Boolean] + $EnableSafeList, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $IPBlockList, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $IPAllowList, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault + ) +} +function Set-HostedContentFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $InlineSafetyTipsEnabled, + + [Parameter()] + [System.Object] + $BulkSpamAction, + + [Parameter()] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationLimit, + + [Parameter()] + [System.Int32] + $BulkThreshold, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault, + + [Parameter()] + [System.Object] + $TestModeBccToRecipients, + + [Parameter()] + [System.String] + $PhishQuarantineTag, + + [Parameter()] + [System.String] + $AddXHeaderValue, + + [Parameter()] + [System.Object] + $MarkAsSpamEmbedTagsInHtml, + + [Parameter()] + [System.Object] + $MarkAsSpamFramesInHtml, + + [Parameter()] + [System.Object] + $IncreaseScoreWithImageLinks, + + [Parameter()] + [System.Boolean] + $EnableLanguageBlockList, + + [Parameter()] + [System.Object] + $PhishSpamAction, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomFromName, + + [Parameter()] + [System.Object] + $MarkAsSpamSensitiveWordList, + + [Parameter()] + [System.String] + $SpamQuarantineTag, + + [Parameter()] + [System.Object] + $MarkAsSpamNdrBackscatter, + + [Parameter()] + [System.Object] + $BlockedSenders, + + [Parameter()] + [System.Object] + $LanguageBlockList, + + [Parameter()] + [System.Object] + $HighConfidenceSpamAction, + + [Parameter()] + [System.Object] + $AllowedSenderDomains, + + [Parameter()] + [System.Object] + $IncreaseScoreWithBizOrInfoUrls, + + [Parameter()] + [System.Object] + $MarkAsSpamWebBugsInHtml, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Object] + $IntraOrgFilterState, + + [Parameter()] + [System.Object] + $RegionBlockList, + + [Parameter()] + [System.Object] + $MarkAsSpamFromAddressAuthFail, + + [Parameter()] + [System.Object] + $MarkAsSpamEmptyMessages, + + [Parameter()] + [System.String] + $BulkQuarantineTag, + + [Parameter()] + [System.Object] + $MarkAsSpamFormTagsInHtml, + + [Parameter()] + [System.Object] + $MarkAsSpamObjectTagsInHtml, + + [Parameter()] + [System.Object] + $EndUserSpamNotificationLanguage, + + [Parameter()] + [System.Object] + $IncreaseScoreWithRedirectToOtherPort, + + [Parameter()] + [System.Int32] + $QuarantineRetentionPeriod, + + [Parameter()] + [System.Object] + $HighConfidencePhishAction, + + [Parameter()] + [System.Object] + $RedirectToRecipients, + + [Parameter()] + [System.Boolean] + $SpamZapEnabled, + + [Parameter()] + [System.Object] + $TestModeAction, + + [Parameter()] + [System.Boolean] + $EnableRegionBlockList, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomSubject, + + [Parameter()] + [System.Object] + $MarkAsSpamSpfRecordHardFail, + + [Parameter()] + [System.Object] + $EndUserSpamNotificationCustomFromAddress, + + [Parameter()] + [System.Boolean] + $DownloadLink, + + [Parameter()] + [System.Object] + $SpamAction, + + [Parameter()] + [System.String] + $ModifySubjectValue, + + [Parameter()] + [System.Object] + $IncreaseScoreWithNumericIps, + + [Parameter()] + [System.Object] + $AllowedSenders, + + [Parameter()] + [System.Object] + $MarkAsSpamJavaScriptInHtml, + + [Parameter()] + [System.Object] + $MarkAsSpamBulkMail, + + [Parameter()] + [System.Object] + $BlockedSenderDomains, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $PhishZapEnabled, + + [Parameter()] + [System.Boolean] + $EnableEndUserSpamNotifications, + + [Parameter()] + [System.String] + $HighConfidenceSpamQuarantineTag + ) +} +function Set-HostedContentFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object] + $HostedContentFilterPolicy, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf + ) +} +function Set-HostedOutboundSpamFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Object] + $BccSuspiciousOutboundAdditionalRecipients, + + [Parameter()] + [System.Object] + $NotifyOutboundSpamRecipients, + + [Parameter()] + [System.UInt32] + $RecipientLimitPerDay, + + [Parameter()] + [System.Object] + $ActionWhenThresholdReached, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.UInt32] + $RecipientLimitExternalPerHour, + + [Parameter()] + [System.Object] + $AutoForwardingMode, + + [Parameter()] + [System.Boolean] + $NotifyOutboundSpam, + + [Parameter()] + [System.UInt32] + $RecipientLimitInternalPerHour, + + [Parameter()] + [System.Boolean] + $BccSuspiciousOutboundMail + ) +} +function Set-HostedOutboundSpamFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $ExceptIfFromMemberOf, + + [Parameter()] + [System.Object[]] + $ExceptIfFrom, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderDomainIs, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $FromMemberOf, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $SenderDomainIs, + + [Parameter()] + [System.Object] + $HostedOutboundSpamFilterPolicy, + + [Parameter()] + [System.Object[]] + $From, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Set-InboundConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $RestrictDomainsToIPAddresses, + + [Parameter()] + [System.Boolean] + $CloudServicesMailEnabled, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $EFSkipMailGateway, + + [Parameter()] + [System.Boolean] + $EFTestMode, + + [Parameter()] + [System.Object] + $TrustedOrganizations, + + [Parameter()] + [System.Object] + $TlsSenderCertificateName, + + [Parameter()] + [System.Object] + $ScanAndDropRecipients, + + [Parameter()] + [System.Object] + $AssociatedAcceptedDomains, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.Boolean] + $RequireTls, + + [Parameter()] + [System.Object] + $SenderDomains, + + [Parameter()] + [System.Object] + $SenderIPAddresses, + + [Parameter()] + [System.Boolean] + $EFSkipLastIP, + + [Parameter()] + [System.Object] + $EFUsers, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $ConnectorType, + + [Parameter()] + [System.Boolean] + $RestrictDomainsToCertificate, + + [Parameter()] + [System.Object] + $EFSkipIPs, + + [Parameter()] + [System.Boolean] + $TreatMessagesAsInternal, + + [Parameter()] + [System.Object] + $ConnectorSource + ) +} +function Set-IntraOrganizationConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $TargetAddressDomains, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Uri] + $DiscoveryEndpoint, + + [Parameter()] + [System.Uri] + $TargetSharingEpr, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function Set-IRMConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $TransportDecryptionSetting, + + [Parameter()] + [System.Uri] + $RMSOnlineKeySharingLocation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Boolean] + $AzureRMSLicensingEnabled, + + [Parameter()] + [System.Boolean] + $EnablePortalTrackingLogs, + + [Parameter()] + [System.Boolean] + $DecryptAttachmentForEncryptOnly, + + [Parameter()] + [System.Boolean] + $RejectIfRecipientHasNoRights, + + [Parameter()] + [System.Boolean] + $SimplifiedClientAccessEncryptOnlyDisabled, + + [Parameter()] + [System.Boolean] + $InternalLicensingEnabled, + + [Parameter()] + [System.Boolean] + $EDiscoverySuperUserEnabled, + + [Parameter()] + [System.Boolean] + $JournalReportDecryptionEnabled, + + [Parameter()] + [System.Boolean] + $EnablePdfEncryption, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $AutomaticServiceUpdateEnabled, + + [Parameter()] + [System.Boolean] + $SimplifiedClientAccessDoNotForwardDisabled, + + [Parameter()] + [System.Boolean] + $SearchEnabled, + + [Parameter()] + [System.Object] + $LicensingLocation, + + [Parameter()] + [System.Boolean] + $SimplifiedClientAccessEnabled + ) +} +function Set-JournalRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $Scope, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $JournalEmailAddress, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $Recipient + ) +} +function Set-Mailbox +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $EmailAddresses, + + [Parameter()] + [System.Object] + $RejectMessagesFromDLMembers, + + [Parameter()] + [System.Object] + $AuditOwner, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.Object] + $Type, + + [Parameter()] + [System.Object] + $UserCertificate, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.Boolean] + $DeliverToMailboxAndForward, + + [Parameter()] + [System.String] + $RetentionUrl, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RecalculateInactiveMailbox, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.Object] + $ProhibitSendReceiveQuota, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.Security.SecureString] + $RoomMailboxPassword, + + [Parameter()] + [System.Boolean] + $CalendarVersionStoreDisabled, + + [Parameter()] + [System.Object] + $UseDatabaseQuotaDefaults, + + [Parameter()] + [System.Boolean] + $ElcProcessingDisabled, + + [Parameter()] + [System.String[]] + $ExcludeFromOrgHolds, + + [Parameter()] + [System.String] + $MailboxRegion, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $GroupMailbox, + + [Parameter()] + [System.Object] + $ResourceCapacity, + + [Parameter()] + [System.Object] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Object] + $UserSMimeCertificate, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFrom, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RemoveDisabledArchive, + + [Parameter()] + [System.Object] + $Languages, + + [Parameter()] + [System.Object] + $JournalArchiveAddress, + + [Parameter()] + [System.Object] + $LitigationHoldDuration, + + [Parameter()] + [System.Object] + $ModeratedBy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProvisionedForOfficeGraph, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $InactiveMailbox, + + [Parameter()] + [System.String] + $RetentionComment, + + [Parameter()] + [System.Object] + $MaxReceiveSize, + + [Parameter()] + [System.Boolean] + $MessageCopyForSendOnBehalfEnabled, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.Boolean] + $LitigationHoldEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UpdateEnforcedTimestamp, + + [Parameter()] + [System.String] + $ImmutableId, + + [Parameter()] + [System.Object] + $WindowsEmailAddress, + + [Parameter()] + [System.Boolean] + $UseDatabaseRetentionDefaults, + + [Parameter()] + [System.Boolean] + $SchedulerAssistant, + + [Parameter()] + [System.String[]] + $RemoveOrphanedHolds, + + [Parameter()] + [System.Object] + $RulesQuota, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.String] + $EnforcedTimestamps, + + [Parameter()] + [System.Object] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Object] + $ResourceCustom, + + [Parameter()] + [System.Boolean] + $MessageCopyForSMTPClientSubmissionEnabled, + + [Parameter()] + [System.Object] + $BypassModerationFromSendersOrMembers, + + [Parameter()] + [System.Object] + $DefaultAuditSet, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromDLMembers, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.Object] + $EmailAddressDisplayNames, + + [Parameter()] + [System.Boolean] + $CalendarRepairDisabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RemoveMailboxProvisioningConstraint, + + [Parameter()] + [System.Object] + $NonCompliantDevices, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.String] + $LitigationHoldOwner, + + [Parameter()] + [System.Object] + $ProhibitSendQuota, + + [Parameter()] + [System.Boolean] + $AccountDisabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ClearThrottlingPolicyAssignment, + + [Parameter()] + [System.Object] + $AuditDelegate, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.Boolean] + $SingleItemRecoveryEnabled, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.Object] + $DataEncryptionPolicy, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.Object] + $LitigationHoldDate, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $EnableRoomMailboxAccount, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.Object] + $RetainDeletedItemsFor, + + [Parameter()] + [System.Object] + $MicrosoftOnlineServicesID, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RemoveDelayReleaseHoldApplied, + + [Parameter()] + [System.Object] + $AuditAdmin, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.Object] + $DefaultPublicFolderMailbox, + + [Parameter()] + [System.Boolean] + $RetentionHoldEnabled, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.Object] + $RetentionPolicy, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RemoveDelayHoldApplied, + + [Parameter()] + [System.Object] + $ExternalOofOptions, + + [Parameter()] + [System.Object] + $AuditLogAgeLimit, + + [Parameter()] + [System.Object] + $StartDateForRetentionHold, + + [Parameter()] + [System.Object] + $SendModerationNotifications, + + [Parameter()] + [System.Object] + $EndDateForRetentionHold, + + [Parameter()] + [System.Object] + $RoleAssignmentPolicy, + + [Parameter()] + [System.Boolean] + $IsExcludedFromServingHierarchy, + + [Parameter()] + [System.String] + $Office, + + [Parameter()] + [System.Object] + $MaxSendSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ApplyMandatoryProperties, + + [Parameter()] + [System.Object] + $RejectMessagesFrom, + + [Parameter()] + [System.Object] + $RecipientLimits, + + [Parameter()] + [System.Object] + $AddressBookPolicy, + + [Parameter()] + [System.Boolean] + $MessageCopyForSentAsEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PublicFolder, + + [Parameter()] + [System.Object] + $MailTipTranslations, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.Object] + $SharingPolicy, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ExcludeFromAllOrgHolds, + + [Parameter()] + [System.Object] + $ArchiveName, + + [Parameter()] + [System.Boolean] + $AuditEnabled, + + [Parameter()] + [System.Security.SecureString] + $Password, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Object] + $IssueWarningQuota, + + [Parameter()] + [System.Object] + $StsRefreshTokensValidFrom, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.Object] + $ForwardingAddress, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $SimpleDisplayName, + + [Parameter()] + [System.Object] + $ForwardingSmtpAddress, + + [Parameter()] + [System.Boolean] + $MessageTrackingReadStatusEnabled + ) +} +function Set-MailboxAutoReplyConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $InternalMessage, + + [Parameter()] + [System.String] + $DeclineMeetingMessage, + + [Parameter()] + [System.Object] + $ExternalAudience, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IgnoreDefaultScope, + + [Parameter()] + [System.Boolean] + $DeclineEventsForScheduledOOF, + + [Parameter()] + [System.Boolean] + $AutoDeclineFutureRequestsWhenOOF, + + [Parameter()] + [System.Object] + $AutoReplyState, + + [Parameter()] + [System.String[]] + $EventsToDeleteIDs, + + [Parameter()] + [System.DateTime] + $StartTime, + + [Parameter()] + [System.Boolean] + $CreateOOFEvent, + + [Parameter()] + [System.String] + $OOFEventSubject, + + [Parameter()] + [System.Boolean] + $DeclineAllEventsForScheduledOOF, + + [Parameter()] + [System.DateTime] + $EndTime, + + [Parameter()] + [System.String] + $ExternalMessage + ) +} +function Set-MailboxCalendarFolder +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $SharedCalendarSyncStartDate, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SetAsSharingSource, + + [Parameter()] + [System.Boolean] + $SearchableUrlEnabled, + + [Parameter()] + [System.Boolean] + $PublishEnabled, + + [Parameter()] + [System.Object] + $PublishDateRangeTo, + + [Parameter()] + [System.Object] + $PublishDateRangeFrom, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UseHttps, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ResetUrl, + + [Parameter()] + [System.Object] + $DetailLevel, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Set-MailboxPlan +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $IssueWarningQuota, + + [Parameter()] + [System.Object] + $RoleAssignmentPolicy, + + [Parameter()] + [System.Object] + $RetentionPolicy, + + [Parameter()] + [System.Object] + $MaxSendSize, + + [Parameter()] + [System.Object] + $ProhibitSendReceiveQuota, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $ProhibitSendQuota, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsDefault, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $RetainDeletedItemsFor, + + [Parameter()] + [System.Object] + $RecipientLimits, + + [Parameter()] + [System.Object] + $MaxReceiveSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Set-MailboxRegionalConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DateFormat, + + [Parameter()] + [System.String] + $TimeFormat, + + [Parameter()] + [System.Object] + $MailboxLocation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Archive, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $LocalizeDefaultFolderName, + + [Parameter()] + [System.Object] + $TimeZone, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Globalization.CultureInfo] + $Language + ) +} +function Set-MailContact +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $WindowsEmailAddress, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromDLMembers, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $MacAttachmentFormat, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.Object] + $RejectMessagesFrom, + + [Parameter()] + [System.Object] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.Object] + $MailTipTranslations, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.Object] + $UseMapiRichTextFormat, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.Boolean] + $UsePreferMessageFormat, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.Object] + $BypassModerationFromSendersOrMembers, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.Object] + $ModeratedBy, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.Object] + $MessageBodyFormat, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFrom, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.Object] + $UserSMimeCertificate, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.Object] + $MessageFormat, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.Object] + $ExternalEmailAddress, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.Object] + $RejectMessagesFromDLMembers, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.String] + $SimpleDisplayName, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.Object] + $UserCertificate, + + [Parameter()] + [System.Object] + $SendModerationNotifications, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $EmailAddresses, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ForceUpgrade, + + [Parameter()] + [System.Object] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.String] + $CustomAttribute12 + ) +} +function Set-MalwareFilterPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault, + + [Parameter()] + [System.String] + $CustomFromName, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.String] + $CustomExternalBody, + + [Parameter()] + [System.String] + $QuarantineTag, + + [Parameter()] + [System.Boolean] + $CustomNotifications, + + [Parameter()] + [System.Boolean] + $EnableExternalSenderAdminNotifications, + + [Parameter()] + [System.Object] + $InternalSenderAdminAddress, + + [Parameter()] + [System.String[]] + $FileTypes, + + [Parameter()] + [System.Boolean] + $EnableInternalSenderAdminNotifications, + + [Parameter()] + [System.Object] + $CustomFromAddress, + + [Parameter()] + [System.Boolean] + $IsPolicyOverrideApplied, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $ExternalSenderAdminAddress, + + [Parameter()] + [System.String] + $CustomExternalSubject, + + [Parameter()] + [System.Object] + $FileTypeAction, + + [Parameter()] + [System.String] + $CustomInternalSubject, + + [Parameter()] + [System.String] + $CustomInternalBody, + + [Parameter()] + [System.Boolean] + $EnableFileFilter + ) +} +function Set-MalwareFilterRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object] + $MalwareFilterPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf + ) +} +function Set-ManagementRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $RecipientGroupScope, + + [Parameter()] + [System.Object] + $CustomRecipientWriteScope, + + [Parameter()] + [System.Object] + $RecipientAdministrativeUnitScope, + + [Parameter()] + [System.Object] + $ExclusiveRecipientWriteScope, + + [Parameter()] + [System.Object] + $CustomResourceScope, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $RecipientOrganizationalUnitScope, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $RecipientRelativeWriteScope, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Set-MessageClassification +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SenderDescription, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $RecipientDescription, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $RetainClassificationEnabled, + + [Parameter()] + [System.Boolean] + $PermissionMenuVisible, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Guid] + $ClassificationID, + + [Parameter()] + [System.Object] + $DisplayPrecedence + ) +} +function Set-MobileDeviceMailboxPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $AllowMicrosoftPushNotifications, + + [Parameter()] + [System.Boolean] + $AllowUnsignedApplications, + + [Parameter()] + [System.Boolean] + $AllowUnsignedInstallationPackages, + + [Parameter()] + [System.Object] + $MaxPasswordFailedAttempts, + + [Parameter()] + [System.Boolean] + $AllowExternalDeviceManagement, + + [Parameter()] + [System.Boolean] + $AllowIrDA, + + [Parameter()] + [System.Boolean] + $AllowStorageCard, + + [Parameter()] + [System.Int32] + $PasswordHistory, + + [Parameter()] + [System.Boolean] + $AllowNonProvisionableDevices, + + [Parameter()] + [System.Object] + $UnapprovedInROMApplicationList, + + [Parameter()] + [System.Boolean] + $RequireEncryptedSMIMEMessages, + + [Parameter()] + [System.Boolean] + $RequireDeviceEncryption, + + [Parameter()] + [System.Boolean] + $AllowInternetSharing, + + [Parameter()] + [System.Boolean] + $PasswordEnabled, + + [Parameter()] + [System.Object] + $RequireSignedSMIMEAlgorithm, + + [Parameter()] + [System.Object] + $MaxEmailHTMLBodyTruncationSize, + + [Parameter()] + [System.Int32] + $MinPasswordComplexCharacters, + + [Parameter()] + [System.Boolean] + $UNCAccessEnabled, + + [Parameter()] + [System.Boolean] + $AllowCamera, + + [Parameter()] + [System.Boolean] + $IrmEnabled, + + [Parameter()] + [System.Object] + $PasswordExpiration, + + [Parameter()] + [System.Boolean] + $AllowBrowser, + + [Parameter()] + [System.Object] + $MaxEmailAgeFilter, + + [Parameter()] + [System.Boolean] + $RequireManualSyncWhenRoaming, + + [Parameter()] + [System.Boolean] + $AlphanumericPasswordRequired, + + [Parameter()] + [System.Object] + $AllowSMIMEEncryptionAlgorithmNegotiation, + + [Parameter()] + [System.Boolean] + $DeviceEncryptionEnabled, + + [Parameter()] + [System.Object] + $MaxEmailBodyTruncationSize, + + [Parameter()] + [System.Object] + $AllowBluetooth, + + [Parameter()] + [System.Object] + $RequireEncryptionSMIMEAlgorithm, + + [Parameter()] + [System.Object] + $DevicePolicyRefreshInterval, + + [Parameter()] + [System.Boolean] + $AllowGooglePushNotifications, + + [Parameter()] + [System.Boolean] + $AllowMobileOTAUpdate, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $MaxAttachmentSize, + + [Parameter()] + [System.Boolean] + $AllowSimplePassword, + + [Parameter()] + [System.Boolean] + $AllowConsumerEmail, + + [Parameter()] + [System.Boolean] + $AllowDesktopSync, + + [Parameter()] + [System.Boolean] + $PasswordRecoveryEnabled, + + [Parameter()] + [System.Boolean] + $RequireStorageCardEncryption, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $AllowSMIMESoftCerts, + + [Parameter()] + [System.Boolean] + $AllowRemoteDesktop, + + [Parameter()] + [System.Boolean] + $AttachmentsEnabled, + + [Parameter()] + [System.Object] + $MaxCalendarAgeFilter, + + [Parameter()] + [System.Boolean] + $AllowWiFi, + + [Parameter()] + [System.Boolean] + $AllowApplePushNotifications, + + [Parameter()] + [System.Boolean] + $AllowPOPIMAPEmail, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Object] + $MaxInactivityTimeLock, + + [Parameter()] + [System.Object] + $ApprovedApplicationList, + + [Parameter()] + [System.Boolean] + $AllowTextMessaging, + + [Parameter()] + [System.Boolean] + $WSSAccessEnabled, + + [Parameter()] + [System.Boolean] + $RequireSignedSMIMEMessages, + + [Parameter()] + [System.Object] + $MinPasswordLength, + + [Parameter()] + [System.Boolean] + $AllowHTMLEmail, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-OfflineAddressBook +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $Versions, + + [Parameter()] + [System.Object] + $Schedule, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ApplyMandatoryProperties, + + [Parameter()] + [System.Boolean] + $ZipOabFilesBeforeUploading, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UpgradeFromE14, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Int32] + $FullOabDownloadPreventionThreshold, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $DiffRetentionPeriod, + + [Parameter()] + [System.Object[]] + $AddressLists, + + [Parameter()] + [System.Object] + $ConfiguredAttributes, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UseDefaultAttributes, + + [Parameter()] + [System.Boolean] + $IsDefault + ) +} +function Set-OMEConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Double] + $ExternalMailExpiryInDays, + + [Parameter()] + [System.String] + $ReadButtonText, + + [Parameter()] + [System.String] + $PortalText, + + [Parameter()] + [System.Byte[]] + $Image, + + [Parameter()] + [System.String] + $IntroductionText, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $BackgroundColor, + + [Parameter()] + [System.String] + $DisclaimerText, + + [Parameter()] + [System.String] + $PrivacyStatementUrl, + + [Parameter()] + [System.Boolean] + $SocialIdSignIn, + + [Parameter()] + [System.String] + $EmailText, + + [Parameter()] + [System.Boolean] + $OTPEnabled, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-OnPremisesOrganization +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $InboundConnector, + + [Parameter()] + [System.Object] + $OutboundConnector, + + [Parameter()] + [System.String] + $OrganizationName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $OrganizationRelationship, + + [Parameter()] + [System.Object] + $HybridDomains + ) +} +function Set-Organization +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $UnifiedAuditLogIngestionEnabled + ) +} +function Set-OrganizationConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $FindTimeLockPollForAttendeesEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabledForYammer, + + [Parameter()] + [System.Boolean] + $PublicFolderShowClientControl, + + [Parameter()] + [System.Boolean] + $MailTipsGroupMetricsEnabled, + + [Parameter()] + [System.Object] + $PublicFoldersEnabled, + + [Parameter()] + [System.Boolean] + $ReadTrackingEnabled, + + [Parameter()] + [System.Boolean] + $ExchangeNotificationEnabled, + + [Parameter()] + [System.Boolean] + $BookingsNamingPolicyPrefixEnabled, + + [Parameter()] + [System.Boolean] + $MailTipsExternalRecipientsTipsEnabled, + + [Parameter()] + [System.Object] + $FocusedInboxOn, + + [Parameter()] + [System.Object] + $EwsApplicationAccessPolicy, + + [Parameter()] + [System.Boolean] + $OAuth2ClientProfileEnabled, + + [Parameter()] + [System.Boolean] + $MobileAppEducationEnabled, + + [Parameter()] + [System.Boolean] + $EnableOutlookEvents, + + [Parameter()] + [System.Boolean] + $BookingsExposureOfStaffDetailsRestricted, + + [Parameter()] + [System.Boolean] + $ElcProcessingDisabled, + + [Parameter()] + [System.Boolean] + $UnblockUnsafeSenderPromptEnabled, + + [Parameter()] + [System.Boolean] + $AutoEnableArchiveMailbox, + + [Parameter()] + [System.Boolean] + $HybridRSVPEnabled, + + [Parameter()] + [System.Boolean] + $RefreshSessionEnabled, + + [Parameter()] + [System.Boolean] + $SmtpActionableMessagesEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabledForTeams, + + [Parameter()] + [System.Boolean] + $ComplianceMLBgdCrawlEnabled, + + [Parameter()] + [System.Boolean] + $MailTipsAllTipsEnabled, + + [Parameter()] + [System.Boolean] + $PostponeRoamingSignaturesUntilLater, + + [Parameter()] + [System.Object] + $RemotePublicFolderMailboxes, + + [Parameter()] + [System.Boolean] + $BlockMoveMessagesForGroupFolders, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceShortEventsBy, + + [Parameter()] + [System.Object] + $EwsAllowEntourage, + + [Parameter()] + [System.Boolean] + $OutlookGifPickerDisabled, + + [Parameter()] + [System.Object] + $OnlineMeetingsByDefaultEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabledForOutlook, + + [Parameter()] + [System.Object] + $DefaultPublicFolderProhibitPostQuota, + + [Parameter()] + [System.Object] + $ExchangeNotificationRecipients, + + [Parameter()] + [System.Boolean] + $MessageRemindersEnabled, + + [Parameter()] + [System.Boolean] + $DirectReportsGroupAutoCreationEnabled, + + [Parameter()] + [System.Boolean] + $AuditDisabled, + + [Parameter()] + [System.Boolean] + $BookingsAuthEnabled, + + [Parameter()] + [System.Boolean] + $OutlookMobileGCCRestrictionsEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $BookingsCreationOfCustomQuestionsRestricted, + + [Parameter()] + [System.Boolean] + $BookingsSmsMicrosoftEnabled, + + [Parameter()] + [System.Object] + $DefaultAuthenticationPolicy, + + [Parameter()] + [System.Boolean] + $WebPushNotificationsDisabled, + + [Parameter()] + [System.Boolean] + $ActivityBasedAuthenticationTimeoutEnabled, + + [Parameter()] + [System.Boolean] + $BookingsAddressEntryRestricted, + + [Parameter()] + [System.String] + $BookingsNamingPolicyPrefix, + + [Parameter()] + [System.Object] + $DefaultPublicFolderDeletedItemRetention, + + [Parameter()] + [System.Int32] + $PreferredInternetCodePageForShiftJis, + + [Parameter()] + [System.Object] + $ShortenEventScopeDefault, + + [Parameter()] + [System.Object] + $HierarchicalAddressBookRoot, + + [Parameter()] + [System.Boolean] + $IsAgendaMailEnabled, + + [Parameter()] + [System.Boolean] + $FindTimeOnlineMeetingOptionDisabled, + + [Parameter()] + [System.Object] + $EwsEnabled, + + [Parameter()] + [System.Boolean] + $FindTimeAttendeeAuthenticationEnabled, + + [Parameter()] + [System.Boolean] + $AutomaticForcedReadReceiptEnabled, + + [Parameter()] + [System.Boolean] + $LeanPopoutEnabled, + + [Parameter()] + [System.Object] + $DistributionGroupNameBlockedWordsList, + + [Parameter()] + [System.Int32] + $RequiredCharsetCoverage, + + [Parameter()] + [System.Boolean] + $AsyncSendEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabledForSharepoint, + + [Parameter()] + [System.Boolean] + $BookingsBlockedWordsEnabled, + + [Parameter()] + [System.Boolean] + $ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled, + + [Parameter()] + [System.Boolean] + $WorkspaceTenantEnabled, + + [Parameter()] + [System.Boolean] + $BookingsNamingPolicyEnabled, + + [Parameter()] + [System.Object] + $DefaultPublicFolderAgeLimit, + + [Parameter()] + [System.String] + $VisibleMeetingUpdateProperties, + + [Parameter()] + [System.Boolean] + $OutlookPayEnabled, + + [Parameter()] + [System.UInt32] + $MailTipsLargeAudienceThreshold, + + [Parameter()] + [System.Object] + $DefaultGroupAccessType, + + [Parameter()] + [System.Boolean] + $CalendarVersionStoreEnabled, + + [Parameter()] + [System.Boolean] + $BookingsPaymentsEnabled, + + [Parameter()] + [System.Object] + $MessageRecallEnabled, + + [Parameter()] + [System.Boolean] + $MessageHighlightsEnabled, + + [Parameter()] + [System.Boolean] + $WebSuggestedRepliesDisabled, + + [Parameter()] + [System.Boolean] + $DisablePlusAddressInRecipients, + + [Parameter()] + [System.Object] + $DistributionGroupNamingPolicy, + + [Parameter()] + [System.Boolean] + $PublicComputersDetectionEnabled, + + [Parameter()] + [System.Boolean] + $BookingsSocialSharingRestricted, + + [Parameter()] + [System.String] + $BookingsNamingPolicySuffix, + + [Parameter()] + [System.Boolean] + $BookingsNamingPolicySuffixEnabled, + + [Parameter()] + [System.Boolean] + $BookingsMembershipApprovalRequired, + + [Parameter()] + [System.Boolean] + $IsGroupMemberAllowedToEditContent, + + [Parameter()] + [System.Object] + $DefaultPublicFolderMovedItemRetention, + + [Parameter()] + [System.Object] + $DistributionGroupDefaultOU, + + [Parameter()] + [System.Boolean] + $OutlookTextPredictionDisabled, + + [Parameter()] + [System.Boolean] + $SharedDomainEmailAddressFlowEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsActionableMessagesEnabled, + + [Parameter()] + [System.Boolean] + $MailTipsMailboxSourcedTipsEnabled, + + [Parameter()] + [System.Boolean] + $BookingsEnabled, + + [Parameter()] + [System.Boolean] + $EndUserDLUpgradeFlowsDisabled, + + [Parameter()] + [System.Object] + $RecallReadMessagesEnabled, + + [Parameter()] + [System.Boolean] + $BookingsPhoneNumberEntryRestricted, + + [Parameter()] + [System.Boolean] + $AppsForOfficeEnabled, + + [Parameter()] + [System.Boolean] + $EnableForwardingAddressSyncForMailboxes, + + [Parameter()] + [System.Object] + $EwsAllowOutlook, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AutoExpandingArchive, + + [Parameter()] + [System.Boolean] + $LinkPreviewEnabled, + + [Parameter()] + [System.Boolean] + $BookingsSearchEngineIndexDisabled, + + [Parameter()] + [System.Object] + $EwsAllowMacOutlook, + + [Parameter()] + [System.Object] + $EwsAllowList, + + [Parameter()] + [System.Object] + $DefaultPublicFolderMaxItemSize, + + [Parameter()] + [System.Boolean] + $MatchSenderOrganizerProperties, + + [Parameter()] + [System.Int32] + $DefaultMinutesToReduceLongEventsBy, + + [Parameter()] + [System.Object] + $IPListBlocked, + + [Parameter()] + [System.Boolean] + $BookingsNotesEntryRestricted, + + [Parameter()] + [System.Boolean] + $SendFromAliasEnabled, + + [Parameter()] + [System.Boolean] + $AutodiscoverPartialDirSync, + + [Parameter()] + [System.Object] + $ActivityBasedAuthenticationTimeoutInterval, + + [Parameter()] + [System.Boolean] + $OutlookMobileSingleAccountEnabled, + + [Parameter()] + [System.Boolean] + $IsGroupFoldersAndRulesEnabled, + + [Parameter()] + [System.Boolean] + $MaskClientIpInReceivedHeadersEnabled, + + [Parameter()] + [System.Boolean] + $PerTenantSwitchToESTSEnabled, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabled, + + [Parameter()] + [System.Object] + $EwsBlockList, + + [Parameter()] + [System.Boolean] + $CustomerLockboxEnabled, + + [Parameter()] + [System.Boolean] + $OutlookMobileHelpShiftEnabled, + + [Parameter()] + [System.Uri] + $SiteMailboxCreationURL, + + [Parameter()] + [System.Int32] + $ByteEncoderTypeFor7BitCharsets, + + [Parameter()] + [System.Boolean] + $FindTimeAutoScheduleDisabled, + + [Parameter()] + [System.Object] + $DefaultPublicFolderIssueWarningQuota + ) +} +function Set-OrganizationRelationship +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $MailTipsAccessLevel, + + [Parameter()] + [System.Uri] + $TargetAutodiscoverEpr, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $FreeBusyAccessScope, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Boolean] + $DeliveryReportEnabled, + + [Parameter()] + [System.String] + $OAuthApplicationId, + + [Parameter()] + [System.Boolean] + $MailTipsAccessEnabled, + + [Parameter()] + [System.Boolean] + $ArchiveAccessEnabled, + + [Parameter()] + [System.Boolean] + $FreeBusyAccessEnabled, + + [Parameter()] + [System.Object] + $MailTipsAccessScope, + + [Parameter()] + [System.Uri] + $TargetOwaURL, + + [Parameter()] + [System.Uri] + $TargetApplicationUri, + + [Parameter()] + [System.Object] + $OrganizationContact, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $MailboxMovePublishedScopes, + + [Parameter()] + [System.Boolean] + $MailboxMoveEnabled, + + [Parameter()] + [System.Object] + $MailboxMoveCapability, + + [Parameter()] + [System.Uri] + $TargetSharingEpr, + + [Parameter()] + [System.Object] + $FreeBusyAccessLevel, + + [Parameter()] + [System.Object] + $DomainNames, + + [Parameter()] + [System.Boolean] + $PhotosEnabled + ) +} +function Set-OutboundConnector +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $RouteAllMessagesViaOnPremises, + + [Parameter()] + [System.Object] + $RecipientDomains, + + [Parameter()] + [System.Boolean] + $CloudServicesMailEnabled, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Boolean] + $AllAcceptedDomains, + + [Parameter()] + [System.Object] + $TlsDomain, + + [Parameter()] + [System.String] + $Comment, + + [Parameter()] + [System.Boolean] + $IsTransportRuleScoped, + + [Parameter()] + [System.Boolean] + $IsValidated, + + [Parameter()] + [System.Boolean] + $UseMXRecord, + + [Parameter()] + [System.Object] + $LastValidationTimestamp, + + [Parameter()] + [System.Object] + $TlsSettings, + + [Parameter()] + [System.String[]] + $ValidationRecipients, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $ConnectorType, + + [Parameter()] + [System.Object] + $SmartHosts, + + [Parameter()] + [System.Boolean] + $SenderRewritingEnabled, + + [Parameter()] + [System.Boolean] + $TestMode, + + [Parameter()] + [System.Object] + $ConnectorSource + ) +} +function Set-OwaMailboxPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Int32] + $DefaultClientLanguage, + + [Parameter()] + [System.Boolean] + $ContactsEnabled, + + [Parameter()] + [System.Boolean] + $PersonalAccountCalendarsEnabled, + + [Parameter()] + [System.Boolean] + $MessagePreviewsDisabled, + + [Parameter()] + [System.Boolean] + $ExplicitLogonEnabled, + + [Parameter()] + [System.Boolean] + $ShowOnlineArchiveEnabled, + + [Parameter()] + [System.Object] + $BlockedFileTypes, + + [Parameter()] + [System.Boolean] + $NpsSurveysEnabled, + + [Parameter()] + [System.Boolean] + $LinkedInEnabled, + + [Parameter()] + [System.Object] + $ConditionalAccessPolicy, + + [Parameter()] + [System.String[]] + $AllowedOrganizationAccountDomains, + + [Parameter()] + [System.Boolean] + $ChangePasswordEnabled, + + [Parameter()] + [System.String] + $BookingsMailboxDomain, + + [Parameter()] + [System.Boolean] + $AdditionalStorageProvidersAvailable, + + [Parameter()] + [System.Boolean] + $WacViewingOnPublicComputersEnabled, + + [Parameter()] + [System.Boolean] + $OutlookBetaToggleEnabled, + + [Parameter()] + [System.Boolean] + $SMimeSuppressNameChecksEnabled, + + [Parameter()] + [System.Object] + $ActionForUnknownFileAndMIMETypes, + + [Parameter()] + [System.String] + $ExternalSPMySiteHostURL, + + [Parameter()] + [System.Boolean] + $OfflineEnabledWeb, + + [Parameter()] + [System.Object] + $ForceSaveMimeTypes, + + [Parameter()] + [System.Boolean] + $CalendarEnabled, + + [Parameter()] + [System.Boolean] + $SpellCheckerEnabled, + + [Parameter()] + [System.Boolean] + $DisplayPhotosEnabled, + + [Parameter()] + [System.Boolean] + $TasksEnabled, + + [Parameter()] + [System.Boolean] + $GroupCreationEnabled, + + [Parameter()] + [System.Object] + $ForceSaveFileTypes, + + [Parameter()] + [System.Object] + $ChangeSettingsAccountEnabled, + + [Parameter()] + [System.Object] + $AdditionalAccountsEnabled, + + [Parameter()] + [System.Boolean] + $TeamsnapCalendarsEnabled, + + [Parameter()] + [System.Boolean] + $WacViewingOnPrivateComputersEnabled, + + [Parameter()] + [System.Boolean] + $TextMessagingEnabled, + + [Parameter()] + [System.Boolean] + $SearchFoldersEnabled, + + [Parameter()] + [System.Boolean] + $UserVoiceEnabled, + + [Parameter()] + [System.Boolean] + $ForceWacViewingFirstOnPublicComputers, + + [Parameter()] + [System.Boolean] + $GlobalAddressListEnabled, + + [Parameter()] + [System.Boolean] + $IRMEnabled, + + [Parameter()] + [System.Boolean] + $DirectFileAccessOnPublicComputersEnabled, + + [Parameter()] + [System.Boolean] + $WacOMEXEnabled, + + [Parameter()] + [System.Boolean] + $DirectFileAccessOnPrivateComputersEnabled, + + [Parameter()] + [System.Boolean] + $JournalEnabled, + + [Parameter()] + [System.Boolean] + $OfflineEnabledWin, + + [Parameter()] + [System.Object] + $ItemsToOtherAccountsEnabled, + + [Parameter()] + [System.Boolean] + $WSSAccessOnPublicComputersEnabled, + + [Parameter()] + [System.Boolean] + $SignaturesEnabled, + + [Parameter()] + [System.Boolean] + $OnSendAddinsEnabled, + + [Parameter()] + [System.Boolean] + $WacExternalServicesEnabled, + + [Parameter()] + [System.String] + $InternalSPMySiteHostURL, + + [Parameter()] + [System.Boolean] + $RemindersAndNotificationsEnabled, + + [Parameter()] + [System.Boolean] + $SatisfactionEnabled, + + [Parameter()] + [System.Boolean] + $OWALightEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-OutboundConnector -{ - [CmdletBinding()] - param( + $InstantMessagingType, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ActiveSyncIntegrationEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-OwaMailboxPolicy -{ - [CmdletBinding()] - param( + $PersonalAccountsEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $DefaultTheme, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $SetPhotoEnabled, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-PartnerApplication -{ - [CmdletBinding()] - param( + [System.Boolean] + $ClassicAttachmentsEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ForceWacViewingFirstOnPrivateComputers, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-PolicyTipConfig -{ - [CmdletBinding()] - param( + $AllowedMimeTypes, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowCopyContactsToDeviceAddressBook, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-QuarantinePolicy -{ - [CmdletBinding()] - param( + $OutboundCharset, + [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $PlacesEnabled, [Parameter()] - [System.Object] - $DomainController - ) -} -function Remove-RecipientPermission -{ - [CmdletBinding()] - param( + [System.Boolean] + $ReportJunkEmailEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $SkipDomainValidationForMailContact, + [System.Boolean] + $UseISO885915, [Parameter()] - [System.Object] - $AccessRights, + [System.Boolean] + $RecoverDeletedItemsEnabled, + + [Parameter()] + [System.Boolean] + $NotesEnabled, + + [Parameter()] + [System.Boolean] + $OrganizationEnabled, [Parameter()] [System.Object] - $Trustee, + $WebPartsFrameOptionsType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Deny, + [System.String] + $SetPhotoURL, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $WacEditingEnabled, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $PublicFoldersEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SkipDomainValidationForMailUser, + [System.Boolean] + $BookingsMailboxCreationEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SkipDomainValidationForSharedMailbox - ) -} -function Remove-RemoteDomain -{ - [CmdletBinding()] - param( + [System.Boolean] + $ForceSaveAttachmentFilteringEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $LogonAndErrorLanguage, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-ReportSubmissionPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $WSSAccessOnPrivateComputersEnabled, + [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-ReportSubmissionRule -{ - [CmdletBinding()] - param( + [System.Boolean] + $AllAddressListsEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $EmptyStateEnabled, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-RoleAssignmentPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $ProjectMocaEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $DelegateAccessEnabled, + + [Parameter()] + [System.Boolean] + $PremiumClientEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-RoleGroup -{ - [CmdletBinding()] - param( + $BlockedMimeTypes, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Boolean] + $UMIntegrationEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $FeedbackEnabled, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $SilverlightEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BypassSecurityGroupManagerCheck - ) -} -function Remove-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $WeatherEnabled, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, + $IsDefault, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $UseGB18030, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-SafeAttachmentRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $AllowOfflineOn, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-SafeLinksPolicy -{ - [CmdletBinding()] - param( + $AllowedFileTypes, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Boolean] + $ExternalImageProxyEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $RulesEnabled, [Parameter()] [System.Object] - $Identity - ) -} -function Remove-SafeLinksRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $OneWinNativeOutlookEnabled, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-SharingPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $FreCardsEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Name, [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-TransportRule -{ - [CmdletBinding()] - param( + [System.Boolean] + $ThemeSelectionEnabled, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $InstantMessagingEnabled, [Parameter()] - [System.Object] - $Identity - ) -} -function Set-AcceptedDomain -{ - [CmdletBinding()] - param( + [System.Boolean] + $LocalEventsEnabled, + [Parameter()] [System.Boolean] - $CanHaveCloudCache, + $InterestingCalendarsEnabled, [Parameter()] [System.Boolean] - $EnableNego2Authentication, + $BizBarEnabled, [Parameter()] [System.Boolean] - $OutboundOnly, + $OneDriveAttachmentsEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $PrintWithoutDownloadEnabled, [Parameter()] [System.Boolean] - $SendingFromDomainDisabled, + $SaveAttachmentsToCloudEnabled, [Parameter()] [System.Object] @@ -7088,64 +14010,63 @@ function Set-AcceptedDomain [Parameter()] [System.Boolean] - $MatchSubDomains, + $PhoneticSupportEnabled, [Parameter()] - [System.Object] - $DomainType - ) -} -function Set-ActiveSyncDeviceAccessRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $SkipCreateUnifiedGroupCustomSharepointClassification, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $ReferenceAttachmentsEnabled, [Parameter()] - [System.Object] - $AccessLevel + [System.Management.Automation.SwitchParameter] + $DisableFacebook ) } -function Set-AddressBookPolicy +function Set-PartnerApplication { [CmdletBinding()] param( [Parameter()] - [System.Object] - $RoomList, - - [Parameter()] - [System.Object] - $OfflineAddressBook, + [System.String] + $ApplicationIdentifier, [Parameter()] [System.String] $Name, + [Parameter()] + [System.Object] + $LinkedAccount, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Boolean] + $AcceptSecurityIdentifierInformation, + [Parameter()] [System.Object] $Identity, [Parameter()] - [System.Object] - $GlobalAddressList, + [System.String[]] + $ActAsPermissions, [Parameter()] - [System.Object[]] - $AddressLists + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Object] + $AccountType ) } -function Set-AddressList +function Set-PerimeterConfig { [CmdletBinding()] param( @@ -7159,665 +14080,621 @@ function Set-AddressList [Parameter()] [System.Object] - $ConditionalCustomAttribute8, + $GatewayIPAddresses + ) +} +function Set-Place +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $PostalCode, [Parameter()] [System.String] - $DisplayName, + $Phone, [Parameter()] [System.Object] - $ConditionalCustomAttribute10, + $Identity, [Parameter()] - [System.String] - $Name, + [System.Object] + $CountryOrRegion, [Parameter()] - [System.Object] - $ConditionalCustomAttribute9, + [System.String] + $ParentId, [Parameter()] - [System.Object] - $ConditionalCustomAttribute2, + [System.String] + $Street, [Parameter()] - [System.Object] - $IncludedRecipients, + [System.Boolean] + $IsWheelChairAccessible, [Parameter()] - [System.Object] - $ConditionalCompany, + [System.String] + $AudioDeviceName, [Parameter()] - [System.Object] - $ConditionalCustomAttribute6, + [System.String] + $DisplayDeviceName, [Parameter()] - [System.Object] - $ConditionalCustomAttribute3, + [System.Object[]] + $Desks, [Parameter()] - [System.Object] - $ConditionalCustomAttribute12, + [System.String] + $Building, [Parameter()] - [System.Object] - $ConditionalCustomAttribute13, + [System.String] + $State, [Parameter()] [System.String] - $RecipientFilter, + $City, [Parameter()] [System.Object] - $ConditionalCustomAttribute15, + $Floor, [Parameter()] [System.Object] - $ConditionalDepartment, + $ParentType, [Parameter()] - [System.Object] - $ConditionalStateOrProvince, + [System.String] + $VideoDeviceName, [Parameter()] - [System.Object] - $ConditionalCustomAttribute7, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $ConditionalCustomAttribute14, + [System.String[]] + $Tags, [Parameter()] - [System.Object] - $ConditionalCustomAttribute4, + [System.String] + $FloorLabel, [Parameter()] [System.Object] - $ConditionalCustomAttribute11, + $Capacity, [Parameter()] - [System.Object] - $ConditionalCustomAttribute1, + [System.String] + $Label, [Parameter()] [System.Object] - $ConditionalCustomAttribute5 + $GeoCoordinates, + + [Parameter()] + [System.Boolean] + $MTREnabled ) } -function Set-AdminAuditLogConfig +function Set-PolicyTipConfig { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $Value, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Boolean] - $UnifiedAuditLogIngestionEnabled + [System.Object] + $Identity ) } -function Set-AntiPhishPolicy +function Set-QuarantinePolicy { [CmdletBinding()] param( - [Parameter()] - [System.Boolean] - $EnableFirstContactSafetyTips, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault, - [Parameter()] [System.Object] - $DmarcRejectAction, - - [Parameter()] - [System.Int32] - $PhishThresholdLevel, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Boolean] - $EnableTargetedDomainsProtection, + $MultiLanguageCustomDisclaimer, [Parameter()] [System.Object] - $Identity, - - [Parameter()] - [System.Boolean] - $HonorDmarcPolicy, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.Boolean] - $EnableViaTag, + $AdminNotificationLanguage, [Parameter()] [System.Object] - $MailboxIntelligenceProtectionAction, + $Identity, [Parameter()] - [System.Object] - $TargetedDomainsToProtect, + [System.String] + $EndUserSpamNotificationCustomFromAddress, [Parameter()] - [System.Boolean] - $EnableSpoofIntelligence, + [System.Int32] + $EndUserSpamNotificationFrequencyInDays, [Parameter()] - [System.Boolean] - $EnableSimilarUsersSafetyTips, + [System.String] + $CustomDisclaimer, [Parameter()] - [System.Object] - $ExcludedDomains, + [System.Int32] + $EndUserQuarantinePermissionsValue, [Parameter()] - [System.String] - $PolicyTag, + [System.Boolean] + $ESNEnabled, [Parameter()] - [System.Object] - $TargetedDomainActionRecipients, + [System.Management.Automation.SwitchParameter] + $IgnoreDehydratedFlag, [Parameter()] [System.Object] - $DmarcQuarantineAction, + $EndUserQuarantinePermissions, [Parameter()] [System.Boolean] - $EnableMailboxIntelligence, + $AdminNotificationsEnabled, [Parameter()] - [System.String] - $TargetedDomainQuarantineTag, + [System.Object] + $EndUserSpamNotificationLanguage, [Parameter()] [System.Object] - $ImpersonationProtectionState, + $DomainController, [Parameter()] [System.Object] - $TargetedDomainProtectionAction, + $MultiLanguageSenderName, [Parameter()] - [System.String] - $AdminDisplayName, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $TargetedUsersToProtect, + $AdminQuarantinePermissionsList, [Parameter()] [System.Object] - $TargetedUserProtectionAction, + $MultiLanguageSetting, [Parameter()] - [System.Object] - $MailboxIntelligenceProtectionActionRecipients, + [System.TimeSpan] + $EndUserSpamNotificationFrequency, [Parameter()] - [System.String] - $MailboxIntelligenceQuarantineTag, + [System.Int32] + $QuarantineRetentionDays, [Parameter()] - [System.Boolean] - $EnableSimilarDomainsSafetyTips, + [System.Object] + $EsnCustomSubject, [Parameter()] - [System.String] - $SpoofQuarantineTag, + [System.Boolean] + $OrganizationBrandingEnabled, + [Parameter()] + [System.Int32] + $AdminNotificationFrequencyInDays + ) +} +function Set-RemoteDomain +{ + [CmdletBinding()] + param( [Parameter()] [System.Boolean] - $EnableUnauthenticatedSender, + $AutoReplyEnabled, [Parameter()] - [System.String] - $TargetedUserQuarantineTag, + [System.Object] + $Identity, [Parameter()] - [System.Boolean] - $EnableOrganizationDomainsProtection, + [System.Object] + $TNEFEnabled, [Parameter()] [System.Boolean] - $EnableMailboxIntelligenceProtection, + $DeliveryReportEnabled, [Parameter()] - [System.Boolean] - $EnableUnusualCharactersSafetyTips, + [System.Object] + $RequiredCharsetCoverage, [Parameter()] [System.Boolean] - $EnableTargetedUserProtection, + $MeetingForwardNotificationEnabled, [Parameter()] [System.Object] - $AuthenticationFailAction, + $ContentType, [Parameter()] [System.Object] - $TargetedUserActionRecipients, + $ByteEncoderTypeFor7BitCharsets, [Parameter()] - [System.Object] - $ExcludedSenders - ) -} -function Set-AntiPhishRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, + [System.Boolean] + $AutoForwardEnabled, [Parameter()] [System.String] $Name, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Boolean] + $TrustedMailInboundEnabled, [Parameter()] [System.Object] - $AntiPhishPolicy, - - [Parameter()] - [System.Object[]] - $SentTo, + $LineWrapSize, [Parameter()] [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, + $CharacterSet, [Parameter()] [System.Object] - $Identity, + $PreferredInternetCodePageForShiftJis, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.Boolean] + $SmtpDaneMandatoryModeEnabled, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.String] + $NonMimeCharacterSet, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $TargetDeliveryDomain, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf - ) -} -function Set-App -{ - [CmdletBinding()] - param( + [System.Boolean] + $TrustedMailOutboundEnabled, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $UserList, - - [Parameter()] - [System.Object] - $DefaultStateForUser, + [System.Boolean] + $DisplaySenderName, [Parameter()] [System.Object] - $Identity, + $AllowedOOFType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationApp, + [System.Boolean] + $NDREnabled, [Parameter()] [System.Boolean] - $Enabled, + $NDRDiagnosticInfoEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrivateCatalog, + [System.Boolean] + $IsInternal, [Parameter()] - [System.Object] - $ProvidedTo + [System.Boolean] + $UseSimpleDisplayName ) } -function Set-ApplicationAccessPolicy +function Set-ReportSubmissionPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $PostSubmitMessage, [Parameter()] [System.Object] - $Identity - ) -} -function Set-AtpPolicyForO365 -{ - [CmdletBinding()] - param( + $ReportJunkAddresses, + [Parameter()] [System.Boolean] - $EnableATPForSPOTeamsODB, + $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, [Parameter()] - [System.Object] - $Identity, + [System.String] + $PhishingReviewResultMessage, [Parameter()] - [System.Boolean] - $EnableSafeDocs, + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForNotJunk, [Parameter()] [System.Boolean] - $AllowSafeDocsOpen, + $EnableCustomizedMsg, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} -function Set-AuthenticationPolicy -{ - [CmdletBinding()] - param( + [System.Object] + $NotificationSenderAddress, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthPop, + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthSmtp, + [System.Boolean] + $NotificationsForSpamSubmissionAirInvestigationsEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthMapi, + [System.String] + $PostSubmitMessageForJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthImap, + [System.String[]] + $MultiLanguagePostSubmitMessageForPhishing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthAutodiscover, + [System.Boolean] + $EnableThirdPartyAddress, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthPowershell, + [System.String] + $PreSubmitMessageTitleForPhishing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthRpc, + [System.String] + $PreSubmitMessageForJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthOfflineAddressBook, + [System.Int32] + $UserSubmissionOptions, [Parameter()] - [System.Object] - $Identity, + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForPhishing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthReportingWebServices, + [System.String] + $PreSubmitMessageForNotJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthOutlookService, + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForPhishing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForNotJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthActiveSync, + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForJunk, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowBasicAuthWebServices - ) -} -function Set-AvailabilityConfig -{ - [CmdletBinding()] - param( + [System.String[]] + $MultiLanguagePreSubmitMessageForNotJunk, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ReportJunkToCustomizedAddress, [Parameter()] - [System.Object] - $OrgWideAccount, + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForPhishing, [Parameter()] - [System.Object] - $AllowedTenantIds - ) -} -function Set-CalendarProcessing -{ - [CmdletBinding()] - param( + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + [Parameter()] - [System.Int32] - $MaximumConflictInstances, + [System.String] + $PostSubmitMessageTitleForJunk, [Parameter()] - [System.Object] - $BookingType, + [System.String[]] + $MultiLanguagePreSubmitMessageForPhishing, [Parameter()] - [System.Boolean] - $ForwardRequestsToDelegates, + [System.String] + $NotificationFooterMessage, [Parameter()] [System.Boolean] - $RemoveCanceledMeetings, + $EnableOrganizationBranding, [Parameter()] - [System.Object] - $Identity, + [System.String] + $PreSubmitMessageForPhishing, [Parameter()] - [System.Object[]] - $ResourceDelegates, + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, [Parameter()] - [System.Boolean] - $DeleteNonCalendarItems, + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForPhishing, [Parameter()] [System.Boolean] - $RemovePrivateProperty, + $EnableReportToMicrosoft, [Parameter()] - [System.Boolean] - $DeleteComments, + [System.String] + $PreSubmitMessageTitleForJunk, [Parameter()] [System.Boolean] - $EnforceSchedulingHorizon, + $ReportChatMessageEnabled, [Parameter()] - [System.Boolean] - $EnableResponseDetails, + [System.Object] + $ThirdPartyReportAddresses, [Parameter()] - [System.Object[]] - $RequestInPolicy, + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForJunk, [Parameter()] [System.Boolean] - $EnforceCapacity, + $NotificationsForCleanSubmissionAirInvestigationsEnabled, [Parameter()] - [System.Boolean] - $AllowConflicts, + [System.String] + $PostSubmitMessageForNotJunk, [Parameter()] - [System.Boolean] - $AllRequestInPolicy, + [System.Object] + $MultiLanguageSetting, [Parameter()] - [System.Boolean] - $AddOrganizerToSubject, + [System.String[]] + $MultiLanguagePostSubmitMessageForJunk, [Parameter()] - [System.Object[]] - $BookInPolicy, + [System.Boolean] + $DisableQuarantineReportingOption, [Parameter()] - [System.Int32] - $ConflictPercentageAllowed, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $AutomateProcessing, + $ReportNotJunkAddresses, [Parameter()] [System.Boolean] - $AllRequestOutOfPolicy, + $EnableUserEmailNotification, [Parameter()] - [System.Boolean] - $AddNewRequestsTentatively, + [System.String[]] + $MultiLanguagePreSubmitMessageForJunk, [Parameter()] - [System.Boolean] - $EnableAutoRelease, + [System.String] + $PostSubmitMessageTitleForPhishing, [Parameter()] - [System.Int32] - $PostReservationMaxClaimTimeInMinutes, + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForJunk, [Parameter()] [System.Boolean] - $AllBookInPolicy, + $DisableUserSubmissionOptions, [Parameter()] [System.Boolean] - $ProcessExternalMeetingMessages, + $OnlyShowPhishingDisclaimer, [Parameter()] - [System.Boolean] - $DeleteAttachments, + [System.String] + $PostSubmitMessageTitleForNotJunk, [Parameter()] - [System.Boolean] - $ScheduleOnlyDuringWorkHours, + [System.String] + $PreSubmitMessage, [Parameter()] [System.String] - $AdditionalResponse, + $PreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, [Parameter()] [System.Boolean] - $TentativePendingApproval, + $EnableCustomNotificationSender, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, [Parameter()] - [System.Int32] - $MaximumDurationInMinutes, + [System.Object] + $ReportPhishAddresses, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForJunk, [Parameter()] - [System.Object[]] - $RequestOutOfPolicy, + [System.String] + $NotJunkReviewResultMessage, [Parameter()] [System.Boolean] - $RemoveOldMeetingMessages, + $NotificationsForSubmissionAirInvestigationsEnabled, [Parameter()] [System.Boolean] - $OrganizerInfo, + $PreSubmitMessageEnabled, [Parameter()] [System.Boolean] - $AddAdditionalResponse, + $PostSubmitMessageEnabled, [Parameter()] - [System.Boolean] - $RemoveForwardedMeetingNotifications, + [System.String] + $PreSubmitMessageTitle, [Parameter()] - [System.Int32] - $MinimumDurationInMinutes, + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForPhishing, [Parameter()] - [System.Int32] - $BookingWindowInDays, + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForPhishing, [Parameter()] - [System.Boolean] - $AllowRecurringMeetings, + [System.String] + $UserSubmissionOptionsMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Object] + $Identity, [Parameter()] [System.Boolean] - $DeleteSubject + $ReportPhishToCustomizedAddress ) } -function Set-CASMailbox +function Set-ReportSubmissionRule { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $IsOptimizedForAccessibility, - - [Parameter()] - [System.Boolean] - $ImapEnabled, + [System.String] + $Name, [Parameter()] - [System.Boolean] - $ImapSuppressReadReceipt, + [System.Object[]] + $SentTo, [Parameter()] - [System.Boolean] - $ActiveSyncSuppressReadReceipt, + [System.String] + $Comments, [Parameter()] [System.Object] @@ -7825,144 +14702,156 @@ function Set-CASMailbox [Parameter()] [System.Object] - $EwsBlockList, - - [Parameter()] - [System.Object] - $EwsAllowEntourage, - - [Parameter()] - [System.Object] - $OwaMailboxPolicy, + $ReportSubmissionPolicy, [Parameter()] - [System.Boolean] - $PopUseProtocolDefaults, - + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Set-ResourceConfig +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.Object] - $SmtpClientAuthenticationDisabled, - - [Parameter()] - [System.Boolean] - $PopForceICalForCalendarRetrievalOption, - + $ResourcePropertySchema + ) +} +function Set-RoleAssignmentPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $ImapForceICalForCalendarRetrievalOption, + [System.String] + $Description, [Parameter()] - [System.Boolean] - $ShowGalAsDefaultView, + [System.String] + $Name, [Parameter()] - [System.Object] - $ActiveSyncBlockedDeviceIDs, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $MAPIEnabled, + [System.Management.Automation.SwitchParameter] + $IsDefault, [Parameter()] [System.Object] - $EwsAllowOutlook, - + $Identity + ) +} +function Set-RoleGroup +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $PopEnabled, + [System.String] + $Description, [Parameter()] - [System.Object] - $ActiveSyncAllowedDeviceIDs, + [System.Management.Automation.SwitchParameter] + $Force, [Parameter()] - [System.Object] - $EwsEnabled, + [System.String] + $DisplayName, [Parameter()] - [System.Object] - $OutlookMobileEnabled, + [System.String] + $Name, [Parameter()] - [System.Object] - $EwsAllowMacOutlook, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $EwsApplicationAccessPolicy, + [System.String] + $WellKnownObject, [Parameter()] [System.Object] - $OneWinNativeOutlookEnabled, - - [Parameter()] - [System.Boolean] - $OWAEnabled, + $Identity, [Parameter()] - [System.Boolean] - $PublicFolderClientAccess, + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck, [Parameter()] [System.Object] - $ActiveSyncMailboxPolicy, - + $ManagedBy + ) +} +function Set-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $UniversalOutlookEnabled, - - [Parameter()] - [System.Boolean] - $ImapUseProtocolDefaults, - - [Parameter()] - [System.Boolean] - $ActiveSyncDebugLogging, + $Action, [Parameter()] [System.Boolean] - $OWAforDevicesEnabled, + $Redirect, [Parameter()] - [System.Object] - $ImapMessagesRetrievalMimeFormat, + [System.String] + $AdminDisplayName, [Parameter()] [System.Boolean] - $ActiveSyncEnabled, + $Enable, [Parameter()] [System.Object] - $MacOutlookEnabled, + $RedirectAddress, [Parameter()] - [System.Boolean] - $PopSuppressReadReceipt, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $EwsAllowList, + $Identity, [Parameter()] - [System.Object] - $PopMessagesRetrievalMimeFormat + [System.String] + $QuarantineTag ) } -function set-CASMailboxPlan +function Set-SafeAttachmentRule { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $ImapEnabled, + [System.Int32] + $Priority, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, [Parameter()] [System.Object] @@ -7970,6889 +14859,7061 @@ function set-CASMailboxPlan [Parameter()] [System.Object] - $OwaMailboxPolicy, + $SafeAttachmentPolicy, [Parameter()] - [System.Boolean] - $PopEnabled, + [System.Object[]] + $ExceptIfRecipientDomainIs, [Parameter()] - [System.Boolean] - $ActiveSyncEnabled + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf ) } -function Set-ClientAccessRule +function Set-SafeLinksPolicy { [CmdletBinding()] param( [Parameter()] - [System.Object] - $UsernameMatchesAnyOfPatterns, + [System.Boolean] + $EnableOrganizationBranding, [Parameter()] [System.Object] $Identity, [Parameter()] - [System.Object] - $Action, + [System.String] + $AdminDisplayName, [Parameter()] - [System.Object] - $AnyOfClientIPAddressesOrRanges, + [System.Boolean] + $UseTranslatedNotificationText, [Parameter()] [System.Boolean] - $Enabled, + $DisableUrlRewrite, [Parameter()] [System.Object] - $ExceptAnyOfClientIPAddressesOrRanges, - - [Parameter()] - [System.String] - $Name, + $DoNotRewriteUrls, [Parameter()] - [System.String] - $UserRecipientFilter, + [System.Boolean] + $EnableSafeLinksForTeams, [Parameter()] - [System.Object] - $ExceptAnyOfProtocols, + [System.Boolean] + $EnableSafeLinksForOffice, [Parameter()] - [System.Int32] - $Priority, + [System.Boolean] + $TrackClicks, [Parameter()] - [System.Object] - $ExceptUsernameMatchesAnyOfPatterns, + [System.Boolean] + $AllowClickThrough, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $AnyOfAuthenticationTypes, + [System.String] + $CustomNotificationText, [Parameter()] - [System.Object] - $AnyOfProtocols, + [System.Boolean] + $DeliverMessageAfterScan, [Parameter()] - [System.Object] - $ExceptAnyOfAuthenticationTypes, + [System.Boolean] + $EnableSafeLinksForEmail, [Parameter()] - [System.Object] - $Scope + [System.Boolean] + $ScanUrls, + + [Parameter()] + [System.Boolean] + $EnableForInternalSenders ) } -function Set-DataClassification +function Set-SafeLinksRule { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Int32] + $Priority, [Parameter()] [System.String] $Name, [Parameter()] - [System.Globalization.CultureInfo] - $Locale, + [System.Object[]] + $SentToMemberOf, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object[]] + $SentTo, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsDefault, + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, [Parameter()] [System.Object] - $Fingerprints, + $Identity, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, [Parameter()] [System.Object] - $Identity + $SafeLinksPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf ) } -function Set-DataEncryptionPolicy +function Set-SharingPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $Name, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, - - [Parameter()] - [System.String] - $Name, + $Confirm, [Parameter()] [System.Object] - $DomainController, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PermanentDataPurgeRequested, + $Domains, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Default, [Parameter()] [System.Object] $Identity, - [Parameter()] - [System.String] - $PermanentDataPurgeReason, - [Parameter()] [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $PermanentDataPurgeContact, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Refresh + $Enabled ) } -function Set-DistributionGroup +function Set-TransportConfig { [CmdletBinding()] param( [Parameter()] - [System.Object] - $EmailAddresses, + [System.Boolean] + $InternalDelayDsnEnabled, [Parameter()] - [System.Object] - $RejectMessagesFromDLMembers, + [System.Boolean] + $InternalDsnSendHtml, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RoomList, + [System.Boolean] + $ExternalDelayDsnEnabled, [Parameter()] [System.Object] - $AcceptMessagesOnlyFromSendersOrMembers, + $DSNConversionMode, [Parameter()] - [System.String] - $CustomAttribute10, + [System.Boolean] + $SmtpClientAuthenticationDisabled, [Parameter()] - [System.Object] - $ExtensionCustomAttribute5, + [System.Globalization.CultureInfo] + $InternalDsnDefaultLanguage, [Parameter()] - [System.String] - $CustomAttribute8, + [System.Object] + $MessageExpiration, [Parameter()] - [System.String] - $CustomAttribute5, + [System.Management.Automation.SwitchParameter] + $Force, [Parameter()] [System.Boolean] - $BccBlocked, + $ReplyAllStormProtectionEnabled, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFromDLMembers, + [System.Boolean] + $InternalDsnLanguageDetectionEnabled, [Parameter()] - [System.String] - $SimpleDisplayName, + [System.Boolean] + $AddressBookPolicyRoutingEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreNamingPolicy, + [System.Boolean] + $ExternalDsnLanguageDetectionEnabled, [Parameter()] [System.Boolean] - $ReportToManagerEnabled, + $ExternalDsnSendHtml, [Parameter()] - [System.String] - $MailTip, + [System.Boolean] + $Rfc2231EncodingEnabled, [Parameter()] [System.Object] - $ModeratedBy, + $HeaderPromotionModeSetting, [Parameter()] - [System.Object] - $GrantSendOnBehalfTo, + [System.Boolean] + $VoicemailJournalingEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] - $ResetMigrationToUnifiedGroup, + $Confirm, [Parameter()] [System.Object] - $AcceptMessagesOnlyFrom, + $JournalingReportNdrTo, [Parameter()] [System.Boolean] - $BypassNestedModerationEnabled, + $ConvertDisclaimerWrapperToEml, [Parameter()] - [System.Boolean] - $ModerationEnabled, + [System.Object] + $InternalDsnReportingAuthority, [Parameter()] - [System.Object] - $MemberDepartRestriction, + [System.Int32] + $JournalMessageExpirationDays, [Parameter()] [System.Object] - $ExtensionCustomAttribute4, + $MaxRecipientEnvelopeLimit, [Parameter()] - [System.String] - $CustomAttribute15, + [System.Int32] + $ReplyAllStormDetectionMinimumReplies, [Parameter()] [System.Object] - $RejectMessagesFromSendersOrMembers, + $ExternalDsnReportingAuthority, [Parameter()] - [System.Object] - $WindowsEmailAddress, + [System.Globalization.CultureInfo] + $ExternalDsnDefaultLanguage, [Parameter()] - [System.String] - $Alias, + [System.Object] + $AllowLegacyTLSClients, [Parameter()] - [System.String] - $DisplayName, + [System.Boolean] + $ClearCategories, [Parameter()] - [System.Boolean] - $ReportToOriginatorEnabled, + [System.Int32] + $ReplyAllStormBlockDurationHours, [Parameter()] [System.Object] - $BypassModerationFromSendersOrMembers, + $ExternalPostmasterAddress, + [Parameter()] + [System.Int32] + $ReplyAllStormDetectionMinimumRecipients + ) +} +function Set-TransportRule +{ + [CmdletBinding()] + param( [Parameter()] [System.Object] - $RejectMessagesFrom, + $ActivationDate, [Parameter()] - [System.String] - $CustomAttribute1, + [System.Object[]] + $AddToRecipients, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceUpgrade, + [System.Object] + $ApplyHtmlDisclaimerFallbackAction, [Parameter()] - [System.Object] - $ManagedBy, + [System.Object[]] + $ExceptIfRecipientADAttributeContainsWords, [Parameter()] [System.Object] - $Description, + $AttachmentSizeOver, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderADAttributeContainsWords, [Parameter()] [System.Object] - $ExtensionCustomAttribute1, + $SetSCL, [Parameter()] - [System.String] - $CustomAttribute14, + [System.Object[]] + $AnyOfToHeaderMemberOf, [Parameter()] [System.Boolean] - $RequireSenderAuthenticationEnabled, + $Disconnect, [Parameter()] - [System.String] - $CustomAttribute9, + [System.Int32] + $Priority, [Parameter()] - [System.String] - $CustomAttribute6, + [System.Object[]] + $ExceptIfSentToMemberOf, [Parameter()] - [System.Boolean] - $SendOofMessageToOriginatorEnabled, + [System.Object[]] + $ExceptIfAnyOfCcHeader, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BypassSecurityGroupManagerCheck, + [System.Object[]] + $ExceptIfAttachmentMatchesPatterns, [Parameter()] - [System.Object] - $ExtensionCustomAttribute2, + [System.Object[]] + $RecipientDomainIs, [Parameter()] - [System.String] - $CustomAttribute13, + [System.Object] + $ManagerForEvaluatedUser, [Parameter()] - [System.String] - $CustomAttribute2, + [System.Object[]] + $ExceptIfHeaderMatchesPatterns, [Parameter()] [System.Object] - $PrimarySmtpAddress, + $ExceptIfFromScope, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AdComparisonAttribute, [Parameter()] - [System.Object] - $SendModerationNotifications, + [System.Object[]] + $ExceptIfHeaderContainsWords, [Parameter()] - [System.Management.Automation.SwitchParameter] - $HiddenGroupMembershipEnabled, + [System.Object[]] + $HeaderMatchesPatterns, [Parameter()] [System.Object] - $MemberJoinRestriction, + $AddManagerAsRecipientType, [Parameter()] [System.Boolean] - $HiddenFromAddressListsEnabled, + $DeleteMessage, + + [Parameter()] + [System.Boolean] + $HasSenderOverride, [Parameter()] [System.Object] - $MailTipTranslations, + $SmtpRejectMessageRejectStatusCode, [Parameter()] [System.String] - $CustomAttribute7, + $ExceptIfHasClassification, [Parameter()] - [System.String] - $CustomAttribute4, + [System.Boolean] + $Quarantine, [Parameter()] - [System.String] - $Name, + [System.Object[]] + $ExceptIfAnyOfRecipientAddressMatchesPatterns, [Parameter()] - [System.Object] - $ExtensionCustomAttribute3, + [System.Object[]] + $ExceptIfRecipientInSenderList, [Parameter()] - [System.String] - $CustomAttribute12, + [System.Object] + $RecipientAddressType, [Parameter()] - [System.String] - $CustomAttribute3, + [System.Object[]] + $ExceptIfContentCharacterSetContainsWords, [Parameter()] - [System.String] - $CustomAttribute11, + [System.Object[]] + $BlindCopyTo, [Parameter()] [System.Object] - $Identity - ) -} -function Set-DkimSigningConfig -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $AdminDisplayName, + $ApplyHtmlDisclaimerLocation, [Parameter()] [System.Object] - $BodyCanonicalization, + $ExceptIfMessageTypeMatches, [Parameter()] [System.Object] - $HeaderCanonicalization, + $SenderIpRanges, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Collections.Hashtable[]] + $ExceptIfMessageContainsDataClassifications, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PublishTxtRecords, + [System.Object[]] + $ModerateMessageByUser, + + [Parameter()] + [System.Boolean] + $HasNoClassification, + + [Parameter()] + [System.Object[]] + $ExceptIfSenderInRecipientList, [Parameter()] [System.Object] - $Identity, + $HeaderContainsMessageHeader, [Parameter()] - [System.Boolean] - $Enabled - ) -} -function Set-EmailAddressPolicy -{ - [CmdletBinding()] - param( + [System.Object] + $RemoveHeader, + + [Parameter()] + [System.String] + $HasClassification, + + [Parameter()] + [System.Collections.Hashtable[]] + $MessageContainsDataClassifications, + + [Parameter()] + [System.Object[]] + $ExceptIfFromMemberOf, + [Parameter()] [System.Object] - $Priority, + $RuleSubType, [Parameter()] - [System.String] - $Name, + [System.Object[]] + $AnyOfRecipientAddressMatchesPatterns, [Parameter()] [System.Object] - $EnabledEmailAddressTemplates, + $SentToScope, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceUpgrade, + [System.Object[]] + $AnyOfToCcHeaderMemberOf, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object[]] + $From, [Parameter()] - [System.String] - $EnabledPrimarySMTPAddressTemplate, + [System.Object[]] + $ExceptIfAnyOfRecipientAddressContainsWords, [Parameter()] [System.Object] - $Identity - ) -} -function Set-GlobalAddressList -{ - [CmdletBinding()] - param( + $ExceptIfWithImportance, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object[]] + $ContentCharacterSetContainsWords, [Parameter()] - [System.Object] - $Identity, + [System.Object[]] + $SubjectContainsWords, [Parameter()] [System.Object] - $ConditionalCustomAttribute8, + $RejectMessageEnhancedStatusCode, [Parameter()] - [System.Object] - $ConditionalCustomAttribute10, + [System.Object[]] + $SenderADAttributeMatchesPatterns, [Parameter()] - [System.String] - $Name, + [System.Object[]] + $ExceptIfSenderADAttributeMatchesPatterns, [Parameter()] - [System.Object] - $ConditionalCustomAttribute9, + [System.Object[]] + $IncidentReportContent, [Parameter()] - [System.Object] - $ConditionalCustomAttribute2, + [System.Object[]] + $FromMemberOf, [Parameter()] - [System.Object] - $IncludedRecipients, + [System.Object[]] + $AttachmentContainsWords, [Parameter()] [System.Object] - $ConditionalCompany, + $ExceptIfSCLOver, [Parameter()] - [System.Object] - $ConditionalCustomAttribute6, + [System.Object[]] + $ExceptIfBetweenMemberOf1, [Parameter()] [System.Object] - $ConditionalCustomAttribute3, + $GenerateNotification, [Parameter()] [System.Object] - $ConditionalCustomAttribute12, + $NotifySender, + + [Parameter()] + [System.Boolean] + $ExceptIfAttachmentIsPasswordProtected, + + [Parameter()] + [System.Object[]] + $ExceptIfAttachmentNameMatchesPatterns, [Parameter()] [System.Object] - $ConditionalCustomAttribute13, + $ExceptIfSenderManagementRelationship, [Parameter()] [System.String] - $RecipientFilter, + $SetAuditSeverity, [Parameter()] - [System.Object] - $ConditionalCustomAttribute15, + [System.Object[]] + $AttachmentPropertyContainsWords, [Parameter()] - [System.Object] - $ConditionalDepartment, + [System.Object[]] + $ExceptIfAnyOfToHeader, [Parameter()] [System.Object] - $ConditionalStateOrProvince, + $ApplyRightsProtectionCustomizationTemplate, [Parameter()] [System.Object] - $ConditionalCustomAttribute7, + $SetHeaderName, [Parameter()] - [System.Object] - $ConditionalCustomAttribute14, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $ConditionalCustomAttribute4, + [System.Boolean] + $RouteMessageOutboundRequireTls, [Parameter()] [System.Object] - $ConditionalCustomAttribute1, + $WithImportance, [Parameter()] [System.Object] - $ConditionalCustomAttribute5, + $RuleErrorAction, [Parameter()] [System.Object] - $ConditionalCustomAttribute11 - ) -} -function Set-HostedConnectionFilterPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $ConfigurationXmlRaw, + $FromScope, [Parameter()] - [System.String] - $AdminDisplayName, + [System.Object[]] + $AttachmentNameMatchesPatterns, [Parameter()] - [System.Boolean] - $EnableSafeList, + [System.Object[]] + $SentTo, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object[]] + $ExceptIfFromAddressMatchesPatterns, [Parameter()] - [System.Object] - $IPBlockList, + [System.Object[]] + $AnyOfCcHeaderMemberOf, [Parameter()] [System.Object] - $Identity, + $ExceptIfAttachmentSizeOver, [Parameter()] [System.Object] - $IPAllowList, + $ExceptIfManagerForEvaluatedUser, [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault - ) -} -function Set-HostedContentFilterPolicy -{ - [CmdletBinding()] - param( + [System.Boolean] + $RemoveOMEv2, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object[]] + $ExceptIfFromAddressContainsWords, [Parameter()] [System.Boolean] - $InlineSafetyTipsEnabled, + $AttachmentHasExecutableContent, [Parameter()] [System.Object] - $BulkSpamAction, + $RouteMessageOutboundConnector, [Parameter()] - [System.String] - $HighConfidencePhishQuarantineTag, + [System.Object[]] + $ExceptIfRecipientDomainIs, [Parameter()] - [System.Int32] - $EndUserSpamNotificationFrequency, + [System.Object[]] + $ExceptIfSenderDomainIs, [Parameter()] - [System.Int32] - $EndUserSpamNotificationLimit, + [System.Object] + $SenderManagementRelationship, [Parameter()] - [System.Int32] - $BulkThreshold, + [System.Object[]] + $ExceptIfBetweenMemberOf2, [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault, + [System.Object[]] + $RedirectMessageTo, [Parameter()] - [System.Object] - $TestModeBccToRecipients, + [System.Boolean] + $ApplyOME, [Parameter()] - [System.String] - $PhishQuarantineTag, + [System.Object[]] + $SenderDomainIs, [Parameter()] - [System.String] - $AddXHeaderValue, + [System.Object[]] + $SenderADAttributeContainsWords, [Parameter()] - [System.Object] - $MarkAsSpamEmbedTagsInHtml, + [System.Object[]] + $ExceptIfAnyOfCcHeaderMemberOf, [Parameter()] [System.Object] - $MarkAsSpamFramesInHtml, + $ApplyHtmlDisclaimerText, [Parameter()] - [System.Object] - $IncreaseScoreWithImageLinks, + [System.Boolean] + $ExceptIfAttachmentHasExecutableContent, [Parameter()] [System.Boolean] - $EnableLanguageBlockList, + $ExceptIfAttachmentIsUnsupported, + + [Parameter()] + [System.Boolean] + $RemoveOME, [Parameter()] [System.Object] - $PhishSpamAction, + $RejectMessageReasonText, [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromName, + [System.Object[]] + $RecipientAddressContainsWords, [Parameter()] [System.Object] - $MarkAsSpamSensitiveWordList, + $GenerateIncidentReport, [Parameter()] - [System.String] - $SpamQuarantineTag, + [System.Object[]] + $FromAddressContainsWords, [Parameter()] - [System.Object] - $MarkAsSpamNdrBackscatter, + [System.Boolean] + $RemoveRMSAttachmentEncryption, [Parameter()] - [System.Object] - $BlockedSenders, + [System.Object[]] + $RecipientAddressMatchesPatterns, [Parameter()] - [System.Object] - $LanguageBlockList, + [System.Object[]] + $ExceptIfSubjectContainsWords, [Parameter()] - [System.Object] - $HighConfidenceSpamAction, + [System.Object[]] + $ExceptIfFrom, [Parameter()] - [System.Object] - $AllowedSenderDomains, + [System.Object[]] + $AnyOfToCcHeader, [Parameter()] [System.Object] - $IncreaseScoreWithBizOrInfoUrls, + $ExceptIfSentToScope, [Parameter()] - [System.Object] - $MarkAsSpamWebBugsInHtml, + [System.Object[]] + $ExceptIfAnyOfToCcHeaderMemberOf, [Parameter()] - [System.String] - $AdminDisplayName, + [System.Boolean] + $ModerateMessageByManager, [Parameter()] [System.Object] - $IntraOrgFilterState, + $AdComparisonOperator, [Parameter()] [System.Object] - $RegionBlockList, + $MessageSizeOver, [Parameter()] - [System.Object] - $MarkAsSpamFromAddressAuthFail, + [System.Object[]] + $BetweenMemberOf2, [Parameter()] - [System.Object] - $MarkAsSpamEmptyMessages, + [System.Object[]] + $SubjectMatchesPatterns, + + [Parameter()] + [System.Boolean] + $AttachmentProcessingLimitExceeded, + + [Parameter()] + [System.Object[]] + $ExceptIfSubjectMatchesPatterns, [Parameter()] [System.String] - $BulkQuarantineTag, + $Name, [Parameter()] - [System.Object] - $MarkAsSpamFormTagsInHtml, + [System.Object[]] + $ExceptIfRecipientAddressContainsWords, [Parameter()] [System.Object] - $MarkAsSpamObjectTagsInHtml, + $HeaderMatchesMessageHeader, [Parameter()] - [System.Object] - $EndUserSpamNotificationLanguage, + [System.Object[]] + $AnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.Object[]] + $HeaderContainsWords, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, [Parameter()] [System.Object] - $IncreaseScoreWithRedirectToOtherPort, + $ExceptIfAdComparisonAttribute, [Parameter()] - [System.Int32] - $QuarantineRetentionPeriod, + [System.Object[]] + $ExceptIfSentTo, [Parameter()] [System.Object] - $HighConfidencePhishAction, + $ExceptIfAdComparisonOperator, [Parameter()] [System.Object] - $RedirectToRecipients, + $Identity, [Parameter()] - [System.Boolean] - $SpamZapEnabled, + [System.Object[]] + $ExceptIfAnyOfToHeaderMemberOf, [Parameter()] [System.Object] - $TestModeAction, + $Mode, [Parameter()] - [System.Boolean] - $EnableRegionBlockList, + [System.Object[]] + $RecipientInSenderList, [Parameter()] - [System.String] - $EndUserSpamNotificationCustomSubject, + [System.Object[]] + $SubjectOrBodyMatchesPatterns, [Parameter()] - [System.Object] - $MarkAsSpamSpfRecordHardFail, + [System.Object[]] + $ExceptIfAttachmentExtensionMatchesWords, [Parameter()] - [System.Object] - $EndUserSpamNotificationCustomFromAddress, + [System.Object[]] + $ExceptIfSubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientAddressMatchesPatterns, [Parameter()] [System.Boolean] - $DownloadLink, + $ExceptIfHasNoClassification, [Parameter()] [System.Object] - $SpamAction, + $ExceptIfSenderIpRanges, [Parameter()] - [System.String] - $ModifySubjectValue, + [System.Object[]] + $ExceptIfRecipientADAttributeMatchesPatterns, [Parameter()] - [System.Object] - $IncreaseScoreWithNumericIps, + [System.Object[]] + $RecipientADAttributeContainsWords, [Parameter()] - [System.Object] - $AllowedSenders, + [System.Boolean] + $AttachmentIsUnsupported, [Parameter()] [System.Object] - $MarkAsSpamJavaScriptInHtml, + $ExpiryDate, [Parameter()] - [System.Object] - $MarkAsSpamBulkMail, + [System.Object[]] + $AttachmentExtensionMatchesWords, [Parameter()] - [System.Object] - $BlockedSenderDomains, + [System.Object[]] + $ExceptIfSubjectOrBodyContainsWords, [Parameter()] [System.Object] - $Identity, + $LogEventText, [Parameter()] - [System.Boolean] - $PhishZapEnabled, + [System.Object[]] + $ExceptIfManagerAddresses, [Parameter()] - [System.Boolean] - $EnableEndUserSpamNotifications, + [System.Object[]] + $SenderInRecipientList, [Parameter()] - [System.String] - $HighConfidenceSpamQuarantineTag - ) -} -function Set-HostedContentFilterRule -{ - [CmdletBinding()] - param( + [System.Object[]] + $ExceptIfAnyOfToCcHeader, + [Parameter()] - [System.Int32] - $Priority, + [System.Object[]] + $AttachmentMatchesPatterns, [Parameter()] [System.String] - $Name, + $DlpPolicy, [Parameter()] [System.Object[]] - $SentToMemberOf, + $ManagerAddresses, [Parameter()] [System.Object] - $HostedContentFilterPolicy, + $SenderAddressLocation, [Parameter()] [System.Object[]] - $SentTo, + $CopyTo, + + [Parameter()] + [System.Object[]] + $SubjectOrBodyContainsWords, [Parameter()] [System.String] - $Comments, + $ApplyClassification, [Parameter()] [System.Object[]] - $RecipientDomainIs, + $RecipientADAttributeMatchesPatterns, [Parameter()] [System.Object] - $Identity, + $SetHeaderValue, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.Boolean] + $AttachmentIsPasswordProtected, [Parameter()] [System.Object[]] - $ExceptIfSentTo, + $BetweenMemberOf1, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $ExceptIfMessageSizeOver, [Parameter()] [System.Object[]] - $ExceptIfSentToMemberOf - ) -} -function Set-HostedOutboundSpamFilterPolicy -{ - [CmdletBinding()] - param( + $AnyOfCcHeader, + [Parameter()] - [System.String] - $AdminDisplayName, + [System.Boolean] + $ExceptIfAttachmentProcessingLimitExceeded, + + [Parameter()] + [System.Object[]] + $FromAddressMatchesPatterns, [Parameter()] [System.Object] - $BccSuspiciousOutboundAdditionalRecipients, + $ExceptIfHeaderMatchesMessageHeader, [Parameter()] [System.Object] - $NotifyOutboundSpamRecipients, + $SmtpRejectMessageRejectText, [Parameter()] - [System.UInt32] - $RecipientLimitPerDay, + [System.Object[]] + $ExceptIfAttachmentContainsWords, [Parameter()] - [System.Object] - $ActionWhenThresholdReached, + [System.Object[]] + $AnyOfToHeader, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $ExceptIfHasSenderOverride, [Parameter()] [System.Object] - $Identity, + $SCLOver, [Parameter()] - [System.UInt32] - $RecipientLimitExternalPerHour, + [System.Object] + $PrependSubject, [Parameter()] [System.Object] - $AutoForwardingMode, + $ApplyRightsProtectionTemplate, [Parameter()] - [System.Boolean] - $NotifyOutboundSpam, + [System.Object] + $MessageTypeMatches, [Parameter()] - [System.UInt32] - $RecipientLimitInternalPerHour, + [System.Object[]] + $ExceptIfAttachmentPropertyContainsWords, [Parameter()] [System.Boolean] - $BccSuspiciousOutboundMail + $StopRuleProcessing, + + [Parameter()] + [System.Object] + $ExceptIfHeaderContainsMessageHeader ) } -function Set-HostedOutboundSpamFilterRule +function Set-UnifiedGroup { [CmdletBinding()] param( [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $ExceptIfFromMemberOf, + [System.Object] + $EmailAddresses, [Parameter()] - [System.Object[]] - $ExceptIfFrom, + [System.Object] + $AcceptMessagesOnlyFromSendersOrMembers, [Parameter()] - [System.Object[]] - $ExceptIfSenderDomainIs, + [System.String] + $CustomAttribute12, [Parameter()] [System.String] - $Comments, + $CustomAttribute10, [Parameter()] - [System.Object[]] - $FromMemberOf, + [System.Globalization.CultureInfo] + $Language, [Parameter()] [System.Object] - $Identity, - - [Parameter()] - [System.Object[]] - $SenderDomainIs, + $IsMemberAllowedToEditContent, [Parameter()] - [System.Object] - $HostedOutboundSpamFilterPolicy, + [System.String] + $CustomAttribute8, [Parameter()] - [System.Object[]] - $From, + [System.String] + $CustomAttribute5, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} -function Set-InboundConnector -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Boolean] - $RestrictDomainsToIPAddresses, + [System.Management.Automation.SwitchParameter] + $UnifiedGroupWelcomeMessageEnabled, [Parameter()] - [System.Boolean] - $CloudServicesMailEnabled, + [System.String] + $MailTip, [Parameter()] [System.Object] - $Identity, + $ModeratedBy, [Parameter()] - [System.Boolean] - $Enabled, + [System.Object] + $PrimarySmtpAddress, [Parameter()] [System.String] - $Name, - - [Parameter()] - [System.Object] - $EFSkipMailGateway, + $Classification, [Parameter()] - [System.Boolean] - $EFTestMode, + [System.Management.Automation.SwitchParameter] + $AutoSubscribeNewMembers, [Parameter()] [System.Object] - $TrustedOrganizations, + $AuditLogAgeLimit, [Parameter()] - [System.Object] - $TlsSenderCertificateName, + [System.Management.Automation.SwitchParameter] + $HiddenFromExchangeClientsEnabled, [Parameter()] [System.Object] - $ScanAndDropRecipients, + $MaxReceiveSize, [Parameter()] [System.Object] - $AssociatedAcceptedDomains, + $ExtensionCustomAttribute5, [Parameter()] [System.String] - $Comment, - - [Parameter()] - [System.Boolean] - $RequireTls, + $CustomAttribute15, [Parameter()] [System.Object] - $SenderDomains, + $RejectMessagesFromSendersOrMembers, [Parameter()] - [System.Object] - $SenderIPAddresses, + [System.String] + $Alias, [Parameter()] - [System.Boolean] - $EFSkipLastIP, + [System.String] + $DisplayName, [Parameter()] - [System.Object] - $EFUsers, + [System.String] + $CustomAttribute1, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $ConnectorType, + $SubscriptionEnabled, [Parameter()] - [System.Boolean] - $RestrictDomainsToCertificate, + [System.Management.Automation.SwitchParameter] + $ForceUpgrade, [Parameter()] [System.Object] - $EFSkipIPs, + $AccessType, [Parameter()] - [System.Boolean] - $TreatMessagesAsInternal, + [System.String] + $MailboxRegion, [Parameter()] [System.Object] - $ConnectorSource - ) -} -function Set-IntraOrganizationConnector -{ - [CmdletBinding()] - param( + $GrantSendOnBehalfTo, + [Parameter()] [System.Object] - $TargetAddressDomains, + $ExtensionCustomAttribute1, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Notes, [Parameter()] - [System.Object] - $Identity, + [System.String] + $CustomAttribute14, [Parameter()] - [System.Uri] - $DiscoveryEndpoint, + [System.Boolean] + $RequireSenderAuthenticationEnabled, [Parameter()] - [System.Uri] - $TargetSharingEpr, + [System.String] + $CustomAttribute9, [Parameter()] - [System.Boolean] - $Enabled - ) -} -function Set-IRMConfiguration -{ - [CmdletBinding()] - param( + [System.String] + $CustomAttribute6, + [Parameter()] [System.Object] - $Identity, + $DataEncryptionPolicy, [Parameter()] [System.Object] - $TransportDecryptionSetting, + $ExtensionCustomAttribute4, [Parameter()] - [System.Uri] - $RMSOnlineKeySharingLocation, + [System.Object] + $SensitivityLabelId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, + $AlwaysSubscribeMembersToCalendarEvents, [Parameter()] - [System.Boolean] - $AzureRMSLicensingEnabled, + [System.Object] + $ExtensionCustomAttribute2, [Parameter()] - [System.Boolean] - $EnablePortalTrackingLogs, + [System.String] + $CustomAttribute13, [Parameter()] - [System.Boolean] - $DecryptAttachmentForEncryptOnly, + [System.String] + $CustomAttribute2, [Parameter()] - [System.Boolean] - $RejectIfRecipientHasNoRights, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $SimplifiedClientAccessEncryptOnlyDisabled, + [System.Management.Automation.SwitchParameter] + $CalendarMemberReadOnly, [Parameter()] - [System.Boolean] - $InternalLicensingEnabled, + [System.Object] + $InformationBarrierMode, [Parameter()] - [System.Boolean] - $EDiscoverySuperUserEnabled, + [System.Object] + $MaxSendSize, [Parameter()] - [System.Boolean] - $JournalReportDecryptionEnabled, + [System.Object] + $MailTipTranslations, [Parameter()] - [System.Boolean] - $EnablePdfEncryption, + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute3, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ConnectorsEnabled, [Parameter()] [System.Boolean] - $AutomaticServiceUpdateEnabled, + $ModerationEnabled, [Parameter()] - [System.Boolean] - $SimplifiedClientAccessDoNotForwardDisabled, + [System.String] + $CustomAttribute3, [Parameter()] - [System.Boolean] - $SearchEnabled, + [System.String] + $CustomAttribute11, [Parameter()] [System.Object] - $LicensingLocation, + $Identity, [Parameter()] [System.Boolean] - $SimplifiedClientAccessEnabled + $HiddenFromAddressListsEnabled ) } -function Set-JournalRule + +function Set-UnifiedAuditLogRetentionPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $Name, + $Identity, [Parameter()] - [System.Object] - $Scope, + [System.UInt32] + $Priority, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $RetentionDuration, [Parameter()] - [System.Object] - $JournalEmailAddress, + [System.String] + $Description, [Parameter()] - [System.Object] - $Identity, + [System.String[]] + $Operations, [Parameter()] - [System.Object] - $Recipient + [System.String[]] + $RecordTypes, + + [Parameter()] + [System.String[]] + $UserIds ) } -function Set-Mailbox + +function Set-User { [CmdletBinding()] param( [Parameter()] - [System.Object] - $EmailAddresses, + [System.String] + $MailboxRegion, [Parameter()] - [System.Object] - $RejectMessagesFromDLMembers, + [System.Boolean] + $IsShadowMailbox, [Parameter()] - [System.Object] - $AuditOwner, + [System.String] + $Phone, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [System.Object] - $AcceptMessagesOnlyFromSendersOrMembers, + $Identity, + + [Parameter()] + [System.String] + $Office, [Parameter()] [System.Object] - $Type, + $CountryOrRegion, [Parameter()] [System.Object] - $UserCertificate, + $AuthenticationPolicy, [Parameter()] - [System.String] - $CustomAttribute10, + [System.Object] + $OtherTelephone, [Parameter()] - [System.Boolean] - $DeliverToMailboxAndForward, + [System.String] + $Pager, [Parameter()] [System.String] - $RetentionUrl, + $Name, [Parameter()] - [System.Object] - $ExtensionCustomAttribute5, + [System.String] + $PhoneticDisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $RecalculateInactiveMailbox, + $ClearDataEncryptionPolicy, [Parameter()] [System.String] - $CustomAttribute8, + $Fax, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, [Parameter()] [System.Object] - $ProhibitSendReceiveQuota, + $ManagedOnboardingType, [Parameter()] - [System.String] - $CustomAttribute5, + [System.Management.Automation.SwitchParameter] + $RemoveMailboxProvisioningConstraint, [Parameter()] - [System.Security.SecureString] - $RoomMailboxPassword, + [System.Boolean] + $ResetPasswordOnNextLogon, [Parameter()] [System.Boolean] - $CalendarVersionStoreDisabled, + $BlockCloudCache, [Parameter()] [System.Object] - $UseDatabaseQuotaDefaults, + $SeniorityIndex, [Parameter()] - [System.Boolean] - $ElcProcessingDisabled, + [System.String] + $City, [Parameter()] - [System.String[]] - $ExcludeFromOrgHolds, + [System.Boolean] + $VIP, [Parameter()] [System.String] - $MailboxRegion, + $Title, [Parameter()] [System.String] - $MailTip, + $MobilePhone, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GroupMailbox, + [System.String] + $AssistantName, [Parameter()] - [System.Object] - $ResourceCapacity, + [System.String] + $Company, [Parameter()] - [System.Object] - $GrantSendOnBehalfTo, + [System.String] + $StateOrProvince, [Parameter()] - [System.Object] - $UserSMimeCertificate, + [System.String] + $Initials, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFrom, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RemoveDisabledArchive, + [System.String] + $WebPage, [Parameter()] - [System.Object] - $Languages, + [System.String] + $Notes, [Parameter()] - [System.Object] - $JournalArchiveAddress, + [System.String] + $LastName, [Parameter()] - [System.Object] - $LitigationHoldDuration, + [System.Management.Automation.SwitchParameter] + $PermanentlyClearPreviousMailboxInfo, [Parameter()] [System.Object] - $ModeratedBy, + $Manager, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProvisionedForOfficeGraph, + [System.Object] + $StsRefreshTokensValidFrom, [Parameter()] - [System.Management.Automation.SwitchParameter] - $InactiveMailbox, + [System.Object] + $OtherFax, [Parameter()] [System.String] - $RetentionComment, + $SimpleDisplayName, [Parameter()] [System.Object] - $MaxReceiveSize, + $MailboxRegionSuffix, [Parameter()] - [System.Boolean] - $MessageCopyForSendOnBehalfEnabled, + [System.String] + $HomePhone, [Parameter()] [System.String] - $CustomAttribute15, + $Department, [Parameter()] - [System.Boolean] - $LitigationHoldEnabled, + [System.String] + $FirstName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UpdateEnforcedTimestamp, + [System.Object] + $PostOfficeBox, [Parameter()] - [System.String] - $ImmutableId, + [System.Management.Automation.SwitchParameter] + $PublicFolder, [Parameter()] [System.Object] $WindowsEmailAddress, [Parameter()] - [System.Boolean] - $UseDatabaseRetentionDefaults, + [System.String] + $StreetAddress, [Parameter()] [System.Boolean] - $SchedulerAssistant, - - [Parameter()] - [System.String[]] - $RemoveOrphanedHolds, - - [Parameter()] - [System.Object] - $RulesQuota, - - [Parameter()] - [System.String] - $Alias, + $RemotePowerShellEnabled, [Parameter()] [System.String] - $EnforcedTimestamps, + $PostalCode, [Parameter()] [System.Object] - $RejectMessagesFromSendersOrMembers, + $GeoCoordinates, [Parameter()] - [System.String] - $DisplayName, + [System.Object] + $OtherHomePhone, [Parameter()] [System.Object] - $ResourceCustom, + $DesiredWorkloads, [Parameter()] [System.Boolean] - $MessageCopyForSMTPClientSubmissionEnabled, - + $CanHaveCloudCache + ) +} +function Update-RoleGroupMember +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $BypassModerationFromSendersOrMembers, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $DefaultAuditSet, + $Identity, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFromDLMembers, + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck, [Parameter()] - [System.String] - $CustomAttribute1, + [System.Object] + $Members + ) +} +#endregion +#region Microsoft.Graph.Applications +function Get-MgApplication +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $EmailAddressDisplayNames, + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $CalendarRepairDisabled, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $RemoveMailboxProvisioningConstraint, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $NonCompliantDevices, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $ModerationEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $LitigationHoldOwner, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $ProhibitSendQuota, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $AccountDisabled, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ClearThrottlingPolicyAssignment, + [System.String] + $ApplicationId, [Parameter()] - [System.Object] - $AuditDelegate, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $CustomAttribute14, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $SingleItemRecoveryEnabled, + [System.String] + $ConsistencyLevel, [Parameter()] - [System.Boolean] - $RequireSenderAuthenticationEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $CustomAttribute9, + $Filter, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $CustomAttribute6, + $Search, [Parameter()] - [System.Object] - $DataEncryptionPolicy, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $ExtensionCustomAttribute4, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $LitigationHoldDate, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgApplicationOwner +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $EnableRoomMailboxAccount, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $HiddenFromAddressListsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $RetainDeletedItemsFor, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $MicrosoftOnlineServicesID, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RemoveDelayReleaseHoldApplied, + [System.String] + $CountVariable, + + [Parameter()] + [System.String] + $ApplicationId, [Parameter()] - [System.Object] - $AuditAdmin, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ExtensionCustomAttribute2, + [System.String[]] + $Sort, [Parameter()] - [System.Object] - $DefaultPublicFolderMailbox, + [System.String] + $ConsistencyLevel, [Parameter()] - [System.Boolean] - $RetentionHoldEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $CustomAttribute13, + $Filter, [Parameter()] - [System.Object] - $RetentionPolicy, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $CustomAttribute2, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $RemoveDelayHoldApplied, + $Break, [Parameter()] - [System.Object] - $ExternalOofOptions, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $AuditLogAgeLimit, - + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgServicePrincipal +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $StartDateForRetentionHold, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $SendModerationNotifications, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $EndDateForRetentionHold, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $RoleAssignmentPolicy, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $IsExcludedFromServingHierarchy, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $Office, + $ServicePrincipalId, [Parameter()] - [System.Object] - $MaxSendSize, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ApplyMandatoryProperties, + [System.Int32] + $Top, [Parameter()] - [System.Object] - $RejectMessagesFrom, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $RecipientLimits, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $AddressBookPolicy, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $MessageCopyForSentAsEnabled, + [System.String] + $ConsistencyLevel, [Parameter()] [System.Management.Automation.SwitchParameter] - $PublicFolder, + $All, [Parameter()] - [System.Object] - $MailTipTranslations, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $CustomAttribute7, + $Search, [Parameter()] - [System.Object] - $SharingPolicy, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CustomAttribute4, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $ExtensionCustomAttribute1, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgServicePrincipalAppRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ExcludeFromAllOrgHolds, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $ArchiveName, + [System.String] + $AppRoleAssignmentId, [Parameter()] - [System.Boolean] - $AuditEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Security.SecureString] - $Password, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.String] + $ServicePrincipalId, [Parameter()] - [System.Object] - $IssueWarningQuota, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $StsRefreshTokensValidFrom, + [System.Int32] + $Top, [Parameter()] [System.String] - $Name, + $CountVariable, [Parameter()] - [System.Object] - $ExtensionCustomAttribute3, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ForwardingAddress, + [System.String[]] + $Sort, [Parameter()] [System.String] - $CustomAttribute12, + $ConsistencyLevel, [Parameter()] - [System.String] - $CustomAttribute3, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $CustomAttribute11, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $SimpleDisplayName, + $Search, [Parameter()] - [System.Object] - $ForwardingSmtpAddress, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $MessageTrackingReadStatusEnabled + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Set-MailboxAutoReplyConfiguration +function New-MgApplication { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity, + [PSObject] + $OptionalClaims, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HomeRealmDiscoveryPolicies, [Parameter()] - [System.String] - $InternalMessage, + [PSObject] + $Spa, [Parameter()] - [System.String] - $DeclineMeetingMessage, + [PSObject] + $Synchronization, [Parameter()] - [System.Object] - $ExternalAudience, + [System.String] + $DefaultRedirectUri, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDefaultScope, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Boolean] - $DeclineEventsForScheduledOOF, + [System.String] + $ApplicationTemplateId, [Parameter()] - [System.Boolean] - $AutoDeclineFutureRequestsWhenOOF, + [System.String] + $SignInAudience, [Parameter()] - [System.Object] - $AutoReplyState, + [PSObject] + $VerifiedPublisher, [Parameter()] [System.String[]] - $EventsToDeleteIDs, + $IdentifierUris, [Parameter()] - [System.DateTime] - $StartTime, + [System.Management.Automation.SwitchParameter] + $IsDeviceOnlyAuthSupported, [Parameter()] - [System.Boolean] - $CreateOOFEvent, + [System.String] + $TokenEncryptionKeyId, [Parameter()] [System.String] - $OOFEventSubject, + $Description, [Parameter()] - [System.Boolean] - $DeclineAllEventsForScheduledOOF, + [PSObject] + $TokenIssuancePolicies, [Parameter()] - [System.DateTime] - $EndTime, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $Api, [Parameter()] [System.String] - $ExternalMessage - ) -} -function Set-MailboxCalendarFolder -{ - [CmdletBinding()] - param( + $PublisherDomain, + [Parameter()] - [System.Object] - $SharedCalendarSyncStartDate, + [System.String] + $GroupMembershipClaims, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SetAsSharingSource, + [System.String] + $Id, [Parameter()] - [System.Boolean] - $SearchableUrlEnabled, + [System.String[]] + $Tags, [Parameter()] - [System.Boolean] - $PublishEnabled, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Object] - $PublishDateRangeTo, + [PSObject] + $Owners, [Parameter()] - [System.Object] - $PublishDateRangeFrom, + [PSObject] + $FederatedIdentityCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseHttps, + [PSObject] + $TokenLifetimePolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ResetUrl, + [PSObject] + $AppManagementPolicies, [Parameter()] - [System.Object] - $DetailLevel, + [System.String] + $DisabledByMicrosoftStatus, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $PasswordCredentials, + + [Parameter()] + [PSObject] + $PublicClient, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm - ) -} -function Set-MailboxPlan -{ - [CmdletBinding()] - param( + $Oauth2RequirePostResponse, + [Parameter()] - [System.Object] - $IssueWarningQuota, + [System.String] + $Notes, [Parameter()] - [System.Object] - $RoleAssignmentPolicy, + [PSObject] + $RequiredResourceAccess, [Parameter()] - [System.Object] - $RetentionPolicy, + [PSObject] + $ParentalControlSettings, [Parameter()] - [System.Object] - $MaxSendSize, + [PSObject] + $Web, [Parameter()] - [System.Object] - $ProhibitSendReceiveQuota, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $IsFallbackPublicClient, [Parameter()] - [System.Object] - $ProhibitSendQuota, + [PSObject] + $AddIns, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsDefault, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $RequestSignatureVerification, [Parameter()] - [System.Object] - $RetainDeletedItemsFor, + [System.String] + $LogoInputFile, [Parameter()] - [System.Object] - $RecipientLimits, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object] - $MaxReceiveSize, + [PSObject] + $AppRoles, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force - ) -} -function Set-MailboxRegionalConfiguration -{ - [CmdletBinding()] - param( + $Confirm, + [Parameter()] - [System.String] - $DateFormat, + [PSObject] + $ExtensionProperties, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $CreatedOnBehalfOf, [Parameter()] [System.String] - $TimeFormat, + $ServiceManagementReference, [Parameter()] - [System.Object] - $MailboxLocation, + [PSObject] + $KeyCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseCustomRouting, + [PSObject] + $Certification, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $SamlMetadataUrl, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Archive, + [PSObject] + $Info, [Parameter()] [System.Management.Automation.SwitchParameter] - $LocalizeDefaultFolderName, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $TimeZone, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $Identity, + [System.String] + $AppId, [Parameter()] - [System.Globalization.CultureInfo] - $Language + [System.Management.Automation.SwitchParameter] + $Break ) } -function Set-MailContact +function New-MgApplicationOwnerByRef { [CmdletBinding()] param( [Parameter()] - [System.Object] - $WindowsEmailAddress, - - [Parameter()] - [System.Object] - $AcceptMessagesOnlyFromDLMembers, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $CustomAttribute10, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $RequireSenderAuthenticationEnabled, + [PSObject] + $BodyParameter, [Parameter()] - [System.Boolean] - $ModerationEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ExtensionCustomAttribute4, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $MacAttachmentFormat, + [System.String] + $OdataId, [Parameter()] - [System.String] - $CustomAttribute8, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $CustomAttribute3, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object] - $RejectMessagesFrom, + [System.String] + $ApplicationId, [Parameter()] - [System.Object] - $RejectMessagesFromSendersOrMembers, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgServicePrincipal +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $ServicePrincipalNames, [Parameter()] - [System.Object] - $MailTipTranslations, + [System.String[]] + $AlternativeNames, [Parameter()] [System.String] - $CustomAttribute7, + $AppDescription, [Parameter()] - [System.Object] - $UseMapiRichTextFormat, + [PSObject] + $HomeRealmDiscoveryPolicies, [Parameter()] - [System.String] - $CustomAttribute5, + [PSObject] + $Oauth2PermissionScopes, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFromSendersOrMembers, + [PSObject] + $Synchronization, [Parameter()] - [System.Boolean] - $HiddenFromAddressListsEnabled, + [PSObject] + $AppRoleAssignments, [Parameter()] [System.String] - $CustomAttribute6, + $ApplicationTemplateId, [Parameter()] - [System.Boolean] - $UsePreferMessageFormat, + [System.String] + $SignInAudience, [Parameter()] - [System.String] - $CustomAttribute1, + [PSObject] + $VerifiedPublisher, + + [Parameter()] + [System.String[]] + $NotificationEmailAddresses, [Parameter()] - [System.Object] - $BypassModerationFromSendersOrMembers, + [PSObject] + $ClaimsMappingPolicies, [Parameter()] [System.String] - $CustomAttribute11, + $TokenEncryptionKeyId, [Parameter()] [System.String] - $CustomAttribute13, + $Description, [Parameter()] - [System.Object] - $ModeratedBy, + [PSObject] + $TokenIssuancePolicies, [Parameter()] [System.String] - $CustomAttribute14, + $PreferredTokenSigningKeyThumbprint, [Parameter()] [System.String] - $MailTip, + $AppDisplayName, [Parameter()] - [System.Object] - $MessageBodyFormat, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFrom, + [PSObject] + $AppRoleAssignedTo, [Parameter()] - [System.Object] - $ExtensionCustomAttribute3, + [System.String] + $Homepage, [Parameter()] [System.String] - $CustomAttribute15, + $ServicePrincipalType, [Parameter()] - [System.Object] - $UserSMimeCertificate, + [System.String] + $Id, [Parameter()] - [System.Object] - $ExtensionCustomAttribute1, + [PSObject] + $SamlSingleSignOnSettings, [Parameter()] - [System.Object] - $MessageFormat, + [System.String[]] + $Tags, [Parameter()] - [System.Object] - $ExtensionCustomAttribute5, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Object] - $ExternalEmailAddress, + [PSObject] + $Owners, [Parameter()] - [System.String] - $CustomAttribute4, + [PSObject] + $OwnedObjects, [Parameter()] - [System.Object] - $ExtensionCustomAttribute2, + [PSObject] + $FederatedIdentityCredentials, [Parameter()] [System.String] - $CustomAttribute9, + $LoginUrl, [Parameter()] - [System.Object] - $RejectMessagesFromDLMembers, + [PSObject] + $TokenLifetimePolicies, [Parameter()] - [System.String] - $Alias, + [PSObject] + $AppManagementPolicies, [Parameter()] - [System.String] - $SimpleDisplayName, + [PSObject] + $CreatedObjects, [Parameter()] [System.String] - $CustomAttribute2, + $DisabledByMicrosoftStatus, [Parameter()] - [System.Object] - $UserCertificate, + [PSObject] + $DelegatedPermissionClassifications, [Parameter()] - [System.Object] - $SendModerationNotifications, + [PSObject] + $PasswordCredentials, [Parameter()] - [System.String] - $Name, + [PSObject] + $MemberOf, [Parameter()] - [System.Object] - $EmailAddresses, + [System.String] + $Notes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceUpgrade, + [PSObject] + $Endpoints, [Parameter()] - [System.Object] - $GrantSendOnBehalfTo, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.String] - $CustomAttribute12 - ) -} -function Set-MalwareFilterPolicy -{ - [CmdletBinding()] - param( + $AppOwnerOrganizationId, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $CustomFromName, + [PSObject] + $TransitiveMemberOf, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $AppRoles, [Parameter()] - [System.String] - $AdminDisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CustomExternalBody, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $QuarantineTag, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $CustomNotifications, + [System.String[]] + $ReplyUrls, [Parameter()] - [System.Boolean] - $EnableExternalSenderAdminNotifications, + [System.String] + $DisplayName, [Parameter()] - [System.Object] - $InternalSenderAdminAddress, + [System.Management.Automation.SwitchParameter] + $AppRoleAssignmentRequired, [Parameter()] - [System.String[]] - $FileTypes, + [PSObject] + $KeyCredentials, [Parameter()] - [System.Boolean] - $EnableInternalSenderAdminNotifications, + [PSObject] + $Oauth2PermissionGrants, [Parameter()] - [System.Object] - $CustomFromAddress, + [PSObject] + $ResourceSpecificApplicationPermissions, [Parameter()] - [System.Boolean] - $IsPolicyOverrideApplied, + [PSObject] + $AddIns, [Parameter()] - [System.Boolean] - $ZapEnabled, + [PSObject] + $Info, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $AccountEnabled, [Parameter()] - [System.Object] - $ExternalSenderAdminAddress, + [System.String] + $PreferredSingleSignOnMode, [Parameter()] - [System.String] - $CustomExternalSubject, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $FileTypeAction, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $CustomInternalSubject, + $AppId, [Parameter()] [System.String] - $CustomInternalBody, + $LogoutUrl, [Parameter()] - [System.Boolean] - $EnableFileFilter + [System.Management.Automation.SwitchParameter] + $Break ) } -function Set-MalwareFilterRule +function Remove-MgApplication { [CmdletBinding()] param( [Parameter()] - [System.Int32] - $Priority, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Name, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $SentTo, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, + $IfMatch, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $MalwareFilterPolicy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.String] + $ApplicationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf + [PSObject] + $HttpPipelineAppend ) } -function Set-ManagementRoleAssignment +function Remove-MgApplicationOwnerDirectoryObjectByRef { [CmdletBinding()] param( [Parameter()] - [System.Object] - $RecipientGroupScope, + [System.String] + $Id, [Parameter()] - [System.Object] - $CustomRecipientWriteScope, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $RecipientAdministrativeUnitScope, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ExclusiveRecipientWriteScope, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $CustomResourceScope, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object] - $Identity, + [System.String] + $IfMatch, [Parameter()] - [System.Object] - $RecipientOrganizationalUnitScope, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $Enabled, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $RecipientRelativeWriteScope, + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.String] + $ApplicationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force + $Break ) } -function Set-MessageClassification +function Remove-MgServicePrincipal { [CmdletBinding()] param( [Parameter()] - [System.String] - $SenderDescription, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $RecipientDescription, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Name, + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $RetainClassificationEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $PermissionMenuVisible, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Guid] - $ClassificationID, + [System.String] + $ServicePrincipalId, [Parameter()] - [System.Object] - $DisplayPrecedence + [System.Management.Automation.SwitchParameter] + $Break ) } -function Set-MobileDeviceMailboxPolicy +function Update-MgApplication { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $AllowMicrosoftPushNotifications, + [PSObject] + $OptionalClaims, [Parameter()] - [System.Boolean] - $AllowUnsignedApplications, + [PSObject] + $HomeRealmDiscoveryPolicies, [Parameter()] - [System.Boolean] - $AllowUnsignedInstallationPackages, + [PSObject] + $Spa, [Parameter()] - [System.Object] - $MaxPasswordFailedAttempts, + [System.String[]] + $Tags, [Parameter()] - [System.Boolean] - $AllowExternalDeviceManagement, + [System.String] + $DefaultRedirectUri, [Parameter()] - [System.Boolean] - $AllowIrDA, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Boolean] - $AllowStorageCard, + [System.String] + $ApplicationTemplateId, [Parameter()] - [System.Int32] - $PasswordHistory, + [System.String] + $SignInAudience, [Parameter()] - [System.Boolean] - $AllowNonProvisionableDevices, + [PSObject] + $VerifiedPublisher, [Parameter()] - [System.Object] - $UnapprovedInROMApplicationList, + [System.String[]] + $IdentifierUris, [Parameter()] - [System.Boolean] - $RequireEncryptedSMIMEMessages, + [System.Management.Automation.SwitchParameter] + $IsDeviceOnlyAuthSupported, [Parameter()] - [System.Boolean] - $RequireDeviceEncryption, + [System.String] + $TokenEncryptionKeyId, [Parameter()] - [System.Boolean] - $AllowInternetSharing, + [System.String] + $Description, [Parameter()] - [System.Boolean] - $PasswordEnabled, + [PSObject] + $TokenIssuancePolicies, [Parameter()] - [System.Object] - $RequireSignedSMIMEAlgorithm, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $MaxEmailHTMLBodyTruncationSize, + [PSObject] + $Api, [Parameter()] - [System.Int32] - $MinPasswordComplexCharacters, + [System.String] + $PublisherDomain, [Parameter()] - [System.Boolean] - $UNCAccessEnabled, + [System.String] + $GroupMembershipClaims, [Parameter()] - [System.Boolean] - $AllowCamera, + [System.String] + $SamlMetadataUrl, [Parameter()] - [System.Boolean] - $IrmEnabled, + [System.String] + $Id, [Parameter()] - [System.Object] - $PasswordExpiration, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $AllowBrowser, + [PSObject] + $Owners, [Parameter()] - [System.Object] - $MaxEmailAgeFilter, + [PSObject] + $FederatedIdentityCredentials, [Parameter()] - [System.Boolean] - $RequireManualSyncWhenRoaming, + [PSObject] + $TokenLifetimePolicies, [Parameter()] - [System.Boolean] - $AlphanumericPasswordRequired, + [PSObject] + $AppManagementPolicies, [Parameter()] - [System.Object] - $AllowSMIMEEncryptionAlgorithmNegotiation, + [System.String] + $DisabledByMicrosoftStatus, [Parameter()] - [System.Boolean] - $DeviceEncryptionEnabled, + [PSObject] + $PasswordCredentials, [Parameter()] - [System.Object] - $MaxEmailBodyTruncationSize, + [PSObject] + $PublicClient, [Parameter()] - [System.Object] - $AllowBluetooth, + [System.Management.Automation.SwitchParameter] + $Oauth2RequirePostResponse, [Parameter()] - [System.Object] - $RequireEncryptionSMIMEAlgorithm, + [System.String] + $Notes, [Parameter()] - [System.Object] - $DevicePolicyRefreshInterval, + [PSObject] + $RequiredResourceAccess, [Parameter()] - [System.Boolean] - $AllowGooglePushNotifications, + [PSObject] + $ParentalControlSettings, [Parameter()] - [System.Boolean] - $AllowMobileOTAUpdate, + [PSObject] + $Web, [Parameter()] [System.String] - $Name, + $DisplayName, [Parameter()] - [System.Object] - $MaxAttachmentSize, + [System.Management.Automation.SwitchParameter] + $IsFallbackPublicClient, [Parameter()] - [System.Boolean] - $AllowSimplePassword, + [PSObject] + $Synchronization, [Parameter()] - [System.Boolean] - $AllowConsumerEmail, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.Boolean] - $AllowDesktopSync, + [PSObject] + $RequestSignatureVerification, [Parameter()] - [System.Boolean] - $PasswordRecoveryEnabled, + [System.String] + $LogoInputFile, [Parameter()] - [System.Boolean] - $RequireStorageCardEncryption, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $ApplicationId, [Parameter()] - [System.Boolean] - $AllowSMIMESoftCerts, + [PSObject] + $AppRoles, [Parameter()] - [System.Boolean] - $AllowRemoteDesktop, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $AttachmentsEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $MaxCalendarAgeFilter, + [PSObject] + $ExtensionProperties, [Parameter()] - [System.Boolean] - $AllowWiFi, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $AllowApplePushNotifications, + [PSObject] + $CreatedOnBehalfOf, [Parameter()] - [System.Boolean] - $AllowPOPIMAPEmail, + [System.String] + $ServiceManagementReference, [Parameter()] - [System.Boolean] - $IsDefault, + [PSObject] + $KeyCredentials, [Parameter()] - [System.Object] - $MaxInactivityTimeLock, + [PSObject] + $Certification, [Parameter()] - [System.Object] - $ApprovedApplicationList, + [PSObject] + $AddIns, [Parameter()] - [System.Boolean] - $AllowTextMessaging, + [PSObject] + $Info, [Parameter()] - [System.Boolean] - $WSSAccessEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $RequireSignedSMIMEMessages, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $MinPasswordLength, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $AllowHTMLEmail, + [System.String] + $AppId, [Parameter()] - [System.Object] - $Identity + [System.Management.Automation.SwitchParameter] + $Break ) } -function Set-OfflineAddressBook +function Update-MgServicePrincipal { [CmdletBinding()] param( [Parameter()] - [System.String] - $Name, + [System.String[]] + $ServicePrincipalNames, [Parameter()] - [System.Object] - $Versions, + [System.String[]] + $AlternativeNames, [Parameter()] - [System.Object] - $Schedule, + [PSObject] + $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ApplyMandatoryProperties, + [System.String] + $AppDescription, [Parameter()] - [System.Boolean] - $ZipOabFilesBeforeUploading, + [PSObject] + $HomeRealmDiscoveryPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UpgradeFromE14, + [PSObject] + $Oauth2PermissionScopes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Synchronization, [Parameter()] - [System.Int32] - $FullOabDownloadPreventionThreshold, + [PSObject] + $AppRoleAssignments, [Parameter()] - [System.Object] - $Identity, + [System.String] + $ServicePrincipalId, [Parameter()] - [System.Object] - $DiffRetentionPeriod, + [System.String] + $ApplicationTemplateId, [Parameter()] - [System.Object[]] - $AddressLists, + [System.String] + $SignInAudience, [Parameter()] - [System.Object] - $ConfiguredAttributes, + [PSObject] + $VerifiedPublisher, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UseDefaultAttributes, + [System.String[]] + $NotificationEmailAddresses, [Parameter()] - [System.Boolean] - $IsDefault - ) -} -function Set-OMEConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Double] - $ExternalMailExpiryInDays, + [PSObject] + $ClaimsMappingPolicies, [Parameter()] [System.String] - $ReadButtonText, + $TokenEncryptionKeyId, [Parameter()] [System.String] - $PortalText, + $Description, [Parameter()] - [System.Byte[]] - $Image, + [PSObject] + $TokenIssuancePolicies, [Parameter()] [System.String] - $IntroductionText, + $PreferredTokenSigningKeyThumbprint, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AppDisplayName, [Parameter()] - [System.String] - $BackgroundColor, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $DisclaimerText, + [PSObject] + $AppRoleAssignedTo, [Parameter()] [System.String] - $PrivacyStatementUrl, + $Homepage, [Parameter()] - [System.Boolean] - $SocialIdSignIn, + [System.String] + $ServicePrincipalType, [Parameter()] [System.String] - $EmailText, + $Id, [Parameter()] - [System.Boolean] - $OTPEnabled, + [PSObject] + $SamlSingleSignOnSettings, [Parameter()] - [System.Object] - $Identity - ) -} -function Set-OnPremisesOrganization -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $InboundConnector, + [System.String[]] + $Tags, [Parameter()] - [System.Object] - $OutboundConnector, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.String] - $OrganizationName, + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $OwnedObjects, [Parameter()] - [System.String] - $Comment, + [PSObject] + $FederatedIdentityCredentials, [Parameter()] - [System.Object] - $Identity, + [System.String] + $LoginUrl, [Parameter()] - [System.Object] - $OrganizationRelationship, + [PSObject] + $TokenLifetimePolicies, [Parameter()] - [System.Object] - $HybridDomains - ) -} -function Set-Organization -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [PSObject] + $AppManagementPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $CreatedObjects, [Parameter()] - [System.Boolean] - $UnifiedAuditLogIngestionEnabled - ) -} -function Set-OrganizationConfig -{ - [CmdletBinding()] - param( + [System.String] + $DisabledByMicrosoftStatus, + [Parameter()] - [System.Boolean] - $FindTimeLockPollForAttendeesEnabled, + [PSObject] + $DelegatedPermissionClassifications, [Parameter()] - [System.Boolean] - $ConnectorsEnabledForYammer, + [PSObject] + $PasswordCredentials, [Parameter()] - [System.Boolean] - $PublicFolderShowClientControl, + [PSObject] + $MemberOf, [Parameter()] - [System.Boolean] - $MailTipsGroupMetricsEnabled, + [System.String] + $Notes, [Parameter()] - [System.Object] - $PublicFoldersEnabled, + [PSObject] + $Endpoints, [Parameter()] - [System.Boolean] - $ReadTrackingEnabled, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.Boolean] - $ExchangeNotificationEnabled, + [System.String] + $AppOwnerOrganizationId, [Parameter()] - [System.Boolean] - $BookingsNamingPolicyPrefixEnabled, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Boolean] - $MailTipsExternalRecipientsTipsEnabled, + [PSObject] + $TransitiveMemberOf, [Parameter()] - [System.Object] - $FocusedInboxOn, + [PSObject] + $AppRoles, [Parameter()] - [System.Object] - $EwsApplicationAccessPolicy, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $OAuth2ClientProfileEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $MobileAppEducationEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $EnableOutlookEvents, + [System.String[]] + $ReplyUrls, [Parameter()] - [System.Boolean] - $BookingsExposureOfStaffDetailsRestricted, + [System.Management.Automation.SwitchParameter] + $AppRoleAssignmentRequired, [Parameter()] - [System.Boolean] - $ElcProcessingDisabled, + [PSObject] + $KeyCredentials, [Parameter()] - [System.Boolean] - $UnblockUnsafeSenderPromptEnabled, + [PSObject] + $Oauth2PermissionGrants, [Parameter()] - [System.Boolean] - $AutoEnableArchiveMailbox, + [PSObject] + $ResourceSpecificApplicationPermissions, [Parameter()] - [System.Boolean] - $HybridRSVPEnabled, + [PSObject] + $AddIns, [Parameter()] - [System.Boolean] - $RefreshSessionEnabled, + [PSObject] + $Info, [Parameter()] - [System.Boolean] - $SmtpActionableMessagesEnabled, + [System.Management.Automation.SwitchParameter] + $AccountEnabled, [Parameter()] - [System.Boolean] - $ConnectorsEnabledForTeams, + [System.String] + $PreferredSingleSignOnMode, [Parameter()] - [System.Boolean] - $ComplianceMLBgdCrawlEnabled, + [PSObject] + $Owners, [Parameter()] - [System.Boolean] - $MailTipsAllTipsEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $PostponeRoamingSignaturesUntilLater, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $RemotePublicFolderMailboxes, + [System.String] + $AppId, [Parameter()] - [System.Boolean] - $BlockMoveMessagesForGroupFolders, + [System.String] + $LogoutUrl, [Parameter()] - [System.Int32] - $DefaultMinutesToReduceShortEventsBy, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +#endregion +#region Microsoft.Graph.Authentication +function Connect-MgGraph +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $TenantId, [Parameter()] - [System.Object] - $EwsAllowEntourage, + [System.Security.Cryptography.X509Certificates.X509Certificate2] + $Certificate, [Parameter()] - [System.Boolean] - $OutlookGifPickerDisabled, + [System.String[]] + $Scopes, [Parameter()] - [System.Object] - $OnlineMeetingsByDefaultEnabled, + [System.String] + $ClientId, [Parameter()] - [System.Boolean] - $ConnectorsEnabledForOutlook, + [System.Security.SecureString] + $AccessToken, [Parameter()] - [System.Object] - $DefaultPublicFolderProhibitPostQuota, + [System.Management.Automation.SwitchParameter] + $EnvironmentVariable, [Parameter()] - [System.Object] - $ExchangeNotificationRecipients, + [System.String] + $CertificateSubjectName, [Parameter()] - [System.Boolean] - $MessageRemindersEnabled, + [System.Management.Automation.PSCredential] + $ClientSecretCredential, [Parameter()] - [System.Boolean] - $DirectReportsGroupAutoCreationEnabled, + [System.Management.Automation.SwitchParameter] + $Identity, [Parameter()] - [System.Boolean] - $AuditDisabled, + [System.Management.Automation.SwitchParameter] + $UseDeviceCode, [Parameter()] - [System.Boolean] - $BookingsAuthEnabled, + [System.Double] + $ClientTimeout, [Parameter()] - [System.Boolean] - $OutlookMobileGCCRestrictionsEnabled, + [System.String] + $CertificateThumbprint, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Boolean] - $BookingsCreationOfCustomQuestionsRestricted, + [System.String] + $Environment, [Parameter()] - [System.Boolean] - $BookingsSmsMicrosoftEnabled, + [PSObject] + $ContextScope + ) +} +function Get-MgContext +{ + [CmdletBinding()] + param( + ) +} +function Invoke-MgGraphRequest +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $DefaultAuthenticationPolicy, + [System.String] + $InputFilePath, [Parameter()] - [System.Boolean] - $WebPushNotificationsDisabled, + [System.String] + $StatusCodeVariable, [Parameter()] - [System.Boolean] - $ActivityBasedAuthenticationTimeoutEnabled, + [PSObject] + $OutputType, [Parameter()] - [System.Boolean] - $BookingsAddressEntryRestricted, + [System.Management.Automation.SwitchParameter] + $SkipHttpErrorCheck, [Parameter()] [System.String] - $BookingsNamingPolicyPrefix, + $UserAgent, [Parameter()] - [System.Object] - $DefaultPublicFolderDeletedItemRetention, + [System.String] + $ContentType, [Parameter()] - [System.Int32] - $PreferredInternetCodePageForShiftJis, + [System.Uri] + $Uri, [Parameter()] - [System.Object] - $ShortenEventScopeDefault, + [PSObject] + $GraphRequestSession, [Parameter()] - [System.Object] - $HierarchicalAddressBookRoot, + [System.Management.Automation.SwitchParameter] + $InferOutputFileName, [Parameter()] - [System.Boolean] - $IsAgendaMailEnabled, + [System.String] + $OutputFilePath, [Parameter()] - [System.Boolean] - $FindTimeOnlineMeetingOptionDisabled, + [PSObject] + $Method, [Parameter()] - [System.Object] - $EwsEnabled, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Boolean] - $FindTimeAttendeeAuthenticationEnabled, + [System.Object] + $Body, [Parameter()] - [System.Boolean] - $AutomaticForcedReadReceiptEnabled, + [System.Management.Automation.SwitchParameter] + $SkipHeaderValidation, [Parameter()] - [System.Boolean] - $LeanPopoutEnabled, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [System.Object] - $DistributionGroupNameBlockedWordsList, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Int32] - $RequiredCharsetCoverage, + [System.String] + $SessionVariable, [Parameter()] - [System.Boolean] - $AsyncSendEnabled, - + [System.Collections.IDictionary] + $Headers + ) +} +#endregion +#region Microsoft.Graph.Beta.DeviceManagement +function Get-MgBetaDeviceManagement +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $ConnectorsEnabledForSharepoint, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $BookingsBlockedWordsEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $WorkspaceTenantEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $BookingsNamingPolicyEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $DefaultPublicFolderAgeLimit, + [System.String[]] + $Property, [Parameter()] - [System.String] - $VisibleMeetingUpdateProperties, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $OutlookPayEnabled, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaDeviceManagementAssignmentFilter +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.UInt32] - $MailTipsLargeAudienceThreshold, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $DefaultGroupAccessType, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $CalendarVersionStoreEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $BookingsPaymentsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $MessageRecallEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $MessageHighlightsEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $WebSuggestedRepliesDisabled, + [System.String] + $CountVariable, [Parameter()] - [System.Boolean] - $DisablePlusAddressInRecipients, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $DistributionGroupNamingPolicy, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $PublicComputersDetectionEnabled, + [System.String] + $DeviceAndAppManagementAssignmentFilterId, [Parameter()] - [System.Boolean] - $BookingsSocialSharingRestricted, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $BookingsNamingPolicySuffix, + $Filter, [Parameter()] - [System.Boolean] - $BookingsNamingPolicySuffixEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $BookingsMembershipApprovalRequired, + [System.String] + $Search, [Parameter()] - [System.Boolean] - $IsGroupMemberAllowedToEditContent, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $DefaultPublicFolderMovedItemRetention, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $DistributionGroupDefaultOU, - + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementConfigurationPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $OutlookTextPredictionDisabled, + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $SharedDomainEmailAddressFlowEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $ConnectorsActionableMessagesEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $MailTipsMailboxSourcedTipsEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $BookingsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $EndUserDLUpgradeFlowsDisabled, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $RecallReadMessagesEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $BookingsPhoneNumberEntryRestricted, + [System.String] + $CountVariable, [Parameter()] - [System.Boolean] - $AppsForOfficeEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $EnableForwardingAddressSyncForMailboxes, + [System.String[]] + $Sort, [Parameter()] - [System.Object] - $EwsAllowOutlook, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AutoExpandingArchive, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $LinkPreviewEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $BookingsSearchEngineIndexDisabled, + [System.String] + $Search, [Parameter()] - [System.Object] - $EwsAllowMacOutlook, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $EwsAllowList, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $DefaultPublicFolderMaxItemSize, + [System.String] + $DeviceManagementConfigurationPolicyId, [Parameter()] - [System.Boolean] - $MatchSenderOrganizerProperties, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementConfigurationPolicyAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $DefaultMinutesToReduceLongEventsBy, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $IPListBlocked, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $BookingsNotesEntryRestricted, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $SendFromAliasEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $AutodiscoverPartialDirSync, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $ActivityBasedAuthenticationTimeoutInterval, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $OutlookMobileSingleAccountEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $IsGroupFoldersAndRulesEnabled, + [System.String] + $CountVariable, [Parameter()] - [System.Boolean] - $MaskClientIpInReceivedHeadersEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $PerTenantSwitchToESTSEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $ConnectorsEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Object] - $EwsBlockList, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $CustomerLockboxEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $OutlookMobileHelpShiftEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Uri] - $SiteMailboxCreationURL, + [System.String] + $Search, [Parameter()] - [System.Int32] - $ByteEncoderTypeFor7BitCharsets, + [System.String] + $DeviceManagementConfigurationPolicyId, [Parameter()] - [System.Boolean] - $FindTimeAutoScheduleDisabled, + [System.String] + $DeviceManagementConfigurationPolicyAssignmentId, [Parameter()] - [System.Object] - $DefaultPublicFolderIssueWarningQuota + [PSObject] + $HttpPipelineAppend ) } -function Set-OrganizationRelationship +function Get-MgBetaDeviceManagementConfigurationPolicySetting { [CmdletBinding()] param( [Parameter()] - [System.Object] - $MailTipsAccessLevel, - - [Parameter()] - [System.Uri] - $TargetAutodiscoverEpr, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $Name, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $FreeBusyAccessScope, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, - - [Parameter()] - [System.Boolean] - $DeliveryReportEnabled, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $OAuthApplicationId, + $DeviceManagementConfigurationSettingId, [Parameter()] - [System.Boolean] - $MailTipsAccessEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $ArchiveAccessEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $FreeBusyAccessEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $MailTipsAccessScope, + [System.Int32] + $Top, [Parameter()] - [System.Uri] - $TargetOwaURL, + [System.String] + $CountVariable, [Parameter()] [System.Uri] - $TargetApplicationUri, + $Proxy, [Parameter()] - [System.Object] - $OrganizationContact, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [System.Object] - $MailboxMovePublishedScopes, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $MailboxMoveEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $MailboxMoveCapability, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Uri] - $TargetSharingEpr, + [System.String] + $Search, [Parameter()] - [System.Object] - $FreeBusyAccessLevel, + [System.String] + $DeviceManagementConfigurationPolicyId, [Parameter()] - [System.Object] - $DomainNames, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $PhotosEnabled + [PSObject] + $HttpPipelineAppend ) } -function Set-OutboundConnector +function Get-MgBetaDeviceManagementConfigurationPolicyTemplate { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $RouteAllMessagesViaOnPremises, - - [Parameter()] - [System.Object] - $RecipientDomains, + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $CloudServicesMailEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $Enabled, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $Name, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $AllAcceptedDomains, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $TlsDomain, + [System.Int32] + $Top, [Parameter()] [System.String] - $Comment, - - [Parameter()] - [System.Boolean] - $IsTransportRuleScoped, - - [Parameter()] - [System.Boolean] - $IsValidated, + $CountVariable, [Parameter()] - [System.Boolean] - $UseMXRecord, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $LastValidationTimestamp, + [System.String[]] + $Sort, [Parameter()] - [System.Object] - $TlsSettings, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.String[]] - $ValidationRecipients, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ConnectorType, + [System.String] + $Search, [Parameter()] - [System.Object] - $SmartHosts, + [System.String] + $DeviceManagementConfigurationPolicyTemplateId, [Parameter()] - [System.Boolean] - $SenderRewritingEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $TestMode, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $ConnectorSource + [PSObject] + $HttpPipelineAppend ) } -function Set-OwaMailboxPolicy +function Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Int32] - $DefaultClientLanguage, + [System.String] + $DeviceManagementConfigurationSettingTemplateId, [Parameter()] - [System.Boolean] - $ContactsEnabled, + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $PersonalAccountCalendarsEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $MessagePreviewsDisabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $ExplicitLogonEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $ShowOnlineArchiveEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $BlockedFileTypes, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $NpsSurveysEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $LinkedInEnabled, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $ConditionalAccessPolicy, + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $AllowedOrganizationAccountDomains, + $Sort, [Parameter()] - [System.Boolean] - $ChangePasswordEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $BookingsMailboxDomain, + $Filter, [Parameter()] - [System.Boolean] - $AdditionalStorageProvidersAvailable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $WacViewingOnPublicComputersEnabled, + [System.String] + $Search, [Parameter()] - [System.Boolean] - $OutlookBetaToggleEnabled, + [System.String] + $DeviceManagementConfigurationPolicyTemplateId, [Parameter()] - [System.Boolean] - $SMimeSuppressNameChecksEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $ActionForUnknownFileAndMIMETypes, + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementDeviceCategory +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [System.String] - $ExternalSPMySiteHostURL, + $DeviceCategoryId, [Parameter()] - [System.Boolean] - $OfflineEnabledWeb, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $ForceSaveMimeTypes, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $CalendarEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $SpellCheckerEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $DisplayPhotosEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $TasksEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $GroupCreationEnabled, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $ForceSaveFileTypes, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ChangeSettingsAccountEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Object] - $AdditionalAccountsEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $TeamsnapCalendarsEnabled, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $WacViewingOnPrivateComputersEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $TextMessagingEnabled, + [System.String] + $Search, [Parameter()] - [System.Boolean] - $SearchFoldersEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $UserVoiceEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $ForceWacViewingFirstOnPublicComputers, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementDeviceCompliancePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $GlobalAddressListEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $IRMEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $DirectFileAccessOnPublicComputersEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $WacOMEXEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $DirectFileAccessOnPrivateComputersEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $JournalEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $OfflineEnabledWin, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $ItemsToOtherAccountsEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $WSSAccessOnPublicComputersEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $SignaturesEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $OnSendAddinsEnabled, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $WacExternalServicesEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $InternalSPMySiteHostURL, + $Search, [Parameter()] - [System.Boolean] - $RemindersAndNotificationsEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $SatisfactionEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $OWALightEnabled, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Object] - $InstantMessagingType, - + [System.String] + $DeviceCompliancePolicyId + ) +} +function Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $ActiveSyncIntegrationEnabled, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $PersonalAccountsEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $DefaultTheme, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $SetPhotoEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $ClassicAttachmentsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $ForceWacViewingFirstOnPrivateComputers, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $AllowedMimeTypes, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $AllowCopyContactsToDeviceAddressBook, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $OutboundCharset, + [System.String] + $DeviceCompliancePolicyAssignmentId, [Parameter()] - [System.Boolean] - $PlacesEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $ReportJunkEmailEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $UseISO885915, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $RecoverDeletedItemsEnabled, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $NotesEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $OrganizationEnabled, + [System.String] + $Search, [Parameter()] - [System.Object] - $WebPartsFrameOptionsType, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $SetPhotoURL, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $WacEditingEnabled, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $PublicFoldersEnabled, + [System.String] + $DeviceCompliancePolicyId + ) +} +function Get-MgBetaDeviceManagementDeviceConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $BookingsMailboxCreationEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $ForceSaveAttachmentFilteringEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] - $LogonAndErrorLanguage, + $PageSize, [Parameter()] - [System.Boolean] - $WSSAccessOnPrivateComputersEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $AllAddressListsEnabled, + [System.String] + $DeviceConfigurationId, [Parameter()] - [System.Boolean] - $EmptyStateEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $ProjectMocaEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $DelegateAccessEnabled, + [System.String] + $CountVariable, [Parameter()] - [System.Boolean] - $PremiumClientEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $BlockedMimeTypes, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $UMIntegrationEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $FeedbackEnabled, + [System.String] + $Filter, [Parameter()] - [System.Boolean] - $SilverlightEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $WeatherEnabled, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsDefault, + $Break, [Parameter()] - [System.Boolean] - $UseGB18030, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Object] - $AllowOfflineOn, - + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $AllowedFileTypes, + [System.String[]] + $Property, [Parameter()] - [System.Boolean] - $ExternalImageProxyEnabled, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $RulesEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $OneWinNativeOutlookEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $FreCardsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $Name, + $DeviceConfigurationId, [Parameter()] - [System.Boolean] - $ThemeSelectionEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $InstantMessagingEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $LocalEventsEnabled, + [System.String] + $CountVariable, [Parameter()] - [System.Boolean] - $InterestingCalendarsEnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $BizBarEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $OneDriveAttachmentsEnabled, + [System.String] + $DeviceConfigurationAssignmentId, [Parameter()] - [System.Boolean] - $PrintWithoutDownloadEnabled, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $SaveAttachmentsToCloudEnabled, + [System.String] + $Filter, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $PhoneticSupportEnabled, + [System.String] + $Search, [Parameter()] - [System.Boolean] - $SkipCreateUnifiedGroupCustomSharepointClassification, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $ReferenceAttachmentsEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableFacebook + [PSObject] + $HttpPipelineAppend ) } -function Set-PartnerApplication +function Get-MgBetaDeviceManagementGroupPolicyConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $ApplicationIdentifier, - - [Parameter()] - [System.String] - $Name, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $LinkedAccount, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $AcceptSecurityIdentifierInformation, + [System.Int32] + $PageSize, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ActAsPermissions, + [System.Int32] + $Skip, [Parameter()] - [System.Boolean] - $Enabled, + [System.Int32] + $Top, [Parameter()] - [System.Object] - $AccountType - ) -} -function Set-PerimeterConfig -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $Identity, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $GatewayIPAddresses - ) -} -function Set-Place -{ - [CmdletBinding()] - param( + [System.String[]] + $Sort, + [Parameter()] - [System.String] - $PostalCode, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Phone, + $Filter, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $CountryOrRegion, + [System.String] + $Search, [Parameter()] [System.String] - $ParentId, + $GroupPolicyConfigurationId, [Parameter()] - [System.String] - $Street, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $IsWheelChairAccessible, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $AudioDeviceName, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $DisplayDeviceName, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $Desks, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Building, + $GroupPolicyConfigurationAssignmentId, [Parameter()] - [System.String] - $State, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $City, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $Floor, + [System.Int32] + $Skip, [Parameter()] - [System.Object] - $ParentType, + [System.Int32] + $Top, [Parameter()] [System.String] - $VideoDeviceName, + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $Tags, - - [Parameter()] - [System.String] - $FloorLabel, + $Sort, [Parameter()] - [System.Object] - $Capacity, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Label, + $Filter, [Parameter()] - [System.Object] - $GeoCoordinates, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $MTREnabled - ) -} -function Set-PolicyTipConfig -{ - [CmdletBinding()] - param( + [System.String] + $Search, + [Parameter()] [System.String] - $Value, + $GroupPolicyConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Object] - $Identity + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Set-QuarantinePolicy +function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValue { [CmdletBinding()] param( [Parameter()] - [System.Object] - $MultiLanguageCustomDisclaimer, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $AdminNotificationLanguage, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromAddress, + [System.Int32] + $PageSize, [Parameter()] - [System.Int32] - $EndUserSpamNotificationFrequencyInDays, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $CustomDisclaimer, + $GroupPolicyDefinitionValueId, [Parameter()] [System.Int32] - $EndUserQuarantinePermissionsValue, - - [Parameter()] - [System.Boolean] - $ESNEnabled, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IgnoreDehydratedFlag, - - [Parameter()] - [System.Object] - $EndUserQuarantinePermissions, + $Skip, [Parameter()] - [System.Boolean] - $AdminNotificationsEnabled, + [System.Int32] + $Top, [Parameter()] - [System.Object] - $EndUserSpamNotificationLanguage, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $DomainController, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $MultiLanguageSenderName, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [System.Object] - $AdminQuarantinePermissionsList, + [System.String] + $Filter, [Parameter()] - [System.Object] - $MultiLanguageSetting, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $EndUserSpamNotificationFrequency, + [System.String] + $Search, [Parameter()] - [System.Int32] - $QuarantineRetentionDays, + [System.String] + $GroupPolicyConfigurationId, [Parameter()] - [System.Object] - $EsnCustomSubject, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $OrganizationBrandingEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Int32] - $AdminNotificationFrequencyInDays + [PSObject] + $HttpPipelineAppend ) } -function Set-RemoteDomain +function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $AutoReplyEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $Identity, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $TNEFEnabled, + [System.String] + $GroupPolicyDefinitionValueId, [Parameter()] - [System.Boolean] - $DeliveryReportEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $RequiredCharsetCoverage, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $MeetingForwardNotificationEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $ContentType, + [System.String] + $GroupPolicyConfigurationId, [Parameter()] - [System.Object] - $ByteEncoderTypeFor7BitCharsets, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $AutoForwardEnabled, + [System.String[]] + $Property, [Parameter()] - [System.String] - $Name, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $TrustedMailInboundEnabled, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $LineWrapSize, + [System.String[]] + $Property, [Parameter()] - [System.String] - $CharacterSet, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $PreferredInternetCodePageForShiftJis, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $SmtpDaneMandatoryModeEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $NonMimeCharacterSet, - - [Parameter()] - [System.Boolean] - $TargetDeliveryDomain, + $GroupPolicyDefinitionValueId, [Parameter()] - [System.Boolean] - $TrustedMailOutboundEnabled, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Top, [Parameter()] - [System.Boolean] - $DisplaySenderName, + [System.String] + $CountVariable, [Parameter()] - [System.Object] - $AllowedOOFType, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $NDREnabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $NDRDiagnosticInfoEnabled, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $IsInternal, + [System.Management.Automation.SwitchParameter] + $All, - [Parameter()] - [System.Boolean] - $UseSimpleDisplayName - ) -} -function Set-ReportSubmissionPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $PostSubmitMessage, - - [Parameter()] - [System.Object] - $ReportJunkAddresses, + $Filter, [Parameter()] - [System.Boolean] - $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $PhishingReviewResultMessage, + $Search, [Parameter()] [System.String] - $PostSubmitMessageTitle, + $GroupPolicyConfigurationId, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForNotJunk, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $EnableCustomizedMsg, + [System.String] + $GroupPolicyPresentationValueId, [Parameter()] - [System.Object] - $NotificationSenderAddress, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementIntent +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $MultiLanguagePostSubmitMessageButtonTextForJunk, + $Property, [Parameter()] - [System.Boolean] - $NotificationsForSpamSubmissionAirInvestigationsEnabled, + [PSObject] + $InputObject, [Parameter()] [System.String] - $PostSubmitMessageForJunk, + $DeviceManagementIntentId, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageForPhishing, + [System.Int32] + $PageSize, [Parameter()] - [System.Boolean] - $EnableThirdPartyAddress, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $PreSubmitMessageTitleForPhishing, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $PreSubmitMessageForJunk, + $CountVariable, [Parameter()] - [System.Int32] - $UserSubmissionOptions, + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $MultiLanguagePostSubmitMessageButtonTextForPhishing, + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $PreSubmitMessageForNotJunk, + $Filter, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageTitleForPhishing, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForNotJunk, + [System.String] + $Search, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForJunk, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String[]] - $MultiLanguagePreSubmitMessageForNotJunk, + $ExpandProperty, [Parameter()] - [System.Boolean] - $ReportJunkToCustomizedAddress, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementIntentAssignment +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $MultiLanguagePostSubmitMessageButtonLinkForPhishing, + $Property, [Parameter()] - [System.Boolean] - $ReportNotJunkToCustomizedAddress, + [PSObject] + $InputObject, [Parameter()] [System.String] - $PostSubmitMessageTitleForJunk, + $DeviceManagementIntentAssignmentId, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageForPhishing, + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $NotificationFooterMessage, + $CountVariable, [Parameter()] - [System.Boolean] - $EnableOrganizationBranding, + [System.Int32] + $Skip, [Parameter()] [System.String] - $PreSubmitMessageForPhishing, + $DeviceManagementIntentId, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, + [System.Int32] + $Top, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForPhishing, + $Sort, [Parameter()] - [System.Boolean] - $EnableReportToMicrosoft, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $PreSubmitMessageTitleForJunk, + $Filter, [Parameter()] - [System.Boolean] - $ReportChatMessageEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ThirdPartyReportAddresses, + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String[]] - $MultiLanguagePreSubmitMessageButtonLinkForJunk, + $ExpandProperty, [Parameter()] - [System.Boolean] - $NotificationsForCleanSubmissionAirInvestigationsEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementIntentSetting +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $PostSubmitMessageForNotJunk, + $DeviceManagementSettingInstanceId, [Parameter()] - [System.Object] - $MultiLanguageSetting, + [System.String[]] + $Property, [Parameter()] - [System.String[]] - $MultiLanguagePostSubmitMessageForJunk, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $DisableQuarantineReportingOption, + [System.String] + $DeviceManagementIntentId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $PageSize, [Parameter()] - [System.Object] - $ReportNotJunkAddresses, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $EnableUserEmailNotification, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageForJunk, + [System.Int32] + $Top, [Parameter()] [System.String] - $PostSubmitMessageTitleForPhishing, + $CountVariable, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForJunk, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $DisableUserSubmissionOptions, + [System.String[]] + $Sort, [Parameter()] - [System.Boolean] - $OnlyShowPhishingDisclaimer, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $PostSubmitMessageTitleForNotJunk, + $Filter, [Parameter()] - [System.String] - $PreSubmitMessage, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $PreSubmitMessageTitleForNotJunk, + $Search, [Parameter()] - [System.String] - $JunkReviewResultMessage, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $EnableCustomNotificationSender, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Boolean] - $ReportChatMessageToCustomizedAddressEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $ReportPhishAddresses, - + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementTemplate +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $MultiLanguagePostSubmitMessageTitleForJunk, + $Property, [Parameter()] - [System.String] - $NotJunkReviewResultMessage, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $NotificationsForSubmissionAirInvestigationsEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $PreSubmitMessageEnabled, + [System.String] + $DeviceManagementTemplateId, [Parameter()] - [System.Boolean] - $PostSubmitMessageEnabled, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $PreSubmitMessageTitle, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageTitleForPhishing, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $MultiLanguagePreSubmitMessageButtonTextForPhishing, + [System.Int32] + $Top, [Parameter()] [System.String] - $UserSubmissionOptionsMessage, + $CountVariable, [Parameter()] - [System.String] - $PostSubmitMessageForPhishing, + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $MultiLanguagePostSubmitMessageButtonLinkForJunk, + $Sort, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $All, - [Parameter()] - [System.Boolean] - $ReportPhishToCustomizedAddress - ) -} -function Set-ReportSubmissionRule -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Name, + $Filter, [Parameter()] - [System.Object[]] - $SentTo, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Comments, + $Search, - [Parameter()] - [System.Object] - $Identity, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $ReportSubmissionPolicy, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + [PSObject] + $HttpPipelineAppend ) } -function Set-ResourceConfig +function Get-MgBetaDeviceManagementTemplateCategory { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] - [System.Object] - $ResourcePropertySchema - ) -} -function Set-RoleAssignmentPolicy -{ - [CmdletBinding()] - param( + [PSObject] + $InputObject, + [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Name, + $DeviceManagementTemplateSettingCategoryId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $DeviceManagementTemplateId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsDefault, + [System.Int32] + $PageSize, [Parameter()] - [System.Object] - $Identity - ) -} -function Set-RoleGroup -{ - [CmdletBinding()] - param( + [PSObject] + $HttpPipelinePrepend, + [Parameter()] - [System.String] - $Description, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [System.Int32] + $Top, [Parameter()] [System.String] - $DisplayName, + $CountVariable, [Parameter()] - [System.String] - $Name, + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] [System.String] - $WellKnownObject, + $Filter, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $BypassSecurityGroupManagerCheck, + $Break, [Parameter()] - [System.Object] - $ManagedBy + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Set-SafeAttachmentPolicy +function Get-MgBetaDeviceManagementTemplateCategoryRecommendedSetting { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Action, + [System.String] + $DeviceManagementSettingInstanceId, [Parameter()] - [System.Boolean] - $Redirect, + [System.String[]] + $Property, [Parameter()] - [System.String] - $AdminDisplayName, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $Enable, + [System.String] + $DeviceManagementTemplateSettingCategoryId, [Parameter()] - [System.Object] - $RedirectAddress, + [System.String] + $DeviceManagementTemplateId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $PageSize, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $QuarantineTag - ) -} -function Set-SafeAttachmentRule -{ - [CmdletBinding()] - param( + [System.Int32] + $Skip, + [Parameter()] [System.Int32] - $Priority, + $Top, [Parameter()] [System.String] - $Name, + $CountVariable, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $SentTo, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Comments, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Object[]] - $RecipientDomainIs, + [System.String] + $Filter, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $SafeAttachmentPolicy, + [System.String] + $Search, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.String[]] + $ExpandProperty, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf + [PSObject] + $HttpPipelineAppend ) } -function Set-SafeLinksPolicy +function New-MgBetaDeviceManagementAssignmentFilter { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $EnableOrganizationBranding, + [System.String] + $Description, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $Payloads, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $AdminDisplayName, + $DisplayName, [Parameter()] - [System.Boolean] - $UseTranslatedNotificationText, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Boolean] - $DisableUrlRewrite, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $DoNotRewriteUrls, + [System.String[]] + $RoleScopeTags, [Parameter()] - [System.Boolean] - $EnableSafeLinksForTeams, + [System.String] + $Rule, [Parameter()] - [System.Boolean] - $EnableSafeLinksForOffice, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $TrackClicks, + [PSObject] + $AssignmentFilterManagementType, [Parameter()] - [System.Boolean] - $AllowClickThrough, + [PSObject] + $Platform, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $CustomNotificationText, + $Id, [Parameter()] - [System.Boolean] - $DeliverMessageAfterScan, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $EnableSafeLinksForEmail, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $ScanUrls, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $EnableForInternalSenders + [PSObject] + $HttpPipelineAppend ) } -function Set-SafeLinksRule +function New-MgBetaDeviceManagementConfigurationPolicy { [CmdletBinding()] param( [Parameter()] - [System.Int32] - $Priority, + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Settings, [Parameter()] [System.String] $Name, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object[]] - $SentTo, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Comments, + [PSObject] + $PriorityMetaData, [Parameter()] - [System.Object[]] - $RecipientDomainIs, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $TemplateReference, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.Int32] + $SettingCount, [Parameter()] - [System.Object] - $SafeLinksPolicy, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [PSObject] + $Platforms, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Technologies, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf - ) -} -function Set-SharingPolicy -{ - [CmdletBinding()] - param( + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + [Parameter()] [System.String] - $Name, + $Id, + + [Parameter()] + [System.String] + $CreationSource, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $Domains, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Default, - - [Parameter()] - [System.Object] - $Identity, + $Break, [Parameter()] - [System.Boolean] - $Enabled + [PSObject] + $HttpPipelineAppend ) } -function Set-TransportConfig +function New-MgBetaDeviceManagementDeviceCategory { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $InternalDelayDsnEnabled, - - [Parameter()] - [System.Boolean] - $InternalDsnSendHtml, + [System.String] + $Description, [Parameter()] - [System.Boolean] - $ExternalDelayDsnEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $DSNConversionMode, + [System.String] + $DisplayName, [Parameter()] - [System.Boolean] - $SmtpClientAuthenticationDisabled, + [System.Uri] + $Proxy, [Parameter()] - [System.Globalization.CultureInfo] - $InternalDsnDefaultLanguage, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $MessageExpiration, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, + $Confirm, [Parameter()] - [System.Boolean] - $ReplyAllStormProtectionEnabled, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $InternalDsnLanguageDetectionEnabled, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $AddressBookPolicyRoutingEnabled, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Boolean] - $ExternalDsnLanguageDetectionEnabled, + [System.String] + $Id, [Parameter()] - [System.Boolean] - $ExternalDsnSendHtml, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Boolean] - $Rfc2231EncodingEnabled, - + [PSObject] + $BodyParameter + ) +} +function New-MgBetaDeviceManagementDeviceCompliancePolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $HeaderPromotionModeSetting, + [PSObject] + $UserStatuses, [Parameter()] - [System.Boolean] - $VoicemailJournalingEnabled, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Object] - $JournalingReportNdrTo, + [PSObject] + $Assignments, [Parameter()] - [System.Boolean] - $ConvertDisclaimerWrapperToEml, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Object] - $InternalDsnReportingAuthority, + [System.String] + $DisplayName, [Parameter()] - [System.Int32] - $JournalMessageExpirationDays, + [PSObject] + $DeviceStatusOverview, [Parameter()] - [System.Object] - $MaxRecipientEnvelopeLimit, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $ReplyAllStormDetectionMinimumReplies, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $ExternalDsnReportingAuthority, + [PSObject] + $UserStatusOverview, [Parameter()] - [System.Globalization.CultureInfo] - $ExternalDsnDefaultLanguage, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $AllowLegacyTLSClients, + [System.Int32] + $Version, [Parameter()] - [System.Boolean] - $ClearCategories, + [PSObject] + $DeviceStatuses, [Parameter()] - [System.Int32] - $ReplyAllStormBlockDurationHours, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Object] - $ExternalPostmasterAddress, + [PSObject] + $ScheduledActionsForRule, [Parameter()] - [System.Int32] - $ReplyAllStormDetectionMinimumRecipients - ) -} -function Set-TransportRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $ActivationDate, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $AddToRecipients, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $ApplyHtmlDisclaimerFallbackAction, + [System.String] + $Id, [Parameter()] - [System.Object[]] - $ExceptIfRecipientADAttributeContainsWords, + [PSObject] + $DeviceSettingStateSummaries, [Parameter()] - [System.Object] - $AttachmentSizeOver, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfSenderADAttributeContainsWords, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $SetSCL, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $AnyOfToHeaderMemberOf, - + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementDeviceConfiguration +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $Disconnect, + [PSObject] + $UserStatuses, [Parameter()] - [System.Int32] - $Priority, + [System.String] + $Description, [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfCcHeader, + [PSObject] + $Assignments, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentMatchesPatterns, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Object[]] - $RecipientDomainIs, + [System.String] + $DisplayName, [Parameter()] - [System.Object] - $ManagerForEvaluatedUser, + [PSObject] + $DeviceStatuses, [Parameter()] - [System.Object[]] - $ExceptIfHeaderMatchesPatterns, + [PSObject] + $DeviceStatusOverview, [Parameter()] - [System.Object] - $ExceptIfFromScope, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object] - $AdComparisonAttribute, + [PSObject] + $DeviceManagementApplicabilityRuleOSVersion, [Parameter()] - [System.Object[]] - $ExceptIfHeaderContainsWords, + [PSObject] + $UserStatusOverview, [Parameter()] - [System.Object[]] - $HeaderMatchesPatterns, + [PSObject] + $GroupAssignments, [Parameter()] - [System.Object] - $AddManagerAsRecipientType, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $DeleteMessage, + [System.Int32] + $Version, [Parameter()] - [System.Boolean] - $HasSenderOverride, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Object] - $SmtpRejectMessageRejectStatusCode, + [PSObject] + $DeviceSettingStateSummaries, [Parameter()] - [System.String] - $ExceptIfHasClassification, + [PSObject] + $DeviceManagementApplicabilityRuleDeviceMode, [Parameter()] - [System.Boolean] - $Quarantine, + [PSObject] + $DeviceManagementApplicabilityRuleOSEdition, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfRecipientAddressMatchesPatterns, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $ExceptIfRecipientInSenderList, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $RecipientAddressType, + [System.String] + $Id, [Parameter()] - [System.Object[]] - $ExceptIfContentCharacterSetContainsWords, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $BlindCopyTo, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ApplyHtmlDisclaimerLocation, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $ExceptIfMessageTypeMatches, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $SenderIpRanges, - + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param( [Parameter()] - [System.Collections.Hashtable[]] - $ExceptIfMessageContainsDataClassifications, + [System.String] + $Description, [Parameter()] - [System.Object[]] - $ModerateMessageByUser, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Boolean] - $HasNoClassification, + [PSObject] + $Assignments, [Parameter()] - [System.Object[]] - $ExceptIfSenderInRecipientList, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Object] - $HeaderContainsMessageHeader, + [System.String] + $DisplayName, [Parameter()] - [System.Object] - $RemoveHeader, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $HasClassification, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable[]] - $MessageContainsDataClassifications, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $ExceptIfFromMemberOf, + [PSObject] + $DefinitionValues, [Parameter()] - [System.Object] - $RuleSubType, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Object[]] - $AnyOfRecipientAddressMatchesPatterns, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $SentToScope, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object[]] - $AnyOfToCcHeaderMemberOf, + [System.String] + $Id, [Parameter()] - [System.Object[]] - $From, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfRecipientAddressContainsWords, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ExceptIfWithImportance, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $ContentCharacterSetContainsWords, + [PSObject] + $PolicyConfigurationIngestionType, [Parameter()] - [System.Object[]] - $SubjectContainsWords, - + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementIntent +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $RejectMessageEnhancedStatusCode, + [System.String] + $Description, [Parameter()] - [System.Object[]] - $SenderADAttributeMatchesPatterns, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Object[]] - $ExceptIfSenderADAttributeMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $IsMigratingToConfigurationPolicy, [Parameter()] - [System.Object[]] - $IncidentReportContent, + [PSObject] + $Assignments, [Parameter()] - [System.Object[]] - $FromMemberOf, + [System.String] + $DisplayName, [Parameter()] - [System.Object[]] - $AttachmentContainsWords, + [PSObject] + $Settings, [Parameter()] - [System.Object] - $ExceptIfSCLOver, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Object[]] - $ExceptIfBetweenMemberOf1, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] - [System.Object] - $GenerateNotification, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $NotifySender, + [System.String] + $TemplateId, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentIsPasswordProtected, + [PSObject] + $DeviceSettingStateSummaries, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentNameMatchesPatterns, + [PSObject] + $DeviceStates, [Parameter()] - [System.Object] - $ExceptIfSenderManagementRelationship, + [PSObject] + $Categories, [Parameter()] - [System.String] - $SetAuditSeverity, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Object[]] - $AttachmentPropertyContainsWords, + [PSObject] + $DeviceStateSummary, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToHeader, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ApplyRightsProtectionCustomizationTemplate, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object] - $SetHeaderName, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Boolean] - $RouteMessageOutboundRequireTls, + [PSObject] + $UserStates, [Parameter()] - [System.Object] - $WithImportance, + [PSObject] + $UserStateSummary, [Parameter()] - [System.Object] - $RuleErrorAction, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $FromScope, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $AttachmentNameMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object[]] - $SentTo, - + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementAssignmentFilter +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $ExceptIfFromAddressMatchesPatterns, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $AnyOfCcHeaderMemberOf, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $ExceptIfAttachmentSizeOver, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ExceptIfManagerForEvaluatedUser, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Boolean] - $RemoveOMEv2, + [System.String] + $IfMatch, [Parameter()] - [System.Object[]] - $ExceptIfFromAddressContainsWords, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $AttachmentHasExecutableContent, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $RouteMessageOutboundConnector, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, + [System.String] + $DeviceAndAppManagementAssignmentFilterId, [Parameter()] - [System.Object[]] - $ExceptIfSenderDomainIs, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $SenderManagementRelationship, - + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementConfigurationPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $ExceptIfBetweenMemberOf2, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $RedirectMessageTo, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $ApplyOME, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $SenderDomainIs, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object[]] - $SenderADAttributeContainsWords, + [System.String] + $DeviceManagementConfigurationPolicyId, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfCcHeaderMemberOf, + [System.String] + $IfMatch, [Parameter()] - [System.Object] - $ApplyHtmlDisclaimerText, + [PSObject] + $InputObject, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentHasExecutableContent, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentIsUnsupported, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $RemoveOME, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object] - $RejectMessageReasonText, - + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementDeviceCategory +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $RecipientAddressContainsWords, + [System.String] + $DeviceCategoryId, [Parameter()] - [System.Object] - $GenerateIncidentReport, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $FromAddressContainsWords, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Boolean] - $RemoveRMSAttachmentEncryption, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $RecipientAddressMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object[]] - $ExceptIfSubjectContainsWords, + [System.String] + $IfMatch, [Parameter()] - [System.Object[]] - $ExceptIfFrom, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $AnyOfToCcHeader, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $ExceptIfSentToScope, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToCcHeaderMemberOf, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $ModerateMessageByManager, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDeviceManagementDeviceCompliancePolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object] - $AdComparisonOperator, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $MessageSizeOver, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object[]] - $BetweenMemberOf2, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $SubjectMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Boolean] - $AttachmentProcessingLimitExceeded, + [System.String] + $DeviceCompliancePolicyId, [Parameter()] - [System.Object[]] - $ExceptIfSubjectMatchesPatterns, + [System.String] + $IfMatch, [Parameter()] - [System.String] - $Name, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $ExceptIfRecipientAddressContainsWords, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $HeaderMatchesMessageHeader, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object[]] - $AnyOfRecipientAddressContainsWords, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $HeaderContainsWords, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementDeviceConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Comments, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object[]] - $SentToMemberOf, + [System.Uri] + $Proxy, [Parameter()] - [System.Object] - $ExceptIfAdComparisonAttribute, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object[]] - $ExceptIfSentTo, + [System.String] + $IfMatch, [Parameter()] - [System.Object] - $ExceptIfAdComparisonOperator, + [PSObject] + $InputObject, [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToHeaderMemberOf, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $Mode, + [System.String] + $DeviceConfigurationId, [Parameter()] - [System.Object[]] - $RecipientInSenderList, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $SubjectOrBodyMatchesPatterns, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentExtensionMatchesWords, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object[]] - $ExceptIfSubjectOrBodyMatchesPatterns, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $ExceptIfRecipientAddressMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Boolean] - $ExceptIfHasNoClassification, + [System.String] + $IfMatch, [Parameter()] - [System.Object] - $ExceptIfSenderIpRanges, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $ExceptIfRecipientADAttributeMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object[]] - $RecipientADAttributeContainsWords, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $AttachmentIsUnsupported, + [System.String] + $GroupPolicyConfigurationId, [Parameter()] - [System.Object] - $ExpiryDate, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $AttachmentExtensionMatchesWords, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementIntent +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object[]] - $ExceptIfSubjectOrBodyContainsWords, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $LogEventText, + [System.Uri] + $Proxy, [Parameter()] - [System.Object[]] - $ExceptIfManagerAddresses, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Object[]] - $SenderInRecipientList, + [System.String] + $IfMatch, [Parameter()] - [System.Object[]] - $ExceptIfAnyOfToCcHeader, + [PSObject] + $InputObject, [Parameter()] - [System.Object[]] - $AttachmentMatchesPatterns, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $DlpPolicy, + $DeviceManagementIntentId, [Parameter()] - [System.Object[]] - $ManagerAddresses, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Object] - $SenderAddressLocation, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Object[]] - $CopyTo, - + [PSObject] + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagement +{ + [CmdletBinding()] + param( [Parameter()] - [System.Object[]] - $SubjectOrBodyContainsWords, + [PSObject] + $TermsAndConditions, [Parameter()] - [System.String] - $ApplyClassification, + [PSObject] + $AndroidForWorkSettings, [Parameter()] - [System.Object[]] - $RecipientADAttributeMatchesPatterns, + [PSObject] + $MicrosoftTunnelHealthThresholds, [Parameter()] - [System.Object] - $SetHeaderValue, + [PSObject] + $RoleScopeTags, [Parameter()] - [System.Boolean] - $AttachmentIsPasswordProtected, + [PSObject] + $ExchangeConnectors, [Parameter()] - [System.Object[]] - $BetweenMemberOf1, + [PSObject] + $TroubleshootingEvents, [Parameter()] - [System.Object] - $ExceptIfMessageSizeOver, + [PSObject] + $PrivilegeManagementElevations, [Parameter()] - [System.Object[]] - $AnyOfCcHeader, + [PSObject] + $IntuneBrandingProfiles, [Parameter()] - [System.Boolean] - $ExceptIfAttachmentProcessingLimitExceeded, + [PSObject] + $BodyParameter, [Parameter()] - [System.Object[]] - $FromAddressMatchesPatterns, + [PSObject] + $GroupPolicyObjectFiles, [Parameter()] - [System.Object] - $ExceptIfHeaderMatchesMessageHeader, + [PSObject] + $WindowsAutopilotDeploymentProfiles, [Parameter()] - [System.Object] - $SmtpRejectMessageRejectText, + [PSObject] + $ResourceOperations, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentContainsWords, + [PSObject] + $ConfigManagerCollections, [Parameter()] - [System.Object[]] - $AnyOfToHeader, + [PSObject] + $UserExperienceAnalyticsBatteryHealthDevicePerformance, [Parameter()] - [System.Boolean] - $ExceptIfHasSenderOverride, + [PSObject] + $ZebraFotaConnector, [Parameter()] - [System.Object] - $SCLOver, + [PSObject] + $VirtualEndpoint, [Parameter()] - [System.Object] - $PrependSubject, + [PSObject] + $ConfigurationCategories, [Parameter()] - [System.Object] - $ApplyRightsProtectionTemplate, + [PSObject] + $ManagedDeviceEncryptionStates, [Parameter()] - [System.Object] - $MessageTypeMatches, + [PSObject] + $MicrosoftTunnelSites, [Parameter()] - [System.Object[]] - $ExceptIfAttachmentPropertyContainsWords, + [PSObject] + $DeviceEnrollmentConfigurations, [Parameter()] - [System.Boolean] - $StopRuleProcessing, + [PSObject] + $ExchangeOnPremisesPolicy, [Parameter()] - [System.Object] - $ExceptIfHeaderContainsMessageHeader - ) -} -function Set-UnifiedGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $EmailAddresses, + [PSObject] + $UserExperienceAnalyticsBatteryHealthAppImpact, [Parameter()] - [System.Object] - $AcceptMessagesOnlyFromSendersOrMembers, + [PSObject] + $WindowsInformationProtectionAppLearningSummaries, [Parameter()] - [System.String] - $CustomAttribute12, + [PSObject] + $AndroidDeviceOwnerEnrollmentProfiles, [Parameter()] - [System.String] - $CustomAttribute10, + [PSObject] + $ReusableSettings, [Parameter()] - [System.Globalization.CultureInfo] - $Language, + [PSObject] + $GroupPolicyMigrationReports, [Parameter()] - [System.Object] - $IsMemberAllowedToEditContent, + [PSObject] + $WindowsInformationProtectionNetworkLearningSummaries, [Parameter()] - [System.String] - $CustomAttribute8, + [PSObject] + $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDeviceId, [Parameter()] - [System.String] - $CustomAttribute5, + [PSObject] + $UserExperienceAnalyticsMetricHistory, [Parameter()] - [System.Management.Automation.SwitchParameter] - $UnifiedGroupWelcomeMessageEnabled, + [PSObject] + $ZebraFotaArtifacts, [Parameter()] - [System.String] - $MailTip, + [PSObject] + $UserExperienceAnalyticsWorkFromAnywhereMetrics, [Parameter()] - [System.Object] - $ModeratedBy, + [PSObject] + $EmbeddedSimActivationCodePools, [Parameter()] - [System.Object] - $PrimarySmtpAddress, + [PSObject] + $UserExperienceAnalyticsModelScores, [Parameter()] - [System.String] - $Classification, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AutoSubscribeNewMembers, + [PSObject] + $CompliancePolicies, [Parameter()] - [System.Object] - $AuditLogAgeLimit, + [PSObject] + $MobileThreatDefenseConnectors, [Parameter()] - [System.Management.Automation.SwitchParameter] - $HiddenFromExchangeClientsEnabled, + [PSObject] + $ImportedWindowsAutopilotDeviceIdentities, [Parameter()] - [System.Object] - $MaxReceiveSize, + [PSObject] + $DataProcessorServiceForWindowsFeaturesOnboarding, [Parameter()] - [System.Object] - $ExtensionCustomAttribute5, + [PSObject] + $DeviceProtectionOverview, [Parameter()] - [System.String] - $CustomAttribute15, + [PSObject] + $UserExperienceAnalyticsDeviceStartupHistory, [Parameter()] - [System.Object] - $RejectMessagesFromSendersOrMembers, + [PSObject] + $DepOnboardingSettings, [Parameter()] - [System.String] - $Alias, + [PSObject] + $GroupPolicyDefinitionFiles, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $RoleAssignments, [Parameter()] - [System.String] - $CustomAttribute1, + [PSObject] + $WindowsDriverUpdateProfiles, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SubscriptionEnabled, + [PSObject] + $CartToClassAssociations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceUpgrade, + [PSObject] + $DeviceManagementScripts, [Parameter()] - [System.Object] - $AccessType, + [PSObject] + $SubscriptionState, [Parameter()] - [System.String] - $MailboxRegion, + [PSObject] + $WindowsMalwareInformation, [Parameter()] - [System.Object] - $GrantSendOnBehalfTo, + [PSObject] + $GroupPolicyDefinitions, [Parameter()] - [System.Object] - $ExtensionCustomAttribute1, + [PSObject] + $DetectedApps, [Parameter()] - [System.String] - $Notes, + [PSObject] + $AdvancedThreatProtectionOnboardingStateSummary, [Parameter()] - [System.String] - $CustomAttribute14, + [PSObject] + $UserExperienceAnalyticsDeviceScopes, [Parameter()] - [System.Boolean] - $RequireSenderAuthenticationEnabled, + [PSObject] + $UserExperienceAnalyticsBaselines, [Parameter()] - [System.String] - $CustomAttribute9, + [PSObject] + $UserExperienceAnalyticsScoreHistory, [Parameter()] - [System.String] - $CustomAttribute6, + [PSObject] + $UserExperienceAnalyticsAppHealthApplicationPerformance, [Parameter()] - [System.Object] - $DataEncryptionPolicy, + [System.DateTime] + $AccountMoveCompletionDateTime, [Parameter()] - [System.Object] - $ExtensionCustomAttribute4, + [PSObject] + $Reports, [Parameter()] - [System.Object] - $SensitivityLabelId, + [PSObject] + $ConfigurationPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AlwaysSubscribeMembersToCalendarEvents, + [PSObject] + $AndroidManagedStoreAccountEnterpriseSettings, [Parameter()] - [System.Object] - $ExtensionCustomAttribute2, + [PSObject] + $DeviceConfigurations, [Parameter()] - [System.String] - $CustomAttribute13, + [PSObject] + $RemoteAssistanceSettings, [Parameter()] - [System.String] - $CustomAttribute2, + [PSObject] + $CertificateConnectorDetails, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $AuditEvents, [Parameter()] - [System.Management.Automation.SwitchParameter] - $CalendarMemberReadOnly, + [PSObject] + $UserExperienceAnalyticsAnomaly, [Parameter()] - [System.Object] - $InformationBarrierMode, + [PSObject] + $GroupPolicyConfigurations, [Parameter()] - [System.Object] - $MaxSendSize, + [PSObject] + $ConnectorStatus, [Parameter()] - [System.Object] - $MailTipTranslations, + [PSObject] + $UserExperienceAnalyticsAppHealthApplicationPerformanceByOSVersion, [Parameter()] - [System.String] - $CustomAttribute7, + [PSObject] + $UserExperienceAnalyticsAppHealthOverview, [Parameter()] - [System.String] - $CustomAttribute4, + [PSObject] + $WindowsAutopilotSettings, [Parameter()] - [System.Object] - $ExtensionCustomAttribute3, + [PSObject] + $UserExperienceAnalyticsBatteryHealthDeviceAppImpact, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ConnectorsEnabled, + [PSObject] + $ConfigurationPolicyTemplates, [Parameter()] - [System.Boolean] - $ModerationEnabled, + [PSObject] + $DeviceShellScripts, [Parameter()] - [System.String] - $CustomAttribute3, + [PSObject] + $UserExperienceAnalyticsDeviceMetricHistory, [Parameter()] - [System.String] - $CustomAttribute11, + [PSObject] + $RemoteAssistancePartners, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $ComplianceManagementPartners, [Parameter()] - [System.Boolean] - $HiddenFromAddressListsEnabled - ) -} -function Set-User -{ - [CmdletBinding()] - param( + [PSObject] + $UserExperienceAnalyticsDevicesWithoutCloudIdentity, + [Parameter()] - [System.String] - $MailboxRegion, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $IsShadowMailbox, + [PSObject] + $UserExperienceAnalyticsBatteryHealthCapacityDetails, [Parameter()] - [System.String] - $Phone, + [PSObject] + $ManagedDeviceOverview, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $TemplateInsights, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $GroupPolicyUploadedDefinitionFiles, [Parameter()] - [System.String] - $Office, + [PSObject] + $DeviceManagementPartners, [Parameter()] - [System.Object] - $CountryOrRegion, + [PSObject] + $UserExperienceAnalyticsAnomalyDevice, [Parameter()] - [System.Object] - $AuthenticationPolicy, + [PSObject] + $AndroidManagedStoreAppConfigurationSchemas, [Parameter()] - [System.Object] - $OtherTelephone, + [PSObject] + $UserExperienceAnalyticsResourcePerformance, [Parameter()] - [System.String] - $Pager, + [PSObject] + $MacOSSoftwareUpdateAccountSummaries, [Parameter()] - [System.String] - $Name, + [PSObject] + $UserExperienceAnalyticsWorkFromAnywhereModelPerformance, [Parameter()] - [System.String] - $PhoneticDisplayName, + [PSObject] + $ComplianceCategories, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ClearDataEncryptionPolicy, + [PSObject] + $DeviceConfigurationConflictSummary, [Parameter()] - [System.String] - $Fax, + [PSObject] + $TelecomExpenseManagementPartners, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, + [PSObject] + $Templates, [Parameter()] - [System.Object] - $ManagedOnboardingType, + [PSObject] + $MicrosoftTunnelConfigurations, [Parameter()] [System.Management.Automation.SwitchParameter] - $RemoveMailboxProvisioningConstraint, - - [Parameter()] - [System.Boolean] - $ResetPasswordOnNextLogon, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $BlockCloudCache, + [PSObject] + $WindowsMalwareOverview, [Parameter()] - [System.Object] - $SeniorityIndex, + [PSObject] + $ResourceAccessProfiles, [Parameter()] - [System.String] - $City, + [PSObject] + $UserExperienceAnalyticsBatteryHealthDeviceRuntimeHistory, [Parameter()] - [System.Boolean] - $VIP, + [PSObject] + $Intents, [Parameter()] - [System.String] - $Title, + [PSObject] + $WindowsFeatureUpdateProfiles, [Parameter()] - [System.String] - $MobilePhone, + [PSObject] + $UserExperienceAnalyticsBatteryHealthRuntimeDetails, [Parameter()] - [System.String] - $AssistantName, + [PSObject] + $ComplianceSettings, [Parameter()] - [System.String] - $Company, + [PSObject] + $UserExperienceAnalyticsDeviceScores, [Parameter()] [System.String] - $StateOrProvince, + $IntuneAccountId, [Parameter()] - [System.String] - $Initials, + [PSObject] + $ConditionalAccessSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $IosUpdateStatuses, [Parameter()] - [System.String] - $WebPage, + [PSObject] + $ZebraFotaDeployments, [Parameter()] - [System.String] - $Notes, + [PSObject] + $UserExperienceAnalyticsAnomalyCorrelationGroupOverview, [Parameter()] - [System.String] - $LastName, + [PSObject] + $UserExperienceAnalyticsImpactingProcess, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PermanentlyClearPreviousMailboxInfo, + [PSObject] + $UserExperienceAnalyticsAnomalySeverityOverview, [Parameter()] - [System.Object] - $Manager, + [PSObject] + $DerivedCredentials, [Parameter()] - [System.Object] - $StsRefreshTokensValidFrom, + [PSObject] + $UserExperienceAnalyticsBatteryHealthModelPerformance, [Parameter()] - [System.Object] - $OtherFax, + [PSObject] + $DeviceCompliancePolicies, [Parameter()] [System.String] - $SimpleDisplayName, + $Id, [Parameter()] - [System.Object] - $MailboxRegionSuffix, + [PSObject] + $AndroidForWorkAppConfigurationSchemas, [Parameter()] - [System.String] - $HomePhone, + [PSObject] + $AdminConsent, [Parameter()] - [System.String] - $Department, + [PSObject] + $SettingDefinitions, [Parameter()] - [System.String] - $FirstName, + [PSObject] + $UserExperienceAnalyticsSettings, [Parameter()] - [System.Object] - $PostOfficeBox, + [PSObject] + $ManagedDevices, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PublicFolder, + [PSObject] + $AppleUserInitiatedEnrollmentProfiles, [Parameter()] - [System.Object] - $WindowsEmailAddress, + [PSObject] + $DeviceConfigurationDeviceStateSummaries, [Parameter()] - [System.String] - $StreetAddress, + [PSObject] + $ServiceNowConnections, [Parameter()] - [System.Boolean] - $RemotePowerShellEnabled, + [PSObject] + $UserExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric, [Parameter()] - [System.String] - $PostalCode, + [PSObject] + $ReusablePolicySettings, [Parameter()] - [System.Object] - $GeoCoordinates, + [PSObject] + $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDetails, [Parameter()] - [System.Object] - $OtherHomePhone, + [PSObject] + $UserExperienceAnalyticsRemoteConnection, [Parameter()] - [System.Object] - $DesiredWorkloads, + [PSObject] + $ConfigurationSettings, [Parameter()] - [System.Boolean] - $CanHaveCloudCache - ) -} -function Update-RoleGroupMember -{ - [CmdletBinding()] - param( + [PSObject] + $UserExperienceAnalyticsDeviceScope, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Object] - $Identity, + [PSObject] + $Settings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BypassSecurityGroupManagerCheck, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Object] - $Members - ) -} -#endregion + [PSObject] + $UserExperienceAnalyticsCategories, -#region Microsoft.Graph.Applications -function Get-MgApplication -{ - [CmdletBinding()] - param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $DeviceConfigurationRestrictedAppsViolations, [Parameter()] [PSObject] - $InputObject, + $UserExperienceAnalyticsDeviceStartupProcesses, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $ExchangeOnPremisesPolicies, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $MobileAppTroubleshootingEvents, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $RoleDefinitions, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $CloudPcConnectivityIssues, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $ApplePushNotificationCertificate, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DeviceCategories, [Parameter()] - [System.String] - $ApplicationId, + [PSObject] + $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $DeviceCompliancePolicySettingStateSummaries, [Parameter()] - [System.String[]] - $Sort, + [System.Collections.Hashtable] + $TenantAttachRbac, [Parameter()] - [System.String] - $ConsistencyLevel, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AndroidForWorkEnrollmentProfiles, [Parameter()] - [System.String] - $Filter, + [PSObject] + $ComanagementEligibleDevices, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $NotificationMessageTemplates, [Parameter()] - [System.String] - $Search, + [PSObject] + $IntuneBrand, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $UserExperienceAnalyticsOverview, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $TemplateSettings, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgApplicationOwner -{ - [CmdletBinding()] - param( + $RemoteActionAudits, + [Parameter()] - [System.String[]] - $Property, + [PSObject] + $WindowsUpdateCatalogItems, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $UserExperienceAnalyticsAppHealthDevicePerformanceDetails, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $UserExperienceAnalyticsNotAutopilotReadyDevice, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $UserExperienceAnalyticsAppHealthOSVersionPerformance, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $Monitoring, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DeviceHealthScripts, [Parameter()] - [System.String] - $ApplicationId, + [PSObject] + $AutopilotEvents, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $GroupPolicyCategories, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $DeviceConfigurationUserStateSummaries, [Parameter()] - [System.String] - $ConsistencyLevel, + [PSObject] + $DeviceConfigurationsAllManagedDeviceCertificateStates, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $UserExperienceAnalyticsAppHealthDevicePerformance, [Parameter()] - [System.String] - $Filter, + [PSObject] + $DeviceCustomAttributeShellScripts, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $UserExperienceAnalyticsAppHealthDeviceModelPerformance, [Parameter()] - [System.String] - $Search, + [PSObject] + $ImportedDeviceIdentities, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $MaximumDepTokens, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $SoftwareUpdateStatusSummary, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgServicePrincipal -{ - [CmdletBinding()] - param( + $WindowsQualityUpdateProfiles, + [Parameter()] - [System.String[]] - $Property, + [PSObject] + $AssignmentFilters, [Parameter()] [PSObject] - $InputObject, + $NdesConnectors, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MicrosoftTunnelServerLogCollectionResponses, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $UserExperienceAnalyticsBatteryHealthOSPerformance, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $UserPfxCertificates, [Parameter()] - [System.String] - $ServicePrincipalId, + [PSObject] + $WindowsAutopilotDeviceIdentities, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $UserExperienceAnalyticsDeviceStartupProcessPerformance, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $ChromeOSOnboardingSettings, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DomainJoinConnectors, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $Categories, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $ComanagedDevices, [Parameter()] - [System.String] - $ConsistencyLevel, + [PSObject] + $DeviceCompliancePolicyDeviceStateSummary, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $Filter, + [PSObject] + $UserExperienceAnalyticsDevicePerformance, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $DeviceComplianceScripts, [Parameter()] - [System.String] - $Search, + [PSObject] + $Subscriptions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $ManagedDeviceCleanupSettings, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $UserExperienceAnalyticsDeviceTimelineEvent, [Parameter()] [PSObject] - $HttpPipelineAppend + $DataSharingConsents ) } -function Get-MgServicePrincipalAppRoleAssignment +function Update-MgBetaDeviceManagementAssignmentFilter { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] [PSObject] - $InputObject, + $Payloads, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String] - $AppRoleAssignmentId, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.String] - $ServicePrincipalId, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $Top, + [System.String[]] + $RoleScopeTags, [Parameter()] [System.String] - $CountVariable, + $Rule, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $AssignmentFilterManagementType, + + [Parameter()] + [PSObject] + $Platform, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $ConsistencyLevel, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] [System.String] - $Filter, + $DeviceAndAppManagementAssignmentFilterId, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgApplication +function Update-MgBetaDeviceManagementConfigurationPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $OptionalClaims, - - [Parameter()] - [PSObject] - $HomeRealmDiscoveryPolicies, + [System.String] + $Description, [Parameter()] - [PSObject] - $Spa, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $Synchronization, - - [Parameter()] - [System.String] - $DefaultRedirectUri, + $Assignments, [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $ApplicationTemplateId, + [PSObject] + $Settings, [Parameter()] [System.String] - $SignInAudience, + $Name, [Parameter()] [PSObject] - $VerifiedPublisher, + $InputObject, [Parameter()] - [System.String[]] - $IdentifierUris, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsDeviceOnlyAuthSupported, - - [Parameter()] - [System.String] - $TokenEncryptionKeyId, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [PSObject] - $TokenIssuancePolicies, - - [Parameter()] - [System.Uri] - $Proxy, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Api, - - [Parameter()] - [System.String] - $PublisherDomain, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $GroupMembershipClaims, + [PSObject] + $TemplateReference, [Parameter()] - [System.String] - $Id, + [System.Int32] + $SettingCount, [Parameter()] [System.String[]] - $Tags, + $RoleScopeTagIds, [Parameter()] [PSObject] - $HttpPipelineAppend, + $Technologies, [Parameter()] - [PSObject] - $Owners, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $FederatedIdentityCredentials, + $BodyParameter, [Parameter()] [PSObject] - $TokenLifetimePolicies, + $Platforms, + + [Parameter()] + [System.String] + $Id, [Parameter()] [PSObject] - $AppManagementPolicies, + $PriorityMetaData, [Parameter()] [System.String] - $DisabledByMicrosoftStatus, + $CreationSource, [Parameter()] - [PSObject] - $PasswordCredentials, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $PublicClient, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Oauth2RequirePostResponse, + $Break, [Parameter()] [System.String] - $Notes, + $DeviceManagementConfigurationPolicyId, [Parameter()] [PSObject] - $RequiredResourceAccess, - + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementDeviceCategory +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $ParentalControlSettings, + [System.String] + $Description, [Parameter()] - [PSObject] - $Web, + [System.String] + $DisplayName, [Parameter()] [System.String] - $DisplayName, + $DeviceCategoryId, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsFallbackPublicClient, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AddIns, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $RequestSignatureVerification, - - [Parameter()] - [System.String] - $LogoInputFile, + $InputObject, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AppRoles, + $BodyParameter, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $ExtensionProperties, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] [PSObject] - $CreatedOnBehalfOf, + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementDeviceCompliancePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $UserStatuses, [Parameter()] [System.String] - $ServiceManagementReference, + $Description, [Parameter()] - [PSObject] - $KeyCredentials, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $Certification, + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $SamlMetadataUrl, + $DisplayName, [Parameter()] - [PSObject] - $Info, + [System.String] + $DeviceCompliancePolicyId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $DeviceStatusOverview, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] - [System.String] - $AppId, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function New-MgApplicationOwnerByRef -{ - [CmdletBinding()] - param( + $ProxyUseDefaultCredentials, + [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $UserStatusOverview, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Version, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $DeviceStatuses, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $InputObject, + $ScheduledActionsForRule, [Parameter()] - [System.String] - $OdataId, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Id, + + [Parameter()] + [PSObject] + $DeviceSettingStateSummaries, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $ApplicationId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function New-MgServicePrincipal +function Update-MgBetaDeviceManagementDeviceConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $ServicePrincipalNames, + [PSObject] + $UserStatuses, [Parameter()] - [System.String[]] - $AlternativeNames, + [System.String] + $Description, [Parameter()] - [System.String] - $AppDescription, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $HomeRealmDiscoveryPolicies, + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [PSObject] - $Oauth2PermissionScopes, + $DeviceStatuses, [Parameter()] [PSObject] - $Synchronization, + $DeviceStatusOverview, [Parameter()] [PSObject] - $AppRoleAssignments, + $InputObject, [Parameter()] - [System.String] - $ApplicationTemplateId, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $SignInAudience, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $VerifiedPublisher, + $DeviceManagementApplicabilityRuleOSVersion, [Parameter()] - [System.String[]] - $NotificationEmailAddresses, + [PSObject] + $UserStatusOverview, [Parameter()] [PSObject] - $ClaimsMappingPolicies, + $GroupAssignments, [Parameter()] - [System.String] - $TokenEncryptionKeyId, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Description, + [System.Int32] + $Version, [Parameter()] [PSObject] - $TokenIssuancePolicies, + $DeviceSettingStateSummaries, [Parameter()] [System.String] - $PreferredTokenSigningKeyThumbprint, + $DeviceConfigurationId, [Parameter()] - [System.String] - $AppDisplayName, + [PSObject] + $DeviceManagementApplicabilityRuleOSEdition, [Parameter()] [System.Uri] @@ -14860,291 +21921,306 @@ function New-MgServicePrincipal [Parameter()] [PSObject] - $AppRoleAssignedTo, + $BodyParameter, [Parameter()] [System.String] - $Homepage, + $Id, [Parameter()] - [System.String] - $ServicePrincipalType, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Id, + [PSObject] + $DeviceManagementApplicabilityRuleDeviceMode, [Parameter()] - [PSObject] - $SamlSingleSignOnSettings, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String[]] - $Tags, + $RoleScopeTagIds, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $Owners, + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [PSObject] - $OwnedObjects, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $FederatedIdentityCredentials, + $Assignments, [Parameter()] - [System.String] - $LoginUrl, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $TokenLifetimePolicies, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $AppManagementPolicies, + $InputObject, [Parameter()] - [PSObject] - $CreatedObjects, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $DisabledByMicrosoftStatus, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $DelegatedPermissionClassifications, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $PasswordCredentials, + $DefinitionValues, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $MemberOf, + $BodyParameter, [Parameter()] [System.String] - $Notes, + $Id, [Parameter()] - [PSObject] - $Endpoints, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $AppOwnerOrganizationId, + $GroupPolicyConfigurationId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $TransitiveMemberOf, + $PolicyConfigurationIngestionType, [Parameter()] [PSObject] - $AppRoles, - + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementIntent +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsMigratingToConfigurationPolicy, [Parameter()] - [System.String[]] - $ReplyUrls, + [PSObject] + $Assignments, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AppRoleAssignmentRequired, - [Parameter()] [PSObject] - $KeyCredentials, + $Settings, [Parameter()] [PSObject] - $Oauth2PermissionGrants, + $InputObject, [Parameter()] - [PSObject] - $ResourceSpecificApplicationPermissions, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $AddIns, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [PSObject] - $Info, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AccountEnabled, + [System.String] + $TemplateId, [Parameter()] - [System.String] - $PreferredSingleSignOnMode, + [PSObject] + $DeviceSettingStateSummaries, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $DeviceStates, [Parameter()] [PSObject] - $BodyParameter, + $Categories, [Parameter()] - [System.String] - $AppId, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $LogoutUrl, + $DeviceManagementIntentId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgApplication -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Confirm, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $UserStates, [Parameter()] [PSObject] - $InputObject, + $UserStateSummary, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.String] - $ApplicationId, + [PSObject] + $DeviceStateSummary, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgApplicationOwnerDirectoryObjectByRef +function Update-MgBetaDeviceManagementIntentSetting { [CmdletBinding()] param( [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $DeviceManagementSettingInstanceId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $IfMatch, + $ValueJson, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $DeviceManagementIntentId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] [System.String] - $DirectoryObjectId, + $DefinitionId, [Parameter()] - [System.String] - $ApplicationId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgServicePrincipal +#endregion +#region Microsoft.Graph.Beta.Devices.CorporateManagement +function Get-MgBetaDeviceAppManagement { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -15153,1844 +22229,1841 @@ function Remove-MgServicePrincipal [System.Uri] $Proxy, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Property, [Parameter()] - [System.String] - $ServicePrincipalId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Update-MgApplication +function Get-MgBetaDeviceAppManagementAndroidManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [PSObject] - $OptionalClaims, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HomeRealmDiscoveryPolicies, + $InputObject, [Parameter()] - [PSObject] - $Spa, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Tags, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $DefaultRedirectUri, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Skip, [Parameter()] - [System.String] - $ApplicationTemplateId, + [System.Int32] + $Top, [Parameter()] [System.String] - $SignInAudience, + $CountVariable, [Parameter()] - [PSObject] - $VerifiedPublisher, + [System.Uri] + $Proxy, [Parameter()] [System.String[]] - $IdentifierUris, + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsDeviceOnlyAuthSupported, + $All, [Parameter()] [System.String] - $TokenEncryptionKeyId, + $Filter, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $TokenIssuancePolicies, + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Search, [Parameter()] - [PSObject] - $Api, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $PublisherDomain, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $GroupMembershipClaims, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $SamlMetadataUrl, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Owners, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $FederatedIdentityCredentials, + [System.String] + $IosManagedAppProtectionId, [Parameter()] - [PSObject] - $TokenLifetimePolicies, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $AppManagementPolicies, + [System.Int32] + $Top, [Parameter()] [System.String] - $DisabledByMicrosoftStatus, + $CountVariable, [Parameter()] - [PSObject] - $PasswordCredentials, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $PublicClient, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Oauth2RequirePostResponse, + $All, [Parameter()] [System.String] - $Notes, + $Filter, [Parameter()] - [PSObject] - $RequiredResourceAccess, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $ParentalControlSettings, + [System.String] + $Search, [Parameter()] - [PSObject] - $Web, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsFallbackPublicClient, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceAppManagementiOSManagedAppProtectionApp +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $Synchronization, + $InputObject, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $RequestSignatureVerification, + $HttpPipelinePrepend, [Parameter()] [System.String] - $LogoInputFile, + $IosManagedAppProtectionId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $ApplicationId, + $CountVariable, [Parameter()] - [PSObject] - $AppRoles, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $ExtensionProperties, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $CreatedOnBehalfOf, + [System.String] + $Search, [Parameter()] [System.String] - $ServiceManagementReference, + $ManagedMobileAppId, [Parameter()] - [PSObject] - $KeyCredentials, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $Certification, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AddIns, + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $Info, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $AppId, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgServicePrincipal -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $ServicePrincipalNames, + [System.Int32] + $Top, [Parameter()] - [System.String[]] - $AlternativeNames, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $MdmWindowsInformationProtectionPolicyId, [Parameter()] - [System.String] - $AppDescription, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HomeRealmDiscoveryPolicies, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $Oauth2PermissionScopes, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $Synchronization, + [System.String] + $Filter, [Parameter()] - [PSObject] - $AppRoleAssignments, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $ServicePrincipalId, + $Search, [Parameter()] - [System.String] - $ApplicationTemplateId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $SignInAudience, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $VerifiedPublisher, - + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $NotificationEmailAddresses, + $Property, [Parameter()] [PSObject] - $ClaimsMappingPolicies, + $InputObject, [Parameter()] - [System.String] - $TokenEncryptionKeyId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Description, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $TokenIssuancePolicies, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $PreferredTokenSigningKeyThumbprint, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $AppDisplayName, + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $AppRoleAssignedTo, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Homepage, + $TargetedManagedAppConfigurationId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $ServicePrincipalType, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, + $Search, [Parameter()] - [PSObject] - $SamlSingleSignOnSettings, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String[]] - $Tags, + $ExpandProperty, [Parameter()] [PSObject] - $HttpPipelineAppend, - + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceAppManagementTargetedManagedAppConfigurationAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] - $OwnedObjects, + $InputObject, [Parameter()] - [PSObject] - $FederatedIdentityCredentials, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $LoginUrl, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $TokenLifetimePolicies, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AppManagementPolicies, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $CreatedObjects, + [System.Int32] + $Top, [Parameter()] [System.String] - $DisabledByMicrosoftStatus, + $TargetedManagedAppPolicyAssignmentId, [Parameter()] - [PSObject] - $DelegatedPermissionClassifications, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $PasswordCredentials, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $MemberOf, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Notes, + $TargetedManagedAppConfigurationId, [Parameter()] - [PSObject] - $Endpoints, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $AppOwnerOrganizationId, + $Search, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $TransitiveMemberOf, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AppRoles, + $HttpPipelineAppend + ) +} +function Invoke-MgBetaTargetDeviceAppManagementTargetedManagedAppConfigurationApp +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [System.String[]] - $ReplyUrls, + [PSObject] + $AppGroupType, [Parameter()] [System.Management.Automation.SwitchParameter] - $AppRoleAssignmentRequired, - - [Parameter()] - [PSObject] - $KeyCredentials, + $PassThru, [Parameter()] [PSObject] - $Oauth2PermissionGrants, + $Apps, [Parameter()] [PSObject] - $ResourceSpecificApplicationPermissions, + $InputObject, [Parameter()] - [PSObject] - $AddIns, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $Info, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $AccountEnabled, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $PreferredSingleSignOnMode, + $TargetedManagedAppConfigurationId, [Parameter()] - [PSObject] - $Owners, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break + ) +} +function New-MgBetaDeviceAppManagementAndroidManagedAppProtection +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $BodyParameter, + $AppActionIfDevicePasscodeComplexityLessThanHigh, + + [Parameter()] + [PSObject] + $MaximumAllowedDeviceThreatLevel, [Parameter()] [System.String] - $AppId, + $CustomBrowserDisplayName, [Parameter()] [System.String] - $LogoutUrl, + $MinimumRequiredPatchVersion, + + [Parameter()] + [PSObject] + $AppActionIfAndroidDeviceModelNotAllowed, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -#endregion -#region Microsoft.Graph.Authentication -function Connect-MgGraph -{ - [CmdletBinding()] - param( + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + [Parameter()] - [System.String] - $TenantId, + [PSObject] + $MobileThreatDefensePartnerPriority, [Parameter()] - [System.Security.Cryptography.X509Certificates.X509Certificate2] - $Certificate, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String[]] - $Scopes, + $AllowedAndroidDeviceModels, + + [Parameter()] + [PSObject] + $ManagedBrowser, [Parameter()] [System.String] - $ClientId, + $Description, [Parameter()] - [System.Security.SecureString] - $AccessToken, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnvironmentVariable, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [System.String] - $CertificateSubjectName, + $MaximumWarningOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ClientSecretCredential, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Identity, + [System.String] + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $UseDeviceCode, + $RequireClass3Biometrics, [Parameter()] - [System.Double] - $ClientTimeout, + [System.String] + $MinimumWarningPatchVersion, [Parameter()] - [System.String] - $CertificateThumbprint, + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $SaveAsBlocked, [Parameter()] [System.String] - $Environment, + $CustomDialerAppDisplayName, [Parameter()] [PSObject] - $ContextScope - ) -} -function Get-MgContext -{ - [CmdletBinding()] - param( + $AllowedDataIngestionLocations, - ) -} -function Invoke-MgGraphRequest -{ - [CmdletBinding()] - param( [Parameter()] - [System.String] - $InputFilePath, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $StatusCodeVariable, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $OutputType, + $NotificationRestriction, + + [Parameter()] + [System.String] + $CustomBrowserPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] - $SkipHttpErrorCheck, + $BiometricAuthenticationBlocked, [Parameter()] - [System.String] - $UserAgent, + [PSObject] + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] [System.String] - $ContentType, + $Id, [Parameter()] - [System.Uri] - $Uri, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [PSObject] - $GraphRequestSession, + $ApprovedKeyboards, [Parameter()] [System.Management.Automation.SwitchParameter] - $InferOutputFileName, + $DeviceComplianceRequired, [Parameter()] - [System.String] - $OutputFilePath, + [PSObject] + $AppGroupType, [Parameter()] - [PSObject] - $Method, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Object] - $Body, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $SkipHeaderValidation, + $RequirePinAfterBiometricChange, [Parameter()] [System.String] - $ResponseHeadersVariable, + $MaximumRequiredOSVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MinimumWipePatchVersion, [Parameter()] [System.String] - $SessionVariable, + $MinimumWarningAppVersion, - [Parameter()] - [System.Collections.IDictionary] - $Headers - ) -} -#endregion -#region Microsoft.Graph.Beta.DeviceManagement -function Get-MgBetaDeviceManagement -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RequiredAndroidSafetyNetAppsVerificationType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $MinimumWipeCompanyPortalVersion, [Parameter()] - [System.String[]] - $Property, + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AppActionIfAndroidDeviceManufacturerNotAllowed, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Get-MgBetaDeviceManagementAssignmentFilter -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.String] + $MinimumWipeAppVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $OrganizationalCredentialsRequired, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $CustomDialerAppPackageId, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, + $AllowedDataStorageLocations, [Parameter()] [System.Int32] - $Top, + $BlockAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [System.String] - $CountVariable, + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $DialerRestrictionLevel, [Parameter()] - [System.String] - $DeviceAndAppManagementAssignmentFilterId, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] [System.String] - $Filter, + $Version, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] [System.String] - $Search, + $MinimumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $DataBackupBlocked, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementConfigurationPolicy -{ - [CmdletBinding()] - param( + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $Assignments, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $KeyboardsRestricted, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $DeploymentSummary, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Apps, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ScreenCaptureBlocked, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $PinCharacterSet, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MaximumWipeOSVersion, [Parameter()] - [System.String[]] - $Sort, + [System.Int32] + $MinimumPinLength, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $SimplePinBlocked, [Parameter()] [System.String] - $Filter, + $MinimumWarningOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $EncryptAppData, + + [Parameter()] + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ConnectToVpnOnLaunch, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyId, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementConfigurationPolicyAssignment -{ - [CmdletBinding()] - param( + $AppActionIfAccountIsClockedOut, + [Parameter()] - [System.String[]] - $Property, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDevicePasscodeComplexityLessThanLow, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String[]] - $ExpandProperty, + $RoleScopeTagIds, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.Int32] - $PageSize, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $AppActionIfDeviceLockNotSet, [Parameter()] - [System.Int32] - $Top, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $FingerprintAndBiometricEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PrintBlocked, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyAssignmentId, + [PSObject] + $ExemptedAppPackages, [Parameter()] [PSObject] - $HttpPipelineAppend + $TargetedAppManagementLevels ) } -function Get-MgBetaDeviceManagementConfigurationPolicySetting +function New-MgBetaDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $ExemptedUniversalLinks, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MaximumAllowedDeviceThreatLevel, [Parameter()] [System.String] - $DeviceManagementConfigurationSettingId, - - [Parameter()] - [System.Int32] - $PageSize, + $MinimumWipeSdkVersion, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppDataEncryptionType, [Parameter()] - [System.Int32] - $Skip, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $MobileThreatDefensePartnerPriority, [Parameter()] - [System.String] - $CountVariable, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ThirdPartyKeyboardsBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $ManagedBrowser, [Parameter()] [System.String] - $Filter, + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [System.String] - $Search, + $MaximumWarningOSVersion, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyId, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementConfigurationPolicyTemplate -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $PrintBlocked, + [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $InputObject, + $AllowedDataIngestionLocations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] [System.Int32] - $PageSize, + $DeployedAppCount, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $NotificationRestriction, [Parameter()] - [System.Int32] - $Skip, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, + $MinimumWarningSdkVersion, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DeviceComplianceRequired, [Parameter()] - [System.String] - $Filter, + [PSObject] + $AppGroupType, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] - [System.String] - $Search, + [PSObject] + $AppActionIfUnableToAuthenticateUser, [Parameter()] [System.String] - $DeviceManagementConfigurationPolicyTemplateId, + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $DeviceManagementConfigurationSettingTemplateId, - - [Parameter()] - [System.String[]] - $Property, + $MaximumRequiredOSVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedIosDeviceModels, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $ContactSyncBlocked, [Parameter()] [System.Int32] - $PageSize, + $MaximumPinRetries, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, + $MinimumWipeAppVersion, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $OrganizationalCredentialsRequired, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AllowedDataStorageLocations, [Parameter()] [System.String] - $Filter, + $DisplayName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $FaceIdBlocked, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyTemplateId, + [System.Management.Automation.SwitchParameter] + $ProtectInboundDataFromUnknownSources, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsAssigned, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $DialerRestrictionLevel, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementDeviceCategory -{ - [CmdletBinding()] - param( + [System.String] + $MinimumWarningAppVersion, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $Version, [Parameter()] [System.String] - $DeviceCategoryId, + $MinimumWipeOSVersion, [Parameter()] [PSObject] - $InputObject, + $Apps, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $DeploymentSummary, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $SimplePinBlocked, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $PinCharacterSet, [Parameter()] [System.String] - $Search, + $MaximumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $DisableProtectionOfManagedOutboundOpenInData, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $MinimumPinLength, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementDeviceCompliancePolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.String] + $MinimumWarningOSVersion, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $ExemptedAppProtocols, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Assignments, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AppActionIfIosDeviceModelNotAllowed, [Parameter()] [System.String] - $CountVariable, + $CustomDialerAppProtocol, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.String] - $Filter, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $CustomBrowserProtocol, [Parameter()] - [System.String] - $Search, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String] - $DeviceCompliancePolicyId + $MinimumRequiredSdkVersion, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks ) } -function Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment +function New-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $EnterpriseProxiedDomains, [Parameter()] - [System.Int32] - $PageSize, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, + $Assignments, [Parameter()] - [System.Int32] - $Top, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $CountVariable, + $DisplayName, [Parameter()] - [System.String] - $DeviceCompliancePolicyAssignmentId, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $EnterpriseProxyServersAreAuthoritative, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $SmbAutoEncryptedFileExtensions, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProtectionUnderLockConfigRequired, [Parameter()] - [System.String] - $Filter, + [PSObject] + $EnforcementLevel, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $EnterpriseDomain, [Parameter()] - [System.String] - $Search, + [PSObject] + $EnterpriseInternalProxyServers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $EnterpriseNetworkDomainNames, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] [System.String] - $DeviceCompliancePolicyId - ) -} -function Get-MgBetaDeviceManagementDeviceConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + $Version, [Parameter()] [PSObject] - $InputObject, + $EnterpriseProxyServers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $RightsManagementServicesTemplateId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $ExemptAppLockerFiles, [Parameter()] - [System.String] - $DeviceConfigurationId, + [PSObject] + $DataRecoveryCertificate, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $ExemptApps, [Parameter()] - [System.Int32] - $Top, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [System.String] - $CountVariable, + $Id, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $EnterpriseProtectedDomainNames, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $NeutralDomainResources, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $AzureRightsManagementServicesAllowed, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $EnterpriseIPRangesAreAuthoritative, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IconsVisible, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $ProtectedAppLockerFiles, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementDeviceConfigurationAssignment -{ - [CmdletBinding()] - param( + $ProtectedApps, + [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $RevokeOnUnenrollDisabled, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $EnterpriseIPRanges, [Parameter()] - [System.String] - $DeviceConfigurationId, - + [System.Management.Automation.SwitchParameter] + $IndexingEncryptedStoresOrItemsBlocked + ) +} +function New-MgBetaDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( [Parameter()] [System.Int32] - $Skip, + $DeployedAppCount, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] - [System.String] - $CountVariable, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $Assignments, [Parameter()] - [System.String[]] - $Sort, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $DeviceConfigurationAssignmentId, + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $Settings, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Search, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementGroupPolicyConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + $IsAssigned, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $Version, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, + $DeploymentSummary, [Parameter()] - [System.Int32] - $Top, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $AppGroupType, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $CustomSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $Id, [Parameter()] - [System.String] - $Search, + [PSObject] + $Apps, [Parameter()] - [System.String] - $GroupPolicyConfigurationId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment +function Remove-MgBetaDeviceAppManagementAndroidManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, [Parameter()] [System.String] - $GroupPolicyConfigurationAssignmentId, + $IfMatch, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [System.String[]] - $Sort, - [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $PassThru, [Parameter()] [System.String] - $Filter, + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] [System.String] - $Search, + $IosManagedAppProtectionId, [Parameter()] - [System.String] - $GroupPolicyConfigurationId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValue +function Remove-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $PageSize, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $GroupPolicyDefinitionValueId, - - [Parameter()] - [System.Int32] - $Skip, + $IfMatch, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $MdmWindowsInformationProtectionPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Filter, + $TargetedManagedAppConfigurationId, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $GroupPolicyConfigurationId, + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +function Set-MgBetaDeviceAppManagementTargetedManagedAppConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $BodyParameter, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $GroupPolicyDefinitionValueId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $Assignments, [Parameter()] [PSObject] @@ -16998,360 +24071,405 @@ function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValueDefini [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $GroupPolicyConfigurationId, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Property, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +function Update-MgBetaDeviceAppManagement { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.DateTime] + $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, [Parameter()] [PSObject] - $InputObject, + $TargetedManagedAppConfigurations, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $PolicySets, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $ManagedEBooks, [Parameter()] - [System.String] - $GroupPolicyDefinitionValueId, + [PSObject] + $MobileApps, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $EnterpriseCodeSigningCertificates, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $ManagedAppPolicies, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DeviceAppManagementTasks, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $ManagedAppStatuses, [Parameter()] - [System.String[]] - $Sort, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $WindowsManagementApp, [Parameter()] - [System.String] - $Search, + [PSObject] + $ManagedAppRegistrations, [Parameter()] - [System.String] - $GroupPolicyConfigurationId, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $WindowsManagedAppProtections, [Parameter()] - [System.String] - $GroupPolicyPresentationValueId, + [PSObject] + $DefaultManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsEnabledForMicrosoftStoreForBusiness, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementIntent -{ - [CmdletBinding()] - param( + $WindowsInformationProtectionWipeActions, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $MicrosoftStoreForBusinessLanguage, [Parameter()] [PSObject] - $InputObject, + $ManagedEBookCategories, [Parameter()] - [System.String] - $DeviceManagementIntentId, + [System.DateTime] + $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $SymantecCodeSigningCertificate, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $IosManagedAppProtections, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $IosLobAppProvisioningConfigurations, [Parameter()] - [System.Int32] - $Top, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $CountVariable, + $Id, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $MobileAppCategories, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $WindowsInformationProtectionDeviceRegistrations, [Parameter()] - [System.String] - $Filter, + [PSObject] + $VppTokens, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $WindowsInformationProtectionPolicies, [Parameter()] - [System.String] - $Search, + [PSObject] + $MicrosoftStoreForBusinessPortalSelection, + + [Parameter()] + [PSObject] + $AndroidManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $MdmWindowsInformationProtectionPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MobileAppConfigurations, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [PSObject] + $WdacSupplementalPolicies ) } -function Get-MgBetaDeviceManagementIntentAssignment +function Update-MgBetaDeviceAppManagementAndroidManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDevicePasscodeComplexityLessThanHigh, [Parameter()] [System.String] - $DeviceManagementIntentAssignmentId, + $AndroidManagedAppProtectionId, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $KeyboardsRestricted, [Parameter()] [System.String] - $CountVariable, + $CustomBrowserDisplayName, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $MinimumRequiredPatchVersion, [Parameter()] - [System.String] - $DeviceManagementIntentId, + [PSObject] + $AppActionIfAndroidDeviceModelNotAllowed, [Parameter()] - [System.Int32] - $Top, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + + [Parameter()] + [PSObject] + $MobileThreatDefensePartnerPriority, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String[]] - $Sort, + $AllowedAndroidDeviceModels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $ManagedBrowser, + + [Parameter()] + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, + + [Parameter()] + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [System.String] - $Filter, + $MaximumWarningOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] [System.String] - $Search, + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $RequireClass3Biometrics, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $MinimumWarningPatchVersion, + + [Parameter()] + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $SaveAsBlocked, + + [Parameter()] + [System.String] + $CustomDialerAppDisplayName, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementIntentSetting -{ - [CmdletBinding()] - param( + $AllowedDataIngestionLocations, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Int32] + $DeployedAppCount, + + [Parameter()] + [PSObject] + $NotificationRestriction, + [Parameter()] [System.String] - $DeviceManagementSettingInstanceId, + $CustomBrowserPackageId, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $BiometricAuthenticationBlocked, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] [System.String] - $DeviceManagementIntentId, + $Id, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DeviceComplianceRequired, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppGroupType, [Parameter()] - [System.Int32] - $Skip, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AppActionIfUnableToAuthenticateUser, [Parameter()] [System.String] - $CountVariable, + $MinimumRequiredOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $RequirePinAfterBiometricChange, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $MaximumRequiredOSVersion, [Parameter()] [System.String] - $Filter, + $MinimumWipePatchVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] [System.String] - $Search, + $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $RequiredAndroidSafetyNetAppsVerificationType, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MinimumWipeCompanyPortalVersion, + + [Parameter()] + [System.String] + $Version, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementTemplate -{ - [CmdletBinding()] - param( + $AllowedOutboundDataTransferDestinations, + [Parameter()] - [System.String[]] - $Property, + [PSObject] + $AppActionIfAndroidDeviceManufacturerNotAllowed, + + [Parameter()] + [System.String] + $MinimumWipeAppVersion, + + [Parameter()] + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [PSObject] @@ -17359,557 +24477,572 @@ function Get-MgBetaDeviceManagementTemplate [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $OrganizationalCredentialsRequired, + + [Parameter()] + [System.String] + $CustomDialerAppPackageId, + + [Parameter()] + [PSObject] + $AllowedDataStorageLocations, + + [Parameter()] + [System.Int32] + $BlockAfterCompanyPortalUpdateDeferralInDays, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] - [System.String] - $DeviceManagementTemplateId, + [PSObject] + $DialerRestrictionLevel, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $MinimumWarningAppVersion, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] [System.Int32] - $Skip, + $MaximumPinRetries, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] [System.String] - $CountVariable, + $MinimumWipeOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $ApprovedKeyboards, [Parameter()] - [System.String[]] - $Sort, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] [System.String] - $Filter, + $MinimumRequiredAppVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Search, + [PSObject] + $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $DeploymentSummary, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementTemplateCategory -{ - [CmdletBinding()] - param( + $Apps, + [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $ScreenCaptureBlocked, [Parameter()] [PSObject] - $InputObject, + $PinCharacterSet, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.String] - $DeviceManagementTemplateSettingCategoryId, + $ManagedBrowserToOpenLinksRequired, [Parameter()] [System.String] - $DeviceManagementTemplateId, + $MaximumWipeOSVersion, [Parameter()] [System.Int32] - $PageSize, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $MinimumPinLength, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.Int32] - $Top, + [System.String] + $MinimumWarningOSVersion, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $EncryptAppData, [Parameter()] - [System.String[]] - $Sort, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ConnectToVpnOnLaunch, [Parameter()] - [System.String] - $Filter, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $AppActionIfAccountIsClockedOut, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceManagementTemplateCategoryRecommendedSetting -{ - [CmdletBinding()] - param( + $AppActionIfDevicePasscodeComplexityLessThanLow, + [Parameter()] - [System.String] - $DeviceManagementSettingInstanceId, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $DeviceManagementTemplateSettingCategoryId, + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.String] - $DeviceManagementTemplateId, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfDeviceLockNotSet, [Parameter()] - [System.Int32] - $Skip, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $FingerprintAndBiometricEnabled, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Filter, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PrintBlocked, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $ExemptedAppPackages, [Parameter()] [PSObject] - $HttpPipelineAppend + $TargetedAppManagementLevels ) } -function New-MgBetaDeviceManagementAssignmentFilter +function Update-MgBetaDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $Payloads, + [System.String[]] + $ExemptedUniversalLinks, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $MinimumWipeSdkVersion, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $AppDataEncryptionType, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MobileThreatDefensePartnerPriority, [Parameter()] - [System.String[]] - $RoleScopeTags, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.String] - $Rule, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ThirdPartyKeyboardsBlocked, [Parameter()] [PSObject] - $AssignmentFilterManagementType, + $ManagedBrowser, [Parameter()] - [PSObject] - $Platform, + [System.String] + $Description, [Parameter()] - [System.Uri] - $Proxy, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, + + [Parameter()] + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [PSObject] - $BodyParameter, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.String] - $Id, + [System.Int32] + $MinimumPinLength, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PinRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaDeviceManagementConfigurationPolicy -{ - [CmdletBinding()] - param( + $AllowedDataIngestionLocations, + [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $Assignments, + $NotificationRestriction, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [PSObject] - $Settings, + [System.String] + $IosManagedAppProtectionId, [Parameter()] [System.String] - $Name, + $MinimumWarningSdkVersion, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] [PSObject] - $PriorityMetaData, + $AppGroupType, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $TemplateReference, - - [Parameter()] - [System.Int32] - $SettingCount, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] - [PSObject] - $Platforms, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [PSObject] - $Technologies, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MaximumRequiredOSVersion, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $AllowedIosDeviceModels, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.String] - $CreationSource, + [System.Int32] + $MaximumPinRetries, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $PrintBlocked, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $InputObject, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaDeviceManagementDeviceCategory -{ - [CmdletBinding()] - param( + $AllowedOutboundDataTransferDestinations, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, + [Parameter()] [System.String] - $Description, + $MinimumWipeAppVersion, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $OrganizationalCredentialsRequired, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedDataStorageLocations, [Parameter()] [System.String] $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $FaceIdBlocked, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProtectInboundDataFromUnknownSources, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $DialerRestrictionLevel, + + [Parameter()] + [System.String] + $MinimumWarningAppVersion, + + [Parameter()] + [System.String] + $Version, + + [Parameter()] + [System.String] + $MinimumWipeOSVersion, [Parameter()] [PSObject] - $HttpPipelineAppend, + $Apps, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MinimumRequiredSdkVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] [System.String] - $Id, + $MinimumRequiredAppVersion, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $BodyParameter - ) -} -function New-MgBetaDeviceManagementDeviceCompliancePolicy -{ - [CmdletBinding()] - param( + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, + [Parameter()] [PSObject] - $UserStatuses, + $DeploymentSummary, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $MaximumWipeOSVersion, [Parameter()] - [PSObject] - $Assignments, + [System.Management.Automation.SwitchParameter] + $DisableProtectionOfManagedOutboundOpenInData, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [System.String] - $DisplayName, + $MinimumWarningOSVersion, [Parameter()] [PSObject] - $DeviceStatusOverview, + $HttpPipelineAppend, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $ExemptedAppProtocols, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $Assignments, [Parameter()] [PSObject] - $UserStatusOverview, + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfIosDeviceModelNotAllowed, [Parameter()] - [System.Int32] - $Version, + [System.String] + $CustomDialerAppProtocol, [Parameter()] - [PSObject] - $DeviceStatuses, + [System.String] + $MaximumWarningOSVersion, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [PSObject] - $ScheduledActionsForRule, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [System.String] - $Id, + $CustomBrowserProtocol, [Parameter()] [PSObject] - $DeviceSettingStateSummaries, + $AllowedInboundDataTransferSources, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -17917,21 +25050,25 @@ function New-MgBetaDeviceManagementDeviceCompliancePolicy [Parameter()] [PSObject] - $HttpPipelineAppend + $PinCharacterSet, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks ) } -function New-MgBetaDeviceManagementDeviceConfiguration +function Update-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy { [CmdletBinding()] param( - [Parameter()] - [PSObject] - $UserStatuses, - [Parameter()] [System.String] $Description, + [Parameter()] + [PSObject] + $EnterpriseProxiedDomains, + [Parameter()] [System.DateTime] $LastModifiedDateTime, @@ -17950,194 +25087,201 @@ function New-MgBetaDeviceManagementDeviceConfiguration [Parameter()] [PSObject] - $DeviceStatuses, + $HttpPipelineAppend, [Parameter()] [PSObject] - $DeviceStatusOverview, + $SmbAutoEncryptedFileExtensions, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $EnterpriseProxyServersAreAuthoritative, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProtectionUnderLockConfigRequired, + [Parameter()] [PSObject] - $DeviceManagementApplicabilityRuleOSVersion, + $EnforcementLevel, + + [Parameter()] + [System.String] + $EnterpriseDomain, [Parameter()] [PSObject] - $UserStatusOverview, + $EnterpriseInternalProxyServers, [Parameter()] [PSObject] - $GroupAssignments, + $EnterpriseNetworkDomainNames, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] + [System.String] $Version, + [Parameter()] + [PSObject] + $EnterpriseProxyServers, + [Parameter()] [System.String[]] $RoleScopeTagIds, [Parameter()] - [PSObject] - $DeviceSettingStateSummaries, + [System.String] + $RightsManagementServicesTemplateId, [Parameter()] [PSObject] - $DeviceManagementApplicabilityRuleDeviceMode, + $InputObject, [Parameter()] [PSObject] - $DeviceManagementApplicabilityRuleOSEdition, - - [Parameter()] - [System.Uri] - $Proxy, + $ExemptAppLockerFiles, [Parameter()] [PSObject] - $BodyParameter, + $DataRecoveryCertificate, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $MdmWindowsInformationProtectionPolicyId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsAssigned, - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaDeviceManagementGroupPolicyConfiguration -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Description, + $Id, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $EnterpriseProtectedDomainNames, [Parameter()] [PSObject] - $Assignments, + $NeutralDomainResources, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $ExemptApps, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.SwitchParameter] + $AzureRightsManagementServicesAllowed, [Parameter()] [System.Collections.Hashtable] - $AdditionalProperties, + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $EnterpriseIPRangesAreAuthoritative, [Parameter()] - [PSObject] - $DefinitionValues, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $IconsVisible, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $ProtectedAppLockerFiles, [Parameter()] [PSObject] - $BodyParameter, + $ProtectedApps, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $RevokeOnUnenrollDisabled, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $PolicyConfigurationIngestionType, + $EnterpriseIPRanges, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $IndexingEncryptedStoresOrItemsBlocked ) } -function New-MgBetaDeviceManagementIntent +function Update-MgBetaDeviceAppManagementTargetedManagedAppConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [PSObject] + $DeploymentSummary, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMigratingToConfigurationPolicy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] $Assignments, + [Parameter()] + [System.DateTime] + $CreatedDateTime, + [Parameter()] [System.String] $DisplayName, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [PSObject] $Settings, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Management.Automation.SwitchParameter] $IsAssigned, @@ -18148,19 +25292,11 @@ function New-MgBetaDeviceManagementIntent [Parameter()] [System.String] - $TemplateId, - - [Parameter()] - [PSObject] - $DeviceSettingStateSummaries, - - [Parameter()] - [PSObject] - $DeviceStates, + $Version, [Parameter()] - [PSObject] - $Categories, + [System.Int32] + $DeployedAppCount, [Parameter()] [System.String[]] @@ -18168,12 +25304,16 @@ function New-MgBetaDeviceManagementIntent [Parameter()] [PSObject] - $DeviceStateSummary, + $AppGroupType, [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [PSObject] + $CustomSettings, + [Parameter()] [PSObject] $BodyParameter, @@ -18182,17 +25322,13 @@ function New-MgBetaDeviceManagementIntent [System.String] $Id, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [PSObject] - $UserStates, + $Apps, [Parameter()] - [PSObject] - $UserStateSummary, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] [System.Management.Automation.PSCredential] @@ -18211,720 +25347,815 @@ function New-MgBetaDeviceManagementIntent $HttpPipelineAppend ) } -function Remove-MgBetaDeviceManagementAssignmentFilter +#endregion +#region Microsoft.Graph.Beta.DeviceManagement.Administration +function Get-MgBetaDeviceManagementRoleScopeTag { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $RoleScopeTagId, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $Top, [Parameter()] [System.String] - $IfMatch, + $CountVariable, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $All, [Parameter()] [System.String] - $DeviceAndAppManagementAssignmentFilterId, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceManagementConfigurationPolicy +#endregion +#region Microsoft.Graph.Beta.DeviceManagement.Enrollment +function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyId, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $IfMatch, + $CountVariable, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $All, - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaDeviceManagementDeviceCategory -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $DeviceCategoryId, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Break, [Parameter()] - [System.String] - $IfMatch, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $InputObject, - + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementDeviceEnrollmentConfigurationAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelineAppend, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaDeviceManagementDeviceCompliancePolicy -{ - [CmdletBinding()] - param( + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $DeviceCompliancePolicyId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Search, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $EnrollmentConfigurationAssignmentId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceManagementDeviceConfiguration +function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Search, [Parameter()] [System.String] - $DeviceConfigurationId, + $WindowsAutopilotDeploymentProfileId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceManagementGroupPolicyConfiguration +function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $WindowsAutopilotDeploymentProfileAssignmentId, [Parameter()] - [System.String] - $IfMatch, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $GroupPolicyConfigurationId, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaDeviceManagementIntent -{ - [CmdletBinding()] - param( + [System.Int32] + $Skip, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DeviceManagementIntentId, + $Search, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagement +function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile { [CmdletBinding()] param( [Parameter()] - [PSObject] - $TermsAndConditions, + [System.String] + $WindowsFeatureUpdateProfileId, [Parameter()] - [PSObject] - $AndroidForWorkSettings, + [System.String[]] + $Property, [Parameter()] [PSObject] - $MicrosoftTunnelHealthThresholds, + $InputObject, [Parameter()] - [PSObject] - $RoleScopeTags, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ExchangeConnectors, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $TroubleshootingEvents, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $PrivilegeManagementElevations, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $IntuneBrandingProfiles, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $GroupPolicyObjectFiles, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $WindowsAutopilotDeploymentProfiles, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $ResourceOperations, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $ConfigManagerCollections, + [System.String] + $Filter, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthDevicePerformance, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $ZebraFotaConnector, + [System.String] + $Search, [Parameter()] - [PSObject] - $VirtualEndpoint, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $ConfigurationCategories, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $ManagedDeviceEncryptionStates, - + $HttpPipelineAppend + ) +} +function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfileAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $MicrosoftTunnelSites, + [System.String] + $WindowsFeatureUpdateProfileId, [Parameter()] - [PSObject] - $DeviceEnrollmentConfigurations, + [System.String[]] + $Property, [Parameter()] [PSObject] - $ExchangeOnPremisesPolicy, + $InputObject, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthAppImpact, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $WindowsInformationProtectionAppLearningSummaries, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $AndroidDeviceOwnerEnrollmentProfiles, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ReusableSettings, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $GroupPolicyMigrationReports, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $WindowsInformationProtectionNetworkLearningSummaries, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDeviceId, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $UserExperienceAnalyticsMetricHistory, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $ZebraFotaArtifacts, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $UserExperienceAnalyticsWorkFromAnywhereMetrics, + [System.String] + $Filter, [Parameter()] - [PSObject] - $EmbeddedSimActivationCodePools, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $UserExperienceAnalyticsModelScores, + [System.String] + $WindowsFeatureUpdateProfileAssignmentId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $Search, [Parameter()] - [PSObject] - $CompliancePolicies, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $MobileThreatDefenseConnectors, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $ImportedWindowsAutopilotDeviceIdentities, - + $HttpPipelineAppend + ) +} +function Get-MgBetaRoleManagement +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $DataProcessorServiceForWindowsFeaturesOnboarding, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $DeviceProtectionOverview, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceStartupHistory, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $DepOnboardingSettings, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $GroupPolicyDefinitionFiles, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $RoleAssignments, + [System.String[]] + $Property, [Parameter()] [PSObject] - $WindowsDriverUpdateProfiles, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $CartToClassAssociations, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgBetaDeviceManagementDeviceEnrollmentConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [PSObject] - $DeviceManagementScripts, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $SubscriptionState, + $Assignments, [Parameter()] - [PSObject] - $WindowsMalwareInformation, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $GroupPolicyDefinitions, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $DetectedApps, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $AdvancedThreatProtectionOnboardingStateSummary, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceScopes, + [System.Int32] + $Priority, [Parameter()] [PSObject] - $UserExperienceAnalyticsBaselines, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $UserExperienceAnalyticsScoreHistory, + [System.Int32] + $Version, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthApplicationPerformance, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.DateTime] - $AccountMoveCompletionDateTime, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $Reports, + $BodyParameter, [Parameter()] - [PSObject] - $ConfigurationPolicies, + [System.String] + $Id, [Parameter()] - [PSObject] - $AndroidManagedStoreAccountEnterpriseSettings, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $DeviceConfigurations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $RemoteAssistanceSettings, + $DeviceEnrollmentConfigurationType, [Parameter()] - [PSObject] - $CertificateConnectorDetails, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $AuditEvents, + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAnomaly, + [System.String] + $Description, [Parameter()] - [PSObject] - $GroupPolicyConfigurations, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $ConnectorStatus, + $Assignments, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthApplicationPerformanceByOSVersion, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthOverview, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $WindowsAutopilotSettings, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthDeviceAppImpact, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ConfigurationPolicyTemplates, + [System.String] + $ManagementServiceAppId, [Parameter()] [PSObject] - $DeviceShellScripts, + $EnrollmentStatusScreenSettings, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceMetricHistory, + [System.String] + $DeviceNameTemplate, [Parameter()] [PSObject] - $RemoteAssistancePartners, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ComplianceManagementPartners, + [System.Management.Automation.SwitchParameter] + $EnableWhiteGlove, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDevicesWithoutCloudIdentity, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $UserExperienceAnalyticsBatteryHealthCapacityDetails, + $BodyParameter, [Parameter()] - [PSObject] - $ManagedDeviceOverview, + [System.String] + $Id, [Parameter()] [PSObject] - $TemplateInsights, + $DeviceType, [Parameter()] - [PSObject] - $GroupPolicyUploadedDefinitionFiles, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $DeviceManagementPartners, + $AssignedDevices, [Parameter()] [PSObject] - $UserExperienceAnalyticsAnomalyDevice, + $OutOfBoxExperienceSettings, [Parameter()] - [PSObject] - $AndroidManagedStoreAppConfigurationSchemas, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $UserExperienceAnalyticsResourcePerformance, + [System.String] + $Language, [Parameter()] - [PSObject] - $MacOSSoftwareUpdateAccountSummaries, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $UserExperienceAnalyticsWorkFromAnywhereModelPerformance, + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementWindowsFeatureUpdateProfile +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $ComplianceCategories, + [System.String] + $Description, [Parameter()] - [PSObject] - $DeviceConfigurationConflictSummary, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $TelecomExpenseManagementPartners, + $Assignments, [Parameter()] - [PSObject] - $Templates, + [System.DateTime] + $CreatedDateTime, [Parameter()] [PSObject] - $MicrosoftTunnelConfigurations, + $RolloutSettings, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -18932,400 +26163,433 @@ function Update-MgBetaDeviceManagement [Parameter()] [PSObject] - $WindowsMalwareOverview, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ResourceAccessProfiles, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthDeviceRuntimeHistory, + [System.String] + $DeployableContentDisplayName, [Parameter()] - [PSObject] - $Intents, + [System.DateTime] + $EndOfSupportDate, [Parameter()] - [PSObject] - $WindowsFeatureUpdateProfiles, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $UserExperienceAnalyticsBatteryHealthRuntimeDetails, + $BodyParameter, [Parameter()] - [PSObject] - $ComplianceSettings, + [System.String] + $Id, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceScores, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $IntuneAccountId, + $FeatureUpdateVersion, [Parameter()] - [PSObject] - $ConditionalAccessSettings, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $IosUpdateStatuses, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $ZebraFotaDeployments, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $UserExperienceAnalyticsAnomalyCorrelationGroupOverview, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $UserExperienceAnalyticsImpactingProcess, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAnomalySeverityOverview, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $DerivedCredentials, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthModelPerformance, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $DeviceCompliancePolicies, + $InputObject, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $AndroidForWorkAppConfigurationSchemas, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AdminConsent, + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] - [PSObject] - $SettingDefinitions, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $UserExperienceAnalyticsSettings, + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] - $ManagedDevices, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AppleUserInitiatedEnrollmentProfiles, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $DeviceConfigurationDeviceStateSummaries, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $ServiceNowConnections, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $UserExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $ReusablePolicySettings, + $InputObject, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDetails, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $UserExperienceAnalyticsRemoteConnection, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ConfigurationSettings, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $UserExperienceAnalyticsDeviceScope, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementWindowsFeatureUpdateProfile +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [PSObject] - $Settings, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $UserExperienceAnalyticsCategories, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $DeviceConfigurationRestrictedAppsViolations, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceStartupProcesses, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $ExchangeOnPremisesPolicies, + $InputObject, [Parameter()] - [PSObject] - $MobileAppTroubleshootingEvents, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $RoleDefinitions, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $CloudPcConnectivityIssues, + [System.String] + $WindowsFeatureUpdateProfileId, [Parameter()] - [PSObject] - $ApplePushNotificationCertificate, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $DeviceCategories, - + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthApplicationPerformanceByAppVersion, + [System.String] + $Description, [Parameter()] - [PSObject] - $DeviceCompliancePolicySettingStateSummaries, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Collections.Hashtable] - $TenantAttachRbac, + [PSObject] + $Assignments, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $AndroidForWorkEnrollmentProfiles, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $ComanagementEligibleDevices, + $InputObject, [Parameter()] - [PSObject] - $NotificationMessageTemplates, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $IntuneBrand, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $UserExperienceAnalyticsOverview, + [System.Int32] + $Priority, [Parameter()] [PSObject] - $TemplateSettings, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $RemoteActionAudits, + [System.Int32] + $Version, [Parameter()] - [PSObject] - $WindowsUpdateCatalogItems, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthDevicePerformanceDetails, + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] - [PSObject] - $UserExperienceAnalyticsNotAutopilotReadyDevice, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $UserExperienceAnalyticsAppHealthOSVersionPerformance, + $BodyParameter, [Parameter()] - [PSObject] - $Monitoring, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [PSObject] - $DeviceHealthScripts, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AutopilotEvents, + $DeviceEnrollmentConfigurationType, [Parameter()] - [PSObject] - $GroupPolicyCategories, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $DeviceConfigurationUserStateSummaries, - + $HttpPipelineAppend + ) +} +function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $DeviceConfigurationsAllManagedDeviceCertificateStates, + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [PSObject] - $UserExperienceAnalyticsAppHealthDevicePerformance, + [System.String] + $Description, [Parameter()] - [PSObject] - $DeviceCustomAttributeShellScripts, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $UserExperienceAnalyticsAppHealthDeviceModelPerformance, + $Assignments, [Parameter()] - [PSObject] - $ImportedDeviceIdentities, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Int32] - $MaximumDepTokens, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $SoftwareUpdateStatusSummary, + $InputObject, [Parameter()] - [PSObject] - $WindowsQualityUpdateProfiles, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $AssignmentFilters, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $NdesConnectors, + [System.String] + $ManagementServiceAppId, [Parameter()] [PSObject] - $MicrosoftTunnelServerLogCollectionResponses, + $EnrollmentStatusScreenSettings, [Parameter()] - [PSObject] - $UserExperienceAnalyticsBatteryHealthOSPerformance, + [System.String] + $DeviceNameTemplate, [Parameter()] [PSObject] - $UserPfxCertificates, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $WindowsAutopilotDeviceIdentities, + [System.Management.Automation.SwitchParameter] + $EnableWhiteGlove, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceStartupProcessPerformance, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [PSObject] - $ChromeOSOnboardingSettings, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $DomainJoinConnectors, + $BodyParameter, [Parameter()] - [PSObject] - $Categories, + [System.String] + $Id, [Parameter()] [PSObject] - $ComanagedDevices, + $DeviceType, [Parameter()] - [PSObject] - $DeviceCompliancePolicyDeviceStateSummary, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AssignedDevices, [Parameter()] [PSObject] - $UserExperienceAnalyticsDevicePerformance, + $OutOfBoxExperienceSettings, [Parameter()] - [PSObject] - $DeviceComplianceScripts, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Subscriptions, + [System.String] + $Language, [Parameter()] - [PSObject] - $ManagedDeviceCleanupSettings, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] - [PSObject] - $UserExperienceAnalyticsDeviceTimelineEvent, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $DataSharingConsents + $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementAssignmentFilter +function Update-MgBetaDeviceManagementWindowsFeatureUpdateProfile { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $DisplayName, [Parameter()] - [PSObject] - $Payloads, + [System.String] + $Description, [Parameter()] [System.DateTime] $LastModifiedDateTime, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $Assignments, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $DisplayName, + $WindowsFeatureUpdateProfileId, + + [Parameter()] + [PSObject] + $RolloutSettings, [Parameter()] [PSObject] @@ -19339,25 +26603,17 @@ function Update-MgBetaDeviceManagementAssignmentFilter [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String[]] - $RoleScopeTags, - - [Parameter()] - [System.String] - $Rule, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AssignmentFilterManagementType, + [System.String] + $DeployableContentDisplayName, [Parameter()] - [PSObject] - $Platform, + [System.DateTime] + $EndOfSupportDate, [Parameter()] [System.Uri] @@ -19377,7 +26633,7 @@ function Update-MgBetaDeviceManagementAssignmentFilter [Parameter()] [System.String] - $DeviceAndAppManagementAssignmentFilterId, + $FeatureUpdateVersion, [Parameter()] [System.Management.Automation.PSCredential] @@ -19387,232 +26643,296 @@ function Update-MgBetaDeviceManagementAssignmentFilter [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.DateTime] + $CreatedDateTime, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementConfigurationPolicy +function Update-MgBetaRoleManagement { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Assignments, + $CloudPc, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $Settings, + $EnterpriseApps, [Parameter()] - [System.String] - $Name, + [PSObject] + $EntitlementManagement, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Exchange, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $TemplateReference, + $Directory, [Parameter()] - [System.Int32] - $SettingCount, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] + [PSObject] + $DeviceManagement + ) +} +#endregion +#region Microsoft.Graph.Beta.Identity.DirectoryManagement +function Get-MgBetaDevice +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $RoleScopeTagIds, + $Property, [Parameter()] [PSObject] - $Technologies, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $DeviceId, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Platforms, + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $Id, + $CountVariable, [Parameter()] - [PSObject] - $PriorityMetaData, + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, [Parameter()] [System.String] - $CreationSource, + $ConsistencyLevel, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, + + [Parameter()] + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String] - $DeviceManagementConfigurationPolicyId, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementDeviceCategory +function Get-MgBetaDirectory { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DeviceCategoryId, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $ExpandProperty, [Parameter()] [System.String[]] - $RoleScopeTagIds, + $Property, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaDirectoryAdministrativeUnit +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $AdministrativeUnitId, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Property, [Parameter()] - [System.String] - $Id, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgBetaDeviceManagementDeviceCompliancePolicy -{ - [CmdletBinding()] - param( + [System.Int32] + $Skip, + [Parameter()] - [PSObject] - $UserStatuses, + [System.Int32] + $Top, [Parameter()] [System.String] - $Description, + $CountVariable, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Assignments, + [System.String[]] + $Sort, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $DisplayName, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DeviceCompliancePolicyId, + $Search, [Parameter()] - [PSObject] - $DeviceStatusOverview, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend + ) +} +function Get-MgBetaDirectoryAdministrativeUnitMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $AdministrativeUnitId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $UserStatusOverview, + [System.Int32] + $PageSize, [Parameter()] [PSObject] @@ -19620,233 +26940,262 @@ function Update-MgBetaDeviceManagementDeviceCompliancePolicy [Parameter()] [System.Int32] - $Version, - - [Parameter()] - [PSObject] - $DeviceStatuses, + $Skip, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $ScheduledActionsForRule, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, + $ConsistencyLevel, [Parameter()] - [PSObject] - $DeviceSettingStateSummaries, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementDeviceConfiguration +function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember { [CmdletBinding()] param( + [Parameter()] + [System.String] + $AdministrativeUnitId, + + [Parameter()] + [System.String[]] + $Property, + [Parameter()] [PSObject] - $UserStatuses, + $InputObject, [Parameter()] [System.String] - $Description, + $ScopedRoleMembershipId, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Assignments, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $DisplayName, + $CountVariable, [Parameter()] - [PSObject] - $DeviceStatuses, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $DeviceStatusOverview, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [PSObject] - $DeviceManagementApplicabilityRuleOSVersion, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $UserStatusOverview, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $GroupAssignments, + $HttpPipelineAppend + ) +} +function Get-MgBetaDirectoryRole +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] - $Version, + $PageSize, [Parameter()] [PSObject] - $DeviceSettingStateSummaries, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DeviceConfigurationId, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $DeviceManagementApplicabilityRuleOSEdition, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $DeviceManagementApplicabilityRuleDeviceMode, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $Search, + + [Parameter()] + [System.String] + $DirectoryRoleId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementGroupPolicyConfiguration +function Get-MgBetaDirectoryRoleTemplate { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [PSObject] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $DefinitionValues, + [System.String] + $CountVariable, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Skip, + + [Parameter()] + [System.String] + $DirectoryRoleTemplateId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] @@ -19854,202 +27203,172 @@ function Update-MgBetaDeviceManagementGroupPolicyConfiguration [Parameter()] [System.String] - $GroupPolicyConfigurationId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $PolicyConfigurationIngestionType, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementIntent +function Get-MgBetaDirectorySetting { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMigratingToConfigurationPolicy, - - [Parameter()] - [PSObject] - $Assignments, - - [Parameter()] - [System.String] - $DisplayName, + $DirectorySettingId, [Parameter()] - [PSObject] - $Settings, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.String] - $TemplateId, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $DeviceSettingStateSummaries, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $DeviceStates, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $Categories, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceManagementIntentId, + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $UserStates, - - [Parameter()] - [PSObject] - $UserStateSummary, + $All, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Search, [Parameter()] - [PSObject] - $DeviceStateSummary, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementIntentSetting +function Get-MgBetaOrganization { [CmdletBinding()] param( [Parameter()] - [System.String] - $DeviceManagementSettingInstanceId, + [System.String[]] + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $ValueJson, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceManagementIntentId, + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] [System.String] - $DefinitionId, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String] + $OrganizationId, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Beta.Devices.CorporateManagement -function Get-MgBetaDeviceAppManagement +function Get-MgBetaOrganizationSetting { [CmdletBinding()] param( @@ -20065,6 +27384,18 @@ function Get-MgBetaDeviceAppManagement [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $OrganizationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -20077,66 +27408,67 @@ function Get-MgBetaDeviceAppManagement [System.String[]] $Property, - [Parameter()] - [PSObject] - $HttpPipelineAppend, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaDeviceAppManagementAndroidManagedAppProtection +function Get-MgBetaOrganizationSettingItemInsight { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $OrganizationId, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $InputObject, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $ExpandProperty, [Parameter()] [System.String[]] - $Sort, + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break + ) +} +function Get-MgBetaOrganizationSettingPersonInsight +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Filter, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] @@ -20144,26 +27476,34 @@ function Get-MgBetaDeviceAppManagementAndroidManagedAppProtection [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $OrganizationId, [Parameter()] - [System.String] - $Search, + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] [System.String[]] $ExpandProperty, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaDeviceAppManagementiOSManagedAppProtection +function Get-MgBetaSubscribedSku { [CmdletBinding()] param( @@ -20175,365 +27515,335 @@ function Get-MgBetaDeviceAppManagementiOSManagedAppProtection [PSObject] $InputObject, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $IosManagedAppProtectionId, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + $PageSize, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $SubscribedSkuId, [Parameter()] [System.String] - $Search, + $CountVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $All, [Parameter()] [System.String[]] - $ExpandProperty, + $Sort, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String] + $Search ) } -function Get-MgBetaDeviceAppManagementiOSManagedAppProtectionApp +function New-MgBetaDevice { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $RegistrationDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Status, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $UsageRights, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $DeviceMetadata, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $TrustType, [Parameter()] [System.Int32] - $Skip, + $DeviceVersion, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $Extensions, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $AlternativeSecurityIds, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $Commands, + + [Parameter()] + [System.String] + $OnPremisesSecurityIdentifier, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $OperatingSystemVersion, [Parameter()] [System.String] - $Filter, + $Id, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $OnPremisesLastSyncDateTime, [Parameter()] [System.String] - $Search, + $DisplayName, [Parameter()] [System.String] - $ManagedMobileAppId, + $DeviceId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsCompliant, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $EnrollmentType, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.String] + $ProfileType, [Parameter()] [PSObject] - $InputObject, + $ExtensionAttributes, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $OnPremisesSyncEnabled, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $MemberOf, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Hostnames, [Parameter()] - [System.Int32] - $Skip, + [System.String[]] + $PhysicalIds, [Parameter()] - [System.Int32] - $Top, + [System.DateTime] + $ComplianceExpirationDateTime, [Parameter()] - [System.String] - $CountVariable, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.String] - $MdmWindowsInformationProtectionPolicyId, + $DeviceCategory, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $DomainName, [Parameter()] - [System.String[]] - $Sort, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $IsManagementRestricted, [Parameter()] - [System.String] - $Filter, + [PSObject] + $TransitiveMemberOf, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Model, [Parameter()] - [System.String] - $Search, + [System.String[]] + $SystemLabels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $RegisteredOwners, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( + $RegisteredUsers, + [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $OperatingSystem, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $Manufacturer, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $DeviceOwnership, [Parameter()] - [System.Int32] - $Skip, + [System.DateTime] + $ApproximateLastSignInDateTime, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsManaged, [Parameter()] [System.String] - $CountVariable, + $Name, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Platform, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $EnrollmentProfileName, [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $MdmAppId, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Filter, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsRooted, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AccountEnabled, [Parameter()] [System.String] - $Search, + $ManagementType, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String] + $Kind ) } -function Get-MgBetaDeviceAppManagementTargetedManagedAppConfigurationAssignment +function New-MgBetaDirectoryAdministrativeUnit { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsMemberManagementRestricted, [Parameter()] - [System.String] - $TargetedManagedAppPolicyAssignmentId, + [PSObject] + $ScopedRoleMembers, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $Members, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $Extensions, [Parameter()] [System.Management.Automation.PSCredential] @@ -20541,28 +27851,32 @@ function Get-MgBetaDeviceAppManagementTargetedManagedAppConfigurationAssignment [Parameter()] [System.String] - $Search, + $Visibility, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Invoke-MgBetaTargetDeviceAppManagementTargetedManagedAppConfigurationApp +function New-MgBetaDirectoryAdministrativeUnitMember { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Id, [Parameter()] [PSObject] @@ -20577,16 +27891,12 @@ function Invoke-MgBetaTargetDeviceAppManagementTargetedManagedAppConfigurationAp $Proxy, [Parameter()] - [PSObject] - $AppGroupType, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Apps, + [System.String] + $AdministrativeUnitId, [Parameter()] [PSObject] @@ -20604,10 +27914,6 @@ function Invoke-MgBetaTargetDeviceAppManagementTargetedManagedAppConfigurationAp [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -20617,129 +27923,102 @@ function Invoke-MgBetaTargetDeviceAppManagementTargetedManagedAppConfigurationAp $Break ) } -function New-MgBetaDeviceAppManagementAndroidManagedAppProtection +function New-MgBetaDirectoryAdministrativeUnitMemberByRef { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, - - [Parameter()] - [System.String] - $CustomBrowserDisplayName, - - [Parameter()] - [System.String] - $MinimumRequiredPatchVersion, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + $BodyParameter, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, - - [Parameter()] - [PSObject] - $MobileThreatDefensePartnerPriority, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, + $PassThru, [Parameter()] - [System.String[]] - $AllowedAndroidDeviceModels, + [System.String] + $AdministrativeUnitId, [Parameter()] [PSObject] - $ManagedBrowser, + $InputObject, [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + $OdataId, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $MaximumWarningOSVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Confirm, [Parameter()] - [System.String] - $MinimumWarningCompanyPortalVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, - + $Break + ) +} +function New-MgBetaDirectoryAdministrativeUnitScopedRoleMember +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $MinimumWarningPatchVersion, + $AdministrativeUnitId, [Parameter()] - [PSObject] - $AppActionIfDeviceComplianceRequired, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, - - [Parameter()] - [System.String] - $CustomDialerAppDisplayName, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AdministrativeUnitId1, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.String] + $RoleId, [Parameter()] [PSObject] - $NotificationRestriction, - - [Parameter()] - [System.String] - $CustomBrowserPackageId, + $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + $BodyParameter, [Parameter()] [System.String] @@ -20747,147 +28026,101 @@ function New-MgBetaDeviceAppManagementAndroidManagedAppProtection [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, - - [Parameter()] - [PSObject] - $ApprovedKeyboards, + $RoleMemberInfo, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $Confirm, [Parameter()] - [PSObject] - $AppGroupType, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, - - [Parameter()] - [System.String] - $MinimumRequiredOSVersion, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, - + $HttpPipelineAppend + ) +} +function New-MgBetaDirectoryRole +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $Description, [Parameter()] [System.String] - $MinimumWipePatchVersion, + $RoleTemplateId, [Parameter()] [System.String] - $MinimumWarningAppVersion, - - [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, + $DisplayName, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, - - [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $ScopedMembers, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, - - [Parameter()] - [System.String] - $MinimumWipeAppVersion, - - [Parameter()] - [System.String] - $AllowedAndroidDeviceManufacturers, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + $Members, [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AllowedDataStorageLocations, - - [Parameter()] - [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + $BodyParameter, [Parameter()] [System.String] - $DisplayName, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, - - [Parameter()] - [PSObject] - $DialerRestrictionLevel, - - [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, - - [Parameter()] - [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, - - [Parameter()] - [System.String] - $Version, + $Confirm, [Parameter()] - [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $Break, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, - + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaDirectoryRoleMemberByRef +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] @@ -20895,47 +28128,27 @@ function New-MgBetaDeviceAppManagementAndroidManagedAppProtection [Parameter()] [PSObject] - $Assignments, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, - - [Parameter()] - [PSObject] - $DeploymentSummary, + $BodyParameter, [Parameter()] - [PSObject] - $Apps, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + $PassThru, [Parameter()] [PSObject] - $PinCharacterSet, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, - - [Parameter()] - [System.String] - $MaximumWipeOSVersion, - - [Parameter()] - [System.Int32] - $MinimumPinLength, + $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + [System.String] + $DirectoryRoleId, [Parameter()] [System.String] - $MinimumWarningOSVersion, + $OdataId, [Parameter()] [PSObject] @@ -20943,698 +28156,766 @@ function New-MgBetaDeviceAppManagementAndroidManagedAppProtection [Parameter()] [System.Management.Automation.SwitchParameter] - $EncryptAppData, - - [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, - - [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + $Confirm, [Parameter()] - [PSObject] - $RequiredAndroidSafetyNetEvaluationType, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, - + $Break + ) +} +function New-MgBetaDirectorySetting +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $AppActionIfAccountIsClockedOut, + [System.String[]] + $Values, [Parameter()] - [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + [System.String] + $TemplateId, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MinimumRequiredCompanyPortalVersion, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AppActionIfDeviceLockNotSet, + $BodyParameter, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $Id, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDevice +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $DeviceId, [Parameter()] - [PSObject] - $ExemptedAppPackages, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $TargetedAppManagementLevels + $HttpPipelineAppend ) } -function New-MgBetaDeviceAppManagementiOSManagedAppProtection +function Remove-MgBetaDirectoryAdministrativeUnit { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ExemptedUniversalLinks, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeSdkVersion, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.String] + $IfMatch, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $AdministrativeUnitId, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $InputObject, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $TargetedAppManagementLevels, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDirectoryAdministrativeUnitMemberDirectoryObjectByRef +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Id, [Parameter()] [PSObject] - $ManagedBrowser, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $MaximumWarningOSVersion, + $IfMatch, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.String] + $AdministrativeUnitId, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DirectoryObjectId, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $AdministrativeUnitId, [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $InputObject, [Parameter()] - [System.String] - $MinimumWarningSdkVersion, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Id, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AppGroupType, + [System.String] + $ScopedRoleMembershipId, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDirectoryRole +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + $PassThru, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $IfMatch, [Parameter()] [System.String] - $AllowedIosDeviceModels, + $DirectoryRoleId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, - - [Parameter()] - [System.Int32] - $MaximumPinRetries, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $Confirm, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, + $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDirectoryRoleMemberByRef +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $MinimumWipeAppVersion, + $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AllowedDataStorageLocations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $DisplayName, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.String] + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $DirectoryRoleId, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $Confirm, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $HttpPipelineAppend, [Parameter()] - [System.String] - $MinimumWarningAppVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Version, + $DirectoryObjectId, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaDirectorySetting +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $MinimumWipeOSVersion, + $DirectorySettingId, [Parameter()] [PSObject] - $Apps, + $HttpPipelinePrepend, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, + $InputObject, [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $DeploymentSummary, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $Break, [Parameter()] [PSObject] - $PinCharacterSet, + $HttpPipelineAppend + ) +} +function Restore-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $MinimumPinLength, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] $HttpPipelineAppend, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ExemptedAppProtocols, + [System.String] + $DirectoryObjectId, [Parameter()] - [PSObject] - $Assignments, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Update-MgBetaDevice +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + $InputObject, [Parameter()] - [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + [System.DateTime] + $RegistrationDateTime, [Parameter()] [System.String] - $CustomDialerAppProtocol, + $Status, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [PSObject] + $UsageRights, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $DeviceMetadata, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [System.String] + $TrustType, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Int32] + $DeviceVersion, [Parameter()] [System.String] - $CustomBrowserProtocol, + $OperatingSystem, [Parameter()] [PSObject] - $AllowedInboundDataTransferSources, + $Extensions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [PSObject] + $AlternativeSecurityIds, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $BodyParameter, + $Commands, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $OnPremisesSecurityIdentifier, [Parameter()] [System.String] - $MinimumRequiredSdkVersion, + $OperatingSystemVersion, - [Parameter()] - [System.String[]] - $ManagedUniversalLinks - ) -} -function New-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Description, + $Id, [Parameter()] - [PSObject] - $EnterpriseProxiedDomains, + [System.DateTime] + $OnPremisesLastSyncDateTime, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $Assignments, + [System.String] + $DeviceId, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $IsCompliant, [Parameter()] [System.String] - $DisplayName, + $EnrollmentType, + + [Parameter()] + [System.String] + $ProfileType, [Parameter()] [PSObject] - $HttpPipelineAppend, + $ExtensionAttributes, [Parameter()] [System.Management.Automation.SwitchParameter] - $EnterpriseProxyServersAreAuthoritative, + $OnPremisesSyncEnabled, [Parameter()] [PSObject] - $SmbAutoEncryptedFileExtensions, + $MemberOf, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectionUnderLockConfigRequired, + [System.String[]] + $Hostnames, + + [Parameter()] + [System.String[]] + $PhysicalIds, + + [Parameter()] + [System.DateTime] + $ComplianceExpirationDateTime, [Parameter()] - [PSObject] - $EnforcementLevel, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.String] - $EnterpriseDomain, + $DeviceCategory, [Parameter()] - [PSObject] - $EnterpriseInternalProxyServers, + [System.String] + $DomainName, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [PSObject] - $EnterpriseNetworkDomainNames, + [System.Management.Automation.SwitchParameter] + $IsManagementRestricted, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $TransitiveMemberOf, [Parameter()] [System.String] - $Version, - - [Parameter()] - [PSObject] - $EnterpriseProxyServers, + $Model, [Parameter()] [System.String[]] - $RoleScopeTagIds, - - [Parameter()] - [System.String] - $RightsManagementServicesTemplateId, + $SystemLabels, [Parameter()] [PSObject] - $ExemptAppLockerFiles, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $DataRecoveryCertificate, + $RegisteredOwners, [Parameter()] [PSObject] - $ExemptApps, + $RegisteredUsers, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $EnterpriseProtectedDomainNames, + $DeviceId1, [Parameter()] - [PSObject] - $NeutralDomainResources, + [System.String] + $Manufacturer, [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + [System.String] + $DeviceOwnership, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AzureRightsManagementServicesAllowed, + [System.DateTime] + $ApproximateLastSignInDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] - $EnterpriseIPRangesAreAuthoritative, + $IsManaged, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IconsVisible, + [System.String] + $Platform, [Parameter()] - [PSObject] - $ProtectedAppLockerFiles, + [System.String] + $EnrollmentProfileName, [Parameter()] - [PSObject] - $ProtectedApps, + [System.String] + $MdmAppId, [Parameter()] [System.Management.Automation.SwitchParameter] - $RevokeOnUnenrollDisabled, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $IsRooted, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $AccountEnabled, [Parameter()] - [PSObject] - $EnterpriseIPRanges, + [System.String] + $ManagementType, [Parameter()] [System.Management.Automation.SwitchParameter] - $IndexingEncryptedStoresOrItemsBlocked + $Break, + + [Parameter()] + [System.String] + $Kind ) } -function New-MgBetaDeviceAppManagementTargetedManagedAppConfiguration +function Update-MgBetaDirectory { [CmdletBinding()] param( - [Parameter()] - [System.Int32] - $DeployedAppCount, - [Parameter()] [PSObject] - $TargetedAppManagementLevels, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + $InboundSharedUserProfiles, [Parameter()] [PSObject] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, + $SharedEmailDomains, [Parameter()] - [System.String] - $DisplayName, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Settings, + $OutboundSharedUserProfiles, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $FederationConfigurations, [Parameter()] - [System.String] - $Description, + [PSObject] + $OnPremisesSynchronization, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [PSObject] + $AdministrativeUnits, [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $Version, - [Parameter()] [PSObject] - $DeploymentSummary, + $Recommendations, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $AttributeSets, [Parameter()] [PSObject] - $AppGroupType, + $Subscriptions, [Parameter()] [System.Uri] @@ -21642,393 +28923,294 @@ function New-MgBetaDeviceAppManagementTargetedManagedAppConfiguration [Parameter()] [PSObject] - $CustomSettings, + $BodyParameter, [Parameter()] [PSObject] - $BodyParameter, + $DeletedItems, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $Apps, + $ImpactedResources, + + [Parameter()] + [PSObject] + $CertificateAuthorities, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $CustomSecurityAttributeDefinitions, + + [Parameter()] + [PSObject] + $FeatureRolloutPolicies, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceAppManagementAndroidManagedAppProtection +function Update-MgBetaDirectoryAdministrativeUnit { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $Description, [Parameter()] [System.String] - $IfMatch, + $AdministrativeUnitId, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $DisplayName, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsMemberManagementRestricted, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaDeviceAppManagementiOSManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $ScopedRoleMembers, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $Members, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, - [Parameter()] [PSObject] - $InputObject, + $BodyParameter, [Parameter()] [System.String] - $IosManagedAppProtectionId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Extensions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - [Parameter()] [System.String] - $IfMatch, + $Visibility, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String] - $MdmWindowsInformationProtectionPolicyId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceAppManagementTargetedManagedAppConfiguration +function Update-MgBetaDirectorySetting { [CmdletBinding()] param( [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Values, [Parameter()] [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, + $DirectorySettingId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Set-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.String] + $TemplateId, + [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - [Parameter()] [PSObject] - $Assignments, + $BodyParameter, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaDeviceAppManagement +function Update-MgBetaOrganization { [CmdletBinding()] param( [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, + [System.String] + $PostalCode, [Parameter()] [PSObject] - $TargetedManagedAppConfigurations, + $VerifiedDomains, [Parameter()] - [PSObject] - $PolicySets, + [System.String] + $DefaultUsageLocation, [Parameter()] [PSObject] - $ManagedEBooks, + $CertificateConnectorSetting, [Parameter()] - [PSObject] - $MobileApps, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $EnterpriseCodeSigningCertificates, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $ManagedAppPolicies, + $HttpPipelineAppend, [Parameter()] [PSObject] - $DeviceAppManagementTasks, + $Settings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Street, [Parameter()] [PSObject] - $ManagedAppStatuses, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $PartnerInformation, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $WindowsManagementApp, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $ManagedAppRegistrations, + [System.String] + $Id, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $WindowsManagedAppProtections, - - [Parameter()] - [PSObject] - $DefaultManagedAppProtections, + [System.String] + $PreferredLanguage, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabledForMicrosoftStoreForBusiness, + [System.String] + $State, [Parameter()] - [PSObject] - $WindowsInformationProtectionWipeActions, + [System.String] + $City, [Parameter()] - [System.String] - $MicrosoftStoreForBusinessLanguage, + [System.String[]] + $MarketingNotificationEmails, [Parameter()] [PSObject] - $ManagedEBookCategories, + $InputObject, [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, + [PSObject] + $AssignedPlans, [Parameter()] [PSObject] - $SymantecCodeSigningCertificate, + $MobileDeviceManagementAuthority, [Parameter()] - [PSObject] - $IosManagedAppProtections, + [System.Management.Automation.SwitchParameter] + $IsMultipleDataLocationsForServicesEnabled, [Parameter()] - [PSObject] - $IosLobAppProvisioningConfigurations, + [System.String] + $Country, [Parameter()] [System.Uri] @@ -22039,385 +29221,403 @@ function Update-MgBetaDeviceAppManagement $BodyParameter, [Parameter()] - [System.String] - $Id, - - [Parameter()] - [PSObject] - $MobileAppCategories, + [System.String[]] + $SecurityComplianceNotificationMails, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $WindowsInformationProtectionDeviceRegistrations, + $CertificateBasedAuthConfiguration, [Parameter()] - [PSObject] - $VppTokens, + [System.String[]] + $TechnicalNotificationMails, [Parameter()] [PSObject] - $WindowsInformationProtectionPolicies, + $PrivacyProfile, [Parameter()] [PSObject] - $MicrosoftStoreForBusinessPortalSelection, + $Extensions, [Parameter()] - [PSObject] - $AndroidManagedAppProtections, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.DateTime] + $OnPremisesLastSyncDateTime, [Parameter()] - [PSObject] - $MdmWindowsInformationProtectionPolicies, + [System.DateTime] + $DeletedDateTime, [Parameter()] [PSObject] - $MobileAppConfigurations, + $ProvisionedPlans, [Parameter()] [PSObject] - $HttpPipelineAppend, + $DirectorySizeQuota, [Parameter()] - [PSObject] - $WdacSupplementalPolicies - ) -} -function Update-MgBetaDeviceAppManagementAndroidManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.DateTime] + $OnPremisesLastPasswordSyncDateTime, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, + $Branding, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $CountryLetterCode, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.String[]] + $BusinessPhones, [Parameter()] [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $OnPremisesSyncEnabled, + + [Parameter()] + [System.String] + $OrganizationId, + + [Parameter()] + [System.String[]] + $SecurityComplianceNotificationPhones, [Parameter()] [System.String] - $CustomBrowserDisplayName, + $PartnerTenantType + ) +} +function Update-MgBetaOrganizationSetting +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $PeopleInsights, [Parameter()] - [System.String] - $MinimumRequiredPatchVersion, + [PSObject] + $ItemInsights, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + $MicrosoftApplicationDataAccess, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $ContactInsights, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $AllowedAndroidDeviceModels, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $ManagedBrowser, + $BodyParameter, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.String] + $Id, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $MaximumWarningOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Break, [Parameter()] [System.String] - $MinimumWarningCompanyPortalVersion, + $OrganizationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, - - [Parameter()] - [System.String] - $MinimumWarningPatchVersion, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, - + $HttpPipelineAppend + ) +} +function Update-MgBetaOrganizationSettingItemInsight +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + $Confirm, [Parameter()] [System.String] - $CustomDialerAppDisplayName, + $Id, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Int32] - $DeployedAppCount, + $InputObject, [Parameter()] [PSObject] - $NotificationRestriction, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CustomBrowserPackageId, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, + $OrganizationId, [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, - - [Parameter()] - [PSObject] - $AppGroupType, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.Management.Automation.SwitchParameter] + $IsEnabledInOrganization, [Parameter()] [System.String] - $MinimumRequiredOSVersion, + $DisabledForGroup, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - + $Break + ) +} +function Update-MgBetaOrganizationSettingPersonInsight +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $MaximumRequiredOSVersion, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $MinimumWipePatchVersion, + $Id, [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $InputObject, [Parameter()] - [System.String] - $Description, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + $BodyParameter, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Version, + $OrganizationId, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [System.Management.Automation.SwitchParameter] + $IsEnabledInOrganization, [Parameter()] [System.String] - $AllowedAndroidDeviceManufacturers, + $DisabledForGroup, [Parameter()] - [PSObject] - $InputObject, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, - + $Break + ) +} +function Get-MgBetaDirectoryDeletedApplication +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [System.String[]] + $Property, [Parameter()] - [PSObject] - $AllowedDataStorageLocations, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + $PageSize, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.Int32] + $Skip, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $InputObject, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $MinimumWarningAppVersion, + $CountVariable, [Parameter()] - [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $MinimumWipeOSVersion, + $Filter, [Parameter()] - [PSObject] - $ApprovedKeyboards, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + [System.String] + $Search, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.String] + $DirectoryObjectId, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $Assignments, - + $HttpPipelineAppend + ) +} +#endregion +#region Microsoft.Graph.Beta.Identity.Governance +function Get-MgBetaAgreement +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.String[]] + $Property, [Parameter()] [PSObject] - $DeploymentSummary, + $InputObject, [Parameter()] [PSObject] - $Apps, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $PinCharacterSet, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Int32] + $PageSize, [Parameter()] [System.String] - $MaximumWipeOSVersion, + $AgreementId, [Parameter()] - [System.Int32] - $MinimumPinLength, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $All, [Parameter()] [System.String] - $MinimumWarningOSVersion, + $Search, [Parameter()] [PSObject] @@ -22425,569 +29625,607 @@ function Update-MgBetaDeviceAppManagementAndroidManagedAppProtection [Parameter()] [System.Management.Automation.SwitchParameter] - $EncryptAppData, - - [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, - + $Break + ) +} +function Get-MgBetaEntitlementManagementAccessPackage +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + [System.String] + $CatalogId, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetEvaluationType, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, - - [Parameter()] - [PSObject] - $AppActionIfAccountIsClockedOut, + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + $PageSize, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] [System.String] - $MinimumRequiredCompanyPortalVersion, - - [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, - - [Parameter()] - [PSObject] - $AppActionIfDeviceLockNotSet, + $CountVariable, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $DisplayNameContains, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String] + $AccessPackageId, [Parameter()] - [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + [System.String[]] + $Sort, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Filter, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrintBlocked, + [System.String] + $Search, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + [System.String] + $DisplayNameEq, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $ExemptedAppPackages, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $TargetedAppManagementLevels + $HttpPipelineAppend ) } -function Update-MgBetaDeviceAppManagementiOSManagedAppProtection +function Get-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExemptedUniversalLinks, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, + $HttpPipelinePrepend, [Parameter()] [System.String] - $MinimumWipeSdkVersion, + $AccessPackageAssignmentId, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.Int32] + $Skip, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $MobileThreatDefensePartnerPriority, + [System.String] + $CountVariable, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.String] + $AccessPackageId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $ManagedBrowser, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Description, + $Filter, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.String] + $Search, [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Int32] - $MinimumPinLength, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AllowedDataIngestionLocations, + [System.Int32] + $PageSize, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Int32] - $DeployedAppCount, + $Skip, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.String] + $AccessPackageAssignmentPolicyId, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $CountVariable, [Parameter()] [System.String] - $MinimumWarningSdkVersion, + $DisplayNameContains, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AppGroupType, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.String] + $Filter, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MinimumRequiredOSVersion, + $Search, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.String] + $DisplayNameEq, [Parameter()] [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + $Break, [Parameter()] - [System.String] - $MaximumRequiredOSVersion, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $AllowedIosDeviceModels, - + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageCatalog +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $ProxyUseDefaultCredentials, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AllowedOutboundDataTransferDestinations, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, + [System.Int32] + $Top, [Parameter()] [System.String] - $MinimumWipeAppVersion, + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [System.String] + $DisplayNameContains, [Parameter()] - [PSObject] - $AllowedDataStorageLocations, + [System.Uri] + $Proxy, [Parameter()] [System.String] - $DisplayName, + $AccessPackageCatalogId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.String] + $Filter, [Parameter()] - [PSObject] - $DialerRestrictionLevel, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MinimumWarningAppVersion, + $Search, [Parameter()] [System.String] - $Version, + $DisplayNameEq, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $Apps, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $MinimumRequiredSdkVersion, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $MobileThreatDefenseRemediationAction, + [System.Int32] + $Skip, [Parameter()] [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + $Top, [Parameter()] - [PSObject] - $DeploymentSummary, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + [System.Uri] + $Proxy, [Parameter()] [System.String] - $MaximumWipeOSVersion, + $AccessPackageCatalogId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.String[]] + $Sort, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $MinimumWarningOSVersion, + $Filter, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $ExemptedAppProtocols, + [System.String] + $Search, [Parameter()] - [PSObject] - $Assignments, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResourceRole +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $CustomDialerAppProtocol, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $MaximumWarningOSVersion, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [System.String] + $CountVariable, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Uri] + $Proxy, [Parameter()] [System.String] - $CustomBrowserProtocol, + $AccessPackageCatalogId, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Filter, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $PinCharacterSet, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String[]] - $ManagedUniversalLinks + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackage { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.String[]] + $Property, [Parameter()] - [PSObject] - $EnterpriseProxiedDomains, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Assignments, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Skip, [Parameter()] - [System.String] - $DisplayName, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $SmbAutoEncryptedFileExtensions, + [System.String] + $AccessPackageId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnterpriseProxyServersAreAuthoritative, + [System.String[]] + $Sort, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProtectionUnderLockConfigRequired, - - [Parameter()] - [PSObject] - $EnforcementLevel, + $All, [Parameter()] [System.String] - $EnterpriseDomain, + $Filter, [Parameter()] - [PSObject] - $EnterpriseInternalProxyServers, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $EnterpriseNetworkDomainNames, + [System.String] + $Search, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $Version, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $EnterpriseProxyServers, - + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleGroup +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] - $RoleScopeTagIds, + $Property, [Parameter()] - [System.String] - $RightsManagementServicesTemplateId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $ExemptAppLockerFiles, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $DataRecoveryCertificate, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $MdmWindowsInformationProtectionPolicyId, + $CountVariable, + + [Parameter()] + [System.String] + $AccessPackageId, + + [Parameter()] + [System.String[]] + $Sort, [Parameter()] [System.Uri] @@ -22995,193 +30233,200 @@ function Update-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $All, [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $EnterpriseProtectedDomainNames, + $Filter, [Parameter()] - [PSObject] - $NeutralDomainResources, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $ExemptApps, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $AzureRightsManagementServicesAllowed, + $Break, [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnterpriseIPRangesAreAuthoritative, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IconsVisible, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ProtectedAppLockerFiles, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $ProtectedApps, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RevokeOnUnenrollDisabled, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $AccessPackageId, [Parameter()] - [PSObject] - $EnterpriseIPRanges, + [System.String[]] + $Sort, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IndexingEncryptedStoresOrItemsBlocked - ) -} -function Update-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $DeploymentSummary, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $Filter, [Parameter()] - [PSObject] - $Assignments, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $Search, [Parameter()] [System.String] - $DisplayName, + $AccessPackageId1, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $Settings, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $InputObject, - + $HttpPipelineAppend + ) +} +function Get-MgBetaEntitlementManagementConnectedOrganization +{ + [CmdletBinding()] + param( [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Property, [Parameter()] - [System.String] - $Description, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $Version, + [System.Int32] + $Skip, [Parameter()] [System.Int32] - $DeployedAppCount, + $Top, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $AppGroupType, + [System.String] + $DisplayNameContains, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $CustomSettings, - - [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, + $ConnectedOrganizationId, [Parameter()] - [PSObject] - $Apps, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $DisplayNameEq, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Beta.DeviceManagement.Administration -function Get-MgBetaDeviceManagementRoleScopeTag +function Get-MgBetaEntitlementManagementConnectedOrganizationExternalSponsor { [CmdletBinding()] param( @@ -23189,10 +30434,6 @@ function Get-MgBetaDeviceManagementRoleScopeTag [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -23205,10 +30446,6 @@ function Get-MgBetaDeviceManagementRoleScopeTag [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $RoleScopeTagId, - [Parameter()] [System.Int32] $Skip, @@ -23229,6 +30466,10 @@ function Get-MgBetaDeviceManagementRoleScopeTag [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConnectedOrganizationId, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -23258,9 +30499,7 @@ function Get-MgBetaDeviceManagementRoleScopeTag $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Beta.DeviceManagement.Enrollment -function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration +function Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor { [CmdletBinding()] param( @@ -23268,10 +30507,6 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -23296,10 +30531,6 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration [System.String] $CountVariable, - [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, - [Parameter()] [System.Uri] $Proxy, @@ -23308,6 +30539,10 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConnectedOrganizationId, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -23337,10 +30572,51 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementDeviceEnrollmentConfigurationAssignment +function Get-MgBetaRoleManagementDirectory +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $UnifiedRoleAssignmentId, + [Parameter()] [System.String[]] $Property, @@ -23373,10 +30649,6 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfigurationAssignment [System.String] $CountVariable, - [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, - [Parameter()] [System.Uri] $Proxy, @@ -23401,10 +30673,6 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfigurationAssignment [System.String] $Search, - [Parameter()] - [System.String] - $EnrollmentConfigurationAssignmentId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -23418,7 +30686,7 @@ function Get-MgBetaDeviceManagementDeviceEnrollmentConfigurationAssignment $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +function Get-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( @@ -23438,6 +30706,10 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [System.Int32] $PageSize, + [Parameter()] + [System.String] + $UnifiedRoleDefinitionId, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -23478,10 +30750,6 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [System.String] $Search, - [Parameter()] - [System.String] - $WindowsAutopilotDeploymentProfileId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -23495,14 +30763,10 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment +function Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule { [CmdletBinding()] param( - [Parameter()] - [System.String] - $WindowsAutopilotDeploymentProfileAssignmentId, - [Parameter()] [System.String[]] $Property, @@ -23539,6 +30803,10 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment [System.Uri] $Proxy, + [Parameter()] + [System.String] + $UnifiedRoleEligibilityScheduleId, + [Parameter()] [System.String[]] $Sort, @@ -23559,10 +30827,6 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment [System.String] $Search, - [Parameter()] - [System.String] - $WindowsAutopilotDeploymentProfileId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -23576,21 +30840,17 @@ function Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile +function Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest { [CmdletBinding()] param( - [Parameter()] - [System.String] - $WindowsFeatureUpdateProfileId, - [Parameter()] [System.String[]] $Property, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $UnifiedRoleEligibilityScheduleRequestId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -23608,6 +30868,10 @@ function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile [System.Int32] $Skip, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $Top, @@ -23653,114 +30917,101 @@ function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile $HttpPipelineAppend ) } -function Get-MgBetaDeviceManagementWindowsFeatureUpdateProfileAssignment +function New-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( [Parameter()] [System.String] - $WindowsFeatureUpdateProfileId, - - [Parameter()] - [System.String[]] - $Property, + $Description, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $AccessPackagesIncompatibleWith, [Parameter()] - [System.Int32] - $PageSize, + [System.DateTime] + $CreatedDateTime, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $IncompatibleGroups, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $DisplayName, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AccessPackageCatalog, [Parameter()] [System.String] - $CountVariable, + $CatalogId, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $ModifiedDateTime, [Parameter()] - [System.String[]] - $Sort, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $WindowsFeatureUpdateProfileAssignmentId, + [PSObject] + $AccessPackageAssignmentPolicies, [Parameter()] [System.String] - $Search, + $CreatedBy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsRoleScopesVisible, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaRoleManagement -{ - [CmdletBinding()] - param( + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + [Parameter()] [PSObject] - $HttpPipelinePrepend, + $IncompatibleAccessPackages, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AccessPackageResourceRoleScopes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $ModifiedBy, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] @@ -23768,117 +31019,105 @@ function Get-MgBetaRoleManagement [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $IsHidden ) } -function New-MgBetaDeviceManagementDeviceEnrollmentConfiguration +function New-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $Justification, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String[]] + $RequiredUserId, [Parameter()] [PSObject] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, + $Answers, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $ExistingAssignment, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $Priority, + [System.Management.Automation.PSObject[]] + $RequiredGroupMember, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Version, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $AccessPackageId, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $DeviceEnrollmentConfigurationType, + [System.String] + $StartDate, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String] + $AssignmentPolicyId, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ExtractHardwareHash, - [Parameter()] [System.String] $Description, [Parameter()] [System.DateTime] - $LastModifiedDateTime, + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [PSObject] - $Assignments, + $CustomExtensionStageSettings, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $AccessPackageCatalog, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $Questions, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [System.Collections.Hashtable] @@ -23890,43 +31129,51 @@ function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [Parameter()] [System.String] - $ManagementServiceAppId, + $AccessPackageId, [Parameter()] [PSObject] - $EnrollmentStatusScreenSettings, + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $AccessReviewSettings, [Parameter()] [System.String] - $DeviceNameTemplate, + $CreatedBy, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $RequestorSettings, [Parameter()] [System.Management.Automation.SwitchParameter] - $EnableWhiteGlove, + $CanExtend, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $VerifiableCredentialSettings, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $CustomExtensionHandlers, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $DurationInDays, [Parameter()] [System.String] $Id, [Parameter()] - [PSObject] - $DeviceType, + [System.Uri] + $Proxy, + + [Parameter()] + [System.DateTime] + $ExpirationDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -23934,11 +31181,15 @@ function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [Parameter()] [PSObject] - $AssignedDevices, + $RequestApprovalSettings, [Parameter()] [PSObject] - $OutOfBoxExperienceSettings, + $AccessPackage, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.PSCredential] @@ -23946,7 +31197,7 @@ function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [Parameter()] [System.String] - $Language, + $ModifiedBy, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -23957,57 +31208,53 @@ function New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile $HttpPipelineAppend ) } -function New-MgBetaDeviceManagementWindowsFeatureUpdateProfile +function New-MgBetaEntitlementManagementAccessPackageCatalog { [CmdletBinding()] param( [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.SwitchParameter] + $IsExternallyVisible, [Parameter()] - [System.String] - $Description, + [PSObject] + $AccessPackageCustomWorkflowExtensions, [Parameter()] [System.DateTime] - $LastModifiedDateTime, + $CreatedDateTime, [Parameter()] - [PSObject] - $Assignments, + [System.String] + $DisplayName, [Parameter()] [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [PSObject] - $RolloutSettings, + $ModifiedDateTime, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Description, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AccessPackages, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $DeployableContentDisplayName, + $CreatedBy, [Parameter()] - [System.DateTime] - $EndOfSupportDate, + [PSObject] + $AccessPackageResourceScopes, [Parameter()] [System.Uri] @@ -24025,87 +31272,62 @@ function New-MgBetaDeviceManagementWindowsFeatureUpdateProfile [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.String] - $FeatureUpdateVersion, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $AccessPackageResources, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $ModifiedBy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $CustomAccessPackageWorkflowExtensions, [Parameter()] [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, + $CatalogStatus, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $AccessPackageResourceRoles, [Parameter()] [System.String] - $DeviceEnrollmentConfigurationId, + $CatalogType, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +function New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef { [CmdletBinding()] param( [Parameter()] - [System.String] - $WindowsAutopilotDeploymentProfileId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] [System.Uri] @@ -24115,17 +31337,21 @@ function Remove-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [System.Management.Automation.SwitchParameter] $PassThru, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.String] - $IfMatch, + $OdataId, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AccessPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -24133,24 +31359,32 @@ function Remove-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgBetaDeviceManagementWindowsFeatureUpdateProfile +function New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] [System.Uri] @@ -24160,62 +31394,62 @@ function Remove-MgBetaDeviceManagementWindowsFeatureUpdateProfile [System.Management.Automation.SwitchParameter] $PassThru, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.String] - $IfMatch, + $OdataId, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AccessPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $WindowsFeatureUpdateProfileId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration +function New-MgBetaEntitlementManagementAccessPackageResourceRequest { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + $Justification, [Parameter()] [PSObject] - $Assignments, + $AccessPackageResource, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $ExecuteImmediately, [Parameter()] [System.String] - $DisplayName, + $CatalogId, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $RequestType, [Parameter()] [System.Collections.Hashtable] @@ -24225,25 +31459,17 @@ function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Int32] - $Priority, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Version, - - [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $Requestor, [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, + [System.Management.Automation.SwitchParameter] + $IsValidationOnly, [Parameter()] [System.Uri] @@ -24257,6 +31483,10 @@ function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration [System.String] $Id, + [Parameter()] + [System.DateTime] + $ExpirationDateTime, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -24266,8 +31496,12 @@ function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration $ProxyCredential, [Parameter()] - [PSObject] - $DeviceEnrollmentConfigurationType, + [System.String] + $RequestState, + + [Parameter()] + [System.String] + $RequestStatus, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -24278,33 +31512,17 @@ function Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile +function New-MgBetaEntitlementManagementAccessPackageResourceRoleScope { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ExtractHardwareHash, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [PSObject] - $Assignments, - [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $DisplayName, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] @@ -24318,33 +31536,21 @@ function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String] - $ManagementServiceAppId, - [Parameter()] [PSObject] - $EnrollmentStatusScreenSettings, + $HttpPipelinePrepend, [Parameter()] [System.String] - $DeviceNameTemplate, + $CreatedBy, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnableWhiteGlove, - - [Parameter()] - [System.String[]] - $RoleScopeTagIds, + $AccessPackageResourceScope, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AccessPackageId, [Parameter()] [PSObject] @@ -24355,20 +31561,16 @@ function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile $Id, [Parameter()] - [PSObject] - $DeviceType, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AssignedDevices, + $AccessPackageResourceRole, [Parameter()] - [PSObject] - $OutOfBoxExperienceSettings, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.PSCredential] @@ -24376,11 +31578,7 @@ function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile [Parameter()] [System.String] - $Language, - - [Parameter()] - [System.String] - $WindowsAutopilotDeploymentProfileId, + $ModifiedBy, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -24391,13 +31589,13 @@ function Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile $HttpPipelineAppend ) } -function Update-MgBetaDeviceManagementWindowsFeatureUpdateProfile +function New-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $ExternalSponsors, [Parameter()] [System.String] @@ -24405,27 +31603,15 @@ function Update-MgBetaDeviceManagementWindowsFeatureUpdateProfile [Parameter()] [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [PSObject] - $Assignments, - - [Parameter()] - [System.String[]] - $RoleScopeTagIds, + $CreatedDateTime, [Parameter()] [System.String] - $WindowsFeatureUpdateProfileId, - - [Parameter()] - [PSObject] - $RolloutSettings, + $DisplayName, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [System.Collections.Hashtable] @@ -24439,13 +31625,17 @@ function Update-MgBetaDeviceManagementWindowsFeatureUpdateProfile [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $IdentitySources, + [Parameter()] [System.String] - $DeployableContentDisplayName, + $State, [Parameter()] - [System.DateTime] - $EndOfSupportDate, + [System.String] + $CreatedBy, [Parameter()] [System.Uri] @@ -24464,104 +31654,122 @@ function Update-MgBetaDeviceManagementWindowsFeatureUpdateProfile $Confirm, [Parameter()] - [System.String] - $FeatureUpdateVersion, + [PSObject] + $InternalSponsors, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $ModifiedBy, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $DomainName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaRoleManagement +function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef { [CmdletBinding()] param( [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $CloudPc, + $BodyParameter, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $EnterpriseApps, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $EntitlementManagement, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $OdataId, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $ConnectedOrganizationId, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $Exchange, + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] [PSObject] - $Directory, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $DeviceManagement - ) -} -#endregion -#region Microsoft.Graph.Beta.Identity.DirectoryManagement -function Get-MgBetaDevice -{ - [CmdletBinding()] - param( + $InputObject, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $OdataId, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -24569,686 +31777,747 @@ function Get-MgBetaDevice [Parameter()] [System.String] - $DeviceId, + $ConnectedOrganizationId, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $Skip, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgBetaRoleManagementDirectoryRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $Top, + [PSObject] + $Principal, [Parameter()] [System.String] - $CountVariable, + $ResourceScope, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $ConsistencyLevel, + [PSObject] + $DirectoryScope, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $Filter, + $PrincipalId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $Search, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $Condition, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDirectory -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $RoleDefinitionId, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $AppScope, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $DirectoryScopeId, [Parameter()] - [System.String[]] - $Property, + [System.String] + $PrincipalOrganizationId, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgBetaDirectoryAdministrativeUnit +function New-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] [System.String] - $AdministrativeUnitId, + $Description, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] - [PSObject] - $InputObject, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $TemplateId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $IsPrivileged, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Top, + [System.String] + $Version, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $InheritsPermissionsFrom, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] [System.String] - $Filter, + $AllowedPrincipalTypes, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RolePermissions, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDirectoryAdministrativeUnitMember +function New-MgBetaRoleManagementDirectoryRoleEligibilitySchedule { [CmdletBinding()] param( [Parameter()] [System.String] - $AdministrativeUnitId, + $MemberType, [Parameter()] - [System.String[]] - $Property, + [PSObject] + $Principal, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $CreatedUsing, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $ScheduleInfo, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $DirectoryScope, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $CountVariable, + $PrincipalId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $ConsistencyLevel, + $Status, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] [System.String] - $Filter, + $RoleDefinitionId, + + [Parameter()] + [PSObject] + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [PSObject] + $AppScope, + [Parameter()] [System.String] - $Search, + $DirectoryScopeId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $AppScopeId, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember +function New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest { [CmdletBinding()] param( [Parameter()] [System.String] - $AdministrativeUnitId, + $Justification, [Parameter()] - [System.String[]] - $Property, + [PSObject] + $Principal, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $ScopedRoleMembershipId, + $Action, [Parameter()] - [System.Int32] - $PageSize, + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $ScheduleInfo, + + [Parameter()] + [PSObject] + $DirectoryScope, + + [Parameter()] + [PSObject] + $TargetSchedule, + + [Parameter()] + [System.String] + $ApprovalId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $CustomData, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $CreatedBy, [Parameter()] [System.String] - $CountVariable, + $PrincipalId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsValidationOnly, + + [Parameter()] + [System.DateTime] + $CompletedDateTime, + + [Parameter()] + [PSObject] + $TicketInfo, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Status, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] [System.String] - $Filter, + $TargetScheduleId, + + [Parameter()] + [System.String] + $RoleDefinitionId, + + [Parameter()] + [PSObject] + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [PSObject] + $AppScope, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $DirectoryScopeId, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDirectoryRole +function Remove-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [System.String[]] - $Sort, - [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $PassThru, [Parameter()] [System.String] - $Filter, + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $DirectoryRoleId, + $AccessPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaDirectoryRoleTemplate +function Remove-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $AccessPackageAssignmentId, [Parameter()] - [System.Int32] - $PageSize, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $CountVariable, + $IfMatch, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $DirectoryRoleTemplateId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - + $Break + ) +} +function Remove-MgBetaEntitlementManagementAccessPackageAssignmentPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $Filter, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PassThru, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaDirectorySetting -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $DirectorySettingId, + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $AccessPackageAssignmentPolicyId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaEntitlementManagementAccessPackageCatalog +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $Skip, + [System.String] + $AccessPackageCatalogId, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaOrganization +function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + $InputObject, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $AccessPackageId1, [Parameter()] [System.String] - $Filter, + $AccessPackageId, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String] - $OrganizationId, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function Get-MgBetaOrganizationSetting +function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Id, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $OrganizationId, + $IfMatch, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [PSObject] $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $AccessPackageId, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Property, + [System.String] + $GroupId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaOrganizationSettingItemInsight +function Remove-MgBetaEntitlementManagementAccessPackageResourceRoleScope { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -25258,39 +32527,43 @@ function Get-MgBetaOrganizationSettingItemInsight $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $OrganizationId, + $IfMatch, [Parameter()] [PSObject] $InputObject, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $AccessPackageResourceRoleScopeId, [Parameter()] - [System.String[]] - $Property, + [System.String] + $AccessPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgBetaOrganizationSettingPersonInsight +function Remove-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( @@ -25298,22 +32571,30 @@ function Get-MgBetaOrganizationSettingPersonInsight [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $OrganizationId, + $IfMatch, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [PSObject] $HttpPipelineAppend, @@ -25323,502 +32604,435 @@ function Get-MgBetaOrganizationSettingPersonInsight $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [System.String[]] - $Property, + [System.String] + $ConnectedOrganizationId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaSubscribedSku +function Remove-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorDirectoryObjectByRef { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelineAppend, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $SubscribedSkuId, + $DirectoryObjectId, [Parameter()] [System.String] - $CountVariable, + $ConnectedOrganizationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.String] - $Search + $Break ) } -function New-MgBetaDevice +function Remove-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorDirectoryObjectByRef { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.DateTime] - $RegistrationDateTime, - [Parameter()] [System.String] - $Status, + $Id, [Parameter()] [PSObject] - $UsageRights, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DeviceMetadata, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $TrustType, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $DeviceVersion, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $Extensions, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $AlternativeSecurityIds, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $Commands, + $HttpPipelineAppend, [Parameter()] - [System.String] - $OnPremisesSecurityIdentifier, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $OperatingSystemVersion, + $DirectoryObjectId, [Parameter()] [System.String] - $Id, + $ConnectedOrganizationId, [Parameter()] - [System.DateTime] - $OnPremisesLastSyncDateTime, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaRoleManagementDirectory +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $DeviceId, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsCompliant, + $PassThru, [Parameter()] [System.String] - $EnrollmentType, + $IfMatch, [Parameter()] - [System.String] - $ProfileType, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $ExtensionAttributes, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $OnPremisesSyncEnabled, + $Break, [Parameter()] [PSObject] - $MemberOf, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaRoleManagementDirectoryRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.String[]] - $Hostnames, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $PhysicalIds, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.DateTime] - $ComplianceExpirationDateTime, + [System.Uri] + $Proxy, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $DeviceCategory, + $UnifiedRoleAssignmentId, [Parameter()] [System.String] - $DomainName, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsManagementRestricted, + $IfMatch, [Parameter()] [PSObject] - $TransitiveMemberOf, + $InputObject, [Parameter()] - [System.String] - $Model, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String[]] - $SystemLabels, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $RegisteredOwners, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaRoleManagementDirectoryRoleDefinition +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $RegisteredUsers, + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.String] - $OperatingSystem, - - [Parameter()] - [System.String] - $Manufacturer, - - [Parameter()] - [System.String] - $DeviceOwnership, - - [Parameter()] - [System.DateTime] - $ApproximateLastSignInDateTime, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsManaged, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String] - $Platform, - - [Parameter()] - [System.String] - $EnrollmentProfileName, + $PassThru, [Parameter()] [System.String] - $MdmAppId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IfMatch, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsRooted, + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $AccountEnabled, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $ManagementType, + $UnifiedRoleDefinitionId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String] - $Kind + [PSObject] + $HttpPipelineAppend ) } -function New-MgBetaDirectoryAdministrativeUnit +function Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [PSObject] + $CustomExtensionHandlers, [Parameter()] [System.String] - $DisplayName, + $Description, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMemberManagementRestricted, + $CustomExtensionStageSettings, [Parameter()] [PSObject] - $ScopedRoleMembers, + $AccessPackageCatalog, [Parameter()] [PSObject] - $Members, + $Questions, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] - [System.String] - $Id, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Extensions, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AccessReviewSettings, [Parameter()] [System.String] - $Visibility, + $CreatedBy, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String] + $AccessPackageAssignmentPolicyId, + + [Parameter()] + [PSObject] + $RequestorSettings, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $CanExtend, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaDirectoryAdministrativeUnitMember -{ - [CmdletBinding()] - param( - [Parameter()] - [System.DateTime] - $DeletedDateTime, + $VerifiableCredentialSettings, [Parameter()] [System.String] - $Id, + $AccessPackageId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $DurationInDays, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $Id, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $ExpirationDateTime, [Parameter()] - [System.String] - $AdministrativeUnitId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $InputObject, + $RequestApprovalSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $AccessPackage, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $ModifiedBy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function New-MgBetaDirectoryAdministrativeUnitMemberByRef +function Update-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + $AccessPackagesIncompatibleWith, [Parameter()] - [System.String] - $AdministrativeUnitId, + [System.DateTime] + $CreatedDateTime, [Parameter()] [PSObject] - $InputObject, + $IncompatibleGroups, [Parameter()] [System.String] - $OdataId, + $DisplayName, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $AccessPackageCatalog, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $CatalogId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.DateTime] + $ModifiedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function New-MgBetaDirectoryAdministrativeUnitScopedRoleMember -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $AdministrativeUnitId, + [PSObject] + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -25833,20 +33047,20 @@ function New-MgBetaDirectoryAdministrativeUnitScopedRoleMember $HttpPipelinePrepend, [Parameter()] - [System.String] - $AdministrativeUnitId1, + [PSObject] + $AccessPackageAssignmentPolicies, [Parameter()] [System.String] - $RoleId, + $CreatedBy, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $IsRoleScopesVisible, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AccessPackageId, [Parameter()] [PSObject] @@ -25856,62 +33070,98 @@ function New-MgBetaDirectoryAdministrativeUnitScopedRoleMember [System.String] $Id, + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [PSObject] - $RoleMemberInfo, + $IncompatibleAccessPackages, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $AccessPackageResourceRoleScopes, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ModifiedBy, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsHidden ) } -function New-MgBetaDirectoryRole +function Update-MgBetaEntitlementManagementAccessPackageCatalog { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $IsExternallyVisible, [Parameter()] - [System.String] - $RoleTemplateId, + [PSObject] + $AccessPackageCustomWorkflowExtensions, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] $DisplayName, + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Description, + + [Parameter()] + [PSObject] + $AccessPackages, [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.String] + $CreatedBy, + [Parameter()] [PSObject] - $ScopedMembers, + $InputObject, [Parameter()] [PSObject] - $Members, + $AccessPackageResourceScopes, + + [Parameter()] + [System.String] + $AccessPackageCatalogId, [Parameter()] [System.Uri] @@ -25933,123 +33183,74 @@ function New-MgBetaDirectoryRole [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.DateTime] - $DeletedDateTime, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaDirectoryRoleMemberByRef -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $AccessPackageResources, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $ModifiedBy, [Parameter()] [PSObject] - $BodyParameter, + $CustomAccessPackageWorkflowExtensions, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CatalogStatus, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Break, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.String] - $DirectoryRoleId, + $AccessPackageResourceRoles, [Parameter()] [System.String] - $OdataId, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + $CatalogType, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function New-MgBetaDirectorySetting +function Update-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Values, + [PSObject] + $ExternalSponsors, [Parameter()] [System.String] - $TemplateId, + $Description, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -26057,48 +33258,51 @@ function New-MgBetaDirectorySetting [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaDevice -{ - [CmdletBinding()] - param( + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $IdentitySources, + + [Parameter()] + [System.String] + $State, + + [Parameter()] + [System.String] + $CreatedBy, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $IfMatch, + $Id, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ConnectedOrganizationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $InternalSponsors, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DeviceId, + $ModifiedBy, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -26109,98 +33313,118 @@ function Remove-MgBetaDevice $HttpPipelineAppend ) } -function Remove-MgBetaDirectoryAdministrativeUnit +function Update-MgBetaRoleManagementDirectory { [CmdletBinding()] param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $RoleAssignmentScheduleRequests, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $TransitiveRoleAssignments, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $RoleEligibilitySchedules, [Parameter()] - [System.String] - $AdministrativeUnitId, + [PSObject] + $ResourceNamespaces, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $RoleDefinitions, [Parameter()] [PSObject] - $HttpPipelineAppend, + $RoleEligibilityScheduleRequests, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $RoleAssignmentSchedules, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaDirectoryAdministrativeUnitMemberDirectoryObjectByRef -{ - [CmdletBinding()] - param( + [PSObject] + $RoleAssignments, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + [Parameter()] [System.String] $Id, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $RoleEligibilityScheduleInstances, + + [Parameter()] + [PSObject] + $RoleAssignmentScheduleInstances, + + [Parameter()] + [PSObject] + $RoleAssignmentApprovals, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Update-MgBetaRoleManagementDirectoryRoleDefinition +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $IfMatch, + $Description, [Parameter()] [System.String] - $AdministrativeUnitId, + $DisplayName, [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $ResourceScopes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -26208,655 +33432,666 @@ function Remove-MgBetaDirectoryAdministrativeUnitMemberDirectoryObjectByRef [Parameter()] [System.String] - $DirectoryObjectId, + $TemplateId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaDirectoryAdministrativeUnitScopedRoleMember -{ - [CmdletBinding()] - param( + $IsPrivileged, + + [Parameter()] + [System.String] + $UnifiedRoleDefinitionId, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Version, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $AdministrativeUnitId, + $Id, [Parameter()] [PSObject] - $InputObject, + $InheritsPermissionsFrom, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $AllowedPrincipalTypes, + [Parameter()] [PSObject] - $HttpPipelineAppend, + $RolePermissions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $ScopedRoleMembershipId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $IsEnabled, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgBetaDirectoryRole +#endregion +#region Microsoft.Graph.Beta.Identity.SignIns +function Get-MgBetaIdentityConditionalAccess { [CmdletBinding()] param( - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $DirectoryRoleId, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] [PSObject] $HttpPipelineAppend, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Remove-MgBetaDirectoryRoleMemberByRef +function Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference { [CmdletBinding()] param( [Parameter()] - [System.String] - $Id, + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.String[]] + $Sort, + [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DirectoryRoleId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $Search, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $AuthenticationContextClassReferenceId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.String] - $DirectoryObjectId, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgBetaDirectorySetting +function Get-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] param( [Parameter()] [System.String] - $DirectorySettingId, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $NamedLocationId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Property, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Restore-MgBetaDirectoryDeletedItem -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DirectoryObjectId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaDevice +function Get-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.DateTime] - $RegistrationDateTime, - - [Parameter()] - [System.String] - $Status, - - [Parameter()] - [PSObject] - $UsageRights, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $DeviceMetadata, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $TrustType, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Int32] - $DeviceVersion, + $Skip, [Parameter()] [System.String] - $OperatingSystem, + $ConditionalAccessPolicyId, [Parameter()] - [PSObject] - $Extensions, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $AlternativeSecurityIds, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $Commands, - - [Parameter()] - [System.String] - $OnPremisesSecurityIdentifier, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $OperatingSystemVersion, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Id, + $Filter, [Parameter()] - [System.DateTime] - $OnPremisesLastSyncDateTime, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DisplayName, + $Search, [Parameter()] - [System.String] - $DeviceId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsCompliant, + [System.String[]] + $ExpandProperty, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaIdentityProvider +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $EnrollmentType, + $IdentityProviderBaseId, [Parameter()] - [System.String] - $ProfileType, + [System.String[]] + $Property, [Parameter()] [PSObject] - $ExtensionAttributes, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $OnPremisesSyncEnabled, - - [Parameter()] - [PSObject] - $MemberOf, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Hostnames, + [System.Int32] + $PageSize, [Parameter()] - [System.String[]] - $PhysicalIds, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $ComplianceExpirationDateTime, + [System.Int32] + $Skip, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceCategory, + $CountVariable, [Parameter()] - [System.String] - $DomainName, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsManagementRestricted, - - [Parameter()] - [PSObject] - $TransitiveMemberOf, + $All, [Parameter()] [System.String] - $Model, - - [Parameter()] - [System.String[]] - $SystemLabels, + $Filter, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $RegisteredOwners, + [System.String] + $Search, [Parameter()] - [PSObject] - $RegisteredUsers, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $HttpPipelineAppend, - + $HttpPipelineAppend + ) +} +function Get-MgBetaOauth2PermissionGrant +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $DeviceId1, + [System.String[]] + $Property, [Parameter()] [System.String] - $Manufacturer, + $OAuth2PermissionGrantId, [Parameter()] - [System.String] - $DeviceOwnership, + [PSObject] + $InputObject, [Parameter()] - [System.DateTime] - $ApproximateLastSignInDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsManaged, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $Name, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Platform, + [System.Int32] + $Skip, [Parameter()] - [System.String] - $EnrollmentProfileName, + [System.Int32] + $Top, [Parameter()] [System.String] - $MdmAppId, + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsRooted, + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AccountEnabled, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $ManagementType, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String] - $Kind + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaDirectory +function Get-MgBetaPolicyAuthenticationMethodPolicy { [CmdletBinding()] param( [Parameter()] [PSObject] - $InboundSharedUserProfiles, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $SharedEmailDomains, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $OutboundSharedUserProfiles, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $FederationConfigurations, + [System.String[]] + $Property, [Parameter()] [PSObject] - $OnPremisesSynchronization, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $AdministrativeUnits, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [PSObject] - $Recommendations, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AttributeSets, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Subscriptions, + $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $DeletedItems, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $ImpactedResources, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $CertificateAuthorities, + [System.String] + $AuthenticationMethodConfigurationId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Id, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $CustomSecurityAttributeDefinitions, - - [Parameter()] - [PSObject] - $FeatureRolloutPolicies, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDirectoryAdministrativeUnit +function Get-MgBetaPolicyAuthenticationStrengthPolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $AdministrativeUnitId, - - [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMemberManagementRestricted, + [System.String] + $AuthenticationStrengthPolicyId, [Parameter()] - [PSObject] - $ScopedRoleMembers, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $Members, + [System.Int32] + $Top, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $BodyParameter, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $Extensions, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] @@ -26864,467 +34099,559 @@ function Update-MgBetaDirectoryAdministrativeUnit [Parameter()] [System.String] - $Visibility, - - [Parameter()] - [System.DateTime] - $DeletedDateTime, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaDirectorySetting +function Get-MgBetaPolicyAuthorizationPolicy { [CmdletBinding()] param( [Parameter()] [System.String[]] - $Values, + $Property, [Parameter()] - [System.String] - $DirectorySettingId, + [PSObject] + $InputObject, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $AuthorizationPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $TemplateId, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaOrganization +function Get-MgBetaPolicyCrossTenantAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $PostalCode, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $VerifiedDomains, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $DefaultUsageLocation, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $CertificateConnectorSetting, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] $HttpPipelineAppend, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaPolicyCrossTenantAccessPolicyDefault +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $Settings, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Street, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $PartnerInformation, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $Id, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $HttpPipelineAppend, [Parameter()] - [System.String] - $PreferredLanguage, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaPolicyCrossTenantAccessPolicyPartner +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $State, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $City, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $MarketingNotificationEmails, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AssignedPlans, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $MobileDeviceManagementAuthority, + [System.String] + $CrossTenantAccessPolicyConfigurationPartnerTenantId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMultipleDataLocationsForServicesEnabled, + [System.Int32] + $Top, [Parameter()] [System.String] - $Country, + $CountVariable, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [PSObject] - $BodyParameter, - [Parameter()] [System.String[]] - $SecurityComplianceNotificationMails, + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $CertificateBasedAuthConfiguration, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String[]] - $TechnicalNotificationMails, + $ExpandProperty, [Parameter()] [PSObject] - $PrivacyProfile, - + $HttpPipelineAppend + ) +} +function Get-MgBetaPolicyExternalIdentityPolicy +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $Extensions, + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.DateTime] - $OnPremisesLastSyncDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $ProvisionedPlans, + [System.String[]] + $Property, [Parameter()] [PSObject] - $DirectorySizeQuota, + $HttpPipelineAppend, [Parameter()] - [System.DateTime] - $OnPremisesLastPasswordSyncDateTime, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $Branding, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CountryLetterCode, + [System.Uri] + $Proxy, [Parameter()] - [System.String[]] - $BusinessPhones, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OnPremisesSyncEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.String] - $OrganizationId, + [System.String[]] + $Property, [Parameter()] - [System.String[]] - $SecurityComplianceNotificationPhones, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $PartnerTenantType + [System.Management.Automation.SwitchParameter] + $Break ) } -function Update-MgBetaOrganizationSetting +function Get-MgBetaPolicyRoleManagementPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $PeopleInsights, + [System.String[]] + $Property, [Parameter()] [PSObject] - $ItemInsights, + $InputObject, [Parameter()] - [PSObject] - $MicrosoftApplicationDataAccess, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ContactInsights, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $UnifiedRoleManagementPolicyId, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - [Parameter()] [System.String] - $OrganizationId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaOrganizationSettingItemInsight +function Get-MgBetaPolicyRoleManagementPolicyAssignment { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.String] - $Id, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Top, [Parameter()] [System.String] - $OrganizationId, + $CountVariable, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledInOrganization, + $All, [Parameter()] [System.String] - $DisabledForGroup, + $Filter, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $UnifiedRoleManagementPolicyAssignmentId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaOrganizationSettingPersonInsight +function Get-MgBetaPolicyRoleManagementPolicyRule { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Id, + $UnifiedRoleManagementPolicyRuleId, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Skip, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $UnifiedRoleManagementPolicyId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Top, [Parameter()] [System.String] - $OrganizationId, + $CountVariable, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledInOrganization, + $All, [Parameter()] [System.String] - $DisabledForGroup, + $Filter, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgBetaDirectoryDeletedApplication +function Get-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( @@ -27332,6 +34659,10 @@ function Get-MgBetaDirectoryDeletedApplication [System.String[]] $Property, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -27345,12 +34676,12 @@ function Get-MgBetaDirectoryDeletedApplication $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $TokenLifetimePolicyId, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $Skip, [Parameter()] [System.Int32] @@ -27384,10 +34715,6 @@ function Get-MgBetaDirectoryDeletedApplication [System.String] $Search, - [Parameter()] - [System.String] - $DirectoryObjectId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -27401,663 +34728,721 @@ function Get-MgBetaDirectoryDeletedApplication $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Beta.Identity.Governance -function Get-MgBetaAgreement +function New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsAvailable, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DisplayName, [Parameter()] [System.String] - $AgreementId, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaEntitlementManagementAccessPackage +function New-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $CatalogId, + $DisplayName, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $SessionControls, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $State, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $Conditions, [Parameter()] - [System.String] - $CountVariable, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $DisplayNameContains, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $AccessPackageId, + $Id, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $GrantControls, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaIdentityProvider +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Filter, + $Id, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $Search, + $DisplayName, [Parameter()] - [System.String] - $DisplayNameEq, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageAssignment +function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $BodyParameter, [Parameter()] - [System.Int32] - $PageSize, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $AccessPackageAssignmentId, + $State, [Parameter()] - [System.Int32] - $Skip, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] + [PSObject] + $ExcludeTargets + ) +} +function New-MgBetaPolicyAuthenticationStrengthPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $CountVariable, + $Description, [Parameter()] - [System.String[]] - $Sort, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $AccessPackageId, + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $PolicyType, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $Filter, + $RequirementsSatisfied, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Search, + $Id, + + [Parameter()] + [System.String[]] + $AllowedCombinations, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $CombinationConfigurations, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy +function New-MgBetaPolicyCrossTenantAccessPolicyPartner { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $TenantId, [Parameter()] [PSObject] - $InputObject, + $TenantRestrictions, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $InboundTrust, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AutomaticUserConsentSettings, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $AccessPackageAssignmentPolicyId, + [PSObject] + $B2BDirectConnectOutbound, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $B2BDirectConnectInbound, [Parameter()] - [System.String] - $DisplayNameContains, + [PSObject] + $B2BCollaborationOutbound, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $IdentitySynchronization, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $BodyParameter, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $B2BCollaborationInbound, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $IsServiceProvider, [Parameter()] - [System.String] - $DisplayNameEq, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageCatalog +function New-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( [Parameter()] [System.String[]] - $Property, + $Definition, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $DisplayName, [Parameter()] - [System.Int32] - $PageSize, + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, [Parameter()] - [System.String] - $CountVariable, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, [Parameter()] [System.String] - $DisplayNameContains, + $Id, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $AccessPackageCatalogId, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $AppliesTo, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, [Parameter()] - [System.String] - $Filter, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaIdentityConditionalAccess +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $DisplayNameEq, + $IfMatch, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource +function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $AccessPackageCatalogId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Search, + $AuthenticationContextClassReferenceId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResourceRole +function Remove-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $AccessPackageCatalogId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $InputObject, [Parameter()] [System.String] - $Filter, + $NamedLocationId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackage +function Remove-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $Top, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $AccessPackageId, - - [Parameter()] - [System.String[]] - $Sort, + $IfMatch, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Search, + $ConditionalAccessPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageIncompatibleGroup +function Remove-MgBetaIdentityProvider { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $AccessPackageId, + $IdentityProviderBaseId, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaPolicyAuthenticationMethodPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] @@ -28065,76 +35450,89 @@ function Get-MgBetaEntitlementManagementAccessPackageIncompatibleGroup [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $PassThru, [Parameter()] [System.String] - $Filter, + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith +function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $CountVariable, + $AuthenticationMethodConfigurationId, [Parameter()] - [System.String] - $AccessPackageId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaPolicyAuthenticationStrengthPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] @@ -28142,614 +35540,599 @@ function Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $PassThru, [Parameter()] [System.String] - $Filter, + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $AccessPackageId1, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $AuthenticationStrengthPolicyId, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaEntitlementManagementConnectedOrganization +function Remove-MgBetaPolicyCrossTenantAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $IfMatch, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaPolicyCrossTenantAccessPolicyPartner +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $DisplayNameContains, + $CrossTenantAccessPolicyConfigurationPartnerTenantId, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.PSCredential] + $ProxyCredential, - [Parameter()] - [System.String] - $ConnectedOrganizationId, + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $PassThru, [Parameter()] [System.String] - $Filter, + $IfMatch, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $DisplayNameEq, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementConnectedOrganizationExternalSponsor +function Remove-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $ConnectedOrganizationId, + $IfMatch, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Search, + $TokenLifetimePolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor +function Update-MgBetaIdentityConditionalAccess { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $Templates, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $AuthenticationStrengths, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [PSObject] + $NamedLocations, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $AuthenticationContextClassReferences, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $AuthenticationStrength, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $ConnectedOrganizationId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $Policies, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaRoleManagementDirectory +function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAvailable, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Id, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $AuthenticationContextClassReferenceId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgBetaRoleManagementDirectoryRoleAssignment +function Update-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $UnifiedRoleAssignmentId, + $Description, [Parameter()] - [System.String[]] - $Property, + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $SessionControls, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $State, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $Conditions, [Parameter()] [System.String] - $CountVariable, + $ConditionalAccessPolicyId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $Id, [Parameter()] - [System.String] - $Filter, + [PSObject] + $GrantControls, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaRoleManagementDirectoryRoleDefinition +function Update-MgBetaIdentityProvider { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - [Parameter()] [System.String] - $UnifiedRoleDefinitionId, + $Id, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $IdentityProviderBaseId, [Parameter()] [System.String] - $Filter, + $DisplayName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule +function Update-MgBetaPolicyAuthenticationMethodPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $ReconfirmationInDays, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $PolicyMigrationState, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $SystemCredentialPreferences, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $PolicyVersion, [Parameter()] - [System.Int32] - $Top, + [System.String] + $DisplayName, [Parameter()] - [System.String] - $CountVariable, + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $RegistrationEnforcement, + + [Parameter()] + [PSObject] + $AuthenticationMethodConfigurations, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $UnifiedRoleEligibilityScheduleId, + [PSObject] + $BodyParameter, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $ReportSuspiciousActivitySettings, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest +function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Property, - [Parameter()] [System.String] - $UnifiedRoleEligibilityScheduleRequestId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, + $Id, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Filter, + $AuthenticationMethodConfigurationId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $State, [Parameter()] - [System.String] - $Search, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] - $HttpPipelineAppend + $ExcludeTargets ) } -function New-MgBetaEntitlementManagementAccessPackage +function Update-MgBetaPolicyAuthenticationStrengthPolicy { [CmdletBinding()] param( @@ -28757,34 +36140,26 @@ function New-MgBetaEntitlementManagementAccessPackage [System.String] $Description, - [Parameter()] - [PSObject] - $AccessPackagesIncompatibleWith, - [Parameter()] [System.DateTime] $CreatedDateTime, - [Parameter()] - [PSObject] - $IncompatibleGroups, - [Parameter()] [System.String] $DisplayName, - [Parameter()] - [PSObject] - $AccessPackageCatalog, - [Parameter()] [System.String] - $CatalogId, + $PolicyType, [Parameter()] [System.DateTime] $ModifiedDateTime, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -28797,17 +36172,13 @@ function New-MgBetaEntitlementManagementAccessPackage [PSObject] $HttpPipelinePrepend, - [Parameter()] - [PSObject] - $AccessPackageAssignmentPolicies, - [Parameter()] [System.String] - $CreatedBy, + $AuthenticationStrengthPolicyId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsRoleScopesVisible, + [System.String] + $RequirementsSatisfied, [Parameter()] [System.Uri] @@ -28822,8 +36193,8 @@ function New-MgBetaEntitlementManagementAccessPackage $Id, [Parameter()] - [PSObject] - $IncompatibleAccessPackages, + [System.String[]] + $AllowedCombinations, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -28831,95 +36202,75 @@ function New-MgBetaEntitlementManagementAccessPackage [Parameter()] [PSObject] - $AccessPackageResourceRoleScopes, + $CombinationConfigurations, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $ModifiedBy, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsHidden + $HttpPipelineAppend ) } -function New-MgBetaEntitlementManagementAccessPackageAssignment +function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination { [CmdletBinding()] param( [Parameter()] - [System.String] - $Justification, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $RequiredUserId, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Answers, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $ExistingAssignment, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.PSObject[]] - $RequiredGroupMember, + $Confirm, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $HttpPipelineAppend, [Parameter()] - [System.String] - $AccessPackageId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $AllowedCombinations, [Parameter()] [System.String] - $StartDate, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $AuthenticationStrengthPolicyId, [Parameter()] - [System.String] - $AssignmentPolicyId, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy +function Update-MgBetaPolicyAuthorizationPolicy { [CmdletBinding()] param( @@ -28928,28 +36279,24 @@ function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy $Description, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $BlockMsolPowerShell, [Parameter()] [System.String] - $DisplayName, + $AuthorizationPolicyId, [Parameter()] - [PSObject] - $CustomExtensionStageSettings, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $AccessPackageCatalog, + [System.Management.Automation.SwitchParameter] + $AllowedToUseSspr, [Parameter()] [PSObject] - $Questions, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -28960,76 +36307,60 @@ function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $AccessPackageId, + [System.Management.Automation.SwitchParameter] + $AllowUserConsentForRiskyApps, [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [PSObject] - $AccessReviewSettings, - [Parameter()] [System.String] - $CreatedBy, - - [Parameter()] - [PSObject] - $RequestorSettings, + $GuestUserRoleId, [Parameter()] [System.Management.Automation.SwitchParameter] - $CanExtend, - - [Parameter()] - [PSObject] - $VerifiableCredentialSettings, + $AllowedToSignUpEmailBasedSubscriptions, [Parameter()] [PSObject] - $CustomExtensionHandlers, - - [Parameter()] - [System.Int32] - $DurationInDays, + $DefaultUserRoleOverrides, [Parameter()] [System.String] - $Id, + $AllowInvitesFrom, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.DateTime] - $ExpirationDateTime, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $RequestApprovalSettings, + [System.String] + $Id, [Parameter()] - [PSObject] - $AccessPackage, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $AllowEmailVerifiedUsersToJoinOrganization, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $ModifiedBy, + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String[]] + $PermissionGrantPolicyIdsAssignedToDefaultUserRole, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -29037,56 +36368,52 @@ function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy [Parameter()] [PSObject] - $HttpPipelineAppend + $DefaultUserRolePermissions, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.String[]] + $EnabledPreviewFeatures ) } -function New-MgBetaEntitlementManagementAccessPackageCatalog +function Update-MgBetaPolicyCrossTenantAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsExternallyVisible, + [System.String[]] + $Definition, [Parameter()] - [PSObject] - $AccessPackageCustomWorkflowExtensions, + [System.String] + $Description, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $Templates, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.String] - $Description, - - [Parameter()] - [PSObject] - $AccessPackages, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $CreatedBy, - [Parameter()] [PSObject] - $AccessPackageResourceScopes, + $Partners, [Parameter()] [System.Uri] @@ -29109,32 +36436,45 @@ function New-MgBetaEntitlementManagementAccessPackageCatalog $ProxyCredential, [Parameter()] - [PSObject] - $AccessPackageResources, + [System.DateTime] + $DeletedDateTime, [Parameter()] - [System.String] - $ModifiedBy, + [System.String[]] + $AllowedCloudEndpoints, [Parameter()] - [PSObject] - $CustomAccessPackageWorkflowExtensions, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CatalogStatus, + [PSObject] + $HttpPipelineAppend, + [Parameter()] + [PSObject] + $Default + ) +} +function Update-MgBetaPolicyCrossTenantAccessPolicyDefault +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsServiceDefault, + + [Parameter()] + [System.Collections.Hashtable] + $InvitationRedemptionIdentityProviderConfiguration, [Parameter()] [PSObject] - $AccessPackageResourceRoles, + $TenantRestrictions, [Parameter()] - [System.String] - $CatalogType, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -29142,146 +36482,165 @@ function New-MgBetaEntitlementManagementAccessPackageCatalog [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $InboundTrust, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AutomaticUserConsentSettings, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $B2BDirectConnectOutbound, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $B2BDirectConnectInbound, [Parameter()] [PSObject] - $InputObject, + $B2BCollaborationOutbound, [Parameter()] - [System.String] - $OdataId, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, [Parameter()] [System.String] - $AccessPackageId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $B2BCollaborationInbound, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef +function Update-MgBetaPolicyCrossTenantAccessPolicyPartner { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $TenantId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $TenantRestrictions, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $InputObject, + $InboundTrust, [Parameter()] - [System.String] - $OdataId, + [PSObject] + $AutomaticUserConsentSettings, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $AccessPackageId, + [PSObject] + $B2BDirectConnectOutbound, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsInMultiTenantOrganization, + + [Parameter()] + [System.String] + $CrossTenantAccessPolicyConfigurationPartnerTenantId, + + [Parameter()] + [PSObject] + $B2BDirectConnectInbound, + + [Parameter()] + [PSObject] + $B2BCollaborationOutbound, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $IdentitySynchronization, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $B2BCollaborationInbound, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function New-MgBetaEntitlementManagementAccessPackageResourceRequest -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Justification, + $IsServiceProvider, [Parameter()] - [PSObject] - $AccessPackageResource, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ExecuteImmediately, + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Update-MgBetaPolicyExternalIdentityPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $CatalogId, + $Description, [Parameter()] [System.String] - $RequestType, + $DisplayName, [Parameter()] [System.Collections.Hashtable] @@ -29296,12 +36655,12 @@ function New-MgBetaEntitlementManagementAccessPackageResourceRequest $HttpPipelinePrepend, [Parameter()] - [PSObject] - $Requestor, + [System.Management.Automation.SwitchParameter] + $AllowExternalIdentitiesToLeave, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsValidationOnly, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] @@ -29315,25 +36674,17 @@ function New-MgBetaEntitlementManagementAccessPackageResourceRequest [System.String] $Id, - [Parameter()] - [System.DateTime] - $ExpirationDateTime, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $RequestState, + [System.Management.Automation.SwitchParameter] + $AllowDeletedIdentitiesDataRemoval, [Parameter()] - [System.String] - $RequestStatus, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -29344,106 +36695,94 @@ function New-MgBetaEntitlementManagementAccessPackageResourceRequest $HttpPipelineAppend ) } -function New-MgBetaEntitlementManagementAccessPackageResourceRoleScope +function Update-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy { [CmdletBinding()] param( [Parameter()] [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $DeletedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Description, [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $CreatedBy, - [Parameter()] [PSObject] - $AccessPackageResourceScope, + $BodyParameter, [Parameter()] - [System.String] - $AccessPackageId, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $AccessPackageResourceRole, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.String] - $ModifiedBy, + $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function New-MgBetaEntitlementManagementConnectedOrganization +function Update-MgBetaPolicyRoleManagementPolicy { [CmdletBinding()] param( - [Parameter()] - [PSObject] - $ExternalSponsors, - [Parameter()] [System.String] $Description, [Parameter()] [System.DateTime] - $CreatedDateTime, + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $EffectiveRules, + + [Parameter()] + [System.String] + $UnifiedRoleManagementPolicyId, [Parameter()] [System.String] $DisplayName, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [PSObject] + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -29458,16 +36797,20 @@ function New-MgBetaEntitlementManagementConnectedOrganization $HttpPipelinePrepend, [Parameter()] - [PSObject] - $IdentitySources, + [System.String] + $ScopeType, [Parameter()] [System.String] - $State, + $ScopeId, [Parameter()] - [System.String] - $CreatedBy, + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [PSObject] + $LastModifiedBy, [Parameter()] [System.Uri] @@ -29485,21 +36828,13 @@ function New-MgBetaEntitlementManagementConnectedOrganization [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $InternalSponsors, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $ModifiedBy, - - [Parameter()] - [System.String] - $DomainName, + [PSObject] + $Rules, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -29510,13 +36845,13 @@ function New-MgBetaEntitlementManagementConnectedOrganization $HttpPipelineAppend ) } -function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef +function Update-MgBetaPolicyRoleManagementPolicyRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Id, [Parameter()] [PSObject] @@ -29531,16 +36866,16 @@ function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRe $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $UnifiedRoleManagementPolicyRuleId, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $UnifiedRoleManagementPolicyId, [Parameter()] - [System.String] - $OdataId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] @@ -29551,12 +36886,16 @@ function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRe $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $ConnectedOrganizationId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $Target, [Parameter()] [System.Collections.Hashtable] @@ -29567,353 +36906,344 @@ function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRe $Break ) } -function New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef +function Update-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Definition, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $OdataId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $TokenLifetimePolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsOrganizationDefault, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, [Parameter()] [System.String] - $ConnectedOrganizationId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [PSObject] + $AppliesTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function New-MgBetaRoleManagementDirectoryRoleAssignment +#endregion + +#region Microsoft.Graph.Beta.Teams +function Get-MgBetaTeam { [CmdletBinding()] param( [Parameter()] - [PSObject] - $Principal, - - [Parameter()] - [System.String] - $ResourceScope, + [System.String[]] + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $DirectoryScope, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $PrincipalId, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + [System.Int32] + $Skip, [Parameter()] [System.String] - $Condition, + $TeamId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Top, [Parameter()] [System.String] - $RoleDefinitionId, + $CountVariable, [Parameter()] - [PSObject] - $RoleDefinition, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AppScope, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $DirectoryScopeId, + $Filter, [Parameter()] - [System.String] - $PrincipalOrganizationId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $AppScopeId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaRoleManagementDirectoryRoleDefinition +function Get-MgBetaTeamChannel { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TemplateId, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsPrivileged, + [System.String] + $ChannelId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $Version, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $TeamId, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $CountVariable, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $InheritsPermissionsFrom, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] [System.String] - $AllowedPrincipalTypes, - - [Parameter()] - [PSObject] - $RolePermissions, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaRoleManagementDirectoryRoleEligibilitySchedule +function Get-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] - [System.String] - $MemberType, + [System.String[]] + $Property, [Parameter()] [PSObject] - $Principal, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $CreatedUsing, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $ScheduleInfo, + [System.Int32] + $PageSize, [Parameter()] - [PSObject] - $DirectoryScope, + [System.String] + $ChannelId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $PrincipalId, + [System.Int32] + $Skip, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $TeamId, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Top, [Parameter()] [System.String] - $Status, + $CountVariable, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [PSObject] - $AppScope, - [Parameter()] [System.String] - $DirectoryScopeId, + $Search, [Parameter()] [System.String] - $AppScopeId, + $TeamsTabId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest +function New-MgBetaTeam { [CmdletBinding()] param( [Parameter()] [System.String] - $Justification, + $Specialization, [Parameter()] [PSObject] - $Principal, + $PrimaryChannel, + + [Parameter()] + [System.String] + $Description, [Parameter()] [System.DateTime] @@ -29921,360 +37251,337 @@ function New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest [Parameter()] [System.String] - $Action, + $DisplayName, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $TenantId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsMembershipLimitedToOwners, [Parameter()] - [PSObject] - $ScheduleInfo, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $DirectoryScope, + [System.String] + $Classification, [Parameter()] [PSObject] - $TargetSchedule, + $AllChannels, [Parameter()] - [System.String] - $ApprovalId, + [System.Management.Automation.SwitchParameter] + $IsArchived, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $InternalId, [Parameter()] - [System.String] - $CustomData, + [PSObject] + $Channels, [Parameter()] [PSObject] - $CreatedBy, + $Group, [Parameter()] - [System.String] - $PrincipalId, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsValidationOnly, + [PSObject] + $IncomingChannels, [Parameter()] - [System.DateTime] - $CompletedDateTime, + [PSObject] + $Tags, [Parameter()] [PSObject] - $TicketInfo, + $Photo, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Visibility, [Parameter()] [PSObject] - $BodyParameter, + $MessagingSettings, [Parameter()] - [System.String] - $Status, + [PSObject] + $Members, [Parameter()] - [System.String] - $Id, + [PSObject] + $PermissionGrants, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $TargetScheduleId, - - [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $RoleDefinition, + $InstalledApps, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Id, [Parameter()] [PSObject] - $AppScope, + $Owners, [Parameter()] - [System.String] - $DirectoryScopeId, + [PSObject] + $FunSettings, [Parameter()] - [System.String] - $AppScopeId, + [PSObject] + $Schedule, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $Operations, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaEntitlementManagementAccessPackage -{ - [CmdletBinding()] - param( + $GuestSettings, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $WebUrl, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Collections.Hashtable] + $Template, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $Summary, [Parameter()] [PSObject] - $InputObject, + $DiscoverySettings, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $TemplateDefinition, [Parameter()] - [System.String] - $AccessPackageId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $HttpPipelineAppend + $MemberSettings ) } -function Remove-MgBetaEntitlementManagementAccessPackageAssignment +function New-MgBetaTeamChannel { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - [Parameter()] [System.String] - $AccessPackageAssignmentId, + $Description, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $FilesFolder, [Parameter()] [System.String] - $IfMatch, + $DisplayName, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $TenantId, [Parameter()] [PSObject] - $HttpPipelineAppend, + $Tabs, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $SharedWithTeams, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $Messages, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsFavoriteByDefault, [Parameter()] [System.String] - $IfMatch, + $TeamId, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Email, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Members, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $AccessPackageAssignmentPolicyId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaEntitlementManagementAccessPackageCatalog -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $AccessPackageCatalogId, + $Confirm, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $ModerationSettings, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MembershipType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $WebUrl, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $InputObject, + $Summary, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef +function New-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] [System.String] - $Id, + $TeamsAppId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $MessageId, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $SortOrderIndex, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $DisplayName, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $IfMatch, + $ChannelId, [Parameter()] [PSObject] - $InputObject, + $TeamsApp, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $TeamId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $AccessPackageId1, + [PSObject] + $Configuration, [Parameter()] [System.String] - $AccessPackageId, + $WebUrl, [Parameter()] [System.Management.Automation.PSCredential] @@ -30282,17 +37589,21 @@ function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackag [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef +function Remove-MgBetaTeam { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Id, - [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -30321,39 +37632,35 @@ function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.String] - $AccessPackageId, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $GroupId, + $TeamId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgBetaEntitlementManagementAccessPackageResourceRoleScope +function Remove-MgBetaTeamChannel { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, @@ -30380,11 +37687,11 @@ function Remove-MgBetaEntitlementManagementAccessPackageResourceRoleScope [Parameter()] [System.String] - $AccessPackageResourceRoleScopeId, + $ChannelId, [Parameter()] [System.String] - $AccessPackageId, + $TeamId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -30395,18 +37702,18 @@ function Remove-MgBetaEntitlementManagementAccessPackageResourceRoleScope $HttpPipelineAppend ) } -function Remove-MgBetaEntitlementManagementConnectedOrganization +function Remove-MgBetaTeamChannelTab { [CmdletBinding()] param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + [Parameter()] [System.Uri] $Proxy, @@ -30437,302 +37744,339 @@ function Remove-MgBetaEntitlementManagementConnectedOrganization [Parameter()] [System.String] - $ConnectedOrganizationId, + $ChannelId, + + [Parameter()] + [System.String] + $TeamsTabId, + + [Parameter()] + [System.String] + $TeamId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Remove-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorDirectoryObjectByRef +function Update-MgBetaTeam { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $PrimaryChannel, + [Parameter()] [System.String] - $Id, + $Description, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Tags, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $TenantId, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $IsMembershipLimitedToOwners, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AllChannels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Classification, [Parameter()] [System.String] - $DirectoryObjectId, + $InternalId, [Parameter()] - [System.String] - $ConnectedOrganizationId, + [PSObject] + $MemberSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorDirectoryObjectByRef -{ - [CmdletBinding()] - param( + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $Group, + [Parameter()] [System.String] - $Id, + $Specialization, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $IncomingChannels, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsArchived, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $TeamId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $Photo, [Parameter()] [System.String] - $IfMatch, + $Visibility, [Parameter()] [PSObject] - $InputObject, + $MessagingSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Members, [Parameter()] [PSObject] - $HttpPipelineAppend, + $PermissionGrants, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $DirectoryObjectId, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $InstalledApps, [Parameter()] [System.String] - $ConnectedOrganizationId, + $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaRoleManagementDirectory -{ - [CmdletBinding()] - param( + [PSObject] + $Owners, + [Parameter()] [PSObject] - $HttpPipelinePrepend, + $FunSettings, + + [Parameter()] + [PSObject] + $Schedule, + + [Parameter()] + [PSObject] + $Operations, + + [Parameter()] + [PSObject] + $GuestSettings, + + [Parameter()] + [System.String] + $WebUrl, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Collections.Hashtable] + $Template, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $Summary, + + [Parameter()] + [PSObject] + $DiscoverySettings, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, + + [Parameter()] + [PSObject] + $TemplateDefinition, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $HttpPipelineAppend + $Channels ) } -function Remove-MgBetaRoleManagementDirectoryRoleAssignment +function Update-MgBetaTeamChannel { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $FilesFolder, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $DisplayName, [Parameter()] - [System.String] - $UnifiedRoleAssignmentId, + [PSObject] + $InputObject, [Parameter()] [System.String] - $IfMatch, + $TenantId, [Parameter()] [PSObject] - $InputObject, + $Tabs, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $SharedWithTeams, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $Messages, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaRoleManagementDirectoryRoleDefinition -{ - [CmdletBinding()] - param( + [System.String] + $ChannelId, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsFavoriteByDefault, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $TeamId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $Email, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $Members, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $InputObject, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $ModerationSettings, [Parameter()] [System.String] - $UnifiedRoleDefinitionId, + $MembershipType, + + [Parameter()] + [System.String] + $WebUrl, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $Summary, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy +function Update-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] - [PSObject] - $CustomExtensionHandlers, + [System.String] + $TeamsAppId, [Parameter()] [System.String] - $Description, + $MessageId, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $SortOrderIndex, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [PSObject] - $CustomExtensionStageSettings, - - [Parameter()] - [PSObject] - $AccessPackageCatalog, - - [Parameter()] - [PSObject] - $Questions, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - [Parameter()] [PSObject] $InputObject, @@ -30742,181 +38086,259 @@ function Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $ChannelId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $TeamsApp, [Parameter()] [PSObject] - $AccessReviewSettings, + $HttpPipelinePrepend, [Parameter()] [System.String] - $CreatedBy, + $TeamId, [Parameter()] - [System.String] - $AccessPackageAssignmentPolicyId, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $RequestorSettings, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $CanExtend, + $Confirm, [Parameter()] [PSObject] - $VerifiableCredentialSettings, + $Configuration, [Parameter()] [System.String] - $AccessPackageId, + $WebUrl, [Parameter()] - [System.Int32] - $DurationInDays, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Uri] - $Proxy, + $TeamsTabId, [Parameter()] - [System.DateTime] - $ExpirationDateTime, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $RequestApprovalSettings, + $HttpPipelineAppend + ) +} +#endregion + +#region Microsoft.Graph.deviceManagement +function New-MgBetaDeviceAppManagementMobileAppCategory +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $AccessPackage, + [System.String] + $Id, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $DisplayName + ) +} +function Get-MgBetaDeviceAppManagementMobileAppCategory +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MobileAppCategoryId, [Parameter()] [System.String] - $ModifiedBy, + $DisplayName + ) +} +function Update-MgBetaDeviceAppManagementMobileAppCategory +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MobileAppCategoryId, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String] + $DisplayName ) } -function Update-MgBetaEntitlementManagementAccessPackage + +function Remove-MgBetaDeviceAppManagementMobileAppCategory { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $MobileAppCategoryId, + + [Parameter()] + [System.Boolean] + $Confirm + ) +} + +#region Microsoft.Graph.DeviceManagement.Administration +function Get-MgDeviceManagementRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $AccessPackagesIncompatibleWith, + $InputObject, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $IncompatibleGroups, + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $DisplayName, + $CountVariable, [Parameter()] - [PSObject] - $AccessPackageCatalog, + [System.Uri] + $Proxy, [Parameter()] [System.String] - $CatalogId, + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AccessPackageAssignmentPolicies, + $HttpPipelineAppend + ) +} +function Get-MgDeviceManagementRoleDefinition +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $CreatedBy, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsRoleScopesVisible, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $AccessPackageId, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] - $Id, + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $IncompatibleAccessPackages, + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $RoleDefinitionId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $AccessPackageResourceRoleScopes, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] @@ -30924,165 +38346,117 @@ function Update-MgBetaEntitlementManagementAccessPackage [Parameter()] [System.String] - $ModifiedBy, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsHidden + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaEntitlementManagementAccessPackageCatalog +function Get-MgDeviceManagementRoleDefinitionRoleAssignment { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsExternallyVisible, + [System.String[]] + $Property, [Parameter()] [PSObject] - $AccessPackageCustomWorkflowExtensions, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $InputObject, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AccessPackages, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $CreatedBy, - - [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $AccessPackageResourceScopes, + [System.Int32] + $Top, [Parameter()] [System.String] - $AccessPackageCatalogId, + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $RoleAssignmentId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $RoleDefinitionId, [Parameter()] - [PSObject] - $AccessPackageResources, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $ModifiedBy, + $Filter, [Parameter()] - [PSObject] - $CustomAccessPackageWorkflowExtensions, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $CatalogStatus, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $AccessPackageResourceRoles, - - [Parameter()] - [System.String] - $CatalogType, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaEntitlementManagementConnectedOrganization +function New-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [PSObject] - $ExternalSponsors, - [Parameter()] [System.String] $Description, - [Parameter()] - [System.DateTime] - $CreatedDateTime, - [Parameter()] [System.String] $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.DateTime] - $ModifiedDateTime, - - [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $ResourceScopes, [Parameter()] [System.Collections.Hashtable] @@ -31097,16 +38471,8 @@ function Update-MgBetaEntitlementManagementConnectedOrganization $HttpPipelinePrepend, [Parameter()] - [PSObject] - $IdentitySources, - - [Parameter()] - [System.String] - $State, - - [Parameter()] - [System.String] - $CreatedBy, + [System.String[]] + $Members, [Parameter()] [System.Uri] @@ -31121,21 +38487,17 @@ function Update-MgBetaEntitlementManagementConnectedOrganization $Id, [Parameter()] - [System.String] - $ConnectedOrganizationId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $InternalSponsors, + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $ModifiedBy, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -31145,17 +38507,17 @@ function Update-MgBetaEntitlementManagementConnectedOrganization $HttpPipelineAppend ) } -function Update-MgBetaRoleManagementDirectory +function New-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] - [PSObject] - $RoleAssignmentScheduleRequests, + [System.String] + $Description, [Parameter()] - [PSObject] - $TransitiveRoleAssignments, + [System.String] + $DisplayName, [Parameter()] [System.Collections.Hashtable] @@ -31165,33 +38527,17 @@ function Update-MgBetaRoleManagementDirectory [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [PSObject] - $RoleEligibilitySchedules, - - [Parameter()] - [PSObject] - $ResourceNamespaces, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] [PSObject] - $RoleDefinitions, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleRequests, - - [Parameter()] - [PSObject] - $RoleAssignmentSchedules, + $RoleAssignments, [Parameter()] - [PSObject] - $RoleAssignments, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] @@ -31209,21 +38555,13 @@ function Update-MgBetaRoleManagementDirectory [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleInstances, - [Parameter()] [PSObject] - $RoleAssignmentScheduleInstances, + $RolePermissions, [Parameter()] - [PSObject] - $RoleAssignmentApprovals, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -31234,109 +38572,63 @@ function Update-MgBetaRoleManagementDirectory $HttpPipelineAppend ) } -function Update-MgBetaRoleManagementDirectoryRoleDefinition +function Remove-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String[]] - $ResourceScopes, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.String] - $TemplateId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsPrivileged, - - [Parameter()] - [System.String] - $UnifiedRoleDefinitionId, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $Version, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, + $IfMatch, [Parameter()] [PSObject] - $InheritsPermissionsFrom, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $AllowedPrincipalTypes, - - [Parameter()] - [PSObject] - $RolePermissions, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Beta.Identity.SignIns -function Get-MgBetaIdentityConditionalAccess +function Remove-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -31346,185 +38638,190 @@ function Get-MgBetaIdentityConditionalAccess $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] $HttpPipelineAppend, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +function Update-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] - [PSObject] - $InputObject, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $CountVariable, + [System.String[]] + $Members, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Filter, + $Id, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Search, + [PSObject] + $RoleDefinition, [Parameter()] - [System.String] - $AuthenticationContextClassReferenceId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaIdentityConditionalAccessNamedLocation +function Update-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] [System.String] - $NamedLocationId, + $Description, [Parameter()] - [System.String[]] - $Property, + [System.String] + $DisplayName, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [PSObject] + $RoleAssignments, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] [System.String] - $Filter, + $RoleDefinitionId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RolePermissions, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaIdentityConditionalAccessPolicy +#endregion + +#endregion Microsoft.Graph.DeviceManagement + +#region Microsoft.Graph.DirectoryObjects +function Get-MgDirectoryObject { [CmdletBinding()] param( @@ -31532,10 +38829,6 @@ function Get-MgBetaIdentityConditionalAccessPolicy [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -31553,8 +38846,8 @@ function Get-MgBetaIdentityConditionalAccessPolicy $Skip, [Parameter()] - [System.String] - $ConditionalAccessPolicyId, + [PSObject] + $InputObject, [Parameter()] [System.Int32] @@ -31572,6 +38865,10 @@ function Get-MgBetaIdentityConditionalAccessPolicy [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConsistencyLevel, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -31588,6 +38885,10 @@ function Get-MgBetaIdentityConditionalAccessPolicy [System.String] $Search, + [Parameter()] + [System.String] + $DirectoryObjectId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -31601,14 +38902,12 @@ function Get-MgBetaIdentityConditionalAccessPolicy $HttpPipelineAppend ) } -function Get-MgBetaIdentityProvider +#endregion +#region Microsoft.Graph.Beta.Identity.Governance +function Get-MgBetaAgreement { [CmdletBinding()] param( - [Parameter()] - [System.String] - $IdentityProviderBaseId, - [Parameter()] [System.String[]] $Property, @@ -31621,6 +38920,10 @@ function Get-MgBetaIdentityProvider [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $AgreementId, + [Parameter()] [System.Int32] $PageSize, @@ -31665,6 +38968,10 @@ function Get-MgBetaIdentityProvider [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -31673,12 +38980,16 @@ function Get-MgBetaIdentityProvider [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaOauth2PermissionGrant +function Get-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( @@ -31688,7 +38999,7 @@ function Get-MgBetaOauth2PermissionGrant [Parameter()] [System.String] - $OAuth2PermissionGrantId, + $CatalogId, [Parameter()] [PSObject] @@ -31719,13 +39030,21 @@ function Get-MgBetaOauth2PermissionGrant $CountVariable, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $DisplayNameContains, + + [Parameter()] + [System.String] + $AccessPackageId, [Parameter()] [System.String[]] $Sort, + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -31739,60 +39058,35 @@ function Get-MgBetaOauth2PermissionGrant $ProxyCredential, [Parameter()] - [System.String] - $Search, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaPolicyAuthenticationMethodPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Search, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $DisplayNameEq, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [System.String[]] $ExpandProperty, [Parameter()] - [System.String[]] - $Property, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + $HttpPipelineAppend ) } -function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function Get-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( @@ -31816,6 +39110,10 @@ function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.String] + $AccessPackageAssignmentId, + [Parameter()] [System.Int32] $Skip, @@ -31828,17 +39126,17 @@ function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura [System.String] $CountVariable, - [Parameter()] - [System.Uri] - $Proxy, - [Parameter()] [System.String[]] $Sort, [Parameter()] [System.String] - $AuthenticationMethodConfigurationId, + $AccessPackageId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -31856,6 +39154,10 @@ function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -31864,12 +39166,16 @@ function Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyAuthenticationStrengthPolicy +function Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( @@ -31893,14 +39199,14 @@ function Get-MgBetaPolicyAuthenticationStrengthPolicy [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, - [Parameter()] [System.Int32] $Skip, + [Parameter()] + [System.String] + $AccessPackageAssignmentPolicyId, + [Parameter()] [System.Int32] $Top, @@ -31909,6 +39215,10 @@ function Get-MgBetaPolicyAuthenticationStrengthPolicy [System.String] $CountVariable, + [Parameter()] + [System.String] + $DisplayNameContains, + [Parameter()] [System.Uri] $Proxy, @@ -31933,6 +39243,14 @@ function Get-MgBetaPolicyAuthenticationStrengthPolicy [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $DisplayNameEq, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -31941,12 +39259,16 @@ function Get-MgBetaPolicyAuthenticationStrengthPolicy [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyAuthorizationPolicy +function Get-MgBetaEntitlementManagementAccessPackageCatalog { [CmdletBinding()] param( @@ -31958,10 +39280,6 @@ function Get-MgBetaPolicyAuthorizationPolicy [PSObject] $InputObject, - [Parameter()] - [System.String] - $AuthorizationPolicyId, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -31986,10 +39304,18 @@ function Get-MgBetaPolicyAuthorizationPolicy [System.String] $CountVariable, + [Parameter()] + [System.String] + $DisplayNameContains, + [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.String] + $AccessPackageCatalogId, + [Parameter()] [System.String[]] $Sort, @@ -32010,6 +39336,14 @@ function Get-MgBetaPolicyAuthorizationPolicy [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $DisplayNameEq, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32018,86 +39352,97 @@ function Get-MgBetaPolicyAuthorizationPolicy [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyCrossTenantAccessPolicy +function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $CountVariable, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Uri] + $Proxy, [Parameter()] - [System.String[]] - $Property, + [System.String] + $AccessPackageCatalogId, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Get-MgBetaPolicyCrossTenantAccessPolicyDefault -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $All, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [System.String[]] $ExpandProperty, [Parameter()] - [System.String[]] - $Property, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + $HttpPipelineAppend ) } -function Get-MgBetaPolicyCrossTenantAccessPolicyPartner +function Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResourceRole { [CmdletBinding()] param( @@ -32105,10 +39450,6 @@ function Get-MgBetaPolicyCrossTenantAccessPolicyPartner [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -32125,10 +39466,6 @@ function Get-MgBetaPolicyCrossTenantAccessPolicyPartner [System.Int32] $Skip, - [Parameter()] - [System.String] - $CrossTenantAccessPolicyConfigurationPartnerTenantId, - [Parameter()] [System.Int32] $Top, @@ -32141,6 +39478,10 @@ function Get-MgBetaPolicyCrossTenantAccessPolicyPartner [System.Uri] $Proxy, + [Parameter()] + [System.String] + $AccessPackageCatalogId, + [Parameter()] [System.String[]] $Sort, @@ -32161,6 +39502,10 @@ function Get-MgBetaPolicyCrossTenantAccessPolicyPartner [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32169,86 +39514,97 @@ function Get-MgBetaPolicyCrossTenantAccessPolicyPartner [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyExternalIdentityPolicy +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackage { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $CountVariable, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $AccessPackageId, [Parameter()] [System.String[]] - $Property, + $Sort, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Get-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $All, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [System.String[]] $ExpandProperty, [Parameter()] - [System.String[]] - $Property, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + $HttpPipelineAppend ) } -function Get-MgBetaPolicyRoleManagementPolicy +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleGroup { [CmdletBinding()] param( @@ -32256,10 +39612,6 @@ function Get-MgBetaPolicyRoleManagementPolicy [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -32276,10 +39628,6 @@ function Get-MgBetaPolicyRoleManagementPolicy [System.Int32] $Skip, - [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyId, - [Parameter()] [System.Int32] $Top, @@ -32289,13 +39637,17 @@ function Get-MgBetaPolicyRoleManagementPolicy $CountVariable, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AccessPackageId, [Parameter()] [System.String[]] $Sort, + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -32312,6 +39664,10 @@ function Get-MgBetaPolicyRoleManagementPolicy [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32320,12 +39676,16 @@ function Get-MgBetaPolicyRoleManagementPolicy [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyRoleManagementPolicyAssignment +function Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith { [CmdletBinding()] param( @@ -32362,13 +39722,17 @@ function Get-MgBetaPolicyRoleManagementPolicyAssignment $CountVariable, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AccessPackageId, [Parameter()] [System.String[]] $Sort, + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -32377,10 +39741,6 @@ function Get-MgBetaPolicyRoleManagementPolicyAssignment [System.String] $Filter, - [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyAssignmentId, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -32389,6 +39749,14 @@ function Get-MgBetaPolicyRoleManagementPolicyAssignment [System.String] $Search, + [Parameter()] + [System.String] + $AccessPackageId1, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32397,12 +39765,16 @@ function Get-MgBetaPolicyRoleManagementPolicyAssignment [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyRoleManagementPolicyRule +function Get-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( @@ -32418,10 +39790,6 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyRuleId, - [Parameter()] [System.Int32] $PageSize, @@ -32434,10 +39802,6 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.Int32] $Skip, - [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyId, - [Parameter()] [System.Int32] $Top, @@ -32446,6 +39810,10 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.String] $CountVariable, + [Parameter()] + [System.String] + $DisplayNameContains, + [Parameter()] [System.Uri] $Proxy, @@ -32454,6 +39822,10 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConnectedOrganizationId, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -32470,6 +39842,14 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $DisplayNameEq, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32478,12 +39858,16 @@ function Get-MgBetaPolicyRoleManagementPolicyRule [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaPolicyTokenLifetimePolicy +function Get-MgBetaEntitlementManagementConnectedOrganizationExternalSponsor { [CmdletBinding()] param( @@ -32491,10 +39875,6 @@ function Get-MgBetaPolicyTokenLifetimePolicy [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -32507,10 +39887,6 @@ function Get-MgBetaPolicyTokenLifetimePolicy [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $TokenLifetimePolicyId, - [Parameter()] [System.Int32] $Skip, @@ -32531,6 +39907,10 @@ function Get-MgBetaPolicyTokenLifetimePolicy [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConnectedOrganizationId, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -32547,6 +39927,10 @@ function Get-MgBetaPolicyTokenLifetimePolicy [System.String] $Search, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -32555,161 +39939,104 @@ function Get-MgBetaPolicyTokenLifetimePolicy [System.String[]] $ExpandProperty, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +function Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor { [CmdletBinding()] param( [Parameter()] - [System.String] - $Id, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAvailable, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Description, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $Top, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function New-MgBetaIdentityConditionalAccessPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, + $CountVariable, [Parameter()] - [System.String] - $DisplayName, + [System.Uri] + $Proxy, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.String[]] + $Sort, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $ConnectedOrganizationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $SessionControls, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $All, [Parameter()] [System.String] - $State, - - [Parameter()] - [PSObject] - $Conditions, - - [Parameter()] - [System.Uri] - $Proxy, + $Filter, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, + $Search, [Parameter()] - [PSObject] - $GrantControls, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaIdentityProvider +function Get-MgBetaEntitlementManagementSetting { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Id, - [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.Uri] $Proxy, @@ -32719,46 +40046,42 @@ function New-MgBetaIdentityProvider $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $BodyParameter, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function Get-MgBetaRoleManagementDirectory { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Id, - [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [PSObject] - $BodyParameter, - [Parameter()] [System.Uri] $Proxy, @@ -32768,8 +40091,12 @@ function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [PSObject] @@ -32780,344 +40107,359 @@ function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $State, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Property, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $ExcludeTargets + $Break ) } -function New-MgBetaPolicyAuthenticationStrengthPolicy +function Get-MgBetaRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $UnifiedRoleAssignmentId, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String[]] + $Property, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $PolicyType, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.Int32] + $PageSize, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $Top, [Parameter()] [System.String] - $RequirementsSatisfied, + $CountVariable, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, - [Parameter()] [System.String[]] - $AllowedCombinations, + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $CombinationConfigurations, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaPolicyCrossTenantAccessPolicyPartner +function Get-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [System.String] - $TenantId, + [System.String[]] + $Property, [Parameter()] [PSObject] - $TenantRestrictions, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InboundTrust, + [System.Int32] + $PageSize, [Parameter()] - [PSObject] - $AutomaticUserConsentSettings, + [System.String] + $UnifiedRoleDefinitionId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsInMultiTenantOrganization, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $B2BDirectConnectInbound, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $B2BCollaborationOutbound, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $IdentitySynchronization, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] - [PSObject] - $B2BCollaborationInbound, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsServiceProvider, + [System.String] + $Search, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaPolicyTokenLifetimePolicy +function Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule { [CmdletBinding()] param( [Parameter()] [System.String[]] - $Definition, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + [System.String] + $UnifiedRoleEligibilityScheduleId, [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String] + $Filter, [Parameter()] - [PSObject] - $AppliesTo, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccess +function Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Property, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $UnifiedRoleEligibilityScheduleRequestId, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $PageSize, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $Skip, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -{ - [CmdletBinding()] - param( + $InputObject, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Search, [Parameter()] [System.String] - $AuthenticationContextClassReferenceId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccessNamedLocation +function Get-MgBetaRoleManagementEntitlementManagement { [CmdletBinding()] param( @@ -33125,405 +40467,430 @@ function Remove-MgBetaIdentityConditionalAccessNamedLocation [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $IfMatch, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [System.String] - $NamedLocationId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $Property, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgBetaIdentityConditionalAccessPolicy +function Get-MgBetaRoleManagementEntitlementManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $UnifiedRoleAssignmentId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Search, [Parameter()] [System.String] - $ConditionalAccessPolicyId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaIdentityProvider +function Get-MgBetaRoleManagementEntitlementManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] [System.String] - $IfMatch, + $UnifiedRoleDefinitionId, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $CountVariable, [Parameter()] - [System.String] - $IdentityProviderBaseId, + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaPolicyAuthenticationMethodPolicy -{ - [CmdletBinding()] - param( + $All, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $Search, [Parameter()] [System.String] - $IfMatch, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function New-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $UniqueName, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AccessPackagesIncompatibleWith, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $IncompatibleGroups, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $AccessPackageCatalog, [Parameter()] [System.String] - $AuthenticationMethodConfigurationId, + $CatalogId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.DateTime] + $ModifiedDateTime, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgBetaPolicyAuthenticationStrengthPolicy -{ - [CmdletBinding()] - param( + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AccessPackageAssignmentPolicies, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CreatedBy, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsRoleScopesVisible, [Parameter()] - [System.String] - $IfMatch, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $InputObject, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Id, [Parameter()] [PSObject] - $HttpPipelineAppend, + $IncompatibleAccessPackages, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaPolicyCrossTenantAccessPolicy -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AccessPackageResourceRoleScopes, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.String] - $IfMatch, + $ModifiedBy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $IsHidden ) } -function Remove-MgBetaPolicyCrossTenantAccessPolicyPartner +function New-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( [Parameter()] [System.String] - $CrossTenantAccessPolicyConfigurationPartnerTenantId, + $Justification, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $RequiredUserId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $Answers, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $ExistingAssignment, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.PSObject[]] + $RequiredGroupMember, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $AccessPackageId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $StartDate, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String] + $AssignmentPolicyId, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgBetaPolicyTokenLifetimePolicy +function New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $CustomExtensionStageSettings, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $AccessPackageCatalog, [Parameter()] [PSObject] - $InputObject, + $Questions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -33531,117 +40898,152 @@ function Remove-MgBetaPolicyTokenLifetimePolicy [Parameter()] [System.String] - $TokenLifetimePolicyId, + $AccessPackageId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $VerifiableCredentialSettings, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgBetaIdentityConditionalAccess -{ - [CmdletBinding()] - param( + $HttpPipelinePrepend, + [Parameter()] [PSObject] - $Templates, + $AccessReviewSettings, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $CreatedBy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $RequestorSettings, [Parameter()] - [PSObject] - $AuthenticationStrengths, + [System.Management.Automation.SwitchParameter] + $CanExtend, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $CustomExtensionHandlers, [Parameter()] - [PSObject] - $NamedLocations, + [System.Int32] + $DurationInDays, [Parameter()] - [PSObject] - $AuthenticationContextClassReferences, + [System.String] + $Id, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $AuthenticationStrength, + [System.DateTime] + $ExpirationDateTime, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Id, + [PSObject] + $RequestApprovalSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $AccessPackage, [Parameter()] [PSObject] - $Policies, + $BodyParameter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ModifiedBy, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [PSObject] + $AccessPackageNotificationSettings, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +function New-MgBetaEntitlementManagementAccessPackageCatalog { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsExternallyVisible, + [Parameter()] [System.String] - $Description, + $UniqueName, + + [Parameter()] + [PSObject] + $AccessPackageCustomWorkflowExtensions, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] $DisplayName, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Description, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AccessPackages, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAvailable, + [System.String] + $CreatedBy, + + [Parameter()] + [PSObject] + $AccessPackageResourceScopes, [Parameter()] [System.Uri] @@ -33657,49 +41059,57 @@ function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $AuthenticationContextClassReferenceId, + [PSObject] + $AccessPackageResources, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $ModifiedBy, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgBetaIdentityConditionalAccessPolicy -{ - [CmdletBinding()] - param( + $CustomAccessPackageWorkflowExtensions, + [Parameter()] [System.String] - $Description, + $ResponseHeadersVariable, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $CatalogStatus, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $AccessPackageResourceRoles, [Parameter()] [System.String] - $DisplayName, + $CatalogType, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $InputObject, - + $HttpPipelineAppend + ) +} +function New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef +{ + [CmdletBinding()] + param( [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -33708,71 +41118,83 @@ function Update-MgBetaIdentityConditionalAccessPolicy [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [PSObject] - $SessionControls, - [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $State, - [Parameter()] [PSObject] - $Conditions, + $InputObject, [Parameter()] [System.String] - $ConditionalAccessPolicyId, - - [Parameter()] - [System.Uri] - $Proxy, + $AccessPackageId, [Parameter()] [PSObject] $BodyParameter, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $GrantControls, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $PassThru, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String] + $OdataId, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaIdentityProvider +function New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef { [CmdletBinding()] param( [Parameter()] - [System.String] - $Id, + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $AccessPackageId, + [Parameter()] [PSObject] $BodyParameter, @@ -33782,89 +41204,85 @@ function Update-MgBetaIdentityProvider $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $IdentityProviderBaseId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $OdataId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationMethodPolicy +function New-MgBetaEntitlementManagementAccessPackageResourceRequest { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.Int32] - $ReconfirmationInDays, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + $Justification, [Parameter()] - [System.String] - $PolicyMigrationState, + [PSObject] + $AccessPackageResource, [Parameter()] - [PSObject] - $SystemCredentialPreferences, + [System.Management.Automation.SwitchParameter] + $ExecuteImmediately, [Parameter()] [System.String] - $PolicyVersion, + $CatalogId, [Parameter()] [System.String] - $DisplayName, + $RequestType, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [PSObject] - $RegistrationEnforcement, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AuthenticationMethodConfigurations, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Requestor, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsValidationOnly, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Uri] @@ -33880,94 +41298,130 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $ReportSuspiciousActivitySettings, + [System.DateTime] + $ExpirationDateTime, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $RequestState, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $RequestStatus, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function New-MgBetaEntitlementManagementAccessPackageResourceRoleScope { [CmdletBinding()] param( [Parameter()] - [System.String] - $Id, + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CreatedBy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AccessPackageResourceScope, + + [Parameter()] + [System.String] + $AccessPackageId, [Parameter()] [PSObject] - $InputObject, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Id, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AccessPackageResourceRole, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $State, + $ModifiedBy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] - $ExcludeTargets + $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationStrengthPolicy +function New-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $ExternalSponsors, + [Parameter()] [System.String] $Description, @@ -33980,18 +41434,10 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [System.String] $DisplayName, - [Parameter()] - [System.String] - $PolicyType, - [Parameter()] [System.DateTime] $ModifiedDateTime, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -34004,13 +41450,17 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $IdentitySources, + [Parameter()] [System.String] - $AuthenticationStrengthPolicyId, + $State, [Parameter()] [System.String] - $RequirementsSatisfied, + $CreatedBy, [Parameter()] [System.Uri] @@ -34024,112 +41474,112 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [System.String] $Id, - [Parameter()] - [System.String[]] - $AllowedCombinations, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [PSObject] - $CombinationConfigurations, + $InternalSponsors, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ModifiedBy, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $DomainName, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination +function New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $ConnectedOrganizationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] [PSObject] $BodyParameter, [Parameter()] - [System.String[]] - $AllowedCombinations, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgBetaPolicyAuthorizationPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.String] - $Description, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $BlockMsolPowerShell, - - [Parameter()] - [System.String] - $AuthorizationPolicyId, + $Break, [Parameter()] [System.String] - $DisplayName, + $OdataId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowedToUseSspr, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $InputObject, - + $HttpPipelineAppend + ) +} +function New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef +{ + [CmdletBinding()] + param( [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -34138,29 +41588,17 @@ function Update-MgBetaPolicyAuthorizationPolicy [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowUserConsentForRiskyApps, - [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.String] - $GuestUserRoleId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowedToSignUpEmailBasedSubscriptions, - [Parameter()] [PSObject] - $DefaultUserRoleOverrides, + $InputObject, [Parameter()] [System.String] - $AllowInvitesFrom, + $ConnectedOrganizationId, [Parameter()] [System.Uri] @@ -34170,66 +41608,50 @@ function Update-MgBetaPolicyAuthorizationPolicy [PSObject] $BodyParameter, - [Parameter()] - [System.String] - $Id, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowEmailVerifiedUsersToJoinOrganization, + $PassThru, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.DateTime] - $DeletedDateTime, - - [Parameter()] - [System.String[]] - $PermissionGrantPolicyIdsAssignedToDefaultUserRole, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $DefaultUserRolePermissions, + [System.String] + $OdataId, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.String[]] - $EnabledPreviewFeatures + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicy +function New-MgBetaRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Definition, - - [Parameter()] - [System.String] - $Description, - [Parameter()] [PSObject] - $Templates, + $Principal, [Parameter()] [System.String] - $DisplayName, + $ResourceScope, [Parameter()] [System.Collections.Hashtable] @@ -34241,11 +41663,15 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [Parameter()] [PSObject] - $HttpPipelinePrepend, + $DirectoryScope, [Parameter()] [PSObject] - $Partners, + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $PrincipalId, [Parameter()] [System.Uri] @@ -34259,50 +41685,74 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [System.String] $Id, + [Parameter()] + [System.String] + $Condition, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $RoleDefinitionId, + + [Parameter()] + [PSObject] + $RoleDefinition, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [PSObject] + $AppScope, [Parameter()] - [System.String[]] - $AllowedCloudEndpoints, + [System.String] + $DirectoryScopeId, + + [Parameter()] + [System.String] + $PrincipalOrganizationId, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $Default + $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicyDefault +function New-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsServiceDefault, + [System.String] + $Description, [Parameter()] - [System.Collections.Hashtable] - $InvitationRedemptionIdentityProviderConfiguration, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $TenantRestrictions, + [System.String[]] + $ResourceScopes, [Parameter()] [System.Collections.Hashtable] @@ -34313,28 +41763,24 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InboundTrust, - - [Parameter()] - [PSObject] - $AutomaticUserConsentSettings, + [System.Management.Automation.SwitchParameter] + $IsPrivileged, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, + [System.String] + $Version, [Parameter()] - [PSObject] - $B2BDirectConnectInbound, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $B2BCollaborationOutbound, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] @@ -34348,42 +41794,70 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault [System.String] $Id, + [Parameter()] + [PSObject] + $InheritsPermissionsFrom, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $AllowedPrincipalTypes, + [Parameter()] [PSObject] - $B2BCollaborationInbound, + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $TemplateId, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsEnabled, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicyPartner +function New-MgBetaRoleManagementDirectoryRoleEligibilitySchedule { [CmdletBinding()] param( [Parameter()] [System.String] - $TenantId, + $MemberType, [Parameter()] [PSObject] - $TenantRestrictions, + $Principal, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $CreatedUsing, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [System.Collections.Hashtable] @@ -34395,84 +41869,100 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyPartner [Parameter()] [PSObject] - $InboundTrust, + $ScheduleInfo, [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $DirectoryScope, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, + [System.String] + $PrincipalId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsInMultiTenantOrganization, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $CrossTenantAccessPolicyConfigurationPartnerTenantId, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $B2BDirectConnectInbound, + [System.String] + $Status, [Parameter()] - [PSObject] - $B2BCollaborationOutbound, + [System.String] + $Id, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $IdentitySynchronization, + [System.String] + $RoleDefinitionId, [Parameter()] [PSObject] - $BodyParameter, + $RoleDefinition, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $B2BCollaborationInbound, + $AppScope, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsServiceProvider, + [System.String] + $DirectoryScopeId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyExternalIdentityPolicy +function New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $Justification, + + [Parameter()] + [PSObject] + $Principal, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $DisplayName, + $Action, [Parameter()] [System.Collections.Hashtable] @@ -34484,226 +41974,237 @@ function Update-MgBetaPolicyExternalIdentityPolicy [Parameter()] [PSObject] - $HttpPipelinePrepend, + $ScheduleInfo, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowExternalIdentitiesToLeave, + [PSObject] + $DirectoryScope, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $TargetSchedule, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $ApprovalId, [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $CustomData, [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowDeletedIdentitiesDataRemoval, + [PSObject] + $CreatedBy, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.String] + $PrincipalId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsValidationOnly, - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.DateTime] - $DeletedDateTime, + $CompletedDateTime, [Parameter()] - [System.String] - $Description, + [PSObject] + $TicketInfo, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Uri] + $Proxy, [Parameter()] [PSObject] $BodyParameter, [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Status, [Parameter()] [System.String] - $DisplayName, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $TargetScheduleId, + + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [PSObject] - $HttpPipelineAppend, + $RoleDefinition, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, + [PSObject] + $AppScope, [Parameter()] [System.String] - $Id, + $DirectoryScopeId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Update-MgBetaPolicyRoleManagementPolicy +function New-MgBetaRoleManagementEntitlementManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [PSObject] + $Principal, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $ResourceScope, [Parameter()] - [PSObject] - $EffectiveRules, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $DirectoryScope, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $PrincipalId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $BodyParameter, [Parameter()] [System.String] - $ScopeType, + $Id, [Parameter()] [System.String] - $ScopeId, + $Condition, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, + $Confirm, + + [Parameter()] + [System.String] + $RoleDefinitionId, [Parameter()] [PSObject] - $LastModifiedBy, + $RoleDefinition, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $BodyParameter, + $AppScope, [Parameter()] [System.String] - $Id, + $DirectoryScopeId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $PrincipalOrganizationId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [PSObject] - $Rules, + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyRoleManagementPolicyRule +function Remove-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( [Parameter()] - [System.String] - $Id, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] $HttpPipelinePrepend, - [Parameter()] - [PSObject] - $BodyParameter, - [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + [Parameter()] [System.String] - $UnifiedRoleManagementPolicyRuleId, + $IfMatch, [Parameter()] [System.String] - $UnifiedRoleManagementPolicyId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -34713,726 +42214,667 @@ function Update-MgBetaPolicyRoleManagementPolicyRule [PSObject] $HttpPipelineAppend, + [Parameter()] + [System.String] + $AccessPackageId, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [PSObject] - $Target, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Update-MgBetaPolicyTokenLifetimePolicy +function Remove-MgBetaEntitlementManagementAccessPackageAssignment { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Definition, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $Description, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [PSObject] - $InputObject, + $AccessPackageAssignmentId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $PassThru, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $IfMatch, [Parameter()] [System.String] - $TokenLifetimePolicyId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + $Confirm, [Parameter()] - [System.String] - $Id, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] - $AppliesTo, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -#endregion - -#region Microsoft.Graph.Beta.Teams -function Get-MgBetaTeam +function Remove-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $InputObject, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $PageSize, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $IfMatch, [Parameter()] [System.String] - $TeamId, + $ResponseHeadersVariable, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $AccessPackageAssignmentPolicyId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.Collections.IDictionary] + $Headers, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaEntitlementManagementAccessPackageCatalog +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Filter, + $AccessPackageCatalogId, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PassThru, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgBetaTeamChannel -{ - [CmdletBinding()] - param( + $InputObject, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.Collections.IDictionary] + $Headers, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $ChannelId, + $Id, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.String] - $TeamId, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $CountVariable, + $IfMatch, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.String] - $Filter, + $AccessPackageId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaTeamChannelTab +function Remove-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $ChannelId, + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, + $InputObject, [Parameter()] - [System.String] - $TeamId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, + $AccessPackageId, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.String] - $Filter, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - - [Parameter()] - [System.String] - $TeamsTabId, - [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function New-MgBetaTeam +function Remove-MgBetaEntitlementManagementAccessPackageResourceRoleScope { [CmdletBinding()] param( [Parameter()] - [System.String] - $Specialization, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $PrimaryChannel, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $DisplayName, + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [System.String] - $TenantId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsMembershipLimitedToOwners, + $Confirm, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.String] - $Classification, + $AccessPackageResourceRoleScopeId, [Parameter()] - [PSObject] - $AllChannels, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsArchived, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.String] - $InternalId, + $AccessPackageId, [Parameter()] - [PSObject] - $Channels, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaEntitlementManagementConnectedOrganization +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $Group, + $InputObject, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $IncomingChannels, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Tags, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Photo, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Visibility, - - [Parameter()] - [PSObject] - $MessagingSettings, - - [Parameter()] - [PSObject] - $Members, + $IfMatch, [Parameter()] - [PSObject] - $PermissionGrants, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Uri] - $Proxy, - [Parameter()] [PSObject] - $InstalledApps, + $HttpPipelineAppend, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $Owners, + [System.String] + $ConnectedOrganizationId, [Parameter()] - [PSObject] - $FunSettings, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [PSObject] - $Schedule, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorDirectoryObjectByRef +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $Operations, + $InputObject, [Parameter()] [PSObject] - $GuestSettings, - - [Parameter()] - [System.String] - $WebUrl, + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $BodyParameter, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $Template, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $Summary, + [System.String] + $IfMatch, [Parameter()] - [PSObject] - $DiscoverySettings, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] [PSObject] - $TemplateDefinition, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $DirectoryObjectId, [Parameter()] - [PSObject] - $MemberSettings + [System.String] + $ConnectedOrganizationId, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function New-MgBetaTeamChannel +function Remove-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorDirectoryObjectByRef { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - [Parameter()] [PSObject] - $FilesFolder, + $InputObject, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $TenantId, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Tabs, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $IfMatch, [Parameter()] - [PSObject] - $SharedWithTeams, + [System.String] + $ResponseHeadersVariable, [Parameter()] - [PSObject] - $Messages, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsFavoriteByDefault, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $TeamId, + $DirectoryObjectId, [Parameter()] [System.String] - $Email, + $ConnectedOrganizationId, [Parameter()] - [PSObject] - $Members, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Uri] - $Proxy, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaRoleManagementDirectory +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $BodyParameter, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $ModerationSettings, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $MembershipType, + $IfMatch, [Parameter()] [System.String] - $WebUrl, + $ResponseHeadersVariable, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $Summary, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgBetaTeamChannelTab +function Remove-MgBetaRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [System.String] - $TeamsAppId, - - [Parameter()] - [System.String] - $MessageId, - - [Parameter()] - [System.String] - $SortOrderIndex, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.String] - $ChannelId, - - [Parameter()] - [PSObject] - $TeamsApp, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $TeamId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $UnifiedRoleAssignmentId, [Parameter()] - [PSObject] - $Configuration, + [System.String] + $IfMatch, [Parameter()] [System.String] - $WebUrl, + $ResponseHeadersVariable, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgBetaTeam +function Remove-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( @@ -35452,36 +42894,44 @@ function Remove-MgBetaTeam [System.Management.Automation.SwitchParameter] $PassThru, + [Parameter()] + [System.String] + $UnifiedRoleDefinitionId, + [Parameter()] [System.String] $IfMatch, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TeamId, + [System.Collections.IDictionary] + $Headers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgBetaTeamChannel +function Remove-MgBetaRoleManagementEntitlementManagement { [CmdletBinding()] param( @@ -35506,8 +42956,8 @@ function Remove-MgBetaTeamChannel $IfMatch, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35518,12 +42968,8 @@ function Remove-MgBetaTeamChannel $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $ChannelId, - - [Parameter()] - [System.String] - $TeamId, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35534,18 +42980,22 @@ function Remove-MgBetaTeamChannel $HttpPipelineAppend ) } -function Remove-MgBetaTeamChannelTab +function Remove-MgBetaRoleManagementEntitlementManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, @@ -35554,13 +43004,17 @@ function Remove-MgBetaTeamChannelTab [System.Management.Automation.SwitchParameter] $PassThru, + [Parameter()] + [System.String] + $UnifiedRoleAssignmentId, + [Parameter()] [System.String] $IfMatch, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35575,38 +43029,26 @@ function Remove-MgBetaTeamChannelTab $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $ChannelId, - - [Parameter()] - [System.String] - $TeamsTabId, - - [Parameter()] - [System.String] - $TeamId, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Update-MgBetaTeam +function Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $PrimaryChannel, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.String] $Description, - [Parameter()] - [PSObject] - $Tags, - [Parameter()] [System.DateTime] $CreatedDateTime, @@ -35616,36 +43058,32 @@ function Update-MgBetaTeam $DisplayName, [Parameter()] - [System.String] - $TenantId, + [PSObject] + $CustomExtensionStageSettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMembershipLimitedToOwners, + [PSObject] + $AccessPackageCatalog, [Parameter()] [PSObject] - $InputObject, + $Questions, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] - $AllChannels, + $InputObject, [Parameter()] - [System.String] - $Classification, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $InternalId, - - [Parameter()] - [PSObject] - $MemberSettings, + $AccessPackageId, [Parameter()] [PSObject] @@ -35653,103 +43091,75 @@ function Update-MgBetaTeam [Parameter()] [PSObject] - $Group, + $AccessReviewSettings, [Parameter()] [System.String] - $Specialization, - - [Parameter()] - [PSObject] - $IncomingChannels, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsArchived, + $CreatedBy, [Parameter()] [System.String] - $TeamId, + $AccessPackageAssignmentPolicyId, [Parameter()] [PSObject] - $Photo, + $RequestorSettings, [Parameter()] - [System.String] - $Visibility, + [System.Management.Automation.SwitchParameter] + $CanExtend, [Parameter()] [PSObject] - $MessagingSettings, + $VerifiableCredentialSettings, [Parameter()] [PSObject] - $Members, + $CustomExtensionHandlers, [Parameter()] - [PSObject] - $PermissionGrants, + [System.Int32] + $DurationInDays, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Id, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $InstalledApps, - - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [PSObject] - $Owners, + [System.DateTime] + $ExpirationDateTime, [Parameter()] - [PSObject] - $FunSettings, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $Schedule, + $RequestApprovalSettings, [Parameter()] [PSObject] - $Operations, + $AccessPackage, [Parameter()] [PSObject] - $GuestSettings, - - [Parameter()] - [System.String] - $WebUrl, + $BodyParameter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $BodyParameter, - - [Parameter()] - [System.Collections.Hashtable] - $Template, - - [Parameter()] - [PSObject] - $Summary, + [System.String] + $ModifiedBy, [Parameter()] - [PSObject] - $DiscoverySettings, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35757,7 +43167,7 @@ function Update-MgBetaTeam [Parameter()] [PSObject] - $TemplateDefinition, + $AccessPackageNotificationSettings, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35765,28 +43175,32 @@ function Update-MgBetaTeam [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [PSObject] - $Channels + $HttpPipelineAppend ) } -function Update-MgBetaTeamChannel +function Update-MgBetaEntitlementManagementAccessPackage { [CmdletBinding()] param( + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [System.String] $Description, + [Parameter()] + [PSObject] + $AccessPackagesIncompatibleWith, + [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] [PSObject] - $FilesFolder, + $IncompatibleGroups, [Parameter()] [System.String] @@ -35794,15 +43208,19 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $InputObject, + $AccessPackageCatalog, [Parameter()] [System.String] - $TenantId, + $CatalogId, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] - $Tabs, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -35810,35 +43228,35 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $SharedWithTeams, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $Messages, + $AccessPackageAssignmentPolicies, [Parameter()] - [System.String] - $ChannelId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $CreatedBy, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsFavoriteByDefault, + $IsRoleScopesVisible, [Parameter()] [System.String] - $TeamId, + $AccessPackageId, [Parameter()] - [System.String] - $Email, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $Members, + [System.String] + $Id, [Parameter()] [System.Uri] @@ -35846,11 +43264,7 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + $IncompatibleAccessPackages, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -35858,60 +43272,68 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $ModerationSettings, + $AccessPackageResourceRoleScopes, [Parameter()] - [System.String] - $MembershipType, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $WebUrl, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $ModifiedBy, [Parameter()] - [PSObject] - $Summary, + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $UniqueName, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsHidden ) } -function Update-MgBetaTeamChannelTab +function Update-MgBetaEntitlementManagementAccessPackageCatalog { [CmdletBinding()] param( [Parameter()] - [System.String] - $TeamsAppId, + [System.Management.Automation.SwitchParameter] + $IsExternallyVisible, [Parameter()] [System.String] - $MessageId, + $UniqueName, [Parameter()] - [System.String] - $SortOrderIndex, + [PSObject] + $AccessPackageCustomWorkflowExtensions, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] $DisplayName, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [System.Collections.Hashtable] @@ -35919,11 +43341,11 @@ function Update-MgBetaTeamChannelTab [Parameter()] [System.String] - $ChannelId, + $Description, [Parameter()] [PSObject] - $TeamsApp, + $AccessPackages, [Parameter()] [PSObject] @@ -35931,187 +43353,156 @@ function Update-MgBetaTeamChannelTab [Parameter()] [System.String] - $TeamId, - - [Parameter()] - [System.Uri] - $Proxy, + $CreatedBy, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] [System.String] - $Id, + $AccessPackageCatalogId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $Configuration, - - [Parameter()] - [System.String] - $WebUrl, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $BodyParameter, [Parameter()] [System.String] - $TeamsTabId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -#endregion -#region Microsoft.Graph.DeviceManagement.Administration -function Get-MgDeviceManagementRoleAssignment -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $AccessPackageResources, [Parameter()] [System.String] - $CountVariable, + $ModifiedBy, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $CustomAccessPackageWorkflowExtensions, [Parameter()] [System.String] - $DeviceAndAppManagementRoleAssignmentId, + $ResponseHeadersVariable, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $CatalogStatus, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AccessPackageResourceScopes, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AccessPackageResourceRoles, [Parameter()] [System.String] - $Search, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $CatalogType, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgDeviceManagementRoleDefinition +function Update-MgBetaEntitlementManagementConnectedOrganization { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $ExternalSponsors, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $IdentitySources, [Parameter()] - [System.Int32] - $Top, + [System.String] + $State, [Parameter()] [System.String] - $CountVariable, + $CreatedBy, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $RoleDefinitionId, + $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.String] + $ConnectedOrganizationId, [Parameter()] - [System.String] - $Filter, + [PSObject] + $InternalSponsors, [Parameter()] [System.Management.Automation.PSCredential] @@ -36119,117 +43510,97 @@ function Get-MgDeviceManagementRoleDefinition [Parameter()] [System.String] - $Search, + $ModifiedBy, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgDeviceManagementRoleDefinitionRoleAssignment +function Update-MgBetaEntitlementManagementSetting { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $Id, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.String] - $RoleAssignmentId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $RoleDefinitionId, + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Int32] + $DaysUntilExternalUserDeletedAfterBlocked, + + [Parameter()] + [System.String] + $ExternalUserLifecycleAction ) } -function New-MgDeviceManagementRoleAssignment +function Update-MgBetaRoleManagementDirectory { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $RoleAssignmentScheduleRequests, [Parameter()] - [System.String[]] - $ResourceScopes, + [PSObject] + $TransitiveRoleAssignments, [Parameter()] [System.Collections.Hashtable] @@ -36239,13 +43610,33 @@ function New-MgDeviceManagementRoleAssignment [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $RoleEligibilitySchedules, + + [Parameter()] + [PSObject] + $ResourceNamespaces, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $Members, + [PSObject] + $RoleDefinitions, + + [Parameter()] + [PSObject] + $RoleEligibilityScheduleRequests, + + [Parameter()] + [PSObject] + $RoleAssignmentSchedules, + + [Parameter()] + [PSObject] + $RoleAssignments, [Parameter()] [System.Uri] @@ -36263,27 +43654,47 @@ function New-MgDeviceManagementRoleAssignment [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] - $RoleDefinition, + $RoleEligibilityScheduleInstances, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RoleAssignmentScheduleInstances, + + [Parameter()] + [PSObject] + $RoleAssignmentApprovals, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgDeviceManagementRoleDefinition +function Update-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] [System.String] $Description, @@ -36292,21 +43703,37 @@ function New-MgDeviceManagementRoleDefinition [System.String] $DisplayName, + [Parameter()] + [System.String[]] + $ResourceScopes, + + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsPrivileged, + + [Parameter()] + [System.String] + $UnifiedRoleDefinitionId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $RoleAssignments, + [System.String] + $Version, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -36324,10 +43751,18 @@ function New-MgDeviceManagementRoleDefinition [System.String] $Id, + [Parameter()] + [PSObject] + $InheritsPermissionsFrom, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $AllowedPrincipalTypes, + [Parameter()] [PSObject] $RolePermissions, @@ -36336,132 +43771,122 @@ function New-MgDeviceManagementRoleDefinition [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.String] + $TemplateId, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgDeviceManagementRoleAssignment +#endregion + +#region Microsoft.Graph.Groups +function Get-MgGroup { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Property, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $IfMatch, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceAndAppManagementRoleAssignmentId, + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $GroupId, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Sort, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $ConsistencyLevel, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $ExpandProperty, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $RoleDefinitionId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleAssignment +function Get-MgGroupLifecyclePolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -36469,129 +43894,147 @@ function Update-MgDeviceManagementRoleAssignment [Parameter()] [System.String] - $DeviceAndAppManagementRoleAssignmentId, + $GroupLifecyclePolicyId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $Members, + [System.Int32] + $Skip, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $CountVariable, [Parameter()] [System.String] - $Id, + $GroupId, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleDefinition +function Get-MgBetaGroupMember { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.String[]] + $Property, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InputObject, + [System.Int32] + $PageSize, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $RoleAssignments, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $GroupId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, + $ConsistencyLevel, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] [System.String] - $RoleDefinitionId, - - [Parameter()] - [PSObject] - $RolePermissions, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.DirectoryObjects -function Get-MgDirectoryObject +function Get-MgGroupMember { [CmdletBinding()] param( @@ -36615,10 +44058,6 @@ function Get-MgDirectoryObject [System.Int32] $Skip, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Int32] $Top, @@ -36627,6 +44066,10 @@ function Get-MgDirectoryObject [System.String] $CountVariable, + [Parameter()] + [System.String] + $GroupId, + [Parameter()] [System.Uri] $Proxy, @@ -36655,10 +44098,6 @@ function Get-MgDirectoryObject [System.String] $Search, - [Parameter()] - [System.String] - $DirectoryObjectId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -36672,9 +44111,7 @@ function Get-MgDirectoryObject $HttpPipelineAppend ) } -#endregion -#region Microsoft.Graph.Groups -function Get-MgGroup +function Get-MgGroupMemberOf { [CmdletBinding()] param( @@ -36683,8 +44120,8 @@ function Get-MgGroup $Property, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] @@ -36698,6 +44135,10 @@ function Get-MgGroup [System.Int32] $Skip, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $Top, @@ -36738,90 +44179,9 @@ function Get-MgGroup [System.String] $Search, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgGroupLifecyclePolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.String] - $GroupLifecyclePolicyId, - - [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, - - [Parameter()] - [System.String] - $GroupId, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, - [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $Search, + $DirectoryObjectId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -36836,7 +44196,7 @@ function Get-MgGroupLifecyclePolicy $HttpPipelineAppend ) } -function Get-MgGroupMember +function Get-MgBetaGroupMemberOf { [CmdletBinding()] param( @@ -36860,6 +44220,10 @@ function Get-MgGroupMember [System.Int32] $Skip, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $Top, @@ -36900,6 +44264,10 @@ function Get-MgGroupMember [System.String] $Search, + [Parameter()] + [System.String] + $DirectoryObjectId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -36913,7 +44281,7 @@ function Get-MgGroupMember $HttpPipelineAppend ) } -function Get-MgGroupMemberOf +function Get-MgGroupOwner { [CmdletBinding()] param( @@ -36937,10 +44305,6 @@ function Get-MgGroupMemberOf [System.Int32] $Skip, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Int32] $Top, @@ -36981,10 +44345,6 @@ function Get-MgGroupMemberOf [System.String] $Search, - [Parameter()] - [System.String] - $DirectoryObjectId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -36998,7 +44358,7 @@ function Get-MgGroupMemberOf $HttpPipelineAppend ) } -function Get-MgGroupOwner +function Get-MgBetaGroupOwner { [CmdletBinding()] param( @@ -37498,6 +44858,55 @@ function New-MgGroupMember $Break ) } +function New-MgBetaGroupMember +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $GroupId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgGroupMemberByRef { [CmdletBinding()] @@ -37555,6 +44964,64 @@ function New-MgGroupMemberByRef $Break ) } + +function New-MgBetaGroupMemberByRef +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $OdataId, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $GroupId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgGroupOwner { [CmdletBinding()] @@ -37604,6 +45071,63 @@ function New-MgGroupOwner $Break ) } +function New-MgBetaGroupOwnerByRef +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $OdataId, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $GroupId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgGroupOwnerByRef { [CmdletBinding()] @@ -58851,49 +66375,468 @@ function New-MgBetaIdentityProvider $HttpPipelineAppend ) } -function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $State, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $ExcludeTargets + ) +} +function New-MgBetaPolicyAuthenticationStrengthPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $PolicyType, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $RequirementsSatisfied, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String[]] + $AllowedCombinations, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $CombinationConfigurations, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaPolicyCrossTenantAccessPolicyPartner +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [PSObject] + $TenantRestrictions, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $InboundTrust, + + [Parameter()] + [PSObject] + $AutomaticUserConsentSettings, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $B2BDirectConnectOutbound, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, + + [Parameter()] + [PSObject] + $B2BDirectConnectInbound, + + [Parameter()] + [PSObject] + $B2BCollaborationOutbound, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $IdentitySynchronization, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $B2BCollaborationInbound, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsServiceProvider, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaPolicyTokenLifetimePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [PSObject] + $AppliesTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaIdentityConditionalAccess +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaIdentityConditionalAccessNamedLocation +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $NamedLocationId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Id, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $HttpPipelineAppend, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.String] - $State, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $ConditionalAccessPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -58901,76 +66844,89 @@ function New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfigura [Parameter()] [PSObject] - $ExcludeTargets + $HttpPipelineAppend ) } -function New-MgBetaPolicyAuthenticationStrengthPolicy +function Remove-MgBetaIdentityProvider { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DisplayName, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $PolicyType, + $IfMatch, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [PSObject] + $InputObject, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $IdentityProviderBaseId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-MgBetaPolicyAuthenticationMethodPolicy +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $RequirementsSatisfied, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.String[]] - $AllowedCombinations, + $IfMatch, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $CombinationConfigurations, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -58981,65 +66937,82 @@ function New-MgBetaPolicyAuthenticationStrengthPolicy $HttpPipelineAppend ) } -function New-MgBetaPolicyCrossTenantAccessPolicyPartner +function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $TenantId, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $TenantRestrictions, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $PassThru, [Parameter()] - [PSObject] - $InboundTrust, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $InputObject, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $AuthenticationMethodConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsInMultiTenantOrganization, + $Break, [Parameter()] [PSObject] - $B2BDirectConnectInbound, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaPolicyAuthenticationStrengthPolicy +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $B2BCollaborationOutbound, + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $IdentitySynchronization, + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] - $BodyParameter, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59047,49 +67020,25 @@ function New-MgBetaPolicyCrossTenantAccessPolicyPartner [Parameter()] [PSObject] - $B2BCollaborationInbound, + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsServiceProvider, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $AuthenticationStrengthPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function New-MgBetaPolicyTokenLifetimePolicy +function Remove-MgBetaPolicyCrossTenantAccessPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Definition, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -59098,33 +67047,25 @@ function New-MgBetaPolicyTokenLifetimePolicy [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, + $IfMatch, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.DateTime] - $DeletedDateTime, - - [Parameter()] - [PSObject] - $AppliesTo, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59135,10 +67076,14 @@ function New-MgBetaPolicyTokenLifetimePolicy $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccess +function Remove-MgBetaPolicyCrossTenantAccessPolicyPartner { [CmdletBinding()] param( + [Parameter()] + [System.String] + $CrossTenantAccessPolicyConfigurationPartnerTenantId, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -59159,6 +67104,10 @@ function Remove-MgBetaIdentityConditionalAccess [System.String] $IfMatch, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -59176,7 +67125,7 @@ function Remove-MgBetaIdentityConditionalAccess $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +function Remove-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( @@ -59214,7 +67163,7 @@ function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen [Parameter()] [System.String] - $AuthenticationContextClassReferenceId, + $TokenLifetimePolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59225,45 +67174,65 @@ function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccessNamedLocation +function Update-MgBetaIdentityConditionalAccess { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $Templates, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $AuthenticationStrengths, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $NamedLocations, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AuthenticationContextClassReferences, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $AuthenticationStrength, [Parameter()] [PSObject] - $InputObject, + $BodyParameter, [Parameter()] [System.String] - $NamedLocationId, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Policies, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59274,29 +67243,29 @@ function Remove-MgBetaIdentityConditionalAccessNamedLocation $HttpPipelineAppend ) } -function Remove-MgBetaIdentityConditionalAccessPolicy +function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] @@ -59304,15 +67273,31 @@ function Remove-MgBetaIdentityConditionalAccessPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $IsAvailable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $ConditionalAccessPolicyId, + $AuthenticationContextClassReferenceId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59323,86 +67308,81 @@ function Remove-MgBetaIdentityConditionalAccessPolicy $HttpPipelineAppend ) } -function Remove-MgBetaIdentityProvider +function Update-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $DisplayName, [Parameter()] - [System.String] - $IfMatch, + [System.DateTime] + $ModifiedDateTime, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $HttpPipelineAppend, + $SessionControls, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $IdentityProviderBaseId, + $State, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Remove-MgBetaPolicyAuthenticationMethodPolicy -{ - [CmdletBinding()] - param( [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Conditions, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $ConditionalAccessPolicyId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $IfMatch, + $Id, + + [Parameter()] + [PSObject] + $GrantControls, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59413,29 +67393,37 @@ function Remove-MgBetaPolicyAuthenticationMethodPolicy $HttpPipelineAppend ) } -function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function Update-MgBetaIdentityProvider { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Id, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $IfMatch, + $IdentityProviderBaseId, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [PSObject] @@ -59445,50 +67433,82 @@ function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function Remove-MgBetaPolicyAuthenticationStrengthPolicy +function Update-MgBetaPolicyAuthenticationMethodPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $ReconfirmationInDays, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $PolicyMigrationState, + + [Parameter()] + [PSObject] + $SystemCredentialPreferences, [Parameter()] [System.String] - $IfMatch, + $PolicyVersion, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $InputObject, + $RegistrationEnforcement, + + [Parameter()] + [PSObject] + $AuthenticationMethodConfigurations, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59496,52 +67516,76 @@ function Remove-MgBetaPolicyAuthenticationStrengthPolicy [Parameter()] [PSObject] - $HttpPipelineAppend, + $ReportSuspiciousActivitySettings, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Remove-MgBetaPolicyCrossTenantAccessPolicy +function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Id, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $IfMatch, + $AuthenticationMethodConfigurationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $State, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59549,48 +67593,84 @@ function Remove-MgBetaPolicyCrossTenantAccessPolicy [Parameter()] [PSObject] - $HttpPipelineAppend + $ExcludeTargets ) } -function Remove-MgBetaPolicyCrossTenantAccessPolicyPartner +function Update-MgBetaPolicyAuthenticationStrengthPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $CrossTenantAccessPolicyConfigurationPartnerTenantId, + $Description, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $PolicyType, + + [Parameter()] + [System.DateTime] + $ModifiedDateTime, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $AuthenticationStrengthPolicyId, + + [Parameter()] + [System.String] + $RequirementsSatisfied, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $IfMatch, + $Id, [Parameter()] - [PSObject] - $InputObject, + [System.String[]] + $AllowedCombinations, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $CombinationConfigurations, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59601,7 +67681,7 @@ function Remove-MgBetaPolicyCrossTenantAccessPolicyPartner $HttpPipelineAppend ) } -function Remove-MgBetaPolicyTokenLifetimePolicy +function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination { [CmdletBinding()] param( @@ -59609,21 +67689,13 @@ function Remove-MgBetaPolicyTokenLifetimePolicy [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] @@ -59633,30 +67705,62 @@ function Remove-MgBetaPolicyTokenLifetimePolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String[]] + $AllowedCombinations, + [Parameter()] [System.String] - $TokenLifetimePolicyId, + $AuthenticationStrengthPolicyId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Break ) } -function Update-MgBetaIdentityConditionalAccess +function Update-MgBetaPolicyAuthorizationPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BlockMsolPowerShell, + + [Parameter()] + [System.String] + $AuthorizationPolicyId, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowedToUseSspr, + [Parameter()] [PSObject] - $Templates, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -59667,28 +67771,32 @@ function Update-MgBetaIdentityConditionalAccess $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AuthenticationStrengths, + [System.Management.Automation.SwitchParameter] + $AllowUserConsentForRiskyApps, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $NamedLocations, + [System.String] + $GuestUserRoleId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AllowedToSignUpEmailBasedSubscriptions, [Parameter()] [PSObject] - $AuthenticationContextClassReferences, + $DefaultUserRoleOverrides, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $AllowInvitesFrom, [Parameter()] - [PSObject] - $AuthenticationStrength, + [System.Uri] + $Proxy, [Parameter()] [PSObject] @@ -59703,30 +67811,54 @@ function Update-MgBetaIdentityConditionalAccess $Confirm, [Parameter()] - [PSObject] - $Policies, + [System.Management.Automation.SwitchParameter] + $AllowEmailVerifiedUsersToJoinOrganization, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String[]] + $PermissionGrantPolicyIdsAssignedToDefaultUserRole, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] [PSObject] - $HttpPipelineAppend + $DefaultUserRolePermissions, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.String[]] + $EnabledPreviewFeatures ) } -function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +function Update-MgBetaPolicyCrossTenantAccessPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Definition, + [Parameter()] [System.String] $Description, + [Parameter()] + [PSObject] + $Templates, + [Parameter()] [System.String] $DisplayName, @@ -59745,11 +67877,7 @@ function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAvailable, + $Partners, [Parameter()] [System.Uri] @@ -59772,8 +67900,12 @@ function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen $ProxyCredential, [Parameter()] - [System.String] - $AuthenticationContextClassReferenceId, + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String[]] + $AllowedCloudEndpoints, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59781,32 +67913,28 @@ function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReferen [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [PSObject] + $Default ) } -function Update-MgBetaIdentityConditionalAccessPolicy +function Update-MgBetaPolicyCrossTenantAccessPolicyDefault { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.SwitchParameter] + $IsServiceDefault, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.Collections.Hashtable] + $InvitationRedemptionIdentityProviderConfiguration, [Parameter()] [PSObject] - $InputObject, + $TenantRestrictions, [Parameter()] [System.Collections.Hashtable] @@ -59818,23 +67946,27 @@ function Update-MgBetaIdentityConditionalAccessPolicy [Parameter()] [PSObject] - $SessionControls, + $InboundTrust, + + [Parameter()] + [PSObject] + $AutomaticUserConsentSettings, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $State, + [PSObject] + $B2BDirectConnectOutbound, [Parameter()] [PSObject] - $Conditions, + $B2BDirectConnectInbound, [Parameter()] - [System.String] - $ConditionalAccessPolicyId, + [PSObject] + $B2BCollaborationOutbound, [Parameter()] [System.Uri] @@ -59848,14 +67980,14 @@ function Update-MgBetaIdentityConditionalAccessPolicy [System.String] $Id, - [Parameter()] - [PSObject] - $GrantControls, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $B2BCollaborationInbound, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -59869,110 +68001,61 @@ function Update-MgBetaIdentityConditionalAccessPolicy $HttpPipelineAppend ) } -function Update-MgBetaIdentityProvider +function Update-MgBetaPolicyCrossTenantAccessPolicyPartner { [CmdletBinding()] param( [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $TenantId, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $IdentityProviderBaseId, - - [Parameter()] - [System.String] - $DisplayName, + $TenantRestrictions, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgBetaPolicyAuthenticationMethodPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $ReconfirmationInDays, + [PSObject] + $InboundTrust, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $AutomaticUserConsentSettings, [Parameter()] - [System.String] - $PolicyMigrationState, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $SystemCredentialPreferences, + $B2BDirectConnectOutbound, [Parameter()] - [System.String] - $PolicyVersion, + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [PSObject] - $RegistrationEnforcement, + $CrossTenantAccessPolicyConfigurationPartnerTenantId, [Parameter()] [PSObject] - $AuthenticationMethodConfigurations, + $B2BDirectConnectInbound, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $B2BCollaborationOutbound, [Parameter()] [System.Uri] @@ -59980,11 +68063,11 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [Parameter()] [PSObject] - $BodyParameter, + $IdentitySynchronization, [Parameter()] - [System.String] - $Id, + [PSObject] + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -59992,7 +68075,11 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [Parameter()] [PSObject] - $ReportSuspiciousActivitySettings, + $B2BCollaborationInbound, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsServiceProvider, [Parameter()] [System.Management.Automation.PSCredential] @@ -60002,22 +68089,22 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration +function Update-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy { [CmdletBinding()] param( + [Parameter()] + [System.DateTime] + $DeletedDateTime, + [Parameter()] [System.String] - $Id, + $Description, [Parameter()] [PSObject] @@ -60036,8 +68123,8 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $ProxyCredential, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -60052,12 +68139,12 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.String] - $State, + $Id, [Parameter()] [System.Collections.Hashtable] @@ -60065,14 +68152,10 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $ExcludeTargets + $Break ) } -function Update-MgBetaPolicyAuthenticationStrengthPolicy +function Update-MgBetaPolicyRoleManagementPolicy { [CmdletBinding()] param( @@ -60082,19 +68165,19 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [Parameter()] [System.DateTime] - $CreatedDateTime, + $LastModifiedDateTime, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $EffectiveRules, [Parameter()] [System.String] - $PolicyType, + $UnifiedRoleManagementPolicyId, [Parameter()] - [System.DateTime] - $ModifiedDateTime, + [System.String] + $DisplayName, [Parameter()] [PSObject] @@ -60114,11 +68197,19 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [Parameter()] [System.String] - $AuthenticationStrengthPolicyId, + $ScopeType, [Parameter()] [System.String] - $RequirementsSatisfied, + $ScopeId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [PSObject] + $LastModifiedBy, [Parameter()] [System.Uri] @@ -60132,22 +68223,18 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy [System.String] $Id, - [Parameter()] - [System.String[]] - $AllowedCombinations, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $CombinationConfigurations, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [PSObject] + $Rules, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -60157,25 +68244,33 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicy $HttpPipelineAppend ) } -function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination +function Update-MgBetaPolicyRoleManagementPolicyRule { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Id, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [PSObject] + $BodyParameter, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $UnifiedRoleManagementPolicyRuleId, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $UnifiedRoleManagementPolicyId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -60190,16 +68285,16 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $AllowedCombinations, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, + [PSObject] + $Target, [Parameter()] [System.Collections.Hashtable] @@ -60210,30 +68305,22 @@ function Update-MgBetaPolicyAuthenticationStrengthPolicyAllowedCombination $Break ) } -function Update-MgBetaPolicyAuthorizationPolicy +function Update-MgBetaPolicyTokenLifetimePolicy { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockMsolPowerShell, + [System.String[]] + $Definition, [Parameter()] [System.String] - $AuthorizationPolicyId, + $Description, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowedToUseSspr, - [Parameter()] [PSObject] $InputObject, @@ -60246,36 +68333,28 @@ function Update-MgBetaPolicyAuthorizationPolicy [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowUserConsentForRiskyApps, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $GuestUserRoleId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowedToSignUpEmailBasedSubscriptions, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $DefaultUserRoleOverrides, + [System.String] + $TokenLifetimePolicyId, [Parameter()] - [System.String] - $AllowInvitesFrom, + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] + [System.Collections.Hashtable] $BodyParameter, [Parameter()] @@ -60286,21 +68365,13 @@ function Update-MgBetaPolicyAuthorizationPolicy [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $AllowEmailVerifiedUsersToJoinOrganization, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.DateTime] $DeletedDateTime, [Parameter()] - [System.String[]] - $PermissionGrantPolicyIdsAssignedToDefaultUserRole, + [PSObject] + $AppliesTo, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -60308,384 +68379,350 @@ function Update-MgBetaPolicyAuthorizationPolicy [Parameter()] [PSObject] - $DefaultUserRolePermissions, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.String[]] - $EnabledPreviewFeatures + $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicy +#endregion + +#region Microsoft.Graph.Beta.Teams +function Get-MgBetaTeam { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Definition, + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $Templates, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $TeamId, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $Partners, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.DateTime] - $DeletedDateTime, - - [Parameter()] - [System.String[]] - $AllowedCloudEndpoints, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $Default + $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicyDefault +function Get-MgBetaTeamChannel { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsServiceDefault, - - [Parameter()] - [System.Collections.Hashtable] - $InvitationRedemptionIdentityProviderConfiguration, + [System.String[]] + $Property, [Parameter()] [PSObject] - $TenantRestrictions, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InboundTrust, + [System.Int32] + $PageSize, [Parameter()] - [PSObject] - $AutomaticUserConsentSettings, + [System.String] + $ChannelId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $B2BDirectConnectInbound, + [System.String] + $TeamId, [Parameter()] - [PSObject] - $B2BCollaborationOutbound, + [System.Int32] + $Top, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $BodyParameter, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $Id, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $B2BCollaborationInbound, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyCrossTenantAccessPolicyPartner +function Get-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [PSObject] - $TenantRestrictions, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $InboundTrust, + [System.Int32] + $PageSize, [Parameter()] - [PSObject] - $AutomaticUserConsentSettings, + [System.String] + $ChannelId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $B2BDirectConnectOutbound, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsInMultiTenantOrganization, + [System.Int32] + $Skip, [Parameter()] [System.String] - $CrossTenantAccessPolicyConfigurationPartnerTenantId, + $TeamId, [Parameter()] - [PSObject] - $B2BDirectConnectInbound, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $B2BCollaborationOutbound, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $IdentitySynchronization, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Filter, [Parameter()] - [PSObject] - $B2BCollaborationInbound, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsServiceProvider, + [System.String] + $Search, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $TeamsTabId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy +function New-MgBetaTeam { [CmdletBinding()] param( - [Parameter()] - [System.DateTime] - $DeletedDateTime, - [Parameter()] [System.String] - $Description, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $Specialization, [Parameter()] [PSObject] - $BodyParameter, + $PrimaryChannel, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $TenantId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsMembershipLimitedToOwners, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Id, + $Classification, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $AllChannels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgBetaPolicyRoleManagementPolicy -{ - [CmdletBinding()] - param( + $IsArchived, + [Parameter()] [System.String] - $Description, + $InternalId, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $Channels, [Parameter()] [PSObject] - $EffectiveRules, + $Group, [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyId, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $IncomingChannels, [Parameter()] [PSObject] - $InputObject, + $Tags, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $Photo, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Visibility, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $MessagingSettings, [Parameter()] - [System.String] - $ScopeType, + [PSObject] + $Members, [Parameter()] - [System.String] - $ScopeId, + [PSObject] + $PermissionGrants, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, - - [Parameter()] - [PSObject] - $LastModifiedBy, + $Confirm, [Parameter()] [System.Uri] @@ -60693,106 +68730,93 @@ function Update-MgBetaPolicyRoleManagementPolicy [Parameter()] [PSObject] - $BodyParameter, + $InstalledApps, [Parameter()] [System.String] $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $Owners, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $FunSettings, [Parameter()] [PSObject] - $Rules, + $Schedule, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $Operations, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgBetaPolicyRoleManagementPolicyRule -{ - [CmdletBinding()] - param( + $GuestSettings, + [Parameter()] [System.String] - $Id, + $WebUrl, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] $BodyParameter, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $Template, [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyRuleId, + [PSObject] + $Summary, [Parameter()] - [System.String] - $UnifiedRoleManagementPolicyId, + [PSObject] + $DiscoverySettings, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] [PSObject] - $HttpPipelineAppend, + $TemplateDefinition, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, [Parameter()] [PSObject] - $Target, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + $MemberSettings ) } -function Update-MgBetaPolicyTokenLifetimePolicy +function New-MgBetaTeamChannel { [CmdletBinding()] param( - [Parameter()] - [System.String[]] - $Definition, - [Parameter()] [System.String] $Description, + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $FilesFolder, + [Parameter()] [System.String] $DisplayName, @@ -60801,36 +68825,52 @@ function Update-MgBetaPolicyTokenLifetimePolicy [PSObject] $InputObject, + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [PSObject] + $Tabs, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $SharedWithTeams, + + [Parameter()] + [PSObject] + $Messages, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IsFavoriteByDefault, [Parameter()] [System.String] - $TokenLifetimePolicyId, + $TeamId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, + [System.String] + $Email, + + [Parameter()] + [PSObject] + $Members, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Collections.Hashtable] + [PSObject] $BodyParameter, [Parameter()] @@ -60842,109 +68882,146 @@ function Update-MgBetaPolicyTokenLifetimePolicy $Confirm, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [PSObject] + $ModerationSettings, + + [Parameter()] + [System.String] + $MembershipType, + + [Parameter()] + [System.String] + $WebUrl, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AppliesTo, + $Summary, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion - -#region Microsoft.Graph.Beta.Teams -function Get-MgBetaTeam +function New-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $TeamsAppId, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $MessageId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $SortOrderIndex, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [System.Int32] - $Skip, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $TeamId, + $ChannelId, [Parameter()] - [System.Int32] - $Top, + [PSObject] + $TeamsApp, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.String] - $CountVariable, + $TeamId, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, + + [Parameter()] + [PSObject] + $Configuration, [Parameter()] [System.String] - $Filter, + $WebUrl, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaTeamChannel +function Remove-MgBetaTeam { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] @@ -60952,166 +69029,139 @@ function Get-MgBetaTeamChannel [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $ChannelId, + $TeamId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaTeamChannel +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $TeamId, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $CountVariable, + $IfMatch, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $ChannelId, [Parameter()] [System.String] - $Search, + $TeamId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgBetaTeamChannelTab +function Remove-MgBetaTeamChannelTab { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $ChannelId, + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.String] - $TeamId, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + $ChannelId, [Parameter()] [System.String] - $Search, + $TeamsTabId, [Parameter()] [System.String] - $TeamsTabId, + $TeamId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function New-MgBetaTeam +function Update-MgBetaTeam { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Specialization, - [Parameter()] [PSObject] $PrimaryChannel, @@ -61120,6 +69170,10 @@ function New-MgBetaTeam [System.String] $Description, + [Parameter()] + [PSObject] + $Tags, + [Parameter()] [System.DateTime] $CreatedDateTime, @@ -61137,20 +69191,20 @@ function New-MgBetaTeam $IsMembershipLimitedToOwners, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Classification, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] $AllChannels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsArchived, + [System.String] + $Classification, [Parameter()] [System.String] @@ -61158,23 +69212,31 @@ function New-MgBetaTeam [Parameter()] [PSObject] - $Channels, + $MemberSettings, [Parameter()] [PSObject] - $Group, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Group, + + [Parameter()] + [System.String] + $Specialization, [Parameter()] [PSObject] $IncomingChannels, [Parameter()] - [PSObject] - $Tags, + [System.Management.Automation.SwitchParameter] + $IsArchived, + + [Parameter()] + [System.String] + $TeamId, [Parameter()] [PSObject] @@ -61274,10 +69336,10 @@ function New-MgBetaTeam [Parameter()] [PSObject] - $MemberSettings + $Channels ) } -function New-MgBetaTeamChannel +function Update-MgBetaTeamChannel { [CmdletBinding()] param( @@ -61321,6 +69383,10 @@ function New-MgBetaTeamChannel [PSObject] $Messages, + [Parameter()] + [System.String] + $ChannelId, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -61390,7 +69456,7 @@ function New-MgBetaTeamChannel $HttpPipelineAppend ) } -function New-MgBetaTeamChannelTab +function Update-MgBetaTeamChannelTab { [CmdletBinding()] param( @@ -61462,6 +69528,10 @@ function New-MgBetaTeamChannelTab [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $TeamsTabId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -61475,45 +69545,363 @@ function New-MgBetaTeamChannelTab $HttpPipelineAppend ) } -function Remove-MgBetaTeam +#endregion +#region Microsoft.Graph.DeviceManagement.Administration +function Get-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String] + $DeviceAndAppManagementRoleAssignmentId, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgDeviceManagementRoleDefinition +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgDeviceManagementRoleDefinitionRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $RoleAssignmentId, + + [Parameter()] + [System.String] + $RoleDefinitionId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgDeviceManagementRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $ResourceScopes, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String[]] + $Members, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $RoleDefinition, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgDeviceManagementRoleDefinition +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $RoleAssignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + [Parameter()] [System.String] - $TeamId, + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $RolePermissions, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -61524,7 +69912,7 @@ function Remove-MgBetaTeam $HttpPipelineAppend ) } -function Remove-MgBetaTeamChannel +function Remove-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( @@ -61562,11 +69950,7 @@ function Remove-MgBetaTeamChannel [Parameter()] [System.String] - $ChannelId, - - [Parameter()] - [System.String] - $TeamId, + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -61577,7 +69961,7 @@ function Remove-MgBetaTeamChannel $HttpPipelineAppend ) } -function Remove-MgBetaTeamChannelTab +function Remove-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( @@ -61619,203 +70003,217 @@ function Remove-MgBetaTeamChannelTab [Parameter()] [System.String] - $ChannelId, - - [Parameter()] - [System.String] - $TeamsTabId, - - [Parameter()] - [System.String] - $TeamId, + $RoleDefinitionId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Update-MgBetaTeam +function Get-MgBetaDeviceManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String[]] + $Property, + [Parameter()] [PSObject] - $PrimaryChannel, + $InputObject, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $Tags, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Skip, [Parameter()] - [System.String] - $DisplayName, + [System.Int32] + $Top, [Parameter()] [System.String] - $TenantId, + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMembershipLimitedToOwners, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AllChannels, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Classification, + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $InternalId, + $Search, [Parameter()] - [PSObject] - $MemberSettings, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $Group, - + $HttpPipelineAppend + ) +} +function New-MgBetaDeviceManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $Specialization, - - [Parameter()] - [PSObject] - $IncomingChannels, + $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsArchived, + [System.String] + $DisplayName, [Parameter()] - [System.String] - $TeamId, + [System.String[]] + $ResourceScopes, [Parameter()] - [PSObject] - $Photo, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $Visibility, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $MessagingSettings, + $RoleScopeTags, [Parameter()] [PSObject] - $Members, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $PermissionGrants, + $ScopeType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Members, [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.String[]] + $ScopeMembers, + [Parameter()] [PSObject] - $InstalledApps, + $BodyParameter, [Parameter()] [System.String] $Id, [Parameter()] - [PSObject] - $Owners, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $FunSettings, + $RoleDefinition, [Parameter()] - [PSObject] - $Schedule, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Operations, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $GuestSettings, - + $HttpPipelineAppend + ) +} +function Remove-MgBetaDeviceManagementRoleAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $WebUrl, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $BodyParameter, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $Template, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $Summary, + [System.String] + $IfMatch, [Parameter()] [PSObject] - $DiscoverySettings, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $TemplateDefinition, + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [PSObject] - $Channels + $HttpPipelineAppend ) } -function Update-MgBetaTeamChannel +function Update-MgBetaDeviceManagementRoleAssignment { [CmdletBinding()] param( @@ -61823,70 +70221,50 @@ function Update-MgBetaTeamChannel [System.String] $Description, - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [PSObject] - $FilesFolder, - [Parameter()] [System.String] $DisplayName, [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.String] - $TenantId, + [System.String[]] + $ResourceScopes, [Parameter()] [PSObject] - $Tabs, + $InputObject, [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, [Parameter()] - [PSObject] - $SharedWithTeams, - - [Parameter()] - [PSObject] - $Messages, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $ChannelId, + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsFavoriteByDefault, - - [Parameter()] - [System.String] - $TeamId, - - [Parameter()] - [System.String] - $Email, + [PSObject] + $ScopeType, [Parameter()] - [PSObject] + [System.String[]] $Members, [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.String[]] + $ScopeMembers, + [Parameter()] [PSObject] $BodyParameter, @@ -61901,15 +70279,7 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $ModerationSettings, - - [Parameter()] - [System.String] - $MembershipType, - - [Parameter()] - [System.String] - $WebUrl, + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] @@ -61917,36 +70287,24 @@ function Update-MgBetaTeamChannel [Parameter()] [PSObject] - $Summary, + $RoleScopeTags, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgBetaTeamChannelTab +function Update-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] [System.String] - $TeamsAppId, - - [Parameter()] - [System.String] - $MessageId, - - [Parameter()] - [System.String] - $SortOrderIndex, + $Description, [Parameter()] [System.String] @@ -61961,20 +70319,20 @@ function Update-MgBetaTeamChannelTab $AdditionalProperties, [Parameter()] - [System.String] - $ChannelId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $TeamsApp, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $RoleAssignments, [Parameter()] - [System.String] - $TeamId, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] @@ -61993,37 +70351,29 @@ function Update-MgBetaTeamChannelTab $Confirm, [Parameter()] - [PSObject] - $Configuration, + [System.String] + $RoleDefinitionId, [Parameter()] - [System.String] - $WebUrl, + [PSObject] + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $TeamsTabId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [PSObject] $HttpPipelineAppend ) } #endregion -#region Microsoft.Graph.DeviceManagement.Administration -function Get-MgDeviceManagementRoleAssignment +#region Microsoft.Graph.Beta.DirectoryObjects +function Get-MgBetaDirectoryObject { [CmdletBinding()] param( @@ -62031,10 +70381,6 @@ function Get-MgDeviceManagementRoleAssignment [System.String[]] $Property, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, @@ -62051,6 +70397,10 @@ function Get-MgDeviceManagementRoleAssignment [System.Int32] $Skip, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $Top, @@ -62063,14 +70413,14 @@ function Get-MgDeviceManagementRoleAssignment [System.Uri] $Proxy, - [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, - [Parameter()] [System.String[]] $Sort, + [Parameter()] + [System.String] + $ConsistencyLevel, + [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -62087,6 +70437,10 @@ function Get-MgDeviceManagementRoleAssignment [System.String] $Search, + [Parameter()] + [System.String] + $DirectoryObjectId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -62100,1129 +70454,1160 @@ function Get-MgDeviceManagementRoleAssignment $HttpPipelineAppend ) } -function Get-MgDeviceManagementRoleDefinition +#endregion +#region SecurityComplianceCenter +function Get-InsiderRiskPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $InputObject, + [System.Boolean] + $MetaDataOnly, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DistributionDetail + ) +} +function New-InsiderRiskPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $IsCustom, [Parameter()] - [System.Int32] - $PageSize, + [System.Object] + $ExchangeLocationException, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Object] + $Indicators, [Parameter()] - [System.Int32] - $Skip, + [System.Object] + $ExtensibleIndicators, [Parameter()] - [System.Int32] - $Top, + [System.Object] + $ModernGroupLocationException, [Parameter()] [System.String] - $CountVariable, + $CCPolicySdsId, [Parameter()] - [System.Uri] - $Proxy, + [System.Boolean] + $Enabled, [Parameter()] - [System.String[]] - $Sort, + [System.Object] + $ExtensibleTriggerInsightGroups, [Parameter()] [System.String] - $RoleDefinitionId, + $Name, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.Object] + $UserMailList, [Parameter()] - [System.String] - $Filter, + [System.Object] + $PolicyRBACScopes, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $ExchangeLocation, [Parameter()] - [System.String] - $Search, + [System.Object] + $FileExtensions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Boolean] + $OptInDrpForDlp, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $UseDefaultTemplate, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceManagementRoleDefinitionRoleAssignment -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.Boolean] + $IsPriorityContentOnlyScoring, [Parameter()] - [PSObject] - $InputObject, + [System.Object] + $Triggers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $SharepointSites, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $Comment, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Object] + $TeamsSites, [Parameter()] [System.Int32] - $Skip, + $HistoricTimeSpan, [Parameter()] [System.Int32] - $Top, + $PastTerminationWindow, [Parameter()] - [System.String] - $CountVariable, + [System.Object] + $MLClassifierTypes, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $ModernGroupLocation, [Parameter()] - [System.String[]] - $Sort, + [System.Object] + $InsiderRiskScenario, [Parameter()] [System.String] - $RoleAssignmentId, + $SessionRecordingSettings, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Object] + $DlpPolicy, + + [Parameter()] + [System.Int32] + $FutureTerminationWindow, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, + + [Parameter()] + [System.Boolean] + $PostTerminationActivity, + + [Parameter()] + [System.Object] + $IrmAdaptiveScopeLocation, + + [Parameter()] + [System.Object] + $CustomTags, [Parameter()] [System.String] - $Filter, + $CCPolicyName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $TriggerInsightGroups, [Parameter()] [System.String] - $Search, + $TenantSetting, + + [Parameter()] + [System.Object] + $SensitivityLabels, + + [Parameter()] + [System.Object] + $DlpSensitiveTypes, + + [Parameter()] + [System.Int32] + $InScopeTimeSpan, + [Parameter()] + [System.Int32] + $SchemaVersion + ) +} +function Remove-InsiderRiskPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $Confirm, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $ForceDeletion ) } -function New-MgDeviceManagementRoleAssignment +function Set-InsiderRiskPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Boolean] + $IsCustom, + + [Parameter()] + [System.Object] + $Indicators, + [Parameter()] [System.String] - $Description, + $TurnOnAnalytics, + + [Parameter()] + [System.Object] + $AddExchangeLocationException, [Parameter()] [System.String] - $DisplayName, + $SessionRecordingSettings, [Parameter()] - [System.String[]] - $ResourceScopes, + [System.Object] + $Identity, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $CCPolicyName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $RemoveExchangeLocationException, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $CCPolicySdsId, [Parameter()] - [System.String[]] - $Members, + [System.Boolean] + $Enabled, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $ExtensibleTriggerInsightGroups, [Parameter()] - [PSObject] - $BodyParameter, + [System.Object] + $AddExchangeLocation, [Parameter()] - [System.String] - $Id, + [System.Object] + $PolicyRBACScopes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $FileExtensions, [Parameter()] - [PSObject] - $RoleDefinition, + [System.Boolean] + $OptInDrpForDlp, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $RemoveIrmAdaptiveScopeLocation, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Object] + $RemoveModernGroupLocationException, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( + [System.Object] + $AddModernGroupLocationException, + + [Parameter()] + [System.Object] + $DlpPolicy, + + [Parameter()] + [System.Boolean] + $IsPriorityContentOnlyScoring, + + [Parameter()] + [System.Object] + $Triggers, + [Parameter()] - [System.String] - $Description, + [System.Object] + $AddModernGroupLocation, [Parameter()] [System.String] - $DisplayName, + $Comment, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Object] + $TeamsSites, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $HistoricTimeSpan, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $TurnOnDLPUserRiskSync, [Parameter()] - [PSObject] - $RoleAssignments, + [System.Object] + $RemoveModernGroupLocation, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.Object] + $MLClassifierTypes, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $ExtensibleIndicators, [Parameter()] - [PSObject] - $BodyParameter, + [System.Object] + $AddIrmAdaptiveScopeLocation, [Parameter()] - [System.String] - $Id, + [System.Int32] + $FutureTerminationWindow, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $RolePermissions, + [System.Boolean] + $PostTerminationActivity, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $RemoveExchangeLocation, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $RetryDistribution, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceManagementRoleAssignment -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Object] + $SharepointSites, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $CustomTags, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $AddUserMailList, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Object] + $TriggerInsightGroups, [Parameter()] [System.String] - $IfMatch, + $TenantSetting, [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $SensitivityLabels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $DlpSensitiveTypes, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Int32] + $InScopeTimeSpan, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Int32] + $SchemaVersion, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Int32] + $PastTerminationWindow ) } -function Remove-MgDeviceManagementRoleDefinition + +function Get-RecordReviewNotificationTemplateConfig { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + ) +} +function Set-RecordReviewNotificationTemplateConfig +{ + [CmdletBinding()] + param( [Parameter()] - [System.Uri] - $Proxy, + [System.Boolean] + $IsCustomizedReminderTemplate, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $CustomizedNotificationDataString, [Parameter()] [System.String] - $IfMatch, + $CustomizedReminderDataString, [Parameter()] - [PSObject] - $InputObject, + [System.Boolean] + $IsCustomizedNotificationTemplate + ) +} - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] - [PSObject] - $HttpPipelineAppend, +function Get-AdminAuditLogConfig +{ + [CmdletBinding()] + param( + ) +} +function Get-AuditConfig +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - + [System.Object] + $DomainController + ) +} +function Get-AuditConfigurationPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Object] + $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [System.Object] + $DomainController ) } -function Get-MgBetaDeviceManagementRoleAssignment +function Get-AutoSensitivityLabelPolicy { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $ForceValidate, [Parameter()] - [PSObject] - $InputObject, + [System.Boolean] + $IncludeTestModeResults, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $Identity, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $IncludeProgressFeedback, [Parameter()] - [PSObject] - $HttpPipelinePrepend, - + [System.Management.Automation.SwitchParameter] + $DistributionDetail + ) +} +function Get-AutoSensitivityLabelRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ForceValidate, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $CountVariable, + [System.Object] + $Identity, [Parameter()] - [System.Uri] - $Proxy, + [System.Boolean] + $IncludeExecutionRuleInformation, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Object] + $Policy, [Parameter()] - [System.String[]] - $Sort, - + [System.Boolean] + $IncludeExecutionRuleGuids + ) +} +function Get-CaseHoldPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $IncludeBindingsOnly, [Parameter()] [System.String] - $Filter, + $Case, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $IncludeBindings, [Parameter()] - [System.String] - $Search, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - + $DistributionDetail + ) +} +function Get-CaseHoldRule +{ + [CmdletBinding()] + param( [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Object] + $Policy ) } -function New-MgBetaDeviceManagementRoleAssignment +function Get-ComplianceCase { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [System.Object] + $CaseType, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [System.String[]] - $ResourceScopes, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $RoleGroup, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $RecentOnly, [Parameter()] - [PSObject] - $RoleScopeTags, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $HttpPipelinePrepend, - + [System.Object] + $DomainController + ) +} +function Get-ComplianceRetentionEvent +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $ScopeType, + [System.Object] + $BeginDateTime, [Parameter()] - [System.String[]] - $Members, + [System.Object] + $Identity, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $PreviewOnly, [Parameter()] - [System.String[]] - $ScopeMembers, + [System.Object] + $EndDateTime, [Parameter()] - [PSObject] - $BodyParameter, - + [System.Object] + $DomainController + ) +} +function Get-ComplianceRetentionEventType +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $Id, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $RoleDefinition, - + $LoadTag + ) +} +function Get-ComplianceSearch +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Case, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Object] + $ResultSize ) } -function Remove-MgBetaDeviceManagementRoleAssignment +function Get-ComplianceSearchAction { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Case, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Purge, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + $IncludeCredential, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.SwitchParameter] + $Details, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Export, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Preview, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, - + [System.Object] + $ResultSize + ) +} +function Get-ComplianceTag +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IncludingLabelState, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Object] + $Identity ) } -function Update-MgBetaDeviceManagementRoleAssignment +function Get-ComplianceSecurityFilter { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, + $FilterName, + + [Parameter()] + [System.Boolean] + $Confirm, [Parameter()] + [ValidateSet('Export', 'Preview', 'Purge', 'Search', 'All')] [System.String] - $DisplayName, + $Action = 'All', [Parameter()] [System.String[]] - $ResourceScopes, - + $Users + ) +} +function Get-DeviceConditionalAccessPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $InputObject, - + [System.Object] + $Identity + ) +} +function Get-DeviceConfigurationPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - + [System.Object] + $Identity + ) +} +function Get-DeviceConfigurationRule +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $CompareToWorkload, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Object] + $Identity, [Parameter()] - [PSObject] - $HttpPipelinePrepend, - + [System.Object] + $DomainController + ) +} +function New-DeviceConfigurationRule +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $ScopeType, + [System.Object] + $CameraEnabled, [Parameter()] - [System.String[]] - $Members, + [System.Object] + $EnableRemovableStorage, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $AntiVirusSignatureStatus, [Parameter()] - [System.String[]] - $ScopeMembers, + [System.Object] + $FirewallStatus, [Parameter()] - [PSObject] - $BodyParameter, + [System.Object] + $AllowAppStore, [Parameter()] - [System.String] - $Id, + [System.Object] + $AllowAssistantWhileLocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AllowiCloudBackup, [Parameter()] - [PSObject] - $RoleDefinition, + [System.Object] + $AppsRating, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $PasswordHistoryCount, [Parameter()] - [PSObject] - $RoleScopeTags, + [System.Object] + $PasswordQuality, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Object] + $PasswordMinComplexChars, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Update-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( + [System.Object] + $PhoneMemoryEncrypted, + [Parameter()] [System.String] - $Description, + $EmailAddress, [Parameter()] - [System.String] - $DisplayName, + [System.Object] + $BluetoothEnabled, [Parameter()] - [PSObject] - $InputObject, + [System.Object] + $AllowConvenienceLogon, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Object] + $MaxPasswordGracePeriod, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $AllowiCloudDocSync, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Object] + $ForceAppStorePassword, [Parameter()] - [PSObject] - $RoleAssignments, + [System.Object] + $Policy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.Object] + $TVShowsRating, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $ExchangeActiveSyncHost, [Parameter()] - [PSObject] - $BodyParameter, + [System.Object] + $RequireEmailProfile, [Parameter()] - [System.String] - $Id, + [System.Object] + $AllowDiagnosticSubmission, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AutoUpdateStatus, [Parameter()] [System.String] - $RoleDefinitionId, + $AccountUserName, [Parameter()] - [PSObject] - $RolePermissions, + [System.Object] + $WLANEnabled, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $AllowVoiceDialing, + + [Parameter()] + [System.String] + $AccountName, + + [Parameter()] + [System.Object] + $PasswordExpirationDays, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Object] + $PasswordTimeout, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -#endregion -#region Microsoft.Graph.Beta.DirectoryObjects -function Get-MgBetaDirectoryObject -{ - [CmdletBinding()] - param( + [System.Object] + $AllowiCloudPhotoSync, + [Parameter()] - [System.String[]] - $Property, + [System.Object] + $AllowSimplePassword, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Object] + $AllowPassbookWhileLocked, [Parameter()] - [System.Int32] - $PageSize, + [System.Object] + $PasswordMinimumLength, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Object] + $AllowVideoConferencing, [Parameter()] - [System.Int32] - $Skip, + [System.Object] + $PasswordRequired, [Parameter()] - [PSObject] - $InputObject, + [System.Object] + $MaxPasswordAttemptsBeforeWipe, [Parameter()] - [System.Int32] - $Top, + [System.Object] + $MoviesRating, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Uri] - $Proxy, + [System.Object] + $DomainController, [Parameter()] - [System.String[]] - $Sort, + [System.Object] + $AntiVirusStatus, [Parameter()] [System.String] - $ConsistencyLevel, + $WorkFoldersSyncUrl, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [System.Object] + $UserAccountControlStatus, [Parameter()] - [System.String] - $Filter, + [System.Object] + $ForceEncryptedBackup, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Object] + $AllowScreenshot, [Parameter()] - [System.String] - $Search, + [System.Object] + $PasswordComplexity, [Parameter()] - [System.String] - $DirectoryObjectId, + [System.Object] + $TargetGroups, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Object] + $AllowVoiceAssistant, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Object] + $SystemSecurityTLS, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -#endregion -#region SecurityComplianceCenter -function Get-AdminAuditLogConfig -{ - [CmdletBinding()] - param( + [System.Object] + $RegionRatings, - ) -} -function Get-AuditConfig -{ - [CmdletBinding()] - param( [Parameter()] [System.Object] - $DomainController + $SmartScreenEnabled ) } -function Get-AuditConfigurationPolicy +function Remove-DeviceConfigurationRule { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Object] - $DomainController + $Identity ) } -function Get-AutoSensitivityLabelPolicy +function Set-DeviceConfigurationRule { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceValidate, + [System.Object] + $CameraEnabled, [Parameter()] - [System.Boolean] - $IncludeTestModeResults, + [System.Object] + $EnableRemovableStorage, [Parameter()] [System.Object] - $Identity, + $AntiVirusSignatureStatus, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeProgressFeedback, + [System.Object] + $FirewallStatus, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DistributionDetail - ) -} -function Get-AutoSensitivityLabelRule -{ - [CmdletBinding()] - param( + [System.Object] + $AllowAppStore, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $ForceValidate, + [System.Object] + $AllowAssistantWhileLocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $AllowiCloudBackup, [Parameter()] [System.Object] - $Identity, + $AppsRating, [Parameter()] - [System.Boolean] - $IncludeExecutionRuleInformation, + [System.Object] + $PasswordHistoryCount, [Parameter()] [System.Object] - $Policy, + $PasswordQuality, [Parameter()] - [System.Boolean] - $IncludeExecutionRuleGuids - ) -} -function Get-CaseHoldPolicy -{ - [CmdletBinding()] - param( + [System.Object] + $PasswordMinComplexChars, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeBindingsOnly, + [System.Object] + $PhoneMemoryEncrypted, [Parameter()] [System.String] - $Case, + $EmailAddress, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludeBindings, + [System.Object] + $BluetoothEnabled, [Parameter()] [System.Object] $Identity, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DistributionDetail - ) -} -function Get-CaseHoldRule -{ - [CmdletBinding()] - param( + [System.Object] + $AllowConvenienceLogon, + [Parameter()] [System.Object] - $Identity, + $MaxPasswordGracePeriod, [Parameter()] [System.Object] - $Policy - ) -} -function Get-ComplianceCase -{ - [CmdletBinding()] - param( + $AllowiCloudDocSync, + [Parameter()] [System.Object] - $CaseType, + $ForceAppStorePassword, + + [Parameter()] + [System.Object] + $TVShowsRating, [Parameter()] [System.String] - $RoleGroup, + $ExchangeActiveSyncHost, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RecentOnly, + [System.Object] + $RequireEmailProfile, [Parameter()] [System.Object] - $Identity, + $AllowDiagnosticSubmission, [Parameter()] [System.Object] - $DomainController - ) -} -function Get-ComplianceRetentionEvent -{ - [CmdletBinding()] - param( + $AutoUpdateStatus, + + [Parameter()] + [System.String] + $AccountUserName, + [Parameter()] [System.Object] - $BeginDateTime, + $WLANEnabled, [Parameter()] [System.Object] - $Identity, + $AllowVoiceDialing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PreviewOnly, + [System.String] + $AccountName, [Parameter()] [System.Object] - $EndDateTime, + $PasswordExpirationDays, [Parameter()] [System.Object] - $DomainController - ) -} -function Get-ComplianceRetentionEventType -{ - [CmdletBinding()] - param( + $PasswordTimeout, + [Parameter()] [System.Object] - $Identity, + $AllowiCloudPhotoSync, [Parameter()] - [System.Management.Automation.SwitchParameter] - $LoadTag - ) -} -function Get-ComplianceSearch -{ - [CmdletBinding()] - param( + [System.Object] + $AllowSimplePassword, + [Parameter()] - [System.String] - $Case, + [System.Object] + $AllowPassbookWhileLocked, [Parameter()] [System.Object] - $Identity, + $PasswordMinimumLength, [Parameter()] [System.Object] - $ResultSize - ) -} -function Get-ComplianceSearchAction -{ - [CmdletBinding()] - param( + $AllowVideoConferencing, + [Parameter()] - [System.String] - $Case, + [System.Object] + $PasswordRequired, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Purge, + [System.Object] + $MaxPasswordAttemptsBeforeWipe, [Parameter()] [System.Object] - $Identity, + $MoviesRating, [Parameter()] [System.Management.Automation.SwitchParameter] - $IncludeCredential, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Details, + [System.Object] + $DomainController, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Export, + [System.Object] + $AntiVirusStatus, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Preview, + [System.String] + $WorkFoldersSyncUrl, [Parameter()] [System.Object] - $ResultSize - ) -} -function Get-ComplianceTag -{ - [CmdletBinding()] - param( + $UserAccountControlStatus, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $IncludingLabelState, + [System.Object] + $ForceEncryptedBackup, [Parameter()] [System.Object] - $Identity - ) -} -function Get-ComplianceSecurityFilter -{ - [CmdletBinding()] - param( + $AllowScreenshot, + [Parameter()] - [System.String] - $FilterName, + [System.Object] + $PasswordComplexity, [Parameter()] - [System.Boolean] - $Confirm, + [System.Object] + $TargetGroups, [Parameter()] - [ValidateSet('Export', 'Preview', 'Purge', 'Search', 'All')] - [System.String] - $Action = 'All', + [System.Object] + $AllowVoiceAssistant, [Parameter()] - [System.String[]] - $Users - ) -} -function Get-DeviceConditionalAccessPolicy -{ - [CmdletBinding()] - param( + [System.Object] + $SystemSecurityTLS, + [Parameter()] [System.Object] - $Identity - ) -} -function Get-DeviceConfigurationPolicy -{ - [CmdletBinding()] - param( + $RegionRatings, + [Parameter()] [System.Object] - $Identity + $SmartScreenEnabled ) } + function Get-DlpCompliancePolicy { [CmdletBinding()] @@ -63273,6 +71658,31 @@ function Get-DlpComplianceRule $IncludeExecutionRuleGuids ) } +function Get-DlpSensitiveInformationType +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $IncludeElements, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeDetails, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $Organization, + + [Parameter()] + [System.Object] + $Capability + ) +} function Get-FilePlanPropertyAuthority { [CmdletBinding()] @@ -69177,6 +77587,98 @@ function Set-SupervisoryReviewPolicy $SamplingRate ) } +function Set-InsiderRiskEntityList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Object[]] + $Entities, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Object[]] + $AddEntities, + + [Parameter()] + [System.Object[]] + $RemoveEntities + ) +} + +function New-InsiderRiskEntityList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Object[]] + $Entities, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Type + ) +} + +function Remove-InsiderRiskEntityList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ForceDeletion + ) +} + +function Get-InsiderRiskEntityList +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Type + ) +} + function Set-SupervisoryReviewPolicyV2 { [CmdletBinding()] @@ -71724,6 +80226,37 @@ function Get-TenantSettings $ApiVersion ) } + +function Get-TenantAllowBlockListItems +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $ListType, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [switch] + $Allow, + + [Parameter()] + [switch] + $Block, + + [Parameter()] + [System.String] + $Entry, + + [Parameter()] + [System.Object[]] + $ListSubType + ) +} + function New-AdminPowerAppEnvironment { [CmdletBinding()] @@ -71849,6 +80382,53 @@ function Set-TenantSettings $RequestBody ) } + +function Set-TenantAllowBlockListItems +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $ListType, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [switch] + $Allow, + + [Parameter()] + [switch] + $Block, + + [Parameter()] + [System.String[]] + $Entries, + + [Parameter()] + [System.Object[]] + $ListSubType, + + [Parameter()] + [switch] + $NoExpiration, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [switch] + $OutputJson, + + [Parameter()] + [System.Int32] + $RemoveAfter + ) +} + #endregion #region MicrosoftTeams function Add-TeamUser @@ -73781,6 +82361,57 @@ function New-TeamChannel $GroupId ) } + +function New-TenantAllowBlockListItems +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Entries, + + [Parameter()] + [System.String] + $ListType, + + [Parameter()] + [System.DateTime] + $ExpirationDate, + + [Parameter()] + [switch] + $Allow, + + [Parameter()] + [switch] + $Block, + + [Parameter()] + [System.Object] + $ListSubType, + + [Parameter()] + [switch] + $LogExtraDetails, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [switch] + $OutputJson, + + [Parameter()] + [System.Int32] + $RemoveAfter, + + [Parameter()] + [System.String] + $SubmissionID + ) +} + function Remove-CsOnlineVoicemailPolicy { [CmdletBinding()] @@ -74109,6 +82740,29 @@ function Remove-TeamUser $Role ) } + +function Remove-TenantAllowBlockListItems +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $ListType, + + [Parameter()] + [System.String[]] + $Entries, + + [Parameter()] + [System.String] + $ListSubType, + + [Parameter()] + [switch] + $OutputJson + ) +} + function Set-CsOnlineVoicemailPolicy { [CmdletBinding()] @@ -82000,25 +90654,395 @@ function Set-MgBetaDeviceAppManagementMobileApp [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials + $ProxyUseDefaultCredentials + ) +} + +function Update-MgBetaDeviceAppManagementMobileApp +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $MobileAppId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [PSObject[]] + $Categories, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.Int32] + $DependentAppCount, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Developer, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $InformationUrl, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsFeatured, + + [Parameter()] + [PSObject] + $LargeIcon, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.String] + $Owner, + + [Parameter()] + [System.String] + $PrivacyInformationUrl, + + [Parameter()] + [System.String] + $Publisher, + + [Parameter()] + [PSObject] + $PublishingState, + + [Parameter()] + [PSObject[]] + $Relationships, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Int32] + $SupersededAppCount, + + [Parameter()] + [System.Int32] + $SupersedingAppCount, + + [Parameter()] + [System.Int32] + $UploadState, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials + ) +} + +#endregion +#region MgBetaPolicyActivityBasedTimeoutPolicy +function Get-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $AppliesTo, + + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function Update-MgBetaDeviceAppManagementMobileApp +function Update-MgBetaPolicyActivityBasedTimeoutPolicy { [CmdletBinding()] param ( [Parameter()] [System.String] - $MobileAppId, + $ActivityBasedTimeoutPolicyId, [Parameter()] [PSObject] $InputObject, [Parameter()] - [PSObject] + [System.Collections.Hashtable] $BodyParameter, [Parameter()] @@ -82031,28 +91055,20 @@ function Update-MgBetaDeviceAppManagementMobileApp [Parameter()] [PSObject[]] - $Assignments, + $AppliesTo, [Parameter()] - [PSObject[]] - $Categories, + [System.String[]] + $Definition, [Parameter()] [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.Int32] - $DependentAppCount, + $DeletedDateTime, [Parameter()] [System.String] $Description, - [Parameter()] - [System.String] - $Developer, - [Parameter()] [System.String] $DisplayName, @@ -82061,65 +91077,9 @@ function Update-MgBetaDeviceAppManagementMobileApp [System.String] $Id, - [Parameter()] - [System.String] - $InformationUrl, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, - [Parameter()] [System.Management.Automation.SwitchParameter] - $IsFeatured, - - [Parameter()] - [PSObject] - $LargeIcon, - - [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [System.String] - $Notes, - - [Parameter()] - [System.String] - $Owner, - - [Parameter()] - [System.String] - $PrivacyInformationUrl, - - [Parameter()] - [System.String] - $Publisher, - - [Parameter()] - [PSObject] - $PublishingState, - - [Parameter()] - [PSObject[]] - $Relationships, - - [Parameter()] - [System.String[]] - $RoleScopeTagIds, - - [Parameter()] - [System.Int32] - $SupersededAppCount, - - [Parameter()] - [System.Int32] - $SupersedingAppCount, - - [Parameter()] - [System.Int32] - $UploadState, + $IsOrganizationDefault, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -82147,7 +91107,11 @@ function Update-MgBetaDeviceAppManagementMobileApp [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } @@ -82462,15 +91426,53 @@ function Update-MgBetaPolicyActivityBasedTimeoutPolicy } #endregion -#region MgBetaPolicyActivityBasedTimeoutPolicy -function Get-MgBetaPolicyActivityBasedTimeoutPolicy +function Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [string] + $DirectoryObjectId, + + [Parameter(Mandatory = $true)] + [string] + $DirectoryRoleId, + + [Parameter()] + [string] + $IfMatch, + + [Parameter()] + [string] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [switch] + $PassThru, + + [Parameter()] + [switch] + $WhatIf, + + [Parameter()] + [switch] + $Confirm + ) +} +#region MgBetaDeviceManagementScript +function Get-MgBetaDeviceManagementScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $ActivityBasedTimeoutPolicyId, + $DeviceManagementScriptId, [Parameter()] [PSObject] @@ -82550,13 +91552,13 @@ function Get-MgBetaPolicyActivityBasedTimeoutPolicy ) } -function New-MgBetaPolicyActivityBasedTimeoutPolicy +function New-MgBetaDeviceManagementScript { [CmdletBinding()] param ( [Parameter()] - [System.Collections.Hashtable] + [PSObject] $BodyParameter, [Parameter()] @@ -82569,31 +91571,59 @@ function New-MgBetaPolicyActivityBasedTimeoutPolicy [Parameter()] [PSObject[]] - $AppliesTo, + $Assignments, [Parameter()] - [System.String[]] - $Definition, + [System.String] + $Description, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [PSObject[]] + $DeviceRunStates, [Parameter()] [System.String] - $Description, + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $EnforceSignatureCheck, [Parameter()] [System.String] - $DisplayName, + $FileName, + + [Parameter()] + [PSObject[]] + $GroupAssignments, [Parameter()] [System.String] $Id, + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + [Parameter()] [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, + $RunAs32Bit, + + [Parameter()] + [PSObject] + $RunAsAccount, + + [Parameter()] + [PSObject] + $RunSummary, + + [Parameter()] + [System.String] + $ScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $UserRunStates, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -82629,14 +91659,14 @@ function New-MgBetaPolicyActivityBasedTimeoutPolicy ) } -function Remove-MgBetaPolicyActivityBasedTimeoutPolicy +function Remove-MgBetaDeviceManagementScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $ActivityBasedTimeoutPolicyId, + $DeviceManagementScriptId, [Parameter()] [PSObject] @@ -82684,21 +91714,21 @@ function Remove-MgBetaPolicyActivityBasedTimeoutPolicy ) } -function Update-MgBetaPolicyActivityBasedTimeoutPolicy +function Update-MgBetaDeviceManagementScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $ActivityBasedTimeoutPolicyId, + $DeviceManagementScriptId, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Collections.Hashtable] + [PSObject] $BodyParameter, [Parameter()] @@ -82711,31 +91741,145 @@ function Update-MgBetaPolicyActivityBasedTimeoutPolicy [Parameter()] [PSObject[]] - $AppliesTo, + $Assignments, [Parameter()] - [System.String[]] - $Definition, + [System.String] + $Description, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [PSObject[]] + $DeviceRunStates, [Parameter()] [System.String] - $Description, + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $EnforceSignatureCheck, [Parameter()] [System.String] - $DisplayName, + $FileName, + + [Parameter()] + [PSObject[]] + $GroupAssignments, [Parameter()] [System.String] $Id, + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + [Parameter()] [System.Management.Automation.SwitchParameter] - $IsOrganizationDefault, + $RunAs32Bit, + + [Parameter()] + [PSObject] + $RunAsAccount, + + [Parameter()] + [PSObject] + $RunSummary, + + [Parameter()] + [System.String] + $ScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $UserRunStates, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgBetaDeviceManagementScriptAssignment +function Get-MgBetaDeviceManagementScriptAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceManagementScriptAssignmentId, + + [Parameter()] + [System.String] + $DeviceManagementScriptId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -82766,59 +91910,30 @@ function Update-MgBetaPolicyActivityBasedTimeoutPolicy $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} - -#endregion -function Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $true)] - [string] - $DirectoryObjectId, - - [Parameter(Mandatory = $true)] - [string] - $DirectoryRoleId, - - [Parameter()] - [string] - $IfMatch, - - [Parameter()] - [string] - $ResponseHeadersVariable, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [switch] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] - [switch] - $WhatIf, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [switch] - $Confirm + [System.String] + $CountVariable ) } -#region MgBetaDeviceManagementScript -function Get-MgBetaDeviceManagementScript + +#endregion + +#region MgBetaDeviceManagementDeviceShellScript +function Get-MgBetaDeviceManagementDeviceShellScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceManagementScriptId, + $DeviceShellScriptId, [Parameter()] [PSObject] @@ -82898,7 +92013,7 @@ function Get-MgBetaDeviceManagementScript ) } -function New-MgBetaDeviceManagementScript +function New-MgBetaDeviceManagementDeviceShellScript { [CmdletBinding()] param @@ -82919,6 +92034,10 @@ function New-MgBetaDeviceManagementScript [PSObject[]] $Assignments, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BlockExecutionNotifications, + [Parameter()] [System.String] $Description, @@ -82932,8 +92051,8 @@ function New-MgBetaDeviceManagementScript $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnforceSignatureCheck, + [System.TimeSpan] + $ExecutionFrequency, [Parameter()] [System.String] @@ -82948,12 +92067,12 @@ function New-MgBetaDeviceManagementScript $Id, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $RetryCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RunAs32Bit, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] @@ -83005,14 +92124,14 @@ function New-MgBetaDeviceManagementScript ) } -function Remove-MgBetaDeviceManagementScript +function Remove-MgBetaDeviceManagementDeviceShellScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceManagementScriptId, + $DeviceShellScriptId, [Parameter()] [PSObject] @@ -83060,14 +92179,14 @@ function Remove-MgBetaDeviceManagementScript ) } -function Update-MgBetaDeviceManagementScript +function Update-MgBetaDeviceManagementDeviceShellScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceManagementScriptId, + $DeviceShellScriptId, [Parameter()] [PSObject] @@ -83089,6 +92208,10 @@ function Update-MgBetaDeviceManagementScript [PSObject[]] $Assignments, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BlockExecutionNotifications, + [Parameter()] [System.String] $Description, @@ -83102,8 +92225,8 @@ function Update-MgBetaDeviceManagementScript $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnforceSignatureCheck, + [System.TimeSpan] + $ExecutionFrequency, [Parameter()] [System.String] @@ -83118,12 +92241,12 @@ function Update-MgBetaDeviceManagementScript $Id, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $RetryCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RunAs32Bit, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] @@ -83177,8 +92300,8 @@ function Update-MgBetaDeviceManagementScript #endregion -#region MgBetaDeviceManagementScriptAssignment -function Get-MgBetaDeviceManagementScriptAssignment +#region MgBetaDeviceManagementDeviceShellScriptAssignment +function Get-MgBetaDeviceManagementDeviceShellScriptAssignment { [CmdletBinding()] param @@ -83189,7 +92312,7 @@ function Get-MgBetaDeviceManagementScriptAssignment [Parameter()] [System.String] - $DeviceManagementScriptId, + $DeviceShellScriptId, [Parameter()] [PSObject] @@ -83271,15 +92394,15 @@ function Get-MgBetaDeviceManagementScriptAssignment #endregion -#region MgBetaDeviceManagementDeviceShellScript -function Get-MgBetaDeviceManagementDeviceShellScript +#region MgBetaDeviceManagementDeviceHealthScript +function Get-MgBetaDeviceManagementDeviceHealthScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceShellScriptId, + $DeviceHealthScriptId, [Parameter()] [PSObject] @@ -83359,7 +92482,7 @@ function Get-MgBetaDeviceManagementDeviceShellScript ) } -function New-MgBetaDeviceManagementDeviceShellScript +function New-MgBetaDeviceManagementDeviceHealthScript { [CmdletBinding()] param @@ -83381,12 +92504,20 @@ function New-MgBetaDeviceManagementDeviceShellScript $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockExecutionNotifications, + [System.String] + $Description, [Parameter()] [System.String] - $Description, + $DetectionScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $DetectionScriptParameters, + + [Parameter()] + [PSObject] + $DeviceHealthScriptType, [Parameter()] [PSObject[]] @@ -83397,29 +92528,41 @@ function New-MgBetaDeviceManagementDeviceShellScript $DisplayName, [Parameter()] - [System.TimeSpan] - $ExecutionFrequency, + [System.Management.Automation.SwitchParameter] + $EnforceSignatureCheck, [Parameter()] [System.String] - $FileName, + $HighestAvailableVersion, [Parameter()] - [PSObject[]] - $GroupAssignments, + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsGlobalScript, [Parameter()] [System.String] - $Id, + $Publisher, [Parameter()] - [System.Int32] - $RetryCount, + [System.String] + $RemediationScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $RemediationScriptParameters, [Parameter()] [System.String[]] $RoleScopeTagIds, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RunAs32Bit, + [Parameter()] [PSObject] $RunAsAccount, @@ -83430,11 +92573,7 @@ function New-MgBetaDeviceManagementDeviceShellScript [Parameter()] [System.String] - $ScriptContentInputFile, - - [Parameter()] - [PSObject[]] - $UserRunStates, + $Version, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -83470,14 +92609,14 @@ function New-MgBetaDeviceManagementDeviceShellScript ) } -function Remove-MgBetaDeviceManagementDeviceShellScript +function Remove-MgBetaDeviceManagementDeviceHealthScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceShellScriptId, + $DeviceHealthScriptId, [Parameter()] [PSObject] @@ -83525,14 +92664,14 @@ function Remove-MgBetaDeviceManagementDeviceShellScript ) } -function Update-MgBetaDeviceManagementDeviceShellScript +function Update-MgBetaDeviceManagementDeviceHealthScript { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceShellScriptId, + $DeviceHealthScriptId, [Parameter()] [PSObject] @@ -83555,12 +92694,20 @@ function Update-MgBetaDeviceManagementDeviceShellScript $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockExecutionNotifications, + [System.String] + $Description, [Parameter()] [System.String] - $Description, + $DetectionScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $DetectionScriptParameters, + + [Parameter()] + [PSObject] + $DeviceHealthScriptType, [Parameter()] [PSObject[]] @@ -83571,29 +92718,41 @@ function Update-MgBetaDeviceManagementDeviceShellScript $DisplayName, [Parameter()] - [System.TimeSpan] - $ExecutionFrequency, + [System.Management.Automation.SwitchParameter] + $EnforceSignatureCheck, [Parameter()] [System.String] - $FileName, + $HighestAvailableVersion, [Parameter()] - [PSObject[]] - $GroupAssignments, + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsGlobalScript, [Parameter()] [System.String] - $Id, + $Publisher, [Parameter()] - [System.Int32] - $RetryCount, + [System.String] + $RemediationScriptContentInputFile, + + [Parameter()] + [PSObject[]] + $RemediationScriptParameters, [Parameter()] [System.String[]] $RoleScopeTagIds, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $RunAs32Bit, + [Parameter()] [PSObject] $RunAsAccount, @@ -83604,11 +92763,7 @@ function Update-MgBetaDeviceManagementDeviceShellScript [Parameter()] [System.String] - $ScriptContentInputFile, - - [Parameter()] - [PSObject[]] - $UserRunStates, + $Version, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -83646,19 +92801,19 @@ function Update-MgBetaDeviceManagementDeviceShellScript #endregion -#region MgBetaDeviceManagementDeviceShellScriptAssignment -function Get-MgBetaDeviceManagementDeviceShellScriptAssignment +#region MgBetaDeviceManagementDeviceHealthScriptAssignment +function Get-MgBetaDeviceManagementDeviceHealthScriptAssignment { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceManagementScriptAssignmentId, + $DeviceHealthScriptAssignmentId, [Parameter()] [System.String] - $DeviceShellScriptId, + $DeviceHealthScriptId, [Parameter()] [PSObject] @@ -83740,15 +92895,15 @@ function Get-MgBetaDeviceManagementDeviceShellScriptAssignment #endregion -#region MgBetaDeviceManagementDeviceHealthScript -function Get-MgBetaDeviceManagementDeviceHealthScript +#region MgBetaDeviceAppManagementMobileAppConfiguration +function Get-MgBetaDeviceAppManagementMobileAppConfiguration { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceHealthScriptId, + $ManagedDeviceMobileAppConfigurationId, [Parameter()] [PSObject] @@ -83828,7 +92983,7 @@ function Get-MgBetaDeviceManagementDeviceHealthScript ) } -function New-MgBetaDeviceManagementDeviceHealthScript +function New-MgBetaDeviceAppManagementMobileAppConfiguration { [CmdletBinding()] param @@ -83850,75 +93005,51 @@ function New-MgBetaDeviceManagementDeviceHealthScript $Assignments, [Parameter()] - [System.String] - $Description, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $DetectionScriptContentInputFile, - - [Parameter()] - [PSObject[]] - $DetectionScriptParameters, + $Description, [Parameter()] [PSObject] - $DeviceHealthScriptType, + $DeviceStatusSummary, [Parameter()] [PSObject[]] - $DeviceRunStates, + $DeviceStatuses, [Parameter()] [System.String] $DisplayName, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $EnforceSignatureCheck, - - [Parameter()] - [System.String] - $HighestAvailableVersion, - [Parameter()] [System.String] $Id, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsGlobalScript, - - [Parameter()] - [System.String] - $Publisher, - - [Parameter()] - [System.String] - $RemediationScriptContentInputFile, - - [Parameter()] - [PSObject[]] - $RemediationScriptParameters, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [System.String[]] $RoleScopeTagIds, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RunAs32Bit, + [System.String[]] + $TargetedMobileApps, [Parameter()] [PSObject] - $RunAsAccount, + $UserStatusSummary, [Parameter()] - [PSObject] - $RunSummary, + [PSObject[]] + $UserStatuses, [Parameter()] - [System.String] + [System.Int32] $Version, [Parameter()] @@ -83955,14 +93086,14 @@ function New-MgBetaDeviceManagementDeviceHealthScript ) } -function Remove-MgBetaDeviceManagementDeviceHealthScript +function Remove-MgBetaDeviceAppManagementMobileAppConfiguration { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceHealthScriptId, + $ManagedDeviceMobileAppConfigurationId, [Parameter()] [PSObject] @@ -84010,14 +93141,14 @@ function Remove-MgBetaDeviceManagementDeviceHealthScript ) } -function Update-MgBetaDeviceManagementDeviceHealthScript +function Set-MgBetaDeviceAppManagementMobileAppConfiguration { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceHealthScriptId, + $ManagedDeviceMobileAppConfigurationId, [Parameter()] [PSObject] @@ -84040,75 +93171,118 @@ function Update-MgBetaDeviceManagementDeviceHealthScript $Assignments, [Parameter()] - [System.String] - $Description, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $DetectionScriptContentInputFile, + [System.Collections.IDictionary] + $Headers, [Parameter()] [PSObject[]] - $DetectionScriptParameters, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $DeviceHealthScriptType, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] - [PSObject[]] - $DeviceRunStates, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String] - $DisplayName, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $EnforceSignatureCheck, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $HighestAvailableVersion, + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Update-MgBetaDeviceAppManagementMobileAppConfiguration +{ + [CmdletBinding()] + param + ( [Parameter()] [System.String] - $Id, + $ManagedDeviceMobileAppConfigurationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsGlobalScript, + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Publisher, + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $RemediationScriptContentInputFile, + $Description, + + [Parameter()] + [PSObject] + $DeviceStatusSummary, [Parameter()] [PSObject[]] - $RemediationScriptParameters, + $DeviceStatuses, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [System.String[]] $RoleScopeTagIds, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RunAs32Bit, + [System.String[]] + $TargetedMobileApps, [Parameter()] [PSObject] - $RunAsAccount, + $UserStatusSummary, [Parameter()] - [PSObject] - $RunSummary, + [PSObject[]] + $UserStatuses, [Parameter()] - [System.String] + [System.Int32] $Version, [Parameter()] @@ -84147,19 +93321,19 @@ function Update-MgBetaDeviceManagementDeviceHealthScript #endregion -#region MgBetaDeviceManagementDeviceHealthScriptAssignment -function Get-MgBetaDeviceManagementDeviceHealthScriptAssignment +#region MgBetaDeviceAppManagementMobileAppConfigurationAssignment +function Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment { [CmdletBinding()] param ( [Parameter()] [System.String] - $DeviceHealthScriptAssignmentId, + $ManagedDeviceMobileAppConfigurationAssignmentId, [Parameter()] [System.String] - $DeviceHealthScriptId, + $ManagedDeviceMobileAppConfigurationId, [Parameter()] [PSObject] @@ -84238,18 +93412,101 @@ function Get-MgBetaDeviceManagementDeviceHealthScriptAssignment $CountVariable ) } +function Set-EOPProtectionPolicyRule +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [system.String[]] + $SentTo, + + [Parameter()] + [System.String[]] + $SentToMemberOf + ) +} + +function Get-ExternalInOutlook +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $AllowList, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function Set-ExternalInOutlook +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $AllowList, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} #endregion -#region MgBetaDeviceAppManagementMobileAppConfiguration -function Get-MgBetaDeviceAppManagementMobileAppConfiguration +#region MgBetaDeviceManagementWindowsQualityUpdateProfile +function Get-MgBetaDeviceManagementWindowsQualityUpdateProfile { [CmdletBinding()] param ( [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationId, + $WindowsQualityUpdateProfileId, [Parameter()] [PSObject] @@ -84329,7 +93586,7 @@ function Get-MgBetaDeviceAppManagementMobileAppConfiguration ) } -function New-MgBetaDeviceAppManagementMobileAppConfiguration +function New-MgBetaDeviceManagementWindowsQualityUpdateProfile { [CmdletBinding()] param @@ -84356,20 +93613,20 @@ function New-MgBetaDeviceAppManagementMobileAppConfiguration [Parameter()] [System.String] - $Description, - - [Parameter()] - [PSObject] - $DeviceStatusSummary, + $DeployableContentDisplayName, [Parameter()] - [PSObject[]] - $DeviceStatuses, + [System.String] + $Description, [Parameter()] [System.String] $DisplayName, + [Parameter()] + [PSObject] + $ExpeditedUpdateSettings, + [Parameter()] [System.String] $Id, @@ -84379,24 +93636,12 @@ function New-MgBetaDeviceAppManagementMobileAppConfiguration $LastModifiedDateTime, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $ReleaseDateDisplayName, [Parameter()] [System.String[]] - $TargetedMobileApps, - - [Parameter()] - [PSObject] - $UserStatusSummary, - - [Parameter()] - [PSObject[]] - $UserStatuses, - - [Parameter()] - [System.Int32] - $Version, + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -84432,14 +93677,14 @@ function New-MgBetaDeviceAppManagementMobileAppConfiguration ) } -function Remove-MgBetaDeviceAppManagementMobileAppConfiguration +function Remove-MgBetaDeviceManagementWindowsQualityUpdateProfile { [CmdletBinding()] param ( [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationId, + $WindowsQualityUpdateProfileId, [Parameter()] [PSObject] @@ -84487,14 +93732,14 @@ function Remove-MgBetaDeviceAppManagementMobileAppConfiguration ) } -function Set-MgBetaDeviceAppManagementMobileAppConfiguration +function Update-MgBetaDeviceManagementWindowsQualityUpdateProfile { [CmdletBinding()] param ( [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationId, + $WindowsQualityUpdateProfileId, [Parameter()] [PSObject] @@ -84517,91 +93762,24 @@ function Set-MgBetaDeviceAppManagementMobileAppConfiguration $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.Collections.IDictionary] - $Headers, - - [Parameter()] - [PSObject[]] - $HttpPipelineAppend, - - [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} + [System.DateTime] + $CreatedDateTime, -function Update-MgBetaDeviceAppManagementMobileAppConfiguration -{ - [CmdletBinding()] - param - ( [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationId, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [PSObject] - $BodyParameter, + $DeployableContentDisplayName, [Parameter()] [System.String] - $ResponseHeadersVariable, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [PSObject[]] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, + $Description, [Parameter()] [System.String] - $Description, + $DisplayName, [Parameter()] [PSObject] - $DeviceStatusSummary, - - [Parameter()] - [PSObject[]] - $DeviceStatuses, - - [Parameter()] - [System.String] - $DisplayName, + $ExpeditedUpdateSettings, [Parameter()] [System.String] @@ -84612,24 +93790,12 @@ function Update-MgBetaDeviceAppManagementMobileAppConfiguration $LastModifiedDateTime, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.String] + $ReleaseDateDisplayName, [Parameter()] [System.String[]] - $TargetedMobileApps, - - [Parameter()] - [PSObject] - $UserStatusSummary, - - [Parameter()] - [PSObject[]] - $UserStatuses, - - [Parameter()] - [System.Int32] - $Version, + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -84667,19 +93833,19 @@ function Update-MgBetaDeviceAppManagementMobileAppConfiguration #endregion -#region MgBetaDeviceAppManagementMobileAppConfigurationAssignment -function Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment +#region MgBetaDeviceManagementWindowsQualityUpdateProfileAssignment +function Get-MgBetaDeviceManagementWindowsQualityUpdateProfileAssignment { [CmdletBinding()] param ( [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationAssignmentId, + $WindowsQualityUpdateProfileAssignmentId, [Parameter()] [System.String] - $ManagedDeviceMobileAppConfigurationId, + $WindowsQualityUpdateProfileId, [Parameter()] [PSObject] @@ -84730,129 +93896,46 @@ function Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment $HttpPipelineAppend, [Parameter()] - [PSObject[]] - $HttpPipelinePrepend, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $CountVariable - ) -} -function Set-EOPProtectionPolicyRule -{ - [CmdletBinding()] - param - ( - [Parameter()] - [System.String] - $Identity, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.String[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.String[]] - $ExceptIfSentTo, - - [Parameter()] - [System.String[]] - $ExceptIfSentToMemberOf, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String[]] - $RecipientDomainIs, - - [Parameter()] - [system.String[]] - $SentTo, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $SentToMemberOf - ) -} + [System.Uri] + $Proxy, -function Get-ExternalInOutlook -{ - [CmdletBinding()] - param - ( [Parameter()] - [System.String] - $Identity, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $AllowList, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Boolean] - $Enabled - ) -} -function Set-ExternalInOutlook -{ - [CmdletBinding()] - param - ( - [Parameter()] - [System.String] - $Identity, + [System.Int32] + $PageSize, [Parameter()] - [System.String[]] - $AllowList, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Boolean] - $Enabled + [System.String] + $CountVariable ) } #endregion -#region MgBetaDeviceManagementWindowsQualityUpdateProfile -function Get-MgBetaDeviceManagementWindowsQualityUpdateProfile +#region MgBetaPolicyFeatureRolloutPolicy +function Get-MgBetaPolicyFeatureRolloutPolicy { [CmdletBinding()] param ( [Parameter()] [System.String] - $WindowsQualityUpdateProfileId, + $FeatureRolloutPolicyId, [Parameter()] [PSObject] @@ -84932,7 +94015,7 @@ function Get-MgBetaDeviceManagementWindowsQualityUpdateProfile ) } -function New-MgBetaDeviceManagementWindowsQualityUpdateProfile +function New-MgBetaPolicyFeatureRolloutPolicy { [CmdletBinding()] param @@ -84951,15 +94034,7 @@ function New-MgBetaDeviceManagementWindowsQualityUpdateProfile [Parameter()] [PSObject[]] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DeployableContentDisplayName, + $AppliesTo, [Parameter()] [System.String] @@ -84970,24 +94045,20 @@ function New-MgBetaDeviceManagementWindowsQualityUpdateProfile $DisplayName, [Parameter()] - [PSObject] - $ExpeditedUpdateSettings, + [System.String] + $Feature, [Parameter()] [System.String] $Id, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [System.String] - $ReleaseDateDisplayName, + [System.Management.Automation.SwitchParameter] + $IsAppliedToOrganization, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -85023,14 +94094,14 @@ function New-MgBetaDeviceManagementWindowsQualityUpdateProfile ) } -function Remove-MgBetaDeviceManagementWindowsQualityUpdateProfile +function Remove-MgBetaPolicyFeatureRolloutPolicy { [CmdletBinding()] param ( [Parameter()] [System.String] - $WindowsQualityUpdateProfileId, + $FeatureRolloutPolicyId, [Parameter()] [PSObject] @@ -85078,14 +94149,14 @@ function Remove-MgBetaDeviceManagementWindowsQualityUpdateProfile ) } -function Update-MgBetaDeviceManagementWindowsQualityUpdateProfile +function Update-MgBetaPolicyFeatureRolloutPolicy { [CmdletBinding()] param ( [Parameter()] [System.String] - $WindowsQualityUpdateProfileId, + $FeatureRolloutPolicyId, [Parameter()] [PSObject] @@ -85105,15 +94176,7 @@ function Update-MgBetaDeviceManagementWindowsQualityUpdateProfile [Parameter()] [PSObject[]] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DeployableContentDisplayName, + $AppliesTo, [Parameter()] [System.String] @@ -85124,24 +94187,20 @@ function Update-MgBetaDeviceManagementWindowsQualityUpdateProfile $DisplayName, [Parameter()] - [PSObject] - $ExpeditedUpdateSettings, + [System.String] + $Feature, [Parameter()] [System.String] $Id, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, - - [Parameter()] - [System.String] - $ReleaseDateDisplayName, + [System.Management.Automation.SwitchParameter] + $IsAppliedToOrganization, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -85179,51 +94238,115 @@ function Update-MgBetaDeviceManagementWindowsQualityUpdateProfile #endregion -#region MgBetaDeviceManagementWindowsQualityUpdateProfileAssignment -function Get-MgBetaDeviceManagementWindowsQualityUpdateProfileAssignment +#region Microsoft.Graph.Beta.Search +function Get-MgBetaExternal { [CmdletBinding()] - param - ( + param( [Parameter()] - [System.String] - $WindowsQualityUpdateProfileAssignmentId, + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String[]] + $ExpandProperty, [Parameter()] [System.String] - $WindowsQualityUpdateProfileId, + $ResponseHeadersVariable, [Parameter()] [PSObject] - $InputObject, + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.String[]] - $ExpandProperty, + $Property, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgBetaExternalConnection +{ + [CmdletBinding()] + param( [Parameter()] [System.String[]] $Property, [Parameter()] - [System.String] - $Filter, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Int32] $Skip, + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.String[]] $Sort, [Parameter()] - [System.Int32] - $Top, + [System.String] + $ExternalConnectionId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.String] @@ -85233,43 +94356,369 @@ function Get-MgBetaDeviceManagementWindowsQualityUpdateProfileAssignment [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [System.Collections.IDictionary] $Headers, [Parameter()] - [PSObject[]] - $HttpPipelineAppend, + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgBetaExternalConnection +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $Schema, [Parameter()] - [PSObject[]] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $ConnectorId, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $Groups, + + [Parameter()] + [PSObject] + $Items, + + [Parameter()] + [PSObject] + $SearchSettings, + + [Parameter()] + [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.String] + $EnabledContentExperiences, + + [Parameter()] + [System.String] + $State, + + [Parameter()] + [PSObject] + $ComplianceSettings, + + [Parameter()] + [PSObject] + $Quota, + + [Parameter()] + [PSObject] + $ActivitySettings, + [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Int64] + $IngestedItemsCount, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $Operations, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $Configuration, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgBetaExternalConnection +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [System.String] + $ExternalConnectionId, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.Collections.IDictionary] + $Headers, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break + ) +} +function Update-MgBetaExternal +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $Connections, + + [Parameter()] + [PSObject] + $IndustryData, [Parameter()] [System.String] - $CountVariable + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject] + $AuthorizationSystems, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } +function Update-MgBetaExternalConnection +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $Schema, -#endregion + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $Groups, + + [Parameter()] + [PSObject] + $Items, + + [Parameter()] + [PSObject] + $SearchSettings, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $EnabledContentExperiences, + + [Parameter()] + [System.String] + $ExternalConnectionId, + + [Parameter()] + [System.String] + $State, + + [Parameter()] + [PSObject] + $ComplianceSettings, + + [Parameter()] + [PSObject] + $Quota, + + [Parameter()] + [PSObject] + $ActivitySettings, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String] + $ConnectorId, + + [Parameter()] + [System.Int64] + $IngestedItemsCount, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $Operations, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $Configuration, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +#endregion diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 index 7d42466c4c..b3846eb047 100644 --- a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 @@ -11,6 +11,11 @@ function Get-TargetResource ##TODO - Add the list of Parameters + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -85,6 +90,7 @@ function Get-TargetResource } catch { + Write-Verbose -Message $_ New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -107,6 +113,11 @@ function Set-TargetResource ##TODO - Add the list of Parameters + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -181,6 +192,11 @@ function Test-TargetResource ##TODO - Add the list of Parameters + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -303,6 +319,11 @@ function Export-TargetResource } foreach ($config in $Script:exportedInstances) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Id Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline $params = @{ diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof index 6fa43ce435..fe8aabccae 100644 --- a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof @@ -4,10 +4,11 @@ class MSFT_ResourceName : OMI_BaseResource [Key, Description("")] String PrimaryKey; [Write, Description("")] String OtherProperties; + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; \ No newline at end of file +}; diff --git a/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 index 20857e0393..780e0f343d 100644 --- a/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 +++ b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 @@ -66,6 +66,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should create a new instance from the Set method' { ##TODO - Replace the New-Cmdlet by the appropriate one + Set-TargetResource @testParams Should -Invoke -CommandName New-Cmdlet -Exactly 1 } } @@ -93,6 +94,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams ##TODO - Replace the Remove-Cmdlet by the appropriate one Should -Invoke -CommandName Remove-Cmdlet -Exactly 1 } diff --git a/docs/docs/blog/index.md b/docs/docs/blog/index.md index 719a60c7a6..75a3bf47b6 100644 --- a/docs/docs/blog/index.md +++ b/docs/docs/blog/index.md @@ -2,6 +2,7 @@ ## Major Updates +* [October 2024 Major Release](https://microsoft365dsc.com/blog/october-2024-major-release/index.html) * [April 2024 Major Release](https://microsoft365dsc.com/blog/april-2024-major-release/index.html) * [October 2023 Major Release](https://microsoft365dsc.com/blog/october-2023-major-release/index.html) * [April 2023 Major Release](https://microsoft365dsc.com/blog/april-2023-major-release/index.html) diff --git a/docs/docs/blog/october-2024-major-release.md b/docs/docs/blog/october-2024-major-release.md new file mode 100644 index 0000000000..624c6cb48f --- /dev/null +++ b/docs/docs/blog/october-2024-major-release.md @@ -0,0 +1,39 @@ +# Microsoft365DSC – OCtober 2024 Major Release (version 1.24.1002.1) + +As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on October 2nd 2024, will include several breaking changes and will be labeled version 1.24.1002.1. This article provides details on the breaking changes and other important updates that will be included as part of our October 2024 Major release. + +## EXOMailTips - Removal of the Ensure Parameter ([#4823](https://github.com/microsoft/Microsoft365DSC/pull/4823)) + +The EXOMailTips resource manages a tenant wide setting where only one instance can ever exist. Therefore, the Ensure parameter has been removed from the resource. In order to fix your baseline, search for any EXOMailTips entry and remove the Ensure parameter from the configuration file. + +## EXOAntiPhishPolicy - Changed PhishThresholdLevel to Integer ([#4687](https://github.com/microsoft/Microsoft365DSC/pull/4687/)) + +The PhishThresholdLevel property of the EXOAntiPhishPolicy resource was incorrectly defined as a string. In this major release, the parameter type will change from String to Int32. In order to fix your baseline, search for the PhishThresholdLevel property and make sure you update the type to be an integer (e.g., remove quotes around the level value). + +## TeamsComplianceRecordingPolicy - Added Complex type for ComplianceRecordingApplications ([3754](https://github.com/microsoft/Microsoft365DSC/pull/3754)) + +The ComplianceRecordingApplications parameter of the TeamsComplianceRecordingPolicy resource was changed from being a string array to being an array of CIMInstances (complex types). There are unfortunately no direct ways to update existing configurations. Instead, make sure you search for the ComplianceRecordingApplications property in your config and update the entries to match the CimInstances definition. + +e.g., +```Powershell +ComplianceRecordingApplications = @( + MSFT_TeamsComplianceRecordingApplication{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('00000000-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + MSFT_TeamsComplianceRecordingApplication{ + Id = '12345678-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('87654321-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } +); +``` diff --git a/docs/docs/resources/Defender b/docs/docs/resources/Defender new file mode 100644 index 0000000000..eec42f0198 --- /dev/null +++ b/docs/docs/resources/Defender @@ -0,0 +1,98 @@ +# DefenderSubscriptionPlan + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **SubscriptionName** | Key | String | The display name of the subscription. | | +| **PlanName** | Key | String | The Defender plan name, for the list all of possible Defender plans refer to Defender for Cloud documentation | | +| **SubscriptionId** | Write | String | The unique identifier of the Azure subscription. | | +| **PricingTier** | Write | String | The pricing tier ('Standard' or 'Free') | | +| **SubPlanName** | Write | String | The Defender sub plan name, for the list all of possible sub plans refer to Defender for Cloud documentation | | +| **Extensions** | Write | String | The extensions offered under the plan, for more information refer to Defender for Cloud documentation | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud. +For more information about the available Defender plans, sub plans and plan extensions refer to Defender for Cloud onboarding API documentation. +https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/update?view=rest-defenderforcloud-2024-01-01&tabs=HTTP + + +To have all security features enabled during plan enablement, make sure to assign the required Azure RBAC permissions to the application running this module. +For more information about the required permissions refer to the documentation https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + DefenderSubscriptionPlan 'TestSubscription' + { + SubscriptionName = 'MyTestSubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + SubscriptionId = 'd620d94d-916d-4dd9-9de5-179292873e20' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index 89dd351064..eafad9c5e6 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -8,6 +8,7 @@ | **Id** | Write | String | Object-Id of the Administrative Unit | | | **Description** | Write | String | Description of the Administrative Unit | | | **Visibility** | Write | String | Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden | | +| **IsMemberManagementRestricted** | Write | Boolean | Indicates whether the management rights on resources in the administrative units should be restricted to ONLY the administrators scoped on the administrative unit object. | | | **MembershipType** | Write | String | Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview. | | | **MembershipRule** | Write | String | Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview. | | | **MembershipRuleProcessingState** | Write | String | Specify dynamic membership-rule processing-state. Valid values are 'On' and 'Paused'. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview. | | @@ -105,6 +106,7 @@ Configuration Example MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False; ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { @@ -157,6 +159,7 @@ Configuration Example MembershipRule = "(user.country -eq `"US`")" # Updated Property MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' + IsMemberManagementRestricted = $False ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { diff --git a/docs/docs/resources/azure-ad/AADApplication.md b/docs/docs/resources/azure-ad/AADApplication.md index 00a9a29f14..3ad2464b54 100644 --- a/docs/docs/resources/azure-ad/AADApplication.md +++ b/docs/docs/resources/azure-ad/AADApplication.md @@ -14,6 +14,12 @@ | **IdentifierUris** | Write | StringArray[] | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain. | | | **IsFallbackPublicClient** | Write | Boolean | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property. | | | **KnownClientApplications** | Write | StringArray[] | Client applications that are tied to this resource application. | | +| **OptionalClaims** | Write | MSFT_MicrosoftGraphoptionalClaims | Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app. | | +| **Api** | Write | MSFT_MicrosoftGraphapiApplication | Specifies settings for an application that implements a web API. | | +| **AuthenticationBehaviors** | Write | MSFT_MicrosoftGraphauthenticationBehaviors | The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. Returned only on $select. For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization. | | +| **PasswordCredentials** | Write | MSFT_MicrosoftGraphpasswordCredential[] | The collection of password credentials associated with the application. Not nullable. | | +| **KeyCredentials** | Write | MSFT_MicrosoftGraphkeyCredential[] | The collection of key credentials associated with the application. Not nullable. Supports $filter (eq, not, ge, le). | | +| **AppRoles** | Write | MSFT_MicrosoftGraphappRole[] | The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable. | | | **LogoutURL** | Write | String | The logout url for this application. | | | **PublicClient** | Write | Boolean | Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false. | | | **ReplyURLs** | Write | StringArray[] | Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. | | @@ -39,6 +45,94 @@ | **Type** | Write | String | Type of permission. | `AppOnly`, `Delegated` | | **AdminConsentGranted** | Write | Boolean | Represented whether or not the Admin consent been granted on the app. | | +### MSFT_MicrosoftGraphOptionalClaims + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AccessToken** | Write | MSFT_MicrosoftGraphOptionalClaim[] | The optional claims returned in the JWT access token. | | +| **IdToken** | Write | MSFT_MicrosoftGraphOptionalClaim[] | The optional claims returned in the JWT ID token. | | +| **Saml2Token** | Write | MSFT_MicrosoftGraphOptionalClaim[] | The optional claims returned in the SAML token. | | + +### MSFT_MicrosoftGraphOptionalClaim + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Essential** | Write | Boolean | If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience for the specific task requested by the end user. The default value is false. | | +| **Name** | Write | String | The name of the optional claim. | | +| **Source** | Write | String | The source (directory object) of the claim. There are predefined claims and user-defined claims from extension properties. If the source value is null, the claim is a predefined optional claim. If the source value is user, the value in the name property is the extension property from the user object. | | + +### MSFT_MicrosoftGraphPreAuthorizedApplication + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AppId** | Write | String | The unique identifier for the client application. | | +| **PermissionIds** | Write | StringArray[] | The unique identifier for the scopes the client application is granted. | | + +### MSFT_MicrosoftGraphApiApplication + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **PreAuthorizedApplications** | Write | MSFT_MicrosoftGraphPreAuthorizedApplication[] | Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent. | | + +### MSFT_MicrosoftGraphAuthenticationBehaviors + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **BlockAzureADGraphAccess** | Write | Boolean | If false, allows the app to have extended access to Azure AD Graph until June 30, 2025 when Azure AD Graph is fully retired. For more information on Azure AD retirement updates, see June 2024 update on Azure AD Graph API retirement. | | +| **RemoveUnverifiedEmailClaim** | Write | Boolean | If true, removes the email claim from tokens sent to an application when the email address's domain can't be verified. | | +| **RequireClientServicePrincipal** | Write | Boolean | If true, requires multitenant applications to have a service principal in the resource tenant as part of authorization checks before they're granted access tokens. This property is only modifiable for multitenant resource applications that rely on access from clients without a service principal and had this behavior as set to false by Microsoft. Tenant administrators should respond to security advisories sent through Azure Health Service events and the Microsoft 365 message center. | | + +### MSFT_MicrosoftGraphKeyCredential + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CustomKeyIdentifier** | Write | String | A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate. | | +| **DisplayName** | Write | String | Friendly name for the key. Optional. | | +| **EndDateTime** | Write | String | The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. | | +| **KeyId** | Write | String | The unique identifier (GUID) for the key. | | +| **Key** | Write | String | The certificate's raw data in byte array converted to Base64 string. | | +| **StartDateTime** | Write | String | The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. | | +| **Type** | Write | String | The type of key credential for example, Symmetric, AsymmetricX509Cert. | | +| **Usage** | Write | String | A string that describes the purpose for which the key can be used for example, Verify. | | + +### MSFT_MicrosoftGraphPasswordCredential + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Friendly name for the password. Optional. | | +| **EndDateTime** | Write | String | The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional. | | +| **Hint** | Write | String | Contains the first three characters of the password. Read-only. | | +| **KeyId** | Write | String | The unique identifier for the password. | | +| **StartDateTime** | Write | String | The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional. | | + +### MSFT_MicrosoftGraphAppRole + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AllowedMemberTypes** | Write | StringArray[] | Specifies whether this app role can be assigned to users and groups (by setting to 'User'), to other application's (by setting to 'Application', or both (by setting to 'User', 'Application'). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities. | | +| **Description** | Write | String | The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences. | | +| **DisplayName** | Write | String | Display name for the permission that appears in the app role assignment and consent experiences. | | +| **Id** | Write | String | Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided. | | +| **IsEnabled** | Write | Boolean | When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed. | | +| **Origin** | Write | String | Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only. | | +| **Value** | Write | String | Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : = + _ } , and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .. | | + ## Description This resource configures an Azure Active Directory Application. diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md index fd9fa85e4c..6f9800c0a1 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md @@ -10,6 +10,7 @@ | **PolicyVersion** | Write | String | The version of the policy in use. | | | **ReconfirmationInDays** | Write | UInt32 | Days before the user will be asked to reconfirm their method. | | | **RegistrationEnforcement** | Write | MSFT_MicrosoftGraphregistrationEnforcement | Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods. | | +| **ReportSuspiciousActivitySettings** | Write | MSFT_MicrosoftGraphreportSuspiciousActivitySettings | Allows users to report suspicious activities if they receive an authentication request that they did not initiate. | | | **SystemCredentialPreferences** | Write | MSFT_MicrosoftGraphsystemCredentialPreferences | Prompt users with their most-preferred credential for multifactor authentication. | | | **Id** | Write | String | The unique identifier for an entity. Read-only. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present` | @@ -87,6 +88,16 @@ | **IncludeTargets** | Write | MSFT_AADAuthenticationMethodPolicyIncludeTarget[] | Users and groups included in the preferred authentication method experience of the system. | | | **State** | Write | String | Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled. | `default`, `enabled`, `disabled`, `unknownFutureValue` | +### MSFT_MicrosoftGraphReportSuspiciousActivitySettings + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IncludeTarget** | Write | MSFT_AADAuthenticationMethodPolicyIncludeTarget | Group IDs in scope for report suspicious activity. | | +| **State** | Write | String | Specifies the state of the reportSuspiciousActivitySettings object. | `default`, `enabled`, `disabled`, `unknownFutureValue` | +| **VoiceReportingCode** | Write | UInt32 | Specifies the number the user enters on their phone to report the MFA prompt as suspicious. | | + ## Description @@ -165,6 +176,14 @@ Configuration Example State = 'default' } }; + ReportSuspiciousActivitySettings = MSFT_MicrosoftGraphreportSuspiciousActivitySettings{ + VoiceReportingCode = 0 + IncludeTarget = MSFT_AADAuthenticationMethodPolicyIncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + }; ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyHardware.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyHardware.md new file mode 100644 index 0000000000..cfed4b1402 --- /dev/null +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyHardware.md @@ -0,0 +1,163 @@ +# AADAuthenticationMethodPolicyHardware + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ExcludeTargets** | Write | MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget[] | Displayname of the groups of users that are excluded from a policy. | | +| **IncludeTargets** | Write | MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget[] | Displayname of the groups of users that are included from a policy. | | +| **State** | Write | String | The state of the policy. Possible values are: enabled, disabled. | `enabled`, `disabled` | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | The object identifier of an Azure AD group. | | +| **TargetType** | Write | String | The type of the authentication method target. Possible values are: group and unknownFutureValue. | `user`, `group`, `unknownFutureValue` | + +### MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | The object identifier of an Azure AD group. | | +| **TargetType** | Write | String | The type of the authentication method target. Possible values are: group and unknownFutureValue. | `user`, `group`, `unknownFutureValue` | + + +# AADAuthenticationMethodPolicySoftware + +## Description + +Azure AD Authentication Method Policy Hardware + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Policy.ReadWrite.AuthenticationMethod, Policy.Read.All + +- **Update** + + - Policy.ReadWrite.AuthenticationMethod, Policy.Read.All + +#### Application permissions + +- **Read** + + - Policy.ReadWrite.AuthenticationMethod, Policy.Read.All + +- **Update** + + - Policy.ReadWrite.AuthenticationMethod, Policy.Read.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyHardware "AADAuthenticationMethodPolicyHardware-HardwareOath" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + Id = "HardwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + ); + State = "enabled"; # Updated Property + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyHardware "AADAuthenticationMethodPolicyHardware-HardwareOath" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Ensure = "Absent"; + Id = "HardwareOath"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md index 0c50a322d3..5cd3b23e28 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md @@ -52,7 +52,7 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Update** - - EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All + - EntitlementManagement.ReadWrite.All #### Application permissions @@ -62,7 +62,7 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Update** - - EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All + - EntitlementManagement.ReadWrite.All ## Examples diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementSettings.md b/docs/docs/resources/azure-ad/AADEntitlementManagementSettings.md new file mode 100644 index 0000000000..059fa3d81c --- /dev/null +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementSettings.md @@ -0,0 +1,86 @@ +# AADEntitlementManagementSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only accepted value is 'Yes'. | `Yes` | +| **DaysUntilExternalUserDeletedAfterBlocked** | Write | UInt32 | If externalUserLifecycleAction is blockSignInAndDelete, the duration, typically many days, after an external user is blocked from sign in before their account is deleted. | | +| **ExternalUserLifecycleAction** | Write | String | Automatic action that the service should take when an external user's last access package assignment is removed. The possible values are: none, blockSignIn, blockSignInAndDelete, unknownFutureValue. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Manages Entra Id Entitlement Management settings. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - EntitlementManagement.Read.All + +- **Update** + + - EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All + +#### Application permissions + +- **Read** + + - EntitlementManagement.Read.All + +- **Update** + + - EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All, RoleManagement.ReadWrite.Directory + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADEntitlementManagementSettings "AADEntitlementManagementSettings" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DaysUntilExternalUserDeletedAfterBlocked = 30; + ExternalUserLifecycleAction = "blockSignInAndDelete"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADFeatureRolloutPolicy.md b/docs/docs/resources/azure-ad/AADFeatureRolloutPolicy.md new file mode 100644 index 0000000000..af846e1668 --- /dev/null +++ b/docs/docs/resources/azure-ad/AADFeatureRolloutPolicy.md @@ -0,0 +1,171 @@ +# AADFeatureRolloutPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | A description for this feature rollout policy. | | +| **DisplayName** | Key | String | The display name for this feature rollout policy. | | +| **Feature** | Write | String | Possible values are: passthroughAuthentication, seamlessSso, passwordHashSync, emailAsAlternateId, unknownFutureValue, certificateBasedAuthentication. You must use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: certificateBasedAuthentication. For more information about the prerequisites for the enabled features, see Prerequisites for enabled features. | `passthroughAuthentication`, `seamlessSso`, `passwordHashSync`, `emailAsAlternateId`, `unknownFutureValue`, `certificateBasedAuthentication` | +| **IsAppliedToOrganization** | Write | Boolean | Indicates whether this feature rollout policy should be applied to the entire organization. | | +| **IsEnabled** | Write | Boolean | Indicates whether the feature rollout is enabled. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Azure AD Policy Feature Rollout Policy + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Directory.Read.All + +- **Update** + + - Directory.ReadWrite.All + +#### Application permissions + +- **Read** + + - Directory.Read.All + +- **Update** + + - Directory.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + Feature = "certificateBasedAuthentication"; + IsAppliedToOrganization = $False; + IsEnabled = $True; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Description = "CertificateBasedAuthentication rollout policy"; + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Present"; + IsAppliedToOrganization = $False; + IsEnabled = $False; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADFeatureRolloutPolicy "AADFeatureRolloutPolicy-CertificateBasedAuthentication rollout policy" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DisplayName = "CertificateBasedAuthentication rollout policy"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 7eb2ef6775..8e8fb1e3c4 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -145,17 +145,22 @@ Configuration Example { AADGroup 'MyGroups' { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group Updated" # Updated Property - SecurityEnabled = $True - MailEnabled = $True - GroupTypes = @("Unified") - MailNickname = "M365DSC" - Members = @("AdeleV@$TenantId") - GroupAsMembers = @("Group1") - Visibility = "Private" - Owners = @("admin@$TenantId", "AdeleV@$TenantId") - Ensure = "Present" + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Members = @("AdeleV@$TenantId") + GroupAsMembers = @("Group1") + Visibility = "Private" + Owners = @("admin@$TenantId", "AdeleV@$TenantId") + AssignedLicenses = @( + MSFT_AADGroupLicense { + SkuId = 'AAD_PREMIUM_P2' + } + ) + Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md b/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md new file mode 100644 index 0000000000..66ff3a0bfb --- /dev/null +++ b/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md @@ -0,0 +1,97 @@ +# AADPasswordRuleSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | +| **LockoutThreshold** | Write | UInt32 | The number of failed login attempts before the first lockout period begins. | | +| **LockoutDurationInSeconds** | Write | UInt32 | The duration in seconds of the initial lockout period. | | +| **EnableBannedPasswordCheck** | Write | Boolean | Boolean indicating if the banned password check for tenant specific banned password list is turned on or not. | | +| **BannedPasswordList** | Write | StringArray[] | A list of banned words in passwords. | | +| **BannedPasswordCheckOnPremisesMode** | Write | String | How should we enforce password policy check in on-premises system. | | +| **EnableBannedPasswordCheckOnPremises** | Write | Boolean | Boolean indicating if the banned password check is turned on or not for on-premises system. | | +| **Ensure** | Write | String | Specify if the Azure AD Password Rule Settings should exist or not. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application to authenticate with. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +## Description + +This resource configures the Azure Active Directory Password Rule Settings. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Directory.Read.All, Group.Read.All + +- **Update** + + - Directory.Read.All, Directory.ReadWrite.All + +#### Application permissions + +- **Read** + + - Directory.Read.All + +- **Update** + + - Directory.Read.All, Directory.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADPasswordRuleSettings 'GeneralPasswordRuleSettings' + { + IsSingleInstance = "Yes" + LockoutThreshold = 6 + LockoutDurationInSeconds = 30 + BannedPasswordCheckOnPremisesMode = 'Audit' + EnableBannedPasswordCheckOnPremises = $false + EnableBannedPasswordCheck = $false + BannedPasswordList = $null + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADServicePrincipal.md b/docs/docs/resources/azure-ad/AADServicePrincipal.md index ea0b418f8f..8e360204df 100644 --- a/docs/docs/resources/azure-ad/AADServicePrincipal.md +++ b/docs/docs/resources/azure-ad/AADServicePrincipal.md @@ -15,6 +15,7 @@ | **Homepage** | Write | String | Specifies the homepage of the ServicePrincipal. | | | **LogoutUrl** | Write | String | Specifies the LogoutURL of the ServicePrincipal. | | | **PublisherName** | Write | String | Specifies the PublisherName of the ServicePrincipal. | | +| **Owners** | Write | StringArray[] | List of the owners of the service principal. | | | **ReplyUrls** | Write | StringArray[] | The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. | | | **SamlMetadataUrl** | Write | String | The URL for the SAML metadata of the ServicePrincipal. | | | **ServicePrincipalNames** | Write | StringArray[] | Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal. | | diff --git a/docs/docs/resources/azure-ad/ADOOrganizationOwner.md b/docs/docs/resources/azure-ad/ADOOrganizationOwner.md new file mode 100644 index 0000000000..5112877f05 --- /dev/null +++ b/docs/docs/resources/azure-ad/ADOOrganizationOwner.md @@ -0,0 +1,84 @@ +# ADOOrganizationOwner + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **OrganizationName** | Key | String | NAme of the Azure DevOPS Organization | | +| **Owner** | Write | String | User principal of the organization's owner | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures the owner of an Azure DevOPS organization. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOOrganizationOwner "MyOrgOwner" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + OrganizationName = "MyOrg"; + Owner = "john.smith@$TenantId"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/ADOPermissionGroup.md b/docs/docs/resources/azure-ad/ADOPermissionGroup.md new file mode 100644 index 0000000000..f05b158e0d --- /dev/null +++ b/docs/docs/resources/azure-ad/ADOPermissionGroup.md @@ -0,0 +1,178 @@ +# ADOPermissionGroup + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **OrganizationName** | Key | String | The name of the Azure DevOPS Organization. | | +| **PrincipalName** | Key | String | Principal name to identify the group. | | +| **DisplayName** | Write | String | Display name for the group. | | +| **Description** | Write | String | Description of the group. | | +| **Members** | Write | StringArray[] | List of principal names of the members of the group. | | +| **Id** | Write | String | Unique identifier for the group. | | +| **Descriptor** | Write | String | Unique descriptor for the group. | | +| **Level** | Write | String | Determines at what level in the hierarchy the group exists. Valid values are Project or Organization. | `Organization`, `Project` | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Manages Azure DevOPS permission groups. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Present"; + Level = "Organization"; + Members = @("AdeleV@$TenantId"); + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Present"; + Level = "Organization"; + Members = @("AdeleV@$TenantId", "admin@$TenantId"); #Drift + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOPermissionGroup "TestPermissionGroup" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "My Description"; + DisplayName = "TestGroup"; + Ensure = "Absent"; + Level = "Organization"; + Members = @("AdeleV@$TenantId"); + OrganizationName = "O365DSC-Dev"; + PrincipalName = "[O365DSC-DEV]\TestGroup"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/ADOSecurityPolicy.md b/docs/docs/resources/azure-ad/ADOSecurityPolicy.md new file mode 100644 index 0000000000..097db8ee32 --- /dev/null +++ b/docs/docs/resources/azure-ad/ADOSecurityPolicy.md @@ -0,0 +1,100 @@ +# ADOSecurityPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **OrganizationName** | Key | String | The name of the Azure DevOPS Organization. | | +| **DisallowAadGuestUserAccess** | Write | Boolean | Controls the external guest access. | | +| **DisallowOAuthAuthentication** | Write | Boolean | Controls the Third-party application access via OAuth. | | +| **DisallowSecureShell** | Write | Boolean | Controls SSH Authentication. | | +| **LogAuditEvents** | Write | Boolean | Controls Log Audit Events. | | +| **AllowAnonymousAccess** | Write | Boolean | Controls the Allow public projects setting. | | +| **ArtifactsExternalPackageProtectionToken** | Write | Boolean | Controls the Additional protections when using public package registries setting. | | +| **EnforceAADConditionalAccess** | Write | Boolean | Controls the Enable IP Conditional Access policy validation setting. | | +| **AllowTeamAdminsInvitationsAccessToken** | Write | Boolean | Controls the Allow team and project administrators to invite new user setting. | | +| **AllowRequestAccessToken** | Write | Boolean | Controls the Request access setting. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures Azure DevOPS Security Policies. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ADOSecurityPolicy "ADOPolicy" + { + AllowAnonymousAccess = $True; + AllowRequestAccessToken = $False; + AllowTeamAdminsInvitationsAccessToken = $True; + ApplicationId = $ApplicationId; + ArtifactsExternalPackageProtectionToken = $False; + CertificateThumbprint = $CertificateThumbprint; + DisallowAadGuestUserAccess = $True; + DisallowOAuthAuthentication = $True; + DisallowSecureShell = $False; + EnforceAADConditionalAccess = $False; + LogAuditEvents = $True; + OrganizationName = "O365DSC-Dev"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AzureSubscription.md b/docs/docs/resources/azure-ad/AzureSubscription.md new file mode 100644 index 0000000000..481e5a8eb0 --- /dev/null +++ b/docs/docs/resources/azure-ad/AzureSubscription.md @@ -0,0 +1,87 @@ +# AzureSubscription + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | The display name of the subscription. | | +| **Id** | Write | String | The unique identifier of the subscription. | | +| **Enabled** | Write | Boolean | Enables or disables the subscription | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +This resource controls the properties of an Azure subscription. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + AzureSubscription 'TestSubscription' + { + Name = 'MyTestSubscription' + Id = 'd620d94d-916d-4dd9-9de5-179292873e20' + Enabled = $true + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md index d0859b5a13..0d7db2cedd 100644 --- a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md +++ b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md @@ -7,7 +7,7 @@ | **Identity** | Key | String | The Identity parameter specifies the name of the antiphishing policy that you want to modify. | | | **Ensure** | Write | String | Specify if this policy should exist or not. | `Present`, `Absent` | | **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. | | -| **PhishThresholdLevel** | Write | String | The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. | `1`, `2`, `3`, `4` | +| **PhishThresholdLevel** | Write | UInt32 | The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. | `1`, `2`, `3`, `4` | | **AuthenticationFailAction** | Write | String | The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication. | `MoveToJmf`, `Quarantine` | | **TargetedUserProtectionAction** | Write | String | The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. | `BccMessage`, `Delete`, `MoveToJmf`, `NoAction`, `Quarantine`, `Redirect` | | **Enabled** | Write | Boolean | Specify if this policy should be enabled. Default is $true. | | @@ -39,6 +39,8 @@ | **TargetedUserActionRecipients** | Write | StringArray[] | The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. | | | **TargetedUsersToProtect** | Write | StringArray[] | The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true. | | | **TargetedUserQuarantineTag** | Write | String | The TargetedUserQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection. | | +| **DmarcQuarantineAction** | Write | String | The DmarcQuarantineAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=quarantine | `MoveToJmf`, `Quarantine` | +| **DmarcRejectAction** | Write | String | The DmarcRejectAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=reject. | `Quarantine`, `Reject` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -117,6 +119,8 @@ Configuration Example EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -173,6 +177,8 @@ Configuration Example EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null Ensure = "Present" + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -228,6 +234,8 @@ Configuration Example EnableOrganizationDomainsProtection = $null EnableUnusualCharactersSafetyTips = $null TargetedUserActionRecipients = $null + DmarcQuarantineAction = "Quarantine" + DmarcRejectAction = "Reject" Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/docs/docs/resources/exchange/EXOArcConfig.md b/docs/docs/resources/exchange/EXOArcConfig.md new file mode 100644 index 0000000000..f2e949c0fe --- /dev/null +++ b/docs/docs/resources/exchange/EXOArcConfig.md @@ -0,0 +1,73 @@ +# EXOArcConfig + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | +| **Identity** | Write | String | Identity which indicates the organization. | | +| **ArcTrustedSealers** | Write | StringArray[] | The domain names of the ARC sealers. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +This resource manages the list of trusted Authenticated Received Chain (ARC) sealers that are configured in the organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Security Admin, Security Reader, Tenant AllowBlockList Manager, Transport Hygiene, View-Only Configuration + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOArcConfig "EXOArcConfig-Test" + { + ArcTrustedSealers = "contoso.com"; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + ApplicationId = $ApplicationId; + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOAtpProtectionPolicyRule.md b/docs/docs/resources/exchange/EXOAtpProtectionPolicyRule.md new file mode 100644 index 0000000000..59c88250cd --- /dev/null +++ b/docs/docs/resources/exchange/EXOAtpProtectionPolicyRule.md @@ -0,0 +1,174 @@ +# EXOAtpProtectionPolicyRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Identifier for the rule | | +| **Enabled** | Write | Boolean | Specifies whether the rule is enabled | | +| **Comments** | Write | String | Informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters. | | +| **ExceptIfRecipientDomainIs** | Write | StringArray[] | Specifies an exception that looks for recipients with email addresses in the specified domains. | | +| **ExceptIfSentTo** | Write | StringArray[] | Specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient | | +| **ExceptIfSentToMemberOf** | Write | StringArray[] | Specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group. | | +| **Name** | Write | String | Unique name for the rule. The maximum length is 64 characters. | | +| **Priority** | Write | UInt32 | Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value. | | +| **RecipientDomainIs** | Write | StringArray[] | Specifies a condition that looks for recipients with email addresses in the specified domains. | | +| **SafeAttachmentPolicy** | Write | String | Specifies the existing Safe Attachments policy that's associated with the preset security policy. | | +| **SafeLinksPolicy** | Write | String | Specifies the existing Safe Links policy that's associated with the preset security policy. | | +| **SentTo** | Write | StringArray[] | Specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. | | +| **SentToMemberOf** | Write | StringArray[] | Specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Manage ATP Protection policy rules that are associated with Microsoft Defender for Office 365 protections in preset security policies. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Transport Hygiene, Security Admin, View-Only Configuration, Security Reader + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy with comments"; # Changed value + Enabled = $True; # Changed value + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOATPProtectionPolicyRule "EXOATPProtectionPolicyRule-Strict Preset Security Policy" + { + Comments = "Built-in Strict Preset Security Policy"; + Enabled = $False; + Identity = "Strict Preset Security Policy"; + Name = "Strict Preset Security Policy"; + Priority = 0; + SafeAttachmentPolicy = "Strict Preset Security Policy1725468967835"; + SafeLinksPolicy = "Strict Preset Security Policy1725468969412"; + Ensure = "Absent" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXODnssecForVerifiedDomain.md b/docs/docs/resources/exchange/EXODnssecForVerifiedDomain.md new file mode 100644 index 0000000000..1464320d25 --- /dev/null +++ b/docs/docs/resources/exchange/EXODnssecForVerifiedDomain.md @@ -0,0 +1,120 @@ +# EXODnssecForVerifiedDomain + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DomainName** | Key | String | DomainName parameter specifies the accepted domain in the Exchange Online organization where you want to view information about DNSSEC | | +| **DnssecFeatureStatus** | Write | String | Status of the DnsSec for the given Domain Name. | `Enabled`, `Disabled`, `Unknown` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +DNSSec status for a verified domain. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXODnssecForVerifiedDomain "EXODnssecForVerifiedDomain-nik-charlebois.com" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXODnssecForVerifiedDomain "EXODnssecForVerifiedDomain-nik-charlebois.com" + { + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + DnssecFeatureStatus = "Enabled"; + DomainName = "nik-charlebois.com"; + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOEmailTenantSettings.md b/docs/docs/resources/exchange/EXOEmailTenantSettings.md new file mode 100644 index 0000000000..0de767d147 --- /dev/null +++ b/docs/docs/resources/exchange/EXOEmailTenantSettings.md @@ -0,0 +1,83 @@ +# EXOEmailTenantSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | +| **Identity** | Write | String | Identity which indicates the organization name. | | +| **EnablePriorityAccountProtection** | Write | Boolean | Specifies whether priority account protection is enabled. | | +| **IsValid** | Write | Boolean | Specifies whether the migration configuration is valid. | | +| **ObjectState** | Write | String | Specifies the state of the object. | | +| **Name** | Write | String | Specifies the name of the object. | | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +EXOEmailTenantSettings + +## Description + +This resource allows users to manage email tenant settings. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Organization Management, Security Reader + +#### Role Groups + +- Organization Management, Security Administrator + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOEmailTenantSettings "EXOEmailTenantSettings-Test" + { + IsSingleInstance = "Yes" + EnablePriorityAccountProtection = $True; + Identity = $TenantId; + IsValid = $True; + ObjectState = "Unchanged" + Name = "Default" + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationId = $ApplicationId + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOFocusedInbox.md b/docs/docs/resources/exchange/EXOFocusedInbox.md new file mode 100644 index 0000000000..1bc5b11848 --- /dev/null +++ b/docs/docs/resources/exchange/EXOFocusedInbox.md @@ -0,0 +1,78 @@ +# EXOFocusedInbox + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the mailbox that you want to modify. | | +| **FocusedInboxOn** | Write | Boolean | The FocusedInboxOn parameter enables or disables Focused Inbox for the mailbox. | | +| **FocusedInboxOnLastUpdateTime** | Write | DateTime | Gets the last updated time on focused inbox | | +| **Ensure** | Write | String | Specify if the AcceptedDomain should exist or not. | `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +# EXOFocusedInbox + +## Description +Manage the Focused Inbox configuration for mailboxes in your organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Organization Management, Recipient Management + +#### Role Groups + +- Organization Management, Help Desk + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOFocusedInbox "EXOFocusedInbox-Test" + { + Ensure = "Present"; + FocusedInboxOn = $False; # Updated Property + FocusedInboxOnLastUpdateTime = "1/1/0001 12:00:00 AM"; + Identity = "admin@$TenantId"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOMailTips.md b/docs/docs/resources/exchange/EXOMailTips.md index 166ea4f104..6c5cb88be6 100644 --- a/docs/docs/resources/exchange/EXOMailTips.md +++ b/docs/docs/resources/exchange/EXOMailTips.md @@ -10,7 +10,6 @@ | **MailTipsLargeAudienceThreshold** | Write | UInt32 | Specifies what a large audience is. | | | **MailTipsMailboxSourcedTipsEnabled** | Write | Boolean | Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled. | | | **MailTipsExternalRecipientsTipsEnabled** | Write | Boolean | Specifies whether MailTips for external recipients are enabled. | | -| **Ensure** | Write | String | Specifies if this MailTip should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -45,48 +44,6 @@ To authenticate with Microsoft Exchange, this resource required the following pe This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. -```powershell -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXOMailTips 'OrgWideMailTips' - { - IsSingleInstance = 'Yes' - MailTipsAllTipsEnabled = $True - MailTipsGroupMetricsEnabled = $True - #MailTipsLargeAudienceThreshold = 100 - MailTipsMailboxSourcedTipsEnabled = $True - MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - } - } -} -``` - -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - ```powershell Configuration Example { @@ -115,44 +72,6 @@ Configuration Example #MailTipsLargeAudienceThreshold = 100 MailTipsMailboxSourcedTipsEnabled = $True MailTipsExternalRecipientsTipsEnabled = $True - Ensure = "Present" - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - } - } -} -``` - -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXOMailTips 'OrgWideMailTips' - { - IsSingleInstance = 'Yes' - Ensure = "Absent" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md b/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md new file mode 100644 index 0000000000..686a881e9d --- /dev/null +++ b/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md @@ -0,0 +1,151 @@ +# EXOMailboxCalendarConfiguration + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +| **Identity** | Key | String | Specifies the mailbox identity. | | +| **AgendaMailIntroductionEnabled** | Write | Boolean | Enables or disables agenda mail introduction. | | +| **AutoDeclineWhenBusy** | Write | Boolean | Automatically declines meeting requests when the user is busy. | | +| **CalendarFeedsPreferredLanguage** | Write | String | Preferred language for calendar feeds. | | +| **CalendarFeedsPreferredRegion** | Write | String | Preferred region for calendar feeds. | | +| **CalendarFeedsRootPageId** | Write | String | Root page ID for calendar feeds. | | +| **ConversationalSchedulingEnabled** | Write | Boolean | Enables or disables conversational scheduling. | | +| **CreateEventsFromEmailAsPrivate** | Write | Boolean | Creates events from email as private. | | +| **DefaultMinutesToReduceLongEventsBy** | Write | UInt32 | Default minutes to reduce long events by. | | +| **DefaultMinutesToReduceShortEventsBy** | Write | UInt32 | Default minutes to reduce short events by. | | +| **DefaultOnlineMeetingProvider** | Write | String | Default online meeting provider. | | +| **DefaultReminderTime** | Write | String | Default reminder time. | | +| **DeleteMeetingRequestOnRespond** | Write | Boolean | Deletes meeting request on respond. | | +| **DiningEventsFromEmailEnabled** | Write | Boolean | Enables or disables dining events from email. | | +| **EntertainmentEventsFromEmailEnabled** | Write | Boolean | Enables or disables entertainment events from email. | | +| **EventsFromEmailEnabled** | Write | Boolean | Enables or disables events from email. | | +| **FirstWeekOfYear** | Write | String | Specifies the first week of the year. | | +| **FlightEventsFromEmailEnabled** | Write | Boolean | Enables or disables flight events from email. | | +| **HotelEventsFromEmailEnabled** | Write | Boolean | Enables or disables hotel events from email. | | +| **InvoiceEventsFromEmailEnabled** | Write | Boolean | Enables or disables invoice events from email. | | +| **LocationDetailsInFreeBusy** | Write | String | Specifies location details in free/busy information. | | +| **MailboxLocation** | Write | String | Specifies the mailbox location. | | +| **OnlineMeetingsByDefaultEnabled** | Write | Boolean | Enables or disables online meetings by default. | | +| **PackageDeliveryEventsFromEmailEnabled** | Write | Boolean | Enables or disables package delivery events from email. | | +| **PreserveDeclinedMeetings** | Write | Boolean | Preserves declined meetings. | | +| **RemindersEnabled** | Write | Boolean | Enables or disables reminders. | | +| **ReminderSoundEnabled** | Write | Boolean | Enables or disables reminder sound. | | +| **RentalCarEventsFromEmailEnabled** | Write | Boolean | Enables or disables rental car events from email. | | +| **ServiceAppointmentEventsFromEmailEnabled** | Write | Boolean | Enables or disables service appointment events from email. | | +| **ShortenEventScopeDefault** | Write | String | Specifies the default scope for shortening events. | | +| **ShowWeekNumbers** | Write | Boolean | Shows or hides week numbers. | | +| **TimeIncrement** | Write | String | Specifies the time increment for calendar events. | | +| **UseBrightCalendarColorThemeInOwa** | Write | Boolean | Uses a bright calendar color theme in Outlook on the web. | | +| **WeatherEnabled** | Write | String | Enables or disables weather information. | | +| **WeatherLocationBookmark** | Write | UInt32 | Specifies the weather location bookmark. | | +| **WeatherLocations** | Write | StringArray[] | Specifies the weather locations. | | +| **WeatherUnit** | Write | String | Specifies the weather unit. | | +| **WeekStartDay** | Write | String | Specifies the start day of the week. | | +| **WorkDays** | Write | String | Specifies the work days. | | +| **WorkingHoursEndTime** | Write | String | Specifies the end time of working hours. | | +| **WorkingHoursStartTime** | Write | String | Specifies the start time of working hours. | | +| **WorkingHoursTimeZone** | Write | String | Specifies the time zone for working hours. | | +| **WorkspaceUserEnabled** | Write | Boolean | Enables or disables workspace user. | | +| **Ensure** | Write | String | Ensures the presence or absence of the configuration. | | + + +## Description + +This resource allows users to manage mailbox calendar settings. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Organization Management, Recipient Management + +#### Role Groups + +- Organization Management, Help Desk + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxCalendarConfiguration "EXOMailboxCalendarConfiguration-Test" + { + AgendaMailIntroductionEnabled = $True; + AutoDeclineWhenBusy = $False; + ConversationalSchedulingEnabled = $True; + CreateEventsFromEmailAsPrivate = $True; + DefaultMinutesToReduceLongEventsBy = 10; + DefaultMinutesToReduceShortEventsBy = 6; # Updated Property + DefaultOnlineMeetingProvider = "TeamsForBusiness"; + DefaultReminderTime = "00:15:00"; + DeleteMeetingRequestOnRespond = $True; + DiningEventsFromEmailEnabled = $True; + Ensure = "Present"; + EntertainmentEventsFromEmailEnabled = $True; + EventsFromEmailEnabled = $True; + FirstWeekOfYear = "FirstDay"; + FlightEventsFromEmailEnabled = $True; + HotelEventsFromEmailEnabled = $True; + Identity = "admin@$TenantId"; + InvoiceEventsFromEmailEnabled = $True; + LocationDetailsInFreeBusy = "Desk"; + PackageDeliveryEventsFromEmailEnabled = $False; + PreserveDeclinedMeetings = $False; + RemindersEnabled = $True; + ReminderSoundEnabled = $True; + RentalCarEventsFromEmailEnabled = $True; + ServiceAppointmentEventsFromEmailEnabled = $True; + ShortenEventScopeDefault = "None"; + ShowWeekNumbers = $False; + TimeIncrement = "ThirtyMinutes"; + UseBrightCalendarColorThemeInOwa = $False; + WeatherEnabled = "FirstRun"; + WeatherLocationBookmark = 0; + WeatherLocations = @(); + WeatherUnit = "Default"; + WeekStartDay = "Sunday"; + WorkDays = "Monday, Tuesday"; + WorkingHoursEndTime = "17:00:00"; + WorkingHoursStartTime = "08:00:00"; + WorkingHoursTimeZone = "Pacific Standard Time"; + WorkspaceUserEnabled = $False; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOMailboxFolderPermission.md b/docs/docs/resources/exchange/EXOMailboxFolderPermission.md new file mode 100644 index 0000000000..e73479bb40 --- /dev/null +++ b/docs/docs/resources/exchange/EXOMailboxFolderPermission.md @@ -0,0 +1,147 @@ +# EXOMailboxFolderPermission + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the target mailbox and folder. The syntax is MailboxID:\ParentFolder[\SubFolder]. For the MailboxID you can use any value that uniquely identifies the mailbox. | | +| **UserPermissions** | Write | MSFT_EXOMailboxFolderUserPermission[] | Mailbox Folder Permissions for the current user. | | +| **Ensure** | Write | String | Determines wheter or not the permission should exist on the mailbox. | `Present` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_EXOMailboxFolderUserPermission + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AccessRights** | Write | StringArray[] | The AccessRights parameter specifies the permissions that you want to add for the user on the mailbox folder. | | +| **User** | Write | String | The User parameter specifies who gets the permissions on the mailbox folder. | | +| **SharingPermissionFlags** | Write | String | The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are: None, Delegate, CanViewPrivateItems | | + + +## Description + +Use this resource to add/set/remove mailbox folder permissions for users in your tenant. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Organization Management, Recipient Management + +#### Role Groups + +- Organization Management, Help Desk + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOMailboxFolderPermission "EXOMailboxFolderPermission-admin:\Calendar" + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "amdin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } + MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Owner' + SharingPermissionFlags = 'Delegate' + } + ); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxFolderPermission "EXOMailboxFolderPermission-admin:\Calendar" + { + Credential = $Credscredential; + Ensure = "Present"; + Identity = "admin:\Calendar"; + UserPermissions = @(MSFT_EXOMailboxFolderUserPermission { + User = 'Default' + AccessRights = 'AvailabilityOnly' + } +MSFT_EXOMailboxFolderUserPermission { + User = 'Anonymous' + AccessRights = 'AvailabilityOnly' + } +MSFT_EXOMailboxFolderUserPermission { + User = 'AlexW' + AccessRights = 'Editor' + SharingPermissionFlags = 'Delegate' + } + ); + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOMailboxIRMAccess.md b/docs/docs/resources/exchange/EXOMailboxIRMAccess.md new file mode 100644 index 0000000000..d349b97793 --- /dev/null +++ b/docs/docs/resources/exchange/EXOMailboxIRMAccess.md @@ -0,0 +1,103 @@ +# EXOMailboxIRMAccess + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the mailbox that you want to modify | | +| **User** | Key | String | The User parameter specifies the delegate who is blocked from reading IRM-protected messages in the mailbox. | | +| **AccessLevel** | Write | String | The AccessLevel parameter specifies what delegates can do to IRM-protected messages in the mailbox that's specified by the Identity parameter. | `Block` | +| **Ensure** | Write | String | Present ensures the resource exists, absent ensures it is removed | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Use this resource to set MailboxIRMAccess settings + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Hygiene Management, Compliance Management, Organization Management, View-Only Organization Management + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOMailboxIRMAccess "EXOMailboxIRMAccess-qwe@testorg.onmicrosoft.com" + { + AccessLevel = "Block"; + Credential = $Credscredential; + Ensure = "Present"; + Identity = "qwe@$OrganizationName"; + User = "admin@$OrganizationName"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOManagementScope.md b/docs/docs/resources/exchange/EXOManagementScope.md new file mode 100644 index 0000000000..873248793d --- /dev/null +++ b/docs/docs/resources/exchange/EXOManagementScope.md @@ -0,0 +1,154 @@ +# EXOManagementScope + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the name of the management scope to modify. | | +| **Name** | Write | String | The Name parameter specifies the name of the management scope. | | +| **RecipientRestrictionFilter** | Write | String | The RecipientRestrictionFilter parameter uses OPATH filter syntax to specify the recipients that are included in the scope. | | +| **RecipientRoot** | Write | String | The RecipientRoot parameter specifies the organizational unit (OU) under which the filter specified with the RecipientRestrictionFilter parameter should be applied. | | +| **Exclusive** | Write | Boolean | The Exclusive switch specifies that the role should be an exclusive scope. | | +| **Ensure** | Write | String | Specifies if this Outbound connector should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Use this resource to create ManagementScopes. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Hygiene Management, Compliance Management, Organization Management, View-Only Organization Management + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'Test*'"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Present"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOManagementScope "EXOManagementScope-Test New DGs" + { + Credential = $Credscredential; + Ensure = "Absent"; + Exclusive = $False; + Identity = "Test New DGs"; + Name = "Test New DGs"; + RecipientRestrictionFilter = "Name -like 'NewTest*'"; + } + + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOPhishSimOverrideRule.md b/docs/docs/resources/exchange/EXOPhishSimOverrideRule.md new file mode 100644 index 0000000000..366c5c5045 --- /dev/null +++ b/docs/docs/resources/exchange/EXOPhishSimOverrideRule.md @@ -0,0 +1,167 @@ +# EXOPhishSimOverrideRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +| **Identity** | Key | String | The unique identifier (GUID or name) of the override rule. This parameter is mandatory. | | +| **Domains** | Write | StringArray[] | The domains for the override rule. | | +| **SenderIpRanges** | Write | StringArray[] | The IP ranges for the override rule. | | +| **Comment** | Write | String | An optional comment for the override rule. | | +| **Policy** | Write | String | The phishing simulation override policy that's associated with the rule. | | +| **Ensure** | Write | String | Ensures the presence or absence of the configuration. | `Present`, `Absent` | + + +## Description + +This resource allows users to manage resource to modify third-party phishing +simulation override rules to bypass Exchange Online Protection filtering. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Comment = "Comment note"; + Domains = @("fabrikam.com","wingtiptoys.com"); + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + Policy = "fc55717b-28bb-4cf3-98ee-9ba57903c978"; + SenderIpRanges = @("192.168.1.55"); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Comment = "New Comment note"; + Ensure = "Present"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOPhishSimOverrideRule "EXOPhishSimOverrideRule-_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b" + { + Ensure = "Absent"; + Identity = "_Exe:PhishSimOverr:d779965e-ab14-4dd8-b3f5-0876a99f988b"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXORetentionPolicy.md b/docs/docs/resources/exchange/EXORetentionPolicy.md new file mode 100644 index 0000000000..b5ee023a0d --- /dev/null +++ b/docs/docs/resources/exchange/EXORetentionPolicy.md @@ -0,0 +1,165 @@ +# EXORetentionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy. | | +| **IsDefault** | Write | Boolean | The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch. | | +| **IsDefaultArbitrationMailbox** | Write | Boolean | The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch. | | +| **Name** | Write | String | The Name parameter specifies a unique name for the retention policy. | | +| **RetentionId** | Write | String | The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them. | | +| **RetentionPolicyTagLinks** | Write | StringArray[] | The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy. | | +| **Ensure** | Write | String | Specifies if this report submission rule should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +# EXORetentionPolicy + +## Description + +Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Organization Management, Recipient Management + +#### Role Groups + +- Organization Management, Help Desk + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); # drifted property + Ensure = "Present"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXORetentionPolicy "EXORetentionPolicy-Test" + { + Name = "Test Retention Policy"; + Identity = "Test Retention Policy"; + IsDefault = $False; + IsDefaultArbitrationMailbox = $False; + RetentionPolicyTagLinks = @("6 Month Delete","Personal 5 year move to archive","1 Month Delete","1 Week Delete","Personal never move to archive","Personal 1 year move to archive","Default 2 year move to archive","Deleted Items","Junk Email","Recoverable Items 14 days move to archive","Never Delete"); + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOSecOpsOverrideRule.md b/docs/docs/resources/exchange/EXOSecOpsOverrideRule.md new file mode 100644 index 0000000000..e012da3f3a --- /dev/null +++ b/docs/docs/resources/exchange/EXOSecOpsOverrideRule.md @@ -0,0 +1,157 @@ +# EXOSecOpsOverrideRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +| **Identity** | Key | String | The unique identifier (GUID or name) of the override rule. This parameter is mandatory. | | +| **Comment** | Write | String | An optional comment for the override rule. | | +| **Policy** | Write | String | The SecOps simulation override policy that's associated with the rule. | | +| **Ensure** | Write | String | Ensures the presence or absence of the configuration. | `Present`, `Absent` | + + +## Description + +This resource allows users to manage resource to modify SecOps +override rules to bypass Exchange Online Protection filtering. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Comment = "TestComment"; + Ensure = "Present"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + Policy = "40528418-717d-4368-a1ae-7912918f8a1f"; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSecOpsOverrideRule "EXOSecOpsOverrideRule-_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245" + { + Ensure = "Absent"; + Identity = "_Exe:SecOpsOverrid:ca3c51ac-925c-49f4-af42-43e26b874245"; + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOTenantAllowBlockListItems.md b/docs/docs/resources/exchange/EXOTenantAllowBlockListItems.md new file mode 100644 index 0000000000..d7b82a5fcc --- /dev/null +++ b/docs/docs/resources/exchange/EXOTenantAllowBlockListItems.md @@ -0,0 +1,184 @@ +# EXOTenantAllowBlockListItems + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Action** | Key | String | The action (allow/block) to take for this list entry | `Allow`, `Block` | +| **Value** | Key | String | The value that you want to add to the Tenant Allow/Block List based on the ListType parameter value | | +| **ExpirationDate** | Write | DateTime | The expiration date of the entry in Coordinated Universal Time (UTC) | | +| **ListSubType** | Write | String | The subtype for this entry | `AdvancedDelivery`, `Tenant` | +| **ListType** | Key | String | The type of entry to add. | `FileHash`, `Sender`, `Url` | +| **Notes** | Write | String | Additional information about the object | | +| **RemoveAfter** | Write | UInt32 | Number of days after the entry is first used for it to removed | | +| **SubmissionID** | Write | String | Reserved for internal Microsoft use | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | + + +## Description + +Use this resource to manage the Exchange Online Tenant Allow/Block List items. + + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Present"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block with updated notes"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTenantAllowBlockListItems "Example" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + TenantId = $TenantId; + Action = "Block"; + Ensure = "Absent"; + ExpirationDate = "10/11/2024 9:00:00 PM"; + ListSubType = "Tenant"; + ListType = "Sender"; + Notes = "Test block"; + SubmissionID = "Non-Submission"; + Value = "example.com"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md index 2ad9520438..15667b067a 100644 --- a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md @@ -89,6 +89,7 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_DeviceManagementConfigurationPolicyAssignments diff --git a/docs/docs/resources/intune/IntuneAppCategory.md b/docs/docs/resources/intune/IntuneAppCategory.md new file mode 100644 index 0000000000..062055e54c --- /dev/null +++ b/docs/docs/resources/intune/IntuneAppCategory.md @@ -0,0 +1,155 @@ +# IntuneAppCategory + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | The name of the app category. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures a resource for navigation property for Intune mobile app categories. Default app categories cannot be renamed. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementApps.Read.All + +- **Update** + + - DeviceManagementApps.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementApps.Read.All + +- **Update** + + - DeviceManagementApps.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Present"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management updated"; + Ensure = "Present"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneAppCategory "IntuneAppCategory-Data Management" + { + Id = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"; + DisplayName = "Custom Data Management"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md index 742ce453d8..3f09651531 100644 --- a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md @@ -43,7 +43,7 @@ | **PinRequiredInsteadOfBiometricTimeout** | Write | String | Timeout in minutes for an app pin instead of non biometrics passcode . | | | **AllowedOutboundClipboardSharingExceptionLength** | Write | UInt32 | Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed. | | | **NotificationRestriction** | Write | String | Specify app notification restriction. | `allow`, `blockOrganizationalData`, `block` | -| **TargetedAppManagementLevels** | Write | String | The intended app management levels for this policy. | `unspecified`, `unmanaged`, `mdm`, `androidEnterprise` | +| **TargetedAppManagementLevels** | Write | StringArray[] | The intended app management levels for this policy. | `unspecified`, `unmanaged`, `mdm`, `androidEnterprise` | | **AppDataEncryptionType** | Write | String | Require app data to be encrypted. | `useDeviceSettings`, `afterDeviceRestart`, `whenDeviceLockedExceptOpenFiles`, `whenDeviceLocked` | | **ExemptedAppProtocols** | Write | StringArray[] | Apps in this list will be exempt from the policy and will be able to receive data from managed apps. | | | **MinimumWipeSdkVersion** | Write | String | Versions less than the specified version will block the managed app from accessing company data. | | diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md index ee9498d7cd..540cb06564 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md @@ -38,7 +38,7 @@ | **ConfigurationManagerComplianceRequired** | Write | Boolean | ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy. | | | **TpmRequired** | Write | Boolean | TpmRequired of the Windows 10 device compliance policy. | | | **DeviceCompliancePolicyScript** | Write | String | DeviceCompliancePolicyScript of the Windows 10 device compliance policy. | | -| **ValidOperatingSystemBuildRanges** | Write | StringArray[] | ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy. | | +| **ValidOperatingSystemBuildRanges** | Write | MSFT_MicrosoftGraphOperatingSystemVersionRange[] | ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -61,6 +61,16 @@ | **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | | **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | +### MSFT_MicrosoftGraphOperatingSystemVersionRange + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | The description of this range (e.g. Valid 1702 builds) | | +| **LowestVersion** | Write | String | The lowest inclusive version that this range contains. | | +| **HighestVersion** | Write | String | The highest inclusive version that this range contains. | | + ## Description diff --git a/docs/docs/resources/intune/IntuneFirewallPolicyWindows10.md b/docs/docs/resources/intune/IntuneFirewallPolicyWindows10.md new file mode 100644 index 0000000000..f9ad6cee2b --- /dev/null +++ b/docs/docs/resources/intune/IntuneFirewallPolicyWindows10.md @@ -0,0 +1,292 @@ +# IntuneFirewallPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Policy description | | +| **DisplayName** | Key | String | Policy name | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **CRLcheck** | Write | String | Certificate revocation list verification (0: Disables CRL checking, 1: Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail., 2: Means that checking is required and that certificate validation fails if any error is encountered during CRL processing) | `0`, `1`, `2` | +| **DisableStatefulFtp** | Write | String | Disable Stateful Ftp (false: Stateful FTP enabled, true: Stateful FTP disabled) | `false`, `true` | +| **EnablePacketQueue** | Write | SInt32Array[] | Enable Packet Queue (0: Indicates that all queuing is to be disabled, 1: Specifies that inbound encrypted packets are to be queued, 2: Specifies that packets are to be queued after decryption is performed for forwarding) | `0`, `1`, `2` | +| **IPsecExempt** | Write | SInt32Array[] | IPsec Exceptions (0: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE: No IPsec exemptions., 1: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC: Exempt neighbor discover IPv6 ICMP type-codes from IPsec., 2: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP: Exempt ICMP from IPsec., 4: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC: Exempt router discover IPv6 ICMP type-codes from IPsec., 8: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP: Exempt both IPv4 and IPv6 DHCP traffic from IPsec.) | `0`, `1`, `2`, `4`, `8` | +| **OpportunisticallyMatchAuthSetPerKM** | Write | String | Opportunistically Match Auth Set Per KM (false: FALSE, true: TRUE) | `false`, `true` | +| **PresharedKeyEncoding** | Write | String | Preshared Key Encoding (0: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0., 1: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8: Encode the preshared key using UTF-8. This symbolic constant has a value of 1.) | `0`, `1` | +| **SaIdleTime** | Write | SInt32 | Security association idle time | | +| **DomainProfile_EnableFirewall** | Write | String | Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall) | `false`, `true` | +| **DomainProfile_DisableUnicastResponsesToMulticastBroadcast** | Write | String | Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked) | `false`, `true` | +| **DomainProfile_EnableLogIgnoredRules** | Write | String | Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules) | `false`, `true` | +| **DomainProfile_GlobalPortsAllowUserPrefMerge** | Write | String | Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On) | `false`, `true` | +| **DomainProfile_DefaultInboundAction** | Write | String | Default Inbound Action for Domain Profile (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **DomainProfile_DisableStealthModeIpsecSecuredPacketExemption** | Write | String | Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE) | `false`, `true` | +| **DomainProfile_AllowLocalPolicyMerge** | Write | String | Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **DomainProfile_EnableLogSuccessConnections** | Write | String | Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections) | `false`, `true` | +| **DomainProfile_AllowLocalIpsecPolicyMerge** | Write | String | Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On) | `false`, `true` | +| **DomainProfile_LogFilePath** | Write | String | Log File Path | | +| **DomainProfile_DisableStealthMode** | Write | String | Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode) | `false`, `true` | +| **DomainProfile_AuthAppsAllowUserPrefMerge** | Write | String | Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On) | `false`, `true` | +| **DomainProfile_EnableLogDroppedPackets** | Write | String | Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets) | `false`, `true` | +| **DomainProfile_Shielded** | Write | String | Shielded (false: Shielding Off, true: Shielding On) | `false`, `true` | +| **DomainProfile_DefaultOutboundAction** | Write | String | Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **DomainProfile_DisableInboundNotifications** | Write | String | Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification) | `false`, `true` | +| **DomainProfile_LogMaxFileSize** | Write | SInt32 | Log Max File Size | | +| **PrivateProfile_EnableFirewall** | Write | String | Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall) | `false`, `true` | +| **PrivateProfile_AllowLocalIpsecPolicyMerge** | Write | String | Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On) | `false`, `true` | +| **PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption** | Write | String | Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE) | `false`, `true` | +| **PrivateProfile_DisableInboundNotifications** | Write | String | Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification) | `false`, `true` | +| **PrivateProfile_Shielded** | Write | String | Shielded (false: Shielding Off, true: Shielding On) | `false`, `true` | +| **PrivateProfile_AllowLocalPolicyMerge** | Write | String | Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **PrivateProfile_DefaultOutboundAction** | Write | String | Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **PrivateProfile_AuthAppsAllowUserPrefMerge** | Write | String | Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On) | `false`, `true` | +| **PrivateProfile_EnableLogIgnoredRules** | Write | String | Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules) | `false`, `true` | +| **PrivateProfile_LogMaxFileSize** | Write | SInt32 | Log Max File Size | | +| **PrivateProfile_DefaultInboundAction** | Write | String | Default Inbound Action for Private Profile (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **PrivateProfile_DisableUnicastResponsesToMulticastBroadcast** | Write | String | Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked) | `false`, `true` | +| **PrivateProfile_LogFilePath** | Write | String | Log File Path | | +| **PrivateProfile_DisableStealthMode** | Write | String | Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode) | `false`, `true` | +| **PrivateProfile_EnableLogSuccessConnections** | Write | String | Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections) | `false`, `true` | +| **PrivateProfile_GlobalPortsAllowUserPrefMerge** | Write | String | Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On) | `false`, `true` | +| **PrivateProfile_EnableLogDroppedPackets** | Write | String | Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets) | `false`, `true` | +| **PublicProfile_EnableFirewall** | Write | String | Enable Public Network Firewall (false: Disable Firewall, true: Enable Firewall) | `false`, `true` | +| **PublicProfile_DefaultOutboundAction** | Write | String | Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **PublicProfile_DisableInboundNotifications** | Write | String | Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification) | `false`, `true` | +| **PublicProfile_DisableStealthModeIpsecSecuredPacketExemption** | Write | String | Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE) | `false`, `true` | +| **PublicProfile_Shielded** | Write | String | Shielded (false: Shielding Off, true: Shielding On) | `false`, `true` | +| **PublicProfile_AllowLocalPolicyMerge** | Write | String | Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **PublicProfile_AuthAppsAllowUserPrefMerge** | Write | String | Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On) | `false`, `true` | +| **PublicProfile_LogFilePath** | Write | String | Log File Path | | +| **PublicProfile_DefaultInboundAction** | Write | String | Default Inbound Action for Public Profile (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **PublicProfile_DisableUnicastResponsesToMulticastBroadcast** | Write | String | Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked) | `false`, `true` | +| **PublicProfile_GlobalPortsAllowUserPrefMerge** | Write | String | Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On) | `false`, `true` | +| **PublicProfile_EnableLogSuccessConnections** | Write | String | Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections) | `false`, `true` | +| **PublicProfile_AllowLocalIpsecPolicyMerge** | Write | String | Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On) | `false`, `true` | +| **PublicProfile_EnableLogDroppedPackets** | Write | String | Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets) | `false`, `true` | +| **PublicProfile_EnableLogIgnoredRules** | Write | String | Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules) | `false`, `true` | +| **PublicProfile_LogMaxFileSize** | Write | SInt32 | Log Max File Size | | +| **PublicProfile_DisableStealthMode** | Write | String | Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode) | `false`, `true` | +| **ObjectAccess_AuditFilteringPlatformConnection** | Write | String | Object Access Audit Filtering Platform Connection (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **ObjectAccess_AuditFilteringPlatformPacketDrop** | Write | String | Object Access Audit Filtering Platform Packet Drop (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AllowedTlsAuthenticationEndpoints** | Write | StringArray[] | Allowed Tls Authentication Endpoints | | +| **ConfiguredTlsAuthenticationNetworkName** | Write | String | Configured Tls Authentication Network Name | | +| **Target** | Write | String | Hyper-V: Target (wsl: WSL) | `wsl` | +| **HyperVVMSettings_DomainProfile_EnableFirewall** | Write | String | Hyper-V: Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall) | `false`, `true` | +| **HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge** | Write | String | Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **HyperVVMSettings_DomainProfile_DefaultInboundAction** | Write | String | Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **HyperVVMSettings_DomainProfile_DefaultOutboundAction** | Write | String | Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **EnableLoopback** | Write | String | Hyper-V: Enable Loopback (false: Disable loopback, true: Enable loopback) | `false`, `true` | +| **HyperVVMSettings_PublicProfile_EnableFirewall** | Write | String | Hyper-V: Enable Public Network Firewall (false: Disable Hyper-V Firewall, true: Enable Hyper-V Firewall) | `false`, `true` | +| **HyperVVMSettings_PublicProfile_DefaultInboundAction** | Write | String | Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **HyperVVMSettings_PublicProfile_DefaultOutboundAction** | Write | String | Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge** | Write | String | Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **HyperVVMSettings_PrivateProfile_EnableFirewall** | Write | String | Hyper-V: Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall) | `false`, `true` | +| **HyperVVMSettings_PrivateProfile_DefaultOutboundAction** | Write | String | Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default) | `0`, `1` | +| **HyperVVMSettings_PrivateProfile_DefaultInboundAction** | Write | String | Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default) | `0`, `1` | +| **HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge** | Write | String | Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On) | `false`, `true` | +| **AllowHostPolicyMerge** | Write | String | Hyper-V: Allow Host Policy Merge (false: AllowHostPolicyMerge Off, true: AllowHostPolicyMerge On) | `false`, `true` | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Firewall Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Intune Firewall Policy for Windows10. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Intune Firewall Policy Windows10"; + DisableStatefulFtp = "false"; + DomainProfile_AllowLocalIpsecPolicyMerge = "false"; + DomainProfile_EnableFirewall = "true"; + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + DomainProfile_LogMaxFileSize = 1024; + ObjectAccess_AuditFilteringPlatformPacketDrop = "1"; + PrivateProfile_EnableFirewall = "true"; + PublicProfile_EnableFirewall = "true"; + Target = "wsl"; + AllowHostPolicyMerge = "false"; + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example updates a Intune Firewall Policy for Windows10. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Intune Firewall Policy Windows10"; + DisableStatefulFtp = "false"; + DomainProfile_AllowLocalIpsecPolicyMerge = "true"; # Updated property + DomainProfile_EnableFirewall = "true"; + DomainProfile_LogFilePath = "%systemroot%\system32\LogFiles\Firewall\pfirewall.log"; + DomainProfile_LogMaxFileSize = 1024; + ObjectAccess_AuditFilteringPlatformPacketDrop = "1"; + PrivateProfile_EnableFirewall = "true"; + PublicProfile_EnableFirewall = "true"; + Target = "wsl"; + AllowHostPolicyMerge = "false"; + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example removes a Device Control Policy. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneFirewallPolicyWindows10 'ConfigureIntuneFirewallPolicyWindows10' + { + Id = '00000000-0000-0000-0000-000000000000' + DisplayName = 'Intune Firewall Policy Windows10' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/intune/MdcSubscriptionDefenderPlan.md b/docs/docs/resources/intune/MdcSubscriptionDefenderPlan.md new file mode 100644 index 0000000000..aeca74d777 --- /dev/null +++ b/docs/docs/resources/intune/MdcSubscriptionDefenderPlan.md @@ -0,0 +1,98 @@ +# MdcSubscriptionDefenderPlan + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **SubscriptionName** | Key | String | The display name of the subscription. | | +| **PlanName** | Key | String | The Defender plan name, for the list all of possible Defender plans refer to Defender for Cloud documentation | | +| **SubscriptionId** | Write | String | The unique identifier of the Azure subscription. | | +| **PricingTier** | Write | String | The pricing tier ('Standard' or 'Free') | | +| **SubPlanName** | Write | String | The Defender sub plan name, for the list all of possible sub plans refer to Defender for Cloud documentation | | +| **Extensions** | Write | String | The extensions offered under the plan, for more information refer to Defender for Cloud documentation | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud. +For more information about the available Defender plans, sub plans and plan extensions refer to Defender for Cloud onboarding API documentation. +https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/update?view=rest-defenderforcloud-2024-01-01&tabs=HTTP + + +To have all security features enabled during plan enablement, make sure to assign the required Azure RBAC permissions to the application running this module. +For more information about the required permissions refer to the documentation https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + MdcSubscriptionDefenderPlan 'TestSubscription' + { + SubscriptionName = 'MyTestSubscription' + PlanName = 'VirtualMachines' + SubPlanName = 'P2' + PricingTier = 'Standard' + SubscriptionId = 'd620d94d-916d-4dd9-9de5-179292873e20' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/office365/O365ExternalConnection.md b/docs/docs/resources/office365/O365ExternalConnection.md new file mode 100644 index 0000000000..051d8412e1 --- /dev/null +++ b/docs/docs/resources/office365/O365ExternalConnection.md @@ -0,0 +1,168 @@ +# O365ExternalConnection + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | The name of the external connector. | | +| **Id** | Write | String | The unique identifier of the external connector. | | +| **Description** | Write | String | The description of the external connector. | | +| **AuthorizedAppIds** | Write | StringArray[] | A collection of application IDs for registered Microsoft Entra apps that are allowed to manage the externalConnection and to index content in the externalConnection. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Absent`, `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures external connectors in Microsoft 365. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - Application.Read.All, ExternalConnection.Read.All + +- **Update** + + - Application.Read.All, ExternalConnection.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp"); + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp", "MySecondApp"); # Drift + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Present"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + O365ExternalConnection "O365ExternalConnection-Contoso HR" + { + ApplicationId = $ApplicationId; + AuthorizedAppIds = @("MyApp"); + CertificateThumbprint = $CertificateThumbprint; + Description = "Connection to index Contoso HR system"; + Ensure = "Absent"; + Id = "contosohr"; + Name = "Contoso HR Nik"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCDeviceConditionalAccessRule.md b/docs/docs/resources/security-compliance/SCDeviceConditionalAccessRule.md new file mode 100644 index 0000000000..efbdb61253 --- /dev/null +++ b/docs/docs/resources/security-compliance/SCDeviceConditionalAccessRule.md @@ -0,0 +1,261 @@ +# SCDeviceConditionalAccessRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | Name for the rule. | | +| **Policy** | Write | String | Name of the associated policy. | | +| **TargetGroups** | Write | StringArray[] | The display names of the graoups targeted by the policy. | | +| **AccountName** | Write | String | The AccountName parameter specifies the account name. | | +| **AccountUserName** | Write | String | The AccountUserName parameter specifies the account user name. | | +| **AllowAppStore** | Write | Boolean | The AllowAppStore parameter specifies whether to allow access to the app store on devices. | | +| **AllowAssistantWhileLocked** | Write | Boolean | The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked. | | +| **AllowConvenienceLogon** | Write | Boolean | The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices. | | +| **AllowDiagnosticSubmission** | Write | Boolean | The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices. | | +| **AllowiCloudBackup** | Write | Boolean | The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices. | | +| **AllowiCloudDocSync** | Write | Boolean | The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices. | | +| **AllowiCloudPhotoSync** | Write | Boolean | The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices. | | +| **AllowJailbroken** | Write | Boolean | The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted devices. | | +| **AllowPassbookWhileLocked** | Write | Boolean | The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked. | | +| **AllowScreenshot** | Write | Boolean | The AllowScreenshot parameter specifies whether to allow screenshots on devices. | | +| **AllowSimplePassword** | Write | Boolean | The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices. | | +| **AllowVideoConferencing** | Write | Boolean | The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. | | +| **AllowVoiceAssistant** | Write | Boolean | The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices. | | +| **AllowVoiceDialing** | Write | Boolean | The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing. | | +| **AntiVirusSignatureStatus** | Write | UInt32 | The AntiVirusSignatureStatus parameter specifies the antivirus signature status. | | +| **AntiVirusStatus** | Write | UInt32 | The AntiVirusStatus parameter specifies the antivirus status. | | +| **AppsRating** | Write | String | The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices. | | +| **AutoUpdateStatus** | Write | String | The AutoUpdateStatus parameter specifies the update settings for devices. | | +| **BluetoothEnabled** | Write | Boolean | The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices. | | +| **CameraEnabled** | Write | Boolean | The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices. | | +| **EmailAddress** | Write | String | The EmailAddress parameter specifies the email address. | | +| **EnableRemovableStorage** | Write | Boolean | The EnableRemovableStorage parameter specifies whether removable storage can be used by devices. | | +| **ExchangeActiveSyncHost** | Write | String | The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host. | | +| **FirewallStatus** | Write | Boolean | The FirewallStatus parameter specifies the acceptable firewall status values on devices. | | +| **ForceAppStorePassword** | Write | Boolean | The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices. | | +| **ForceEncryptedBackup** | Write | Boolean | The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices. | | +| **MaxPasswordAttemptsBeforeWipe** | Write | UInt32 | The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped. | | +| **MaxPasswordGracePeriod** | Write | UInt32 | The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices. | | +| **MoviesRating** | Write | String | The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter. | | +| **PasswordComplexity** | Write | UInt32 | The PasswordComplexity parameter specifies the password complexity. | | +| **PasswordExpirationDays** | Write | UInt32 | The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords. | | +| **PasswordHistoryCount** | Write | UInt32 | The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused. | | +| **PasswordMinComplexChars** | Write | UInt32 | The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter. | | +| **PasswordMinimumLength** | Write | UInt32 | The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords. | | +| **PasswordQuality** | Write | UInt32 | The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password. | | +| **PasswordRequired** | Write | Boolean | The PasswordRequired parameter specifies whether a password is required to access devices. | | +| **PasswordTimeout** | Write | String | The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them. | | +| **PhoneMemoryEncrypted** | Write | Boolean | The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices. | | +| **RegionRatings** | Write | String | The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters. | | +| **RequireEmailProfile** | Write | Boolean | The RequireEmailProfile parameter specifies whether an email profile is required on devices. | | +| **SmartScreenEnabled** | Write | Boolean | The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices. | | +| **SystemSecurityTLS** | Write | Boolean | The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices. | | +| **TVShowsRating** | Write | String | The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter. | | +| **UserAccountControlStatus** | Write | String | The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices. | | +| **WLANEnabled** | Write | Boolean | The WLANEnabled parameter specifies whether Wi-Fi is enabled devices. | | +| **WorkFoldersSyncUrl** | Write | String | The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Absent`, `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Manages Purview Device Conditional Access rules. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - Group.Read.All + +- **Update** + + - Group.Read.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowJailbroken = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyPolicy{394b}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyPolicy"; + RequireEmailProfile = $True; #Drift + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("Communications"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConditionalAccessRule "MyDeviceConditionalAccessRule" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + Name = "MyPolicy{394b}"; + Policy = "MyPolicy"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCDeviceConfigurationRule.md b/docs/docs/resources/security-compliance/SCDeviceConfigurationRule.md new file mode 100644 index 0000000000..4abf57485d --- /dev/null +++ b/docs/docs/resources/security-compliance/SCDeviceConfigurationRule.md @@ -0,0 +1,258 @@ +# SCDeviceConfigurationRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | Name for the rule. | | +| **Policy** | Write | String | Name of the associated policy. | | +| **TargetGroups** | Write | StringArray[] | The display names of the graoups targeted by the policy. | | +| **AccountName** | Write | String | The AccountName parameter specifies the account name. | | +| **AccountUserName** | Write | String | The AccountUserName parameter specifies the account user name. | | +| **AllowAppStore** | Write | Boolean | The AllowAppStore parameter specifies whether to allow access to the app store on devices. | | +| **AllowAssistantWhileLocked** | Write | Boolean | The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked. | | +| **AllowConvenienceLogon** | Write | Boolean | The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices. | | +| **AllowDiagnosticSubmission** | Write | Boolean | The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices. | | +| **AllowiCloudBackup** | Write | Boolean | The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices. | | +| **AllowiCloudDocSync** | Write | Boolean | The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices. | | +| **AllowiCloudPhotoSync** | Write | Boolean | The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices. | | +| **AllowPassbookWhileLocked** | Write | Boolean | The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked. | | +| **AllowScreenshot** | Write | Boolean | The AllowScreenshot parameter specifies whether to allow screenshots on devices. | | +| **AllowSimplePassword** | Write | Boolean | The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices. | | +| **AllowVideoConferencing** | Write | Boolean | The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. | | +| **AllowVoiceAssistant** | Write | Boolean | The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices. | | +| **AllowVoiceDialing** | Write | Boolean | The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing. | | +| **AntiVirusSignatureStatus** | Write | UInt32 | The AntiVirusSignatureStatus parameter specifies the antivirus signature status. | | +| **AntiVirusStatus** | Write | UInt32 | The AntiVirusStatus parameter specifies the antivirus status. | | +| **AppsRating** | Write | String | The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices. | | +| **AutoUpdateStatus** | Write | String | The AutoUpdateStatus parameter specifies the update settings for devices. | | +| **BluetoothEnabled** | Write | Boolean | The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices. | | +| **CameraEnabled** | Write | Boolean | The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices. | | +| **EmailAddress** | Write | String | The EmailAddress parameter specifies the email address. | | +| **EnableRemovableStorage** | Write | Boolean | The EnableRemovableStorage parameter specifies whether removable storage can be used by devices. | | +| **ExchangeActiveSyncHost** | Write | String | The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host. | | +| **FirewallStatus** | Write | Boolean | The FirewallStatus parameter specifies the acceptable firewall status values on devices. | | +| **ForceAppStorePassword** | Write | Boolean | The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices. | | +| **ForceEncryptedBackup** | Write | Boolean | The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices. | | +| **MaxPasswordAttemptsBeforeWipe** | Write | UInt32 | The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped. | | +| **MaxPasswordGracePeriod** | Write | UInt32 | The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices. | | +| **MoviesRating** | Write | String | The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter. | | +| **PasswordComplexity** | Write | UInt32 | The PasswordComplexity parameter specifies the password complexity. | | +| **PasswordExpirationDays** | Write | UInt32 | The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords. | | +| **PasswordHistoryCount** | Write | UInt32 | The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused. | | +| **PasswordMinComplexChars** | Write | UInt32 | The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter. | | +| **PasswordMinimumLength** | Write | UInt32 | The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords. | | +| **PasswordQuality** | Write | UInt32 | The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password. | | +| **PasswordRequired** | Write | Boolean | The PasswordRequired parameter specifies whether a password is required to access devices. | | +| **PasswordTimeout** | Write | String | The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them. | | +| **PhoneMemoryEncrypted** | Write | Boolean | The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices. | | +| **RegionRatings** | Write | String | The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters. | | +| **RequireEmailProfile** | Write | Boolean | The RequireEmailProfile parameter specifies whether an email profile is required on devices. | | +| **SmartScreenEnabled** | Write | Boolean | The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices. | | +| **SystemSecurityTLS** | Write | Boolean | The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices. | | +| **TVShowsRating** | Write | String | The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter. | | +| **UserAccountControlStatus** | Write | String | The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices. | | +| **WLANEnabled** | Write | Boolean | The WLANEnabled parameter specifies whether Wi-Fi is enabled devices. | | +| **WorkFoldersSyncUrl** | Write | String | The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Absent`, `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +This resource configures a Device Configuration Rule in Purview. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - Group.Read.All + +- **Update** + + - Group.Read.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $True; + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyDeviceConfigurationPolicy{2b18}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyDeviceConfigurationPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("All Company"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + AllowAppStore = $True; + AllowAssistantWhileLocked = $True; + AllowConvenienceLogon = $True; + AllowDiagnosticSubmission = $True; + AllowiCloudBackup = $True; + AllowiCloudDocSync = $True; + AllowiCloudPhotoSync = $True; + AllowPassbookWhileLocked = $True; + AllowScreenshot = $True; + AllowSimplePassword = $True; + AllowVideoConferencing = $True; + AllowVoiceAssistant = $False; # Drift + AllowVoiceDialing = $True; + ApplicationId = $ApplicationId; + BluetoothEnabled = $True; + CameraEnabled = $True; + CertificateThumbprint = $CertificateThumbprint; + EnableRemovableStorage = $True; + Ensure = "Present"; + ForceAppStorePassword = $False; + ForceEncryptedBackup = $False; + Name = "MyDeviceConfigurationPolicy{2b18}"; + PasswordRequired = $False; + PhoneMemoryEncrypted = $False; + Policy = "MyDeviceConfigurationPolicy"; + RequireEmailProfile = $False; + SmartScreenEnabled = $False; + SystemSecurityTLS = $False; + TargetGroups = @("All Company"); + TenantId = $TenantId; + WLANEnabled = $True; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCDeviceConfigurationRule "MyDeviceConfigurationRule" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + Name = "MyDeviceConfigurationPolicy{2b18}"; + Policy = "MyDeviceConfigurationPolicy"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCInsiderRiskEntityList.md b/docs/docs/resources/security-compliance/SCInsiderRiskEntityList.md new file mode 100644 index 0000000000..4c0e22601d --- /dev/null +++ b/docs/docs/resources/security-compliance/SCInsiderRiskEntityList.md @@ -0,0 +1,208 @@ +# SCInsiderRiskEntityList + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | The name of the group or setting. | | +| **ListType** | Required | String | The setting type. | | +| **Description** | Write | String | Description for the group or setting. | | +| **DisplayName** | Write | String | The display name of the group or setting. | | +| **Domains** | Write | MSFT_SCInsiderRiskEntityListDomain[] | List of domains | | +| **FilePaths** | Write | StringArray[] | List of file paths. | | +| **FileTypes** | Write | StringArray[] | List of file types. | | +| **Keywords** | Write | StringArray[] | List of keywords. | | +| **SensitiveInformationTypes** | Write | StringArray[] | List of sensitive information types. | | +| **Sites** | Write | MSFT_SCInsiderRiskEntityListSite[] | List of sites. | | +| **TrainableClassifiers** | Write | StringArray[] | List of trainable classifiers. | | +| **ExceptionKeyworkGroups** | Write | StringArray[] | List of keywords for exception. | | +| **ExcludedClassifierGroups** | Write | StringArray[] | List of excluded trainable classifiers. | | +| **ExcludedDomainGroups** | Write | StringArray[] | List of excluded domains. | | +| **ExcludedFilePathGroups** | Write | StringArray[] | List of excluded file paths. | | +| **ExcludedFileTypeGroups** | Write | StringArray[] | List of excluded file types. | | +| **ExcludedKeyworkGroups** | Write | StringArray[] | List of excluded keywords. | | +| **ExcludedSensitiveInformationTypeGroups** | Write | StringArray[] | List of excluded sensitive information types. | | +| **ExcludedSiteGroups** | Write | StringArray[] | List of excluded sites. | | +| **Ensure** | Write | String | Specify if this entity should exist or not. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_SCInsiderRiskEntityListDomain + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Dmn** | Required | String | Domain name. | | +| **isMLSubDmn** | Write | Boolean | Defines if the entry should include multi-level subdomains or not. | | + +### MSFT_SCInsiderRiskEntityListSite + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Url** | Required | String | Url of the site. | | +| **Name** | Write | String | Name of the site. | | +| **Guid** | Write | String | Unique identifier of the site. | | + + +## Description + +Configures settings for Insider Risk in Purview. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Present"; + FileTypes = @(".exe",".cmd",".bat"); + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Present"; + FileTypes = @(".exe",".txt",".bat"); # Drfit + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskEntityList "SCInsiderRiskEntityList-MyFileType" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Description = "Test file type"; + DisplayName = "MyFileType"; + Ensure = "Absent"; + FileTypes = @(".exe",".cmd",".bat"); + Keywords = @(); + ListType = "CustomFileTypeLists"; + Name = "MyFileTypeList"; + TenantId = $OrganizationName; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCInsiderRiskPolicy.md b/docs/docs/resources/security-compliance/SCInsiderRiskPolicy.md new file mode 100644 index 0000000000..960b48328f --- /dev/null +++ b/docs/docs/resources/security-compliance/SCInsiderRiskPolicy.md @@ -0,0 +1,586 @@ +# SCInsiderRiskPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | Name of the insider risk policy. | | +| **InsiderRiskScenario** | Key | String | Name of the scenario supported by the policy. | | +| **Anonymization** | Write | Boolean | Official documentation to come. | | +| **DLPUserRiskSync** | Write | Boolean | Official documentation to come. | | +| **OptInIRMDataExport** | Write | Boolean | Official documentation to come. | | +| **RaiseAuditAlert** | Write | Boolean | Official documentation to come. | | +| **FileVolCutoffLimits** | Write | String | Official documentation to come. | | +| **AlertVolume** | Write | String | Official documentation to come. | | +| **AnomalyDetections** | Write | Boolean | Official documentation to come. | | +| **CopyToPersonalCloud** | Write | Boolean | Official documentation to come. | | +| **CopyToUSB** | Write | Boolean | Official documentation to come. | | +| **CumulativeExfiltrationDetector** | Write | Boolean | Official documentation to come. | | +| **EmailExternal** | Write | Boolean | Official documentation to come. | | +| **EmployeeAccessedEmployeePatientData** | Write | Boolean | Official documentation to come. | | +| **EmployeeAccessedFamilyData** | Write | Boolean | Official documentation to come. | | +| **EmployeeAccessedHighVolumePatientData** | Write | Boolean | Official documentation to come. | | +| **EmployeeAccessedNeighbourData** | Write | Boolean | Official documentation to come. | | +| **EmployeeAccessedRestrictedData** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToChildAbuseSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToCriminalActivitySites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToCultSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToGamblingSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToHackingSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToHateIntoleranceSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToIllegalSoftwareSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToKeyloggerSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToLlmSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToMalwareSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToPhishingSites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToPornographySites** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToUnallowedDomain** | Write | Boolean | Official documentation to come. | | +| **EpoBrowseToViolenceSites** | Write | Boolean | Official documentation to come. | | +| **EpoCopyToClipboardFromSensitiveFile** | Write | Boolean | Official documentation to come. | | +| **EpoCopyToNetworkShare** | Write | Boolean | Official documentation to come. | | +| **EpoFileArchived** | Write | Boolean | Official documentation to come. | | +| **EpoFileCopiedToRemoteDesktopSession** | Write | Boolean | Official documentation to come. | | +| **EpoFileDeleted** | Write | Boolean | Official documentation to come. | | +| **EpoFileDownloadedFromBlacklistedDomain** | Write | Boolean | Official documentation to come. | | +| **EpoFileDownloadedFromEnterpriseDomain** | Write | Boolean | Official documentation to come. | | +| **EpoFileRenamed** | Write | Boolean | Official documentation to come. | | +| **EpoFileStagedToCentralLocation** | Write | Boolean | Official documentation to come. | | +| **EpoHiddenFileCreated** | Write | Boolean | Official documentation to come. | | +| **EpoRemovableMediaMount** | Write | Boolean | Official documentation to come. | | +| **EpoSensitiveFileRead** | Write | Boolean | Official documentation to come. | | +| **Mcas3rdPartyAppDownload** | Write | Boolean | Official documentation to come. | | +| **Mcas3rdPartyAppFileDelete** | Write | Boolean | Official documentation to come. | | +| **Mcas3rdPartyAppFileSharing** | Write | Boolean | Official documentation to come. | | +| **McasActivityFromInfrequentCountry** | Write | Boolean | Official documentation to come. | | +| **McasImpossibleTravel** | Write | Boolean | Official documentation to come. | | +| **McasMultipleFailedLogins** | Write | Boolean | Official documentation to come. | | +| **McasMultipleStorageDeletion** | Write | Boolean | Official documentation to come. | | +| **McasMultipleVMCreation** | Write | Boolean | Official documentation to come. | | +| **McasMultipleVMDeletion** | Write | Boolean | Official documentation to come. | | +| **McasSuspiciousAdminActivities** | Write | Boolean | Official documentation to come. | | +| **McasSuspiciousCloudCreation** | Write | Boolean | Official documentation to come. | | +| **McasSuspiciousCloudTrailLoggingChange** | Write | Boolean | Official documentation to come. | | +| **McasTerminatedEmployeeActivity** | Write | Boolean | Official documentation to come. | | +| **OdbDownload** | Write | Boolean | Official documentation to come. | | +| **OdbSyncDownload** | Write | Boolean | Official documentation to come. | | +| **PeerCumulativeExfiltrationDetector** | Write | Boolean | Official documentation to come. | | +| **PhysicalAccess** | Write | Boolean | Official documentation to come. | | +| **PotentialHighImpactUser** | Write | Boolean | Official documentation to come. | | +| **Print** | Write | Boolean | Official documentation to come. | | +| **PriorityUserGroupMember** | Write | Boolean | Official documentation to come. | | +| **SecurityAlertDefenseEvasion** | Write | Boolean | Official documentation to come. | | +| **SecurityAlertUnwantedSoftware** | Write | Boolean | Official documentation to come. | | +| **SpoAccessRequest** | Write | Boolean | Official documentation to come. | | +| **SpoApprovedAccess** | Write | Boolean | Official documentation to come. | | +| **SpoDownload** | Write | Boolean | Official documentation to come. | | +| **SpoDownloadV2** | Write | Boolean | Official documentation to come. | | +| **SpoFileAccessed** | Write | Boolean | Official documentation to come. | | +| **SpoFileDeleted** | Write | Boolean | Official documentation to come. | | +| **SpoFileDeletedFromFirstStageRecycleBin** | Write | Boolean | Official documentation to come. | | +| **SpoFileDeletedFromSecondStageRecycleBin** | Write | Boolean | Official documentation to come. | | +| **SpoFileLabelDowngraded** | Write | Boolean | Official documentation to come. | | +| **SpoFileLabelRemoved** | Write | Boolean | Official documentation to come. | | +| **SpoFileSharing** | Write | Boolean | Official documentation to come. | | +| **SpoFolderDeleted** | Write | Boolean | Official documentation to come. | | +| **SpoFolderDeletedFromFirstStageRecycleBin** | Write | Boolean | Official documentation to come. | | +| **SpoFolderDeletedFromSecondStageRecycleBin** | Write | Boolean | Official documentation to come. | | +| **SpoFolderSharing** | Write | Boolean | Official documentation to come. | | +| **SpoSiteExternalUserAdded** | Write | Boolean | Official documentation to come. | | +| **SpoSiteInternalUserAdded** | Write | Boolean | Official documentation to come. | | +| **SpoSiteLabelRemoved** | Write | Boolean | Official documentation to come. | | +| **SpoSiteSharing** | Write | Boolean | Official documentation to come. | | +| **SpoSyncDownload** | Write | Boolean | Official documentation to come. | | +| **TeamsChannelFileSharedExternal** | Write | Boolean | Official documentation to come. | | +| **TeamsChannelMemberAddedExternal** | Write | Boolean | Official documentation to come. | | +| **TeamsChatFileSharedExternal** | Write | Boolean | Official documentation to come. | | +| **TeamsFileDownload** | Write | Boolean | Official documentation to come. | | +| **TeamsFolderSharedExternal** | Write | Boolean | Official documentation to come. | | +| **TeamsMemberAddedExternal** | Write | Boolean | Official documentation to come. | | +| **TeamsSensitiveMessage** | Write | Boolean | Official documentation to come. | | +| **UserHistory** | Write | Boolean | Official documentation to come. | | +| **AWSS3BlockPublicAccessDisabled** | Write | Boolean | Official documentation to come. | | +| **AWSS3BucketDeleted** | Write | Boolean | Official documentation to come. | | +| **AWSS3PublicAccessEnabled** | Write | Boolean | Official documentation to come. | | +| **AWSS3ServerLoggingDisabled** | Write | Boolean | Official documentation to come. | | +| **AzureElevateAccessToAllSubscriptions** | Write | Boolean | Official documentation to come. | | +| **AzureResourceThreatProtectionSettingsUpdated** | Write | Boolean | Official documentation to come. | | +| **AzureSQLServerAuditingSettingsUpdated** | Write | Boolean | Official documentation to come. | | +| **AzureSQLServerFirewallRuleDeleted** | Write | Boolean | Official documentation to come. | | +| **AzureSQLServerFirewallRuleUpdated** | Write | Boolean | Official documentation to come. | | +| **AzureStorageAccountOrContainerDeleted** | Write | Boolean | Official documentation to come. | | +| **BoxContentAccess** | Write | Boolean | Official documentation to come. | | +| **BoxContentDelete** | Write | Boolean | Official documentation to come. | | +| **BoxContentDownload** | Write | Boolean | Official documentation to come. | | +| **BoxContentExternallyShared** | Write | Boolean | Official documentation to come. | | +| **CCFinancialRegulatoryRiskyTextSent** | Write | Boolean | Official documentation to come. | | +| **CCInappropriateContentSent** | Write | Boolean | Official documentation to come. | | +| **CCInappropriateImagesSent** | Write | Boolean | Official documentation to come. | | +| **DropboxContentAccess** | Write | Boolean | Official documentation to come. | | +| **DropboxContentDelete** | Write | Boolean | Official documentation to come. | | +| **DropboxContentDownload** | Write | Boolean | Official documentation to come. | | +| **DropboxContentExternallyShared** | Write | Boolean | Official documentation to come. | | +| **GoogleDriveContentAccess** | Write | Boolean | Official documentation to come. | | +| **GoogleDriveContentDelete** | Write | Boolean | Official documentation to come. | | +| **GoogleDriveContentExternallyShared** | Write | Boolean | Official documentation to come. | | +| **PowerBIDashboardsDeleted** | Write | Boolean | Official documentation to come. | | +| **PowerBIReportsDeleted** | Write | Boolean | Official documentation to come. | | +| **PowerBIReportsDownloaded** | Write | Boolean | Official documentation to come. | | +| **PowerBIReportsExported** | Write | Boolean | Official documentation to come. | | +| **PowerBIReportsViewed** | Write | Boolean | Official documentation to come. | | +| **PowerBISemanticModelsDeleted** | Write | Boolean | Official documentation to come. | | +| **PowerBISensitivityLabelDowngradedForArtifacts** | Write | Boolean | Official documentation to come. | | +| **PowerBISensitivityLabelRemovedFromArtifacts** | Write | Boolean | Official documentation to come. | | +| **HistoricTimeSpan** | Write | String | Official documentation to come. | | +| **InScopeTimeSpan** | Write | String | Official documentation to come. | | +| **EnableTeam** | Write | Boolean | Official documentation to come. | | +| **AnalyticsNewInsightEnabled** | Write | Boolean | Official documentation to come. | | +| **AnalyticsTurnedOffEnabled** | Write | Boolean | Official documentation to come. | | +| **HighSeverityAlertsEnabled** | Write | Boolean | Official documentation to come. | | +| **HighSeverityAlertsRoleGroups** | Write | StringArray[] | Official documentation to come. | | +| **PoliciesHealthEnabled** | Write | Boolean | Official documentation to come. | | +| **PoliciesHealthRoleGroups** | Write | StringArray[] | Official documentation to come. | | +| **NotificationDetailsEnabled** | Write | Boolean | Official documentation to come. | | +| **NotificationDetailsRoleGroups** | Write | StringArray[] | Official documentation to come. | | +| **ClipDeletionEnabled** | Write | Boolean | Official documentation to come. | | +| **SessionRecordingEnabled** | Write | Boolean | Official documentation to come. | | +| **RecordingTimeframePreEventInSec** | Write | String | Official documentation to come. | | +| **RecordingTimeframePostEventInSec** | Write | String | Official documentation to come. | | +| **BandwidthCapInMb** | Write | String | Official documentation to come. | | +| **OfflineRecordingStorageLimitInMb** | Write | String | Official documentation to come. | | +| **AdaptiveProtectionEnabled** | Write | Boolean | Determines if Adaptive Protection is enabled for Purview. | | +| **AdaptiveProtectionHighProfileSourceType** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionHighProfileConfirmedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionHighProfileGeneratedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionHighProfileInsightSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionHighProfileInsightCount** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionHighProfileInsightTypes** | Write | StringArray[] | Official documentation to come. | | +| **AdaptiveProtectionHighProfileConfirmedIssue** | Write | Boolean | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileSourceType** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileConfirmedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileGeneratedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileInsightSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileInsightCount** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileInsightTypes** | Write | StringArray[] | Official documentation to come. | | +| **AdaptiveProtectionMediumProfileConfirmedIssue** | Write | Boolean | Official documentation to come. | | +| **AdaptiveProtectionLowProfileSourceType** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionLowProfileConfirmedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionLowProfileGeneratedIssueSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionLowProfileInsightSeverity** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionLowProfileInsightCount** | Write | UInt32 | Official documentation to come. | | +| **AdaptiveProtectionLowProfileInsightTypes** | Write | StringArray[] | Official documentation to come. | | +| **AdaptiveProtectionLowProfileConfirmedIssue** | Write | Boolean | Official documentation to come. | | +| **RetainSeverityAfterTriage** | Write | Boolean | Official documentation to come. | | +| **LookbackTimeSpan** | Write | UInt32 | Official documentation to come. | | +| **ProfileInScopeTimeSpan** | Write | UInt32 | Official documentation to come. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Absent`, `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures Insider Risk Policies in Purview. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + ApplicationId = $ApplicationId; + AWSS3BlockPublicAccessDisabled = $False; + AWSS3BucketDeleted = $False; + AWSS3PublicAccessEnabled = $False; + AWSS3ServerLoggingDisabled = $False; + AzureElevateAccessToAllSubscriptions = $False; + AzureResourceThreatProtectionSettingsUpdated = $False; + AzureSQLServerAuditingSettingsUpdated = $False; + AzureSQLServerFirewallRuleDeleted = $False; + AzureSQLServerFirewallRuleUpdated = $False; + AzureStorageAccountOrContainerDeleted = $False; + BoxContentAccess = $False; + BoxContentDelete = $False; + BoxContentDownload = $False; + BoxContentExternallyShared = $False; + CCFinancialRegulatoryRiskyTextSent = $False; + CCInappropriateContentSent = $False; + CCInappropriateImagesSent = $False; + CertificateThumbprint = $CertificateThumbprint; + CopyToPersonalCloud = $False; + CopyToUSB = $False; + CumulativeExfiltrationDetector = $True; + DLPUserRiskSync = $True; + DropboxContentAccess = $False; + DropboxContentDelete = $False; + DropboxContentDownload = $False; + DropboxContentExternallyShared = $False; + EmailExternal = $False; + EmployeeAccessedEmployeePatientData = $False; + EmployeeAccessedFamilyData = $False; + EmployeeAccessedHighVolumePatientData = $False; + EmployeeAccessedNeighbourData = $False; + EmployeeAccessedRestrictedData = $False; + EnableTeam = $True; + Ensure = "Present"; + EpoBrowseToChildAbuseSites = $False; + EpoBrowseToCriminalActivitySites = $False; + EpoBrowseToCultSites = $False; + EpoBrowseToGamblingSites = $False; + EpoBrowseToHackingSites = $False; + EpoBrowseToHateIntoleranceSites = $False; + EpoBrowseToIllegalSoftwareSites = $False; + EpoBrowseToKeyloggerSites = $False; + EpoBrowseToLlmSites = $False; + EpoBrowseToMalwareSites = $False; + EpoBrowseToPhishingSites = $False; + EpoBrowseToPornographySites = $False; + EpoBrowseToUnallowedDomain = $False; + EpoBrowseToViolenceSites = $False; + EpoCopyToClipboardFromSensitiveFile = $False; + EpoCopyToNetworkShare = $False; + EpoFileArchived = $False; + EpoFileCopiedToRemoteDesktopSession = $False; + EpoFileDeleted = $False; + EpoFileDownloadedFromBlacklistedDomain = $False; + EpoFileDownloadedFromEnterpriseDomain = $False; + EpoFileRenamed = $False; + EpoFileStagedToCentralLocation = $False; + EpoHiddenFileCreated = $False; + EpoRemovableMediaMount = $False; + EpoSensitiveFileRead = $False; + FileVolCutoffLimits = "59"; + GoogleDriveContentAccess = $False; + GoogleDriveContentDelete = $False; + GoogleDriveContentExternallyShared = $False; + HistoricTimeSpan = "89"; + InScopeTimeSpan = "30"; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Mcas3rdPartyAppFileDelete = $False; + Mcas3rdPartyAppFileSharing = $False; + McasActivityFromInfrequentCountry = $False; + McasImpossibleTravel = $False; + McasMultipleFailedLogins = $False; + McasMultipleStorageDeletion = $False; + McasMultipleVMCreation = $True; + McasMultipleVMDeletion = $False; + McasSuspiciousAdminActivities = $False; + McasSuspiciousCloudCreation = $False; + McasSuspiciousCloudTrailLoggingChange = $False; + McasTerminatedEmployeeActivity = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + OdbDownload = $False; + OdbSyncDownload = $False; + OptInIRMDataExport = $True; + PeerCumulativeExfiltrationDetector = $False; + PhysicalAccess = $False; + PotentialHighImpactUser = $False; + PowerBIDashboardsDeleted = $False; + PowerBIReportsDeleted = $False; + PowerBIReportsDownloaded = $False; + PowerBIReportsExported = $False; + PowerBIReportsViewed = $False; + PowerBISemanticModelsDeleted = $False; + PowerBISensitivityLabelDowngradedForArtifacts = $False; + PowerBISensitivityLabelRemovedFromArtifacts = $False; + Print = $False; + PriorityUserGroupMember = $False; + RaiseAuditAlert = $True; + SecurityAlertDefenseEvasion = $False; + SecurityAlertUnwantedSoftware = $False; + SpoAccessRequest = $False; + SpoApprovedAccess = $False; + SpoDownload = $False; + SpoDownloadV2 = $False; + SpoFileAccessed = $False; + SpoFileDeleted = $False; + SpoFileDeletedFromFirstStageRecycleBin = $False; + SpoFileDeletedFromSecondStageRecycleBin = $False; + SpoFileLabelDowngraded = $False; + SpoFileLabelRemoved = $False; + SpoFileSharing = $True; + SpoFolderDeleted = $False; + SpoFolderDeletedFromFirstStageRecycleBin = $False; + SpoFolderDeletedFromSecondStageRecycleBin = $False; + SpoFolderSharing = $False; + SpoSiteExternalUserAdded = $False; + SpoSiteInternalUserAdded = $False; + SpoSiteLabelRemoved = $False; + SpoSiteSharing = $False; + SpoSyncDownload = $False; + TeamsChannelFileSharedExternal = $False; + TeamsChannelMemberAddedExternal = $False; + TeamsChatFileSharedExternal = $False; + TeamsFileDownload = $False; + TeamsFolderSharedExternal = $False; + TeamsMemberAddedExternal = $False; + TeamsSensitiveMessage = $False; + TenantId = $TenantId; + UserHistory = $False; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + Anonymization = $false + AlertVolume = "Medium"; + AnalyticsNewInsightEnabled = $False; + AnalyticsTurnedOffEnabled = $False; + AnomalyDetections = $False; + ApplicationId = $ApplicationId; + AWSS3BlockPublicAccessDisabled = $False; + AWSS3BucketDeleted = $False; + AWSS3PublicAccessEnabled = $False; + AWSS3ServerLoggingDisabled = $False; + AzureElevateAccessToAllSubscriptions = $False; + AzureResourceThreatProtectionSettingsUpdated = $False; + AzureSQLServerAuditingSettingsUpdated = $False; + AzureSQLServerFirewallRuleDeleted = $False; + AzureSQLServerFirewallRuleUpdated = $False; + AzureStorageAccountOrContainerDeleted = $False; + BoxContentAccess = $False; + BoxContentDelete = $False; + BoxContentDownload = $False; + BoxContentExternallyShared = $False; + CCFinancialRegulatoryRiskyTextSent = $False; + CCInappropriateContentSent = $False; + CCInappropriateImagesSent = $False; + CertificateThumbprint = $CertificateThumbprint; + CopyToPersonalCloud = $False; + CopyToUSB = $False; + CumulativeExfiltrationDetector = $True; + DLPUserRiskSync = $True; + DropboxContentAccess = $False; + DropboxContentDelete = $False; + DropboxContentDownload = $False; + DropboxContentExternallyShared = $False; + EmailExternal = $False; + EmployeeAccessedEmployeePatientData = $False; + EmployeeAccessedFamilyData = $False; + EmployeeAccessedHighVolumePatientData = $False; + EmployeeAccessedNeighbourData = $False; + EmployeeAccessedRestrictedData = $False; + EnableTeam = $True; + Ensure = "Present"; + EpoBrowseToChildAbuseSites = $False; + EpoBrowseToCriminalActivitySites = $False; + EpoBrowseToCultSites = $False; + EpoBrowseToGamblingSites = $False; + EpoBrowseToHackingSites = $False; + EpoBrowseToHateIntoleranceSites = $False; + EpoBrowseToIllegalSoftwareSites = $False; + EpoBrowseToKeyloggerSites = $False; + EpoBrowseToLlmSites = $False; + EpoBrowseToMalwareSites = $False; + EpoBrowseToPhishingSites = $False; + EpoBrowseToPornographySites = $False; + EpoBrowseToUnallowedDomain = $False; + EpoBrowseToViolenceSites = $False; + EpoCopyToClipboardFromSensitiveFile = $False; + EpoCopyToNetworkShare = $False; + EpoFileArchived = $False; + EpoFileCopiedToRemoteDesktopSession = $False; + EpoFileDeleted = $False; + EpoFileDownloadedFromBlacklistedDomain = $False; + EpoFileDownloadedFromEnterpriseDomain = $False; + EpoFileRenamed = $False; + EpoFileStagedToCentralLocation = $False; + EpoHiddenFileCreated = $False; + EpoRemovableMediaMount = $False; + EpoSensitiveFileRead = $False; + FileVolCutoffLimits = "59"; + GoogleDriveContentAccess = $False; + GoogleDriveContentDelete = $False; + GoogleDriveContentExternallyShared = $False; + HistoricTimeSpan = "89"; + InScopeTimeSpan = "30"; + InsiderRiskScenario = "TenantSetting"; + Mcas3rdPartyAppDownload = $False; + Mcas3rdPartyAppFileDelete = $False; + Mcas3rdPartyAppFileSharing = $False; + McasActivityFromInfrequentCountry = $False; + McasImpossibleTravel = $False; + McasMultipleFailedLogins = $False; + McasMultipleStorageDeletion = $False; + McasMultipleVMCreation = $True; + McasMultipleVMDeletion = $False; + McasSuspiciousAdminActivities = $False; + McasSuspiciousCloudCreation = $False; + McasSuspiciousCloudTrailLoggingChange = $False; + McasTerminatedEmployeeActivity = $False; + Name = "IRM_Tenant_Setting"; + NotificationDetailsEnabled = $True; + OdbDownload = $False; + OdbSyncDownload = $False; + OptInIRMDataExport = $True; + PeerCumulativeExfiltrationDetector = $False; + PhysicalAccess = $False; + PotentialHighImpactUser = $False; + PowerBIDashboardsDeleted = $False; + PowerBIReportsDeleted = $False; + PowerBIReportsDownloaded = $False; + PowerBIReportsExported = $False; + PowerBIReportsViewed = $False; + PowerBISemanticModelsDeleted = $False; + PowerBISensitivityLabelDowngradedForArtifacts = $False; + PowerBISensitivityLabelRemovedFromArtifacts = $False; + Print = $False; + PriorityUserGroupMember = $False; + RaiseAuditAlert = $True; + SecurityAlertDefenseEvasion = $False; + SecurityAlertUnwantedSoftware = $False; + SpoAccessRequest = $False; + SpoApprovedAccess = $False; + SpoDownload = $False; + SpoDownloadV2 = $False; + SpoFileAccessed = $False; + SpoFileDeleted = $False; + SpoFileDeletedFromFirstStageRecycleBin = $False; + SpoFileDeletedFromSecondStageRecycleBin = $False; + SpoFileLabelDowngraded = $False; + SpoFileLabelRemoved = $False; + SpoFileSharing = $True; + SpoFolderDeleted = $False; + SpoFolderDeletedFromFirstStageRecycleBin = $False; + SpoFolderDeletedFromSecondStageRecycleBin = $False; + SpoFolderSharing = $False; + SpoSiteExternalUserAdded = $False; + SpoSiteInternalUserAdded = $False; + SpoSiteLabelRemoved = $False; + SpoSiteSharing = $False; + SpoSyncDownload = $False; + TeamsChannelFileSharedExternal = $False; + TeamsChannelMemberAddedExternal = $False; + TeamsChatFileSharedExternal = $True; # Drift + TeamsFileDownload = $False; + TeamsFolderSharedExternal = $False; + TeamsMemberAddedExternal = $False; + TeamsSensitiveMessage = $False; + TenantId = $TenantId; + UserHistory = $False; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Ensure = "Absent"; + InsiderRiskScenario = "TenantSetting"; + Name = "IRM_Tenant_Setting"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCRecordReviewNotificationTemplateConfig.md b/docs/docs/resources/security-compliance/SCRecordReviewNotificationTemplateConfig.md new file mode 100644 index 0000000000..db06db4c26 --- /dev/null +++ b/docs/docs/resources/security-compliance/SCRecordReviewNotificationTemplateConfig.md @@ -0,0 +1,90 @@ +# SCRecordReviewNotificationTemplateConfig + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | +| **CustomizedNotificationDataString** | Write | String | The CustomizedNotificationDataString parameter specifies the customized review notification text to use. If the value contains spaces, enclose the value in quotation marks. | | +| **CustomizedReminderDataString** | Write | String | The CustomizedReminderDataString parameter specifies the customized review reminder text to use. If the value contains spaces, enclose the value in quotation marks. | | +| **IsCustomizedNotificationTemplate** | Write | Boolean | The IsCustomizedNotificationTemplate switch specifies whether to use a customized review notification instead of the system default notification. | | +| **IsCustomizedReminderTemplate** | Write | Boolean | The IsCustomizedReminderTemplate switch specifies whether to use a customized review reminder instead of the system default reminder. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures Purview Records Management disposition settings. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SCRecordReviewNotificationTemplateConfig "SCRecordReviewNotificationTemplateConfig" + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + CustomizedNotificationDataString = "This is my Notification Message"; + CustomizedReminderDataString = "This is my reminder message"; + IsCustomizedNotificationTemplate = $True; + IsCustomizedReminderTemplate = $True; + IsSingleInstance = "Yes"; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCRoleGroup.md b/docs/docs/resources/security-compliance/SCRoleGroup.md index db061cc3ed..da49632bb6 100644 --- a/docs/docs/resources/security-compliance/SCRoleGroup.md +++ b/docs/docs/resources/security-compliance/SCRoleGroup.md @@ -5,6 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Name** | Key | String | The Name parameter specifies the name of the role. The maximum length of the name is 64 characters. | | +| **DisplayName** | Write | String | The DisplayName parameter specifies the friendly name of the role group. If the name contains spaces, enclose the name in quotation marks. This parameter has a maximum length of 256 characters. | | | **Description** | Write | String | The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks | | | **Roles** | Write | StringArray[] | The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas. | | | **Ensure** | Write | String | Specify if the Role Group should exist or not. | `Present`, `Absent` | diff --git a/docs/docs/resources/security-compliance/SCSensitivityLabel.md b/docs/docs/resources/security-compliance/SCSensitivityLabel.md index 6731ac0fff..6d2c1e8fe0 100644 --- a/docs/docs/resources/security-compliance/SCSensitivityLabel.md +++ b/docs/docs/resources/security-compliance/SCSensitivityLabel.md @@ -48,6 +48,7 @@ | **SiteAndGroupProtectionEnabled** | Write | Boolean | The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels. | | | **SiteAndGroupProtectionPrivacy** | Write | String | The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label. | `Public`, `Private`, `Unspecified` | | **SiteAndGroupExternalSharingControlType** | Write | String | The SiteAndGroupExternalSharingControlType parameter specifies the external user sharing setting for the label. | `ExternalUserAndGuestSharing`, `ExternalUserSharingOnly`, `ExistingExternalUserSharingOnly`, `Disabled` | +| **AutoLabelingSettings** | Write | MSFT_SCSLAutoLabelingSettings | The AutoLabelingSettings parameter specifies the conditions for label to be automatically applied to files and emails. | | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -56,6 +57,49 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +### MSFT_SCSLSensitiveInformationType + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Required | String | Name of the Sensitive Information Type | | +| **confidencelevel** | Write | String | Confidence level value for the Sensitive Information | `Low`, `Medium`, `High` | +| **classifiertype** | Write | String | Type of Classifier value for the Sensitive Information | | +| **mincount** | Write | String | Minimum Count value for the Sensitive Information | | +| **maxcount** | Write | String | Maximum Count value for the Sensitive Information | | + +### MSFT_SCSLTrainableClassifiers + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Required | String | Name of the Trainable Classifier | | +| **id** | Write | String | Id of the Trainable Classifier | | + +### MSFT_SCSLSensitiveInformationGroup + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **SensitiveInformationType** | Write | MSFT_SCSLSensitiveInformationType[] | Sensitive Information Content Types | | +| **TrainableClassifier** | Write | MSFT_SCSLTrainableClassifiers[] | Trainable Classifiers | | +| **Name** | Required | String | Name of the group | | +| **Operator** | Required | String | How to process the Sensitive Information Types and Trainable Classifiers | `And`, `Or` | + +### MSFT_SCSLAutoLabelingSettings + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Groups** | Required | MSFT_SCSLSensitiveInformationGroup[] | Groups of sensitive information types. | | +| **Operator** | Required | String | How to process the various groups | `And`, `Or` | +| **PolicyTip** | Write | String | Display this message to users when the label is applied | | +| **AutoApplyType** | Required | String | Specifies what to do when content matches the conditions | `Automatic`, `Recommend` | + ### MSFT_SCLabelSetting #### Parameters @@ -207,3 +251,152 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + SCSensitivityLabel 'ConfigureSensitivityLabel' + { + Name = 'DemoLabel' + Comment = 'Demo Label comment' + ToolTip = 'Demo tool tip' + DisplayName = 'Demo Label' + ApplyContentMarkingFooterAlignment = 'Center' + ApplyContentMarkingFooterEnabled = $true + ApplyContentMarkingFooterFontColor = '#FF0000' + ApplyContentMarkingFooterFontSize = 10 + ApplyContentMarkingFooterMargin = 5 + ApplyContentMarkingFooterText = 'Demo footer text' + ApplyContentMarkingHeaderAlignment = 'Center' + ApplyContentMarkingHeaderEnabled = $true + ApplyContentMarkingHeaderFontColor = '#FF0000' + ApplyContentMarkingHeaderFontSize = 10 + ApplyContentMarkingHeaderMargin = 5 + ApplyContentMarkingHeaderText = 'demo header text' + ApplyWaterMarkingEnabled = $true + ApplyWaterMarkingFontColor = '#FF0000' + ApplyWaterMarkingFontSize = 10 + ApplyWaterMarkingLayout = 'Diagonal' + ApplyWaterMarkingText = 'demo watermark' + SiteAndGroupProtectionAllowAccessToGuestUsers = $true + SiteAndGroupProtectionAllowEmailFromGuestUsers = $true + SiteAndGroupProtectionAllowFullAccess = $true + SiteAndGroupProtectionAllowLimitedAccess = $true + SiteAndGroupProtectionBlockAccess = $true + SiteAndGroupProtectionEnabled = $true + SiteAndGroupProtectionPrivacy = 'Private' + LocaleSettings = @( + MSFT_SCLabelLocaleSettings + { + LocaleKey = 'DisplayName' + LabelSettings = @( + MSFT_SCLabelSetting + { + Key = 'en-us' + Value = 'English Display Names' + } + MSFT_SCLabelSetting + { + Key = 'fr-fr' + Value = "Nom da'ffichage francais" + } + ) + } + MSFT_SCLabelLocaleSettings + { + LocaleKey = 'StopColor' + LabelSettings = @( + MSFT_SCLabelSetting + { + Key = 'en-us' + Value = 'RedGreen' + } + MSFT_SCLabelSetting + { + Key = 'fr-fr' + Value = 'Rouge' + } + ) + } + ) + AdvancedSettings = @( + MSFT_SCLabelSetting + { + Key = 'AllowedLevel' + Value = @('Sensitive', 'Classified') + } + MSFT_SCLabelSetting + { + Key = 'LabelStatus' + Value = 'Enabled' + } + ) + AutoLabelingSettings = MSFT_SCSLAutoLabelingSettings + { + Operator = 'And' + AutoApplyType = 'Recommend' + PolicyTip = 'My Perfect Test Tip!' + Groups = @( + MSFT_SCSLSensitiveInformationGroup + { + Name = 'Group1' + Operator = 'Or' + SensitiveInformationType = @( + MSFT_SCSLSensitiveInformationType + { + name = 'ABA Routing Number' + confidencelevel = 'High' + maxcount = -1 + mincount = 1 + } + ) + TrainableClassifier = @( + MSFT_SCSLTrainableClassifiers + { + name = 'Legal Affairs' + } + ) + } + MSFT_SCSLSensitiveInformationGroup + { + Name = 'Group2' + Operator = 'And' + SensitiveInformationType = @( + MSFT_SCSLSensitiveInformationType + { + name = 'All Full Names' + confidencelevel = 'High' + maxcount = 100 + mincount = 10 + } + ) + TrainableClassifier = @( + MSFT_SCSLTrainableClassifiers + { + name = 'Threat' + } + ) + } + ) + } + ParentId = 'Personal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md b/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md new file mode 100644 index 0000000000..c3406169eb --- /dev/null +++ b/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md @@ -0,0 +1,58 @@ +# SCUnifiedAuditLogRetentionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | The description for the audit log retention policy | | +| **Name** | Key | String | Unique name for the audit log retention policy | | +| **Operations** | Write | StringArray[] | Specifies the audit log operations that are retained by the policy | | +| **Priority** | Write | UInt32 | Priority value for the policy that determines the order of policy processing. | | +| **RecordTypes** | Write | StringArray[] | Specifies the audit logs of a specific record type that are retained by the policy. | | +| **RetentionDuration** | Write | String | How long audit log records are kept | `SevenDays`, `OneMonth`, `ThreeMonths`, `SixMonths`, `NineMonths`, `TwelveMonths`, `ThreeYears`, `FiveYears`, `SevenYears`, `TenYears` | +| **UserIds** | Write | StringArray[] | Specifies the audit logs that are retained by the policy based on the ID of the user who performed the action | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | + + +## Description + +The resource configured the Unified Audit Log Retention Policy in the Security and Compliance. + +## Permissions + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credentials + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + SCUnifiedAuditLogRetentionPolicy 'Example' + { + Credential = $Credentials; + Ensure = "Present"; + Name = "Test Policy"; + Priority = 1; + RetentionDuration = "SevenDays"; + } + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SentinelSetting.md b/docs/docs/resources/security-compliance/SentinelSetting.md new file mode 100644 index 0000000000..d2ee71451a --- /dev/null +++ b/docs/docs/resources/security-compliance/SentinelSetting.md @@ -0,0 +1,82 @@ +# SentinelSetting + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ResourceGroupName** | Key | String | The Resource Group Name | | +| **WorkspaceName** | Required | String | The name of the workspace. | | +| **SubscriptionId** | Write | String | Gets subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. | | +| **AnomaliesIsEnabled** | Write | Boolean | Specififies if Anomaly detection should be enabled or not. | | +| **EntityAnalyticsIsEnabled** | Write | Boolean | Specififies if Entity Analyticsshould be enabled or not. | | +| **EyesOnIsEnabled** | Write | Boolean | Specififies if Auditing and Health Monitoring should be enabled or not. | | +| **UebaDataSource** | Write | StringArray[] | The list of Data sources associated with the UEBA. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures settings for a Sentinel instance. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} +``` + diff --git a/docs/docs/resources/security-compliance/SentinelWatchlist.md b/docs/docs/resources/security-compliance/SentinelWatchlist.md new file mode 100644 index 0000000000..42ef092a7e --- /dev/null +++ b/docs/docs/resources/security-compliance/SentinelWatchlist.md @@ -0,0 +1,201 @@ +# SentinelWatchlist + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | Tha name of the watchlist. | | +| **SubscriptionId** | Write | String | The name of the resource group. The name is case insensitive. | | +| **ResourceGroupName** | Write | String | The name of the resource group. The name is case insensitive. | | +| **WorkspaceName** | Write | String | The name of the workspace. | | +| **Id** | Write | String | The id (a Guid) of the watchlist | | +| **DisplayName** | Write | String | The display name of the watchlist. | | +| **SourceType** | Write | String | The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request. | | +| **ItemsSearchKey** | Write | String | The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. | | +| **Description** | Write | String | A description of the watchlist | | +| **DefaultDuration** | Write | String | The default duration of a watchlist (in ISO 8601 duration format) | | +| **Alias** | Write | String | The watchlist alias | | +| **NumberOfLinesToSkip** | Write | UInt32 | The number of lines in a csv content to skip before the header | | +| **RawContent** | Write | String | The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2 | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Absent`, `Present` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures watchlists in Azure Sentinel. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Present"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 0; # Drift + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SentinelWatchlist "SentinelWatchlist-TestWatch" + { + Alias = "MyAlias"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DefaultDuration = "P1DT3H"; + Description = "My description"; + DisplayName = "My Display Name"; + Ensure = "Absent"; + ItemsSearchKey = "Test"; + Name = "MyWatchList"; + NumberOfLinesToSkip = 1; + RawContent = 'MyContent' + ResourceGroupName = "MyResourceGroup"; + SourceType = "Local"; + SubscriptionId = "20f41296-9edc-4374-b5e0-b1c1aa07e7d3"; + TenantId = $TenantId; + WorkspaceName = "MyWorkspace"; + } + } +} +``` + diff --git a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md index cc24a9a375..bcfe8f4ad9 100644 --- a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md +++ b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md @@ -14,6 +14,7 @@ | **ExternalServicesEnabled** | Write | Boolean | Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters. | | | **EmailAttestationRequired** | Write | Boolean | Sets email attestation to required | | | **EmailAttestationReAuthDays** | Write | UInt32 | Sets email attestation re-auth days | | +| **EnableRestrictedAccessControl** | Write | Boolean | Enables or disables the restricted access control. | | | **Ensure** | Write | String | Only value accepted is 'Present' | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the account to authenticate with. | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md index f1f8ce6b78..a289995bec 100644 --- a/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md +++ b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Unique identifier of the application instance of a policy-based recording application to be retrieved. | | -| **ComplianceRecordingApplications** | Write | StringArray[] | A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet. | | +| **ComplianceRecordingApplications** | Write | MSFT_TeamsComplianceRecordingApplication[] | A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet. | | | **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to. | | | **DisableComplianceRecordingAudioNotificationForCalls** | Write | Boolean | Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording. | | | **Enabled** | Write | Boolean | Controls whether this Teams recording policy is active or not. | | @@ -18,6 +18,20 @@ | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +### MSFT_TeamsComplianceRecordingApplication + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | A name that uniquely identifies the application instance of the policy-based recording application. | | +| **ComplianceRecordingPairedApplications** | Write | StringArray[] | Determines the other policy-based recording applications to pair with this application to achieve application resiliency. Can only have one paired application. | | +| **RequiredBeforeMeetingJoin** | Write | Boolean | Indicates whether the policy-based recording application must be in the meeting before the user is allowed to join the meeting. | | +| **RequiredBeforeCallEstablishment** | Write | Boolean | Indicates whether the policy-based recording application must be in the call before the call is allowed to establish. | | +| **RequiredDuringMeeting** | Write | Boolean | Indicates whether the policy-based recording application must be in the meeting while the user is in the meeting. | | +| **RequiredDuringCall** | Write | Boolean | Indicates whether the policy-based recording application must be in the call while the call is active. | | +| **ConcurrentInvitationCount** | Write | String | Determines the number of invites to send out to the application instance of the policy-based recording application. Can be set to 1 or 2 only. | | + ## Description @@ -68,14 +82,34 @@ Configuration Example node localhost { - TeamsComplianceRecordingPolicy 'Example' + TeamsComplianceRecordingPolicy "TeamsComplianceRecordingPolicy-Tag:MyTeamsComplianceRecordingPolicy" { - ComplianceRecordingApplications = @('qwertzuio-abcd-abcd-abcd-qwertzuio'); - Credential = $Credscredential; + Credential = $credsCredential; + ComplianceRecordingApplications = @( + MSFT_TeamsComplianceRecordingApplication{ + Id = '00000000-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('00000000-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + MSFT_TeamsComplianceRecordingApplication{ + Id = '12345678-0000-0000-0000-000000000000' + ComplianceRecordingPairedApplications = @('87654321-0000-0000-0000-000000000000') + ConcurrentInvitationCount = 1 + RequiredDuringCall = $True + RequiredBeforeMeetingJoin = $True + RequiredBeforeCallEstablishment = $True + RequiredDuringMeeting = $True + } + ); + Description = "MyTeamsComplianceRecordingPolicy"; DisableComplianceRecordingAudioNotificationForCalls = $False; - Enabled = $False; + Enabled = $True; Ensure = "Present"; - Identity = "Global"; + Identity = "Tag:MyTeamsComplianceRecordingPolicy"; WarnUserOnRemoval = $True; } } diff --git a/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md b/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md index 2bef8f6002..ee8cb34b28 100644 --- a/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md +++ b/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md @@ -17,7 +17,7 @@ This function does not generate any output. | FileName | False | String | | | Specifies the name of the file in which the exported DSC configuration should be stored. | | ConfigurationName | False | String | | | Specifies the name of the configuration that will be generated. | | Components | False | String[] | | | Specifies the components for which an export should be created. | -| Workloads | False | String[] | | AAD, FABRIC, SPO, EXO, INTUNE, SC, OD, O365, PLANNER, PP, TEAMS | Specifies the workload for which an export should be created for all resources. | +| Workloads | False | String[] | | AAD, DEFENDER, FABRIC, SPO, EXO, INTUNE, SC, OD, O365, PLANNER, PP, TEAMS | Specifies the workload for which an export should be created for all resources. | | Mode | False | String | Default | Lite, Default, Full | Specifies the mode of the export: Lite, Default or Full. | | MaxProcesses | False | Object | | | Specifies the maximum number of processes that should run simultanious. | | GenerateInfo | False | Boolean | | | Specifies if each exported resource should get a link to the Wiki article of the resource. | diff --git a/docs/docs/user-guide/cmdlets/Get-M365DSCCIMInstanceKey.md b/docs/docs/user-guide/cmdlets/Get-M365DSCCIMInstanceKey.md new file mode 100644 index 0000000000..f4b2a95b4d --- /dev/null +++ b/docs/docs/user-guide/cmdlets/Get-M365DSCCIMInstanceKey.md @@ -0,0 +1,18 @@ +# Get-M365DSCCIMInstanceKey + +## Description + +This function gets the key parameter for the specified CIMInstance + +## Output + +This function outputs information as the following type: +**System.String** + +## Parameters + +| Parameter | Required | DataType | Default Value | Allowed Values | Description | +| --- | --- | --- | --- | --- | --- | +| CIMInstance | True | Hashtable | | | | + + diff --git a/docs/docs/user-guide/get-started/prerequisites.md b/docs/docs/user-guide/get-started/prerequisites.md index 0ff30b9b23..243cd7322f 100644 --- a/docs/docs/user-guide/get-started/prerequisites.md +++ b/docs/docs/user-guide/get-started/prerequisites.md @@ -6,6 +6,10 @@ For Microsoft365DSC to function, you need to arrange the following components: Microsoft365DSC is supported for PowerShell version 5.1 and 7.3+. For additional details on how to leverage it with PowerShell 7, please refer to our [PowerShell 7+ Guide for Microsoft365DSC](https://microsoft365dsc.com/user-guide/get-started/powershell7-support/). +### Windows Remote Management (WinRM) + +Microsoft365DSC uses the Local Configuration Manager (LCM). This requires PowerShell Remoting to be enabled. Please run either `winrm quickconfig -force` or `Enable-PSRemoting -Force -SkipNetworkProfileCheck` to enable it. + ### Tooling To get the best experience running Microsoft365DSC cmdlets, it is recommended that you use the Windows Terminal. All screenshots provided in this article are using the Windows Terminal. This tool allows you to quickly switch between PowerShell versions and provide better support for icons and symbols that are used throughout Microsoft365DSC’s experience.