Merge pull request #1151 from microsoft/Dev

Release 1.21.414.1
microsoft · Apr 14, 2021 · bf200bf · bf200bf
2 parents bf4c112 + 405f3c8
commit bf200bf
Show file tree

Hide file tree

Showing 13 changed files with 3,195 additions and 82 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Change log for Microsoft365DSC
 
+# 1.21.414.1
+
+* AADConditionalAccessPolicy
+  * Fixed an issue with the default values for device states;
+* EXOHostedContentFilterPolicy
+  * Fixed issue where EndUserSpamNotificationCustomFromName was
+    not properly returned from the Get-TargetResource function;
+* EXOTransportRule
+  * New resource;
+* O365AdminAuditLogConfig
+  * Fixed issue where the Set-TargetResource stopped being
+    executed if an error was encountered;
+* TeamsTeam
+  * Fix format issue with owner issue # 1143
+* DEPENDENCIES
+  * Updated AzureADPreview to version 2.0.2.134;
+  * Updated Microsoft.Graph.Planner to version 1.4.2;
+  * Updated Microsoft.Graph.Teams to version 1.4.2;
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version
+    2.0.112;
+  * Updated MSCloudLoginAssistant to version 1.0.51;
+  * Updated PnP.PowerShell to version 1.5.0;
+
 # 1.21.407.1
 
 * AADConditionalAccessPolicy

diff --git a/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
@@ -76,11 +76,11 @@ function Get-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $includeDevices,
+        $IncludeDevices,
 
         [Parameter()]
         [System.String[]]
-        $excludeDevices,
+        $ExcludeDevices,
 
         #Further conditions
         [Parameter()]
@@ -216,10 +216,9 @@ function Get-TargetResource
 
         Write-Verbose -Message "Get-TargetResource: Process IncludeUsers"
         #translate IncludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers or All
-        $IncludeUsers = $null
+        $IncludeUsers = @()
         if ($Policy.Conditions.Users.IncludeUsers)
         {
-            $IncludeUsers = @()
             foreach ($IncludeUserGUID in $Policy.Conditions.Users.IncludeUsers)
             {
                 if ($IncludeUserGUID -notin "GuestsOrExternalUsers", "All")
@@ -266,10 +265,9 @@ function Get-TargetResource
 
         Write-Verbose -Message "Get-TargetResource: Process ExcludeUsers"
         #translate ExcludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers or All
-        $ExcludeUsers = $null
+        $ExcludeUsers = @()
         if ($Policy.Conditions.Users.ExcludeUsers)
         {
-            $ExcludeUsers = @()
             foreach ($ExcludeUserGUID in $Policy.Conditions.Users.ExcludeUsers)
             {
                 if ($ExcludeUserGUID -notin "GuestsOrExternalUsers", "All")
@@ -317,10 +315,9 @@ function Get-TargetResource
 
         Write-Verbose -Message "Get-TargetResource: Process IncludeGroups"
         #translate IncludeGroup GUIDs to DisplayName
-        $IncludeGroups = $null
+        $IncludeGroups = @()
         if ($Policy.Conditions.Users.IncludeGroups)
         {
-            $IncludeGroups = @()
             foreach ($IncludeGroupGUID in $Policy.Conditions.Users.IncludeGroups)
             {
                 $IncludeGroup = $null
@@ -361,10 +358,9 @@ function Get-TargetResource
 
         Write-Verbose -Message "Get-TargetResource: Process ExcludeGroups"
         #translate ExcludeGroup GUIDs to DisplayName
-        $ExcludeGroups = $null
+        $ExcludeGroups = @()
         if ($Policy.Conditions.Users.ExcludeGroups)
         {
-            $ExcludeGroups = @()
             foreach ($ExcludeGroupGUID in $Policy.Conditions.Users.ExcludeGroups)
             {
                 $ExcludeGroup = $null
@@ -404,8 +400,8 @@ function Get-TargetResource
         }
 
 
-        $IncludeRoles = $null
-        $ExcludeRoles = $null
+        $IncludeRoles = @()
+        $ExcludeRoles = @()
         #translate role template guids to role name
         if ($Policy.Conditions.Users.IncludeRoles -or $Policy.Conditions.Users.ExcludeRoles)
         {
@@ -420,7 +416,6 @@ function Get-TargetResource
             Write-Verbose -Message "Get-TargetResource: Processing IncludeRoles"
             if ($Policy.Conditions.Users.IncludeRoles)
             {
-                $IncludeRoles = @()
                 foreach ($IncludeRoleGUID in $Policy.Conditions.Users.IncludeRoles)
                 {
                     if ($null -eq $rolelookup[$IncludeRoleGUID])
@@ -457,7 +452,6 @@ function Get-TargetResource
             Write-Verbose -Message "Get-TargetResource: Processing ExcludeRoles"
             if ($Policy.Conditions.Users.ExcludeRoles)
             {
-                $ExcludeRoles = @()
                 foreach ($ExcludeRoleGUID in $Policy.Conditions.Users.ExcludeRoles)
                 {
                     if ($null -eq $rolelookup[$ExcludeRoleGUID])
@@ -496,9 +490,11 @@ function Get-TargetResource
         $IncludeLocations = $null
         $ExcludeLocations = $null
         #translate Location template guids to Location name
-        if ($Policy.Conditions.Locations.IncludeLocations -or $Policy.Conditions.Locations.ExcludeLocations)
+        if ($Policy.Conditions.Locations)
         {
             Write-Verbose -Message "Get-TargetResource: Location condition defined, processing"
+            $IncludeLocations = @()
+            $ExcludeLocations = @()
             #build Location translation table
             $Locationlookup = @{}
             foreach ($Location in Get-AzureADMSNamedLocationPolicy)
@@ -509,7 +505,6 @@ function Get-TargetResource
             Write-Verbose -Message "Get-TargetResource: Processing IncludeLocations"
             if ($Policy.Conditions.Locations.IncludeLocations)
             {
-                $IncludeLocations = @()
                 foreach ($IncludeLocationGUID in $Policy.Conditions.Locations.IncludeLocations)
                 {
                     if ($IncludeLocationGUID -in "All", "AllTrusted")
@@ -550,7 +545,6 @@ function Get-TargetResource
             Write-Verbose -Message "Get-TargetResource: Processing ExcludeLocations"
             if ($Policy.Conditions.Locations.ExcludeLocations)
             {
-                $ExcludeLocations = @()
                 foreach ($ExcludeLocationGUID in $Policy.Conditions.Locations.ExcludeLocations)
                 {
                     if ($ExcludeLocationGUID -in "All", "AllTrusted")
@@ -590,7 +584,30 @@ function Get-TargetResource
 
 
         }
-
+        if ($Policy.SessionControls.CloudAppSecurity.IsEnabled)
+        {
+            $CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType
+        }
+        else
+        {
+            $CloudAppSecurityType = $null
+        }
+        if ($Policy.SessionControls.SignInFrequency.IsEnabled)
+        {
+            $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type
+        }
+        else
+        {
+            $SignInFrequencyType = $null
+        }
+        if ($Policy.SessionControls.PersistentBrowser.IsEnabled)
+        {
+            $PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
+        }
+        else
+        {
+            $PersistentBrowserMode = $null
+        }
         $result = @{
             DisplayName                              = $Policy.DisplayName
             Id                                       = $Policy.Id
@@ -614,9 +631,9 @@ function Get-TargetResource
             #no translation needed
             IncludeLocations                         = $IncludeLocations
             ExcludeLocations                         = $ExcludeLocations
-            includeDevices                           = [System.String[]]$Policy.Conditions.Devices.includeDevices
+            IncludeDevices                           = [System.String[]]$Policy.Conditions.Devices.IncludeDevices
             #no translation needed
-            excludeDevices                           = [System.String[]]$Policy.Conditions.Devices.excludeDevices
+            ExcludeDevices                           = [System.String[]]$Policy.Conditions.Devices.ExcludeDevices
             #no translation needed
             UserRiskLevels                           = [System.String[]]$Policy.Conditions.UserRiskLevels
             #no translation needed
@@ -630,27 +647,32 @@ function Get-TargetResource
             #no translation needed
             ApplicationEnforcedRestrictionsIsEnabled = $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled
             #no translation or conversion needed
-            CloudAppSecurityIsEnabled                = $Policy.SessionControls.CloudAppSecurity.IsEnabled
-            #no translation or conversion needed
-            CloudAppSecurityType                     = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType
-            #no translation needed
-            SignInFrequencyValue                     = $Policy.SessionControls.SignInFrequency.Value
-            #no translation or conversion needed
-            SignInFrequencyType                      = [System.String]$Policy.SessionControls.SignInFrequency.Type
-            #no translation needed
-            SignInFrequencyIsEnabled                 = $Policy.SessionControls.SignInFrequency.IsEnabled
-            #no translation or conversion needed
-            PersistentBrowserMode                    = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
-            #no translation needed
-            PersistentBrowserIsEnabled               = $Policy.SessionControls.PersistentBrowser.IsEnabled
-            #no translation or conversion needed
             #Standard part
             Ensure                                   = "Present"
             GlobalAdminAccount                       = $GlobalAdminAccount
             ApplicationId                            = $ApplicationId
             TenantId                                 = $TenantId
             CertificateThumbprint                    = $CertificateThumbprint
         }
+        #adding CloudAppSecurity values if enabled
+        if ($Policy.SessionControls.CloudAppSecurity.IsEnabled)
+        {
+            $result += @{CloudAppSecurityIsEnabled = $Policy.SessionControls.CloudAppSecurity.IsEnabled }
+            $result += @{CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType }
+        }
+        #adding SignInFrequency values if enabled
+        if ($Policy.SessionControls.SignInFrequency.IsEnabled)
+        {
+            $result += @{SignInFrequencyIsEnabled = $Policy.SessionControls.SignInFrequency.IsEnabled }
+            $result += @{SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value }
+            $result += @{SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type }
+        }
+        #adding PersistentBrowser values if enabled
+        if ($Policy.SessionControls.PersistentBrowser.IsEnabled)
+        {
+            $result += @{PersistentBrowserIsEnabled = $Policy.SessionControls.PersistentBrowser.IsEnabled }
+            $result += @{PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode }
+        }
         Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)"
         return $result
     }
@@ -733,11 +755,11 @@ function Set-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $includeDevices,
+        $IncludeDevices,
 
         [Parameter()]
         [System.String[]]
-        $excludeDevices,
+        $ExcludeDevices,
 
         #Further conditions
         [Parameter()]
@@ -1373,13 +1395,13 @@ function Set-TargetResource
         }
 
         Write-Verbose -Message "Set-Targetresource: process device states"
-        if ($includeDevices -or $excludeDevices)
+        if ($IncludeDevices -or $ExcludeDevices)
         {
             #create and provision Device condition object if used
             $conditions.Devices = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessDevicesCondition
-            $conditions.Devices.includeDevices = $includeDevices
+            $conditions.Devices.IncludeDevices = $IncludeDevices
             #no translation or conversion needed
-            $conditions.Devices.excludeDevices = $excludeDevices
+            $conditions.Devices.ExcludeDevices = $ExcludeDevices
             #no translation or conversion needed
         }
         Write-Verbose -Message "Set-Targetresource: process risk levels and app types"
@@ -1627,11 +1649,11 @@ function Test-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $includeDevices,
+        $IncludeDevices,
 
         [Parameter()]
         [System.String[]]
-        $excludeDevices,
+        $ExcludeDevices,
 
         #Further conditions
         [Parameter()]

diff --git a/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
@@ -17,8 +17,8 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
     [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[];
     [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[];
-    [Write, Description("Client Device Compliance states in scope of the Policy.")] String includeDevices[];
-    [Write, Description("Client Device Compliance states out of scope of the Policy.")] String excludeDevices[];
+    [Write, Description("Client Device Compliance states in scope of the Policy.")] String IncludeDevices[];
+    [Write, Description("Client Device Compliance states out of scope of the Policy.")] String ExcludeDevices[];
     [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[];
     [Write, Description("AAD Identity Protection Sign-in Risk Levels in scope of the Policy.")] String SignInRiskLevels[];
     [Write, Description("Client App types in scope of the Policy.")] String ClientAppTypes[];

diff --git a/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1
@@ -661,7 +661,7 @@ function Set-TargetResource
         $HostedContentFilterPolicyParams.Remove('EndUserSpamNotificationCustomFromAddress') | Out-Null
         Write-Verbose -Message "The EndUserSpamNotificationCustomFromAddress parameter is no longer available and will be depricated."
     }
-    if ($HostedContentFilterPolicyParams.Contains('EndUserSpamNotificationCustomFromAddress'))
+    if ($HostedContentFilterPolicyParams.Contains('EndUserSpamNotificationCustomFromName'))
     {
         $HostedContentFilterPolicyParams.Remove('EndUserSpamNotificationCustomFromName') | Out-Null
         Write-Verbose -Message "The EndUserSpamNotificationCustomFromName parameter is no longer available and will be depricated."