Skip to content

Commit

Permalink
Merge pull request #3859 from microsoft/Dev
Browse files Browse the repository at this point in the history 
Release 1.23.1101.1
  • Loading branch information
@NikCharlebois
NikCharlebois authored Nov 1, 2023
2 parents 52106e2 + 1386a84 commit bbe318f
Show file tree
Hide file tree
Showing 20 changed files with 927 additions and 80 deletions.
23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,27 @@
# Change log for Microsoft365DSC

# 1.23.1101.1

* AADRoleEligibilityScheduleRequest
* Fixes how the Get method retrieves existing instances for Groups.
FIXES [#3787](https://github.com/microsoft/Microsoft365DSC/issues/3787)
* SCSecurityFilter
* Fixes an issue because Region could be empty
FIXES: [#3854](https://github.com/microsoft/Microsoft365DSC/issues/3854)
* SPOSharingSettings
* Fixes parameter validation of ExternalUserExpireInDays and ExternalUserExpirationRequired.
FIXES [#3856](https://github.com/microsoft/Microsoft365DSC/issues/3856)
* TeamsComplianceRecordingPolicy
* Fix an issue where the Compliance Application ID wasn't properly retrieved.
FIXES [#3848](https://github.com/microsoft/Microsoft365DSC/issues/3848)

# 1.23.1025.1

* AADEntitlementManagementAccessPackageAssignmentPolicy
* Fixes an issue where reviewers were not properly exported
* M365DSCDRGUTIL
* Fixes an issue with Get-M365DSCDRGComplexTypeToHashtable where Beta cmdlet were not recognized for recursive calls
FIXES [#3448](https://github.com/microsoft/Microsoft365DSC/issues/3448)
* AADApplication
* Changes to how permissions drifts are logged.
FIXES [#3830](https://github.com/microsoft/Microsoft365DSC/issues/3830)
Expand Down Expand Up @@ -33,6 +53,9 @@
* IntuneAntivirusPolicyWindows10SettingCatalog
* Added "-All" parameter to retrieve all settings from a template.
FIXES [#3722](https://github.com/microsoft/Microsoft365DSC/issues/3722)
* IntuneDeviceCleanupRule
* Initial release.
FIXES [#3599](https://github.com/microsoft/Microsoft365DSC/issues/3599)
* TeamsGroupPolicyAssignment
* Fixes the export of CsGroup, when the display name of a group is included in
another display name.
Expand Down
91 changes: 85 additions & 6 deletions ...ssPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ function Get-TargetResource
Write-Verbose -Message "Found access package assignment policy with id {$($getValue.Id)} and DisplayName {$DisplayName}"

#region Format AccessReviewSettings
$formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings
$formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings -Verbose
if($null -ne $formattedAccessReviewSettings)
{
$formattedAccessReviewSettings.remove('additionalProperties') | Out-Null
Expand All @@ -139,6 +139,7 @@ function Get-TargetResource
if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
{
$user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue

if ($null -ne $user)
{
$setting.add('Id', $user.UserPrincipalName)
Expand All @@ -148,7 +149,7 @@ function Get-TargetResource
{
$setting.add('ManagerLevel', $setting.AdditionalProperties.managerLevel)
}
$setting.remove('additionalProperties') | Out-Null
$setting.remove('AdditionalProperties') | Out-Null
}
}
#endregion
Expand All @@ -170,7 +171,11 @@ function Get-TargetResource
$setting.add('odataType', $setting.AdditionalProperties.'@odata.type')
if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
{
$setting.add('Id', $setting.AdditionalProperties.id)
$user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$setting.add('Id', $user.UserPrincipalName)
}
}
if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel))
{
Expand All @@ -187,7 +192,11 @@ function Get-TargetResource
$setting.add('odataType', $setting.AdditionalProperties.'@odata.type')
if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id))
{
$setting.add('Id', $setting.AdditionalProperties.id)
$user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$setting.add('Id', $user.UserPrincipalName)
}
}
if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.managerLevel))
{
Expand Down Expand Up @@ -462,6 +471,36 @@ function Set-TargetResource
}
}
}
if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers)
{
for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++)
{
$primaryApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i]
if ($null -ne $primaryApprover.id)
{
$user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$CreateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id
}
}
}
}
if ( $null -ne $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers)
{
for ($i = 0; $i -lt $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++)
{
$escalationApprover = $CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i]
if ($null -ne $escalationApprover.id)
{
$user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$CreateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id
}
}
}
}
if ($null -ne $CreateParameters.RequestorSettings -and $null -ne $CreateParameters.RequestorSettings.AllowedRequestors)
{
for ($i = 0; $i -lt $CreateParameters.RequestorSettings.AllowedRequestors.Length; $i++)
Expand Down Expand Up @@ -527,6 +566,36 @@ function Set-TargetResource
}
}
}
if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers)
{
for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers.Length; $i++)
{
$primaryApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i]
if ($null -ne $primaryApprover.id)
{
$user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($primaryApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$UpdateParameters.RequestApprovalSettings.ApprovalStages.PrimaryApprovers[$i].Id = $user.Id
}
}
}
}
if ($null -ne $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers)
{
for ($i = 0; $i -lt $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers.Length; $i++)
{
$escalationApprover = $UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i]
if ($null -ne $escalationApprover.id)
{
$user = Get-MgUser -Filter "startswith(UserPrincipalName, '$($escalationApprover.Id.Split('@')[0])')" -ErrorAction SilentlyContinue
if ($null -ne $user)
{
$UpdateParameters.RequestApprovalSettings.ApprovalStages.EscalationApprovers[$i].Id = $user.Id
}
}
}
}
if ($null -ne $UpdateParameters.RequestorSettings -and $null -ne $UpdateParameters.RequestorSettings.AllowedRequestors)
{
#Write-Verbose -Message "Updating Requestors' Id"
Expand Down Expand Up @@ -810,7 +879,17 @@ function Export-TargetResource

if ($null -ne $Results.AccessReviewSettings)
{
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AccessReviewSettings -CIMInstanceName MicrosoftGraphassignmentreviewsettings
$complexMapping = @(
@{
Name = 'Reviewers'
CimInstanceName = 'MicrosoftGraphuserset'
IsRequired = $false
}
)
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
-ComplexObject $Results.AccessReviewSettings `
-CIMInstanceName MicrosoftGraphassignmentreviewsettings `
-ComplexTypeMapping $complexMapping
if ($complexTypeStringResult)
{
$Results.AccessReviewSettings = $complexTypeStringResult
Expand Down Expand Up @@ -939,7 +1018,7 @@ function Export-TargetResource
if ($null -ne $Results.AccessReviewSettings)
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AccessReviewSettings'
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers'
#$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers'
}
if ($null -ne $Results.Questions )
{
Expand Down
65 changes: 36 additions & 29 deletions ...ources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,10 +177,16 @@
$RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
Write-Verbose -Message "Found Role {$RoleDefinitionId}"

$schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'"
}
}
if ($null -eq $request)
else
{
$RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
$schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($request.PrincipalId)' and RoleDefinitionId eq '$RoleDefinitionId'"
}
if ($null -eq $schedule -or $null -eq $request)
{
return $nullResult
}
Expand All @@ -201,47 +207,46 @@
{
return $nullResult
}
$RoleDefinitionValue = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId

$ScheduleInfoValue = @{}

if ($null -ne $request.ScheduleInfo.Expiration)
if ($null -ne $schedule.ScheduleInfo.Expiration)
{
$expirationValue = @{
duration = $request.ScheduleInfo.Expiration.Duration
type = $request.ScheduleInfo.Expiration.Type
duration = $schedule.ScheduleInfo.Expiration.Duration
type = $schedule.ScheduleInfo.Expiration.Type
}
if ($null -ne $request.ScheduleInfo.Expiration.EndDateTime)
if ($null -ne $schedule.ScheduleInfo.Expiration.EndDateTime)
{
$expirationValue.Add('endDateTime', $request.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
$expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
}
$ScheduleInfoValue.Add('expiration', $expirationValue)
}
if ($null -ne $request.ScheduleInfo.Recurrence)
if ($null -ne $schedule.ScheduleInfo.Recurrence)
{
$recurrenceValue = @{
pattern = @{
dayOfMonth = $request.ScheduleInfo.Recurrence.Pattern.dayOfMonth
daysOfWeek = $request.ScheduleInfo.Recurrence.Pattern.daysOfWeek
firstDayOfWeek = $request.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek
index = $request.ScheduleInfo.Recurrence.Pattern.index
interval = $request.ScheduleInfo.Recurrence.Pattern.interval
month = $request.ScheduleInfo.Recurrence.Pattern.month
type = $request.ScheduleInfo.Recurrence.Pattern.type
dayOfMonth = $schedule.ScheduleInfo.Recurrence.Pattern.dayOfMonth
daysOfWeek = $schedule.ScheduleInfo.Recurrence.Pattern.daysOfWeek
firstDayOfWeek = $schedule.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek
index = $schedule.ScheduleInfo.Recurrence.Pattern.index
interval = $schedule.ScheduleInfo.Recurrence.Pattern.interval
month = $schedule.ScheduleInfo.Recurrence.Pattern.month
type = $schedule.ScheduleInfo.Recurrence.Pattern.type
}
range = @{
endDate = $request.ScheduleInfo.Recurrence.Range.endDate
numberOfOccurrences = $request.ScheduleInfo.Recurrence.Range.numberOfOccurrences
recurrenceTimeZone = $request.ScheduleInfo.Recurrence.Range.recurrenceTimeZone
startDate = $request.ScheduleInfo.Recurrence.Range.startDate
type = $request.ScheduleInfo.Recurrence.Range.type
endDate = $schedule.ScheduleInfo.Recurrence.Range.endDate
numberOfOccurrences = $schedule.ScheduleInfo.Recurrence.Range.numberOfOccurrences
recurrenceTimeZone = $schedule.ScheduleInfo.Recurrence.Range.recurrenceTimeZone
startDate = $schedule.ScheduleInfo.Recurrence.Range.startDate
type = $schedule.ScheduleInfo.Recurrence.Range.type
}
}
$ScheduleInfoValue.Add('Recurrence', $recurrenceValue)
}
if ($null -ne $request.ScheduleInfo.StartDateTime)
if ($null -ne $schedule.ScheduleInfo.StartDateTime)
{
$ScheduleInfoValue.Add('StartDateTime', $request.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
$ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ"))
}

$ticketInfoValue = $null
Expand All @@ -254,19 +259,19 @@
}

$PrincipalValue = $null
if ($PrincipalTypeValue -eq 'User')
if ($PrincipalType -eq 'User')
{
$PrincipalValue = $PrincipalInstance.UserPrincipalName
}
elseif ($PrincipalTypeValue -eq 'Group')
if ($null -eq $PrincipalValue -or $PrincipalTypeValue -eq 'Group')
{
$PrincipalValue = $PrincipalInstance.DisplayName
}

$results = @{
Principal = $PrincipalValue
PrincipalType = $PrincipalTypeValue
RoleDefinition = $RoleDefinitionValue.DisplayName
RoleDefinition = $RoleDefinition
DirectoryScopeId = $request.DirectoryScopeId
AppScopeId = $request.AppScopeId
Action = $request.Action
Expand Down Expand Up @@ -729,10 +734,10 @@ function Export-TargetResource
#region resource generator code
$schedules = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -All -ErrorAction Stop
[array] $Script:exportedInstances = @()
foreach ($schedule in $schedules)
{
[array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
[array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
-Filter "Status ne 'Revoked'" -ErrorAction Stop
foreach ($schedule in $schedules)
{
[array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript {$_.TargetScheduleId -eq $schedule.Id}
}
#endregion
Expand All @@ -751,10 +756,12 @@ function Export-TargetResource
{
$displayedKey = $request.Id
Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline

$RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
$params = @{
Id = $request.Id
Principal = $request.PrincipalId
RoleDefinition = 'TempDefinition'
RoleDefinition = $RoleDefinitionId.DisplayName
ScheduleInfo = 'TempSchedule'
Ensure = 'Present'
Credential = $Credential
Expand Down
Loading

0 comments on commit bbe318f

Please sign in to comment.