Merge pull request #1566 from microsoft/Dev

.github/workflows/PublishGitHubPages.yml

@@ -73,11 +73,10 @@ jobs:
           git config --local user.email "nik.charlebois@microsoft.com"
           git config --local user.name "Nik Charlebois"
           git add D:/a/Microsoft365DSC/Microsoft365DSC/docs/docs/resources/*
+          git pull
           git commit -m "Add changes"
           git push
 
-
-
   deploy:
     needs: GenerateResource
     runs-on: ubuntu-latest

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Change log for Microsoft365DSC
 
+# 1.21.1117.1
+
+* EXOTransportRule
+  * Fixed issues with invalid State property and missing Enabled one;
+    ISSUE #1554;
+* IntuneDeviceCompliancePolicyAndroidDeviceOwner
+  * Initial release;
+* DEPENDENCIES
+  * Updated DSCParser to version 1.3.0.2;
+  * Updated MSCloudLoginAssistant to version 1.0.78;
+
 # 1.21.1110.1
 
 * MISC

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -338,14 +338,18 @@ function Set-TargetResource
     $currentParameters.Remove("AvailableToOtherTenants") | Out-Null
     $currentParameters.Remove("PublicClient") | Out-Null
 
-    if ($null -ne $currentParameters.KnownClientApplications)
+    if ($currentParameters.KnownClientApplications)
     {
         $apiValue = @{
             KnownClientApplications = $currentParameters.KnownClientApplications
         }
         $currentParameters.Add("Api", $apiValue)
         $currentParameters.Remove("KnownClientApplications") | Out-Null
     }
+    else
+    {
+        $currentParameters.Remove("KnownClientApplications") | Out-Null
+    }
 
     if ($ReplyUrls -or $LogoutURL -or $Homepage)
     {
@@ -392,6 +396,10 @@ function Set-TargetResource
     if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present')
     {
         $currentParameters.Remove("ObjectId") | Out-Null
+
+        # Passing in the Oauth2RequirePostResponse parameter returns an error when calling update-mgapplication.
+        # Removing it temporarly for the update scenario.
+        $currentParameters.Remove("Oauth2RequirePostResponse") | Out-Null
         $currentParameters.Add("ApplicationId", $currentAADApp.ObjectId)
         Write-Verbose -Message "Updating existing AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)"
         Update-MgApplication @currentParameters

Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1

@@ -210,31 +210,63 @@ function Set-TargetResource
     $currentAADNamedLocation = Get-TargetResource @PSBoundParameters
 
     $desiredValues = @{
-        DisplayName = $DisplayName
-        AdditionalProperties = @{
-            IsTrusted = $IsTrusted
-            IPRanges = @{
-                CidrAddress = $IPRanges
+        '@odata.type' = $OdataType
+        displayName = $DisplayName
+        isTrusted = $IsTrusted
+    }
+    if ($OdataType -eq '#microsoft.graph.ipNamedLocation')
+    {
+        $IpRangesValue = @()
+        foreach ($IpRange in $IpRanges)
+        {
+            $ipRangeType = '#microsoft.graph.iPv4CidrRange'
+            if ($IpRange.Contains(':'))
+            {
+                $ipRangeType = '#microsoft.graph.iPv6CidrRange'
+            }
+            $IpRangesValue += @{
+                '@odata.type' = $ipRangeType
+                cidrAddress = $IPRange
             }
-            CountriesAndRegions               = $CountriesAndRegions
-            IncludeUnknownCountriesAndRegions = $IncludeUnknownCountriesAndRegions
         }
+        if ($IpRangesValue)
+        {
+            $desiredValues.Add("ipRanges", $IpRangesValue)
+        }
+    }
+    elseif ($OdataType -eq '#microsoft.graph.countryNamedLocation')
+    {
+        $desiredValues.Add("includeUnknownCountriesAndRegions", $IncludeUnknownCountriesAndRegions)
+        $desiredValues.Add("countriesAndRegions", $CountriesAndRegions)
     }
 
     # Named Location should exist but it doesn't
     if ($Ensure -eq 'Present' -and $currentAADNamedLocation.Ensure -eq "Absent")
     {
         $VerboseAttributes = ($desiredValues | Out-String)
         Write-Verbose -Message "Creating New AAD Named Location {$Displayname)} with attributes: $VerboseAttributes"
-        New-MgIdentityConditionalAccessNamedLocation @desiredValues
+        $JSONValue = ConvertTo-Json $desiredValues | Out-String
+        Write-Verbose -Message "JSON: $JSONValue"
+        $APIUrl = "https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations"
+        Invoke-MgGraphRequest -Method POST `
+            -Uri $APIUrl `
+            -Body $JSONValue | Out-Null
     }
     # Named Location should exist and will be configured to desired state
     elseif ($Ensure -eq 'Present' -and $CurrentAADNamedLocation.Ensure -eq 'Present')
     {
         $desiredValues.Add("NamedLocationId", $currentAADNamedLocation.Id) | Out-Null
         $VerboseAttributes = ($desiredValues | Out-String)
         Write-Verbose -Message "Updating existing AAD Named Location {$Displayname)} with attributes: $VerboseAttributes"
-        Update-MgIdentityConditionalAccessNamedLocation @desiredValues
+
+        $VerboseAttributes = ($desiredValues | Out-String)
+        Write-Verbose -Message "Updating AAD Named Location {$Displayname)} with attributes: $VerboseAttributes"
+        $JSONValue = ConvertTo-Json $desiredValues | Out-String
+        Write-Verbose -Message "JSON: $JSONValue"
+        $APIUrl = "https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations"
+        Invoke-MgGraphRequest -Method PATCH `
+            -Uri $APIUrl `
+            -Body $JSONValue | Out-Null
     }
     # Named Location exist but should not
     elseif ($Ensure -eq 'Absent' -and $CurrentAADNamedLocation.Ensure -eq 'Present')

Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1

@@ -92,7 +92,7 @@ function Get-TargetResource
 
     Write-Verbose -Message "Getting configuration of Azure AD ServicePrincipal"
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-        -InboundParameters $PSBoundParameters
+        -InboundParameters $PSBoundParameters -ProfileName 'Beta'
 
     #region Telemetry
     $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
@@ -273,6 +273,11 @@ function Set-TargetResource
         $CertificateThumbprint
     )
 
+    Write-Verbose -Message "1 - There are now {$((dir function: | measure).Count) functions}"
+    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+        -InboundParameters $PSBoundParameters -ProfileName 'Beta'
+
+    Write-Verbose -Message "2 - There are now {$((dir function: | measure).Count) functions}"
     Write-Verbose -Message "Setting configuration of Azure AD ServicePrincipal"
     #region Telemetry
     $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
@@ -292,7 +297,6 @@ function Set-TargetResource
     $currentParameters.Remove("Ensure") | Out-Null
     $currentParameters.Remove("ObjectID") | Out-Null
 
-
     # ServicePrincipal should exist but it doesn't
     if ($Ensure -eq "Present" -and $currentAADServicePrincipal.Ensure -eq "Absent")
     {
@@ -303,6 +307,8 @@ function Set-TargetResource
     if ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present')
     {
         Write-Verbose -Message "Updating existing Service Principal"
+        Write-Verbose -Message "CurrentParameters: $($currentParameters | Out-String)"
+        Write-Verbose -Message "ServicePrincipalID: $($currentAADServicePrincipal.ObjectID)"
         Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters
     }
     # ServicePrincipal exists but should not
@@ -463,6 +469,7 @@ function Export-TargetResource
         $CertificateThumbprint
     )
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' -InboundParameters $PSBoundParameters
+    Select-MgProfile Beta | Out-Null
 
     #region Telemetry
     $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""

Modules/Microsoft365DSC/DSCResources/MSFT_AADTokenLifetimePolicy/MSFT_AADTokenLifetimePolicy.psm1

@@ -188,7 +188,6 @@ function Set-TargetResource
 
     $currentAADPolicy = Get-TargetResource @PSBoundParameters
     $currentParameters = $PSBoundParameters
-    $currentParameters.Remove("OdataType") | Out-Null
     $currentParameters.Remove("ApplicationId")  | Out-Null
     $currentParameters.Remove("TenantId")  | Out-Null
     $currentParameters.Remove("CertificateThumbprint")  | Out-Null
@@ -198,14 +197,15 @@ function Set-TargetResource
     # Policy should exist but it doesn't
     if ($Ensure -eq 'Present' -and $currentAADPolicy.Ensure -eq "Absent")
     {
-        Write-Verbose -Message "Creating New AzureAD Policy {$Displayname)}"
+        Write-Verbose -Message "Creating new AzureAD Token Lifetime Policy {$Displayname)}"
+        Write-Verbose -Message "Parameters: $($currentParameters | Out-String)}"
         $currentParameters.Remove("Id") | Out-Null
         New-MgPolicyTokenLifetimePolicy @currentParameters
     }
     # Policy should exist and will be configured to desire state
     elseif ($Ensure -eq 'Present' -and $CurrentAADPolicy.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Updating exisitng AzureAD Policy {$Displayname)}"
+        Write-Verbose -Message "Updating existing AzureAD Policy {$Displayname)}"
         $currentParameters.Add("TokenLifetimePolicyId", $currentAADPolicy.ID)
         $currentParameters.Remove("Id") | Out-Null
         Update-MgPolicyTokenLifetimePolicy @currentParameters

Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1

@@ -162,6 +162,10 @@ function Get-TargetResource
         [System.String]
         $DlpPolicy,
 
+        [Parameter()]
+        [System.Boolean]
+        $Enabled,
+
         [Parameter()]
         [System.String]
         $ExceptIfADComparisonAttribute,
@@ -667,11 +671,6 @@ function Get-TargetResource
         [System.String]
         $SetSCL,
 
-        [Parameter()]
-        [ValidateSet('Enabled', 'Disabled')]
-        [System.String]
-        $State,
-
         [Parameter()]
         [System.Boolean]
         $StopRuleProcessing,
@@ -803,6 +802,7 @@ function Get-TargetResource
             CopyTo                                        = $TransportRule.CopyTo
             DeleteMessage                                 = $TransportRule.DeleteMessage
             DlpPolicy                                     = $TransportRule.DlpPolicy
+            Enabled                                       = $TransportRule.Enabled
             ExceptIfADComparisonAttribute                 = $TransportRule.ExceptIfADComparisonAttribute
             ExceptIfADComparisonOperator                  = $TransportRule.ExceptIfADComparisonOperator
             ExceptIfAnyOfCcHeader                         = $TransportRule.ExceptIfAnyOfCcHeader
@@ -925,7 +925,6 @@ function Get-TargetResource
             SetHeaderName                                 = $TransportRule.SetHeaderName
             SetHeaderValue                                = $TransportRule.SetHeaderValue
             SetSCL                                        = $TransportRule.SetSCL
-            State                                         = $TransportRule.State
             StopRuleProcessing                            = $TransportRule.StopRuleProcessing
             SubjectContainsWords                          = $TransportRule.SubjectContainsWords
             SubjectMatchesPatterns                        = $TransportRule.SubjectMatchesPatterns
@@ -1710,6 +1709,7 @@ function Set-TargetResource
 
     $SetTransportRuleParams = $NewTransportRuleParams.Clone()
     $SetTransportRuleParams.Add('Identity', $Name)
+    $SetTransportRuleParams.Remove("Enabled") | Out-Null
 
     # CASE: Transport Rule doesn't exist but should;
     if ($Ensure -eq "Present" -and $currentTransportRuleConfig.Ensure -eq "Absent")
@@ -1898,6 +1898,10 @@ function Test-TargetResource
         [System.String]
         $DlpPolicy,
 
+        [Parameter()]
+        [System.Boolean]
+        $Enabled,
+
         [Parameter()]
         [System.String]
         $ExceptIfADComparisonAttribute,
@@ -2403,11 +2407,6 @@ function Test-TargetResource
         [System.String]
         $SetSCL,
 
-        [Parameter()]
-        [ValidateSet('Enabled', 'Disabled')]
-        [System.String]
-        $State,
-
         [Parameter()]
         [System.Boolean]
         $StopRuleProcessing,
@@ -2540,6 +2539,10 @@ function Export-TargetResource
         {
             Write-Host $Global:M365DSCEmojiGreenCheckMark
         }
+        else
+        {
+            Write-Host "`r`n" -NoNewLine
+        }
         foreach ($TransportRule in $AllTransportRules)
         {
             Write-Host "    |---[$i/$($AllTransportRules.Count)] $($TransportRule.Name)" -NoNewline

Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof

@@ -161,7 +161,6 @@ class MSFT_EXOTransportRule : OMI_BaseResource
     [Write, Description("The SetAuditSeverity parameter specifies an action that sets the severity level of the incident report and the corresponding entry that's written to the message tracking log when messages violate DLP policies."), ValueMap{"DoNotAudit","Low","Medium","High"}, Values{"DoNotAudit","Low","Medium","High"}] String SetAuditSeverity;
     [Write, Description("The SetHeaderName parameter specifies an action that adds or modifies a header field in the message header.")] String SetHeaderName;
     [Write, Description("The SetHeaderValue parameter specifies an action that adds or modifies a header field in the message header.")] String SetHeaderValue;
-    [Write, Description("The State parameter specifies filters the results by enabled or disabled rules.")] String State;
     [Write, Description("The SetSCL parameter specifies an action that adds or modifies the SCL value of messages.")] String SetSCL;
     [Write, Description("The StopRuleProcessing parameter specifies an action that stops processing more rules.")] Boolean StopRuleProcessing;
     [Write, Description("The SubjectContainsWords parameter specifies a condition that looks for words in the Subject field of messages.")] String SubjectContainsWords[];