Merge pull request #1137 from microsoft/Dev

Release 1.21.407.1

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change log for Microsoft365DSC
 
+# 1.21.407.1
+
+* AADConditionalAccessPolicy
+  * BREAKING: Renamed the 'includeDeviceStates' and 'excludeDeviceStates'
+    parameters to 'includeDevices' and 'excludeDevices';
+* TeamsMeetingPolicy
+  * The Set-CsTeamsMeetingPolicy would fail if recording settings are
+    changed while the AllowCloudRecording is set to false;
+* MISC
+  * Fixed issue in most EXO resources where AzureAD App information
+    was not returned by the Get-TargetResource function;
+
 1.21.331.1
 
 * AADApplication

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -76,11 +76,11 @@ function Get-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $IncludeDeviceStates,
+        $includeDevices,
 
         [Parameter()]
         [System.String[]]
-        $ExcludeDeviceStates,
+        $excludeDevices,
 
         #Further conditions
         [Parameter()]
@@ -614,9 +614,9 @@ function Get-TargetResource
             #no translation needed
             IncludeLocations                         = $IncludeLocations
             ExcludeLocations                         = $ExcludeLocations
-            IncludeDeviceStates                      = [System.String[]]$Policy.Conditions.Devices.IncludeDeviceStates
+            includeDevices                           = [System.String[]]$Policy.Conditions.Devices.includeDevices
             #no translation needed
-            ExcludeDeviceStates                      = [System.String[]]$Policy.Conditions.Devices.ExcludeDeviceStates
+            excludeDevices                           = [System.String[]]$Policy.Conditions.Devices.excludeDevices
             #no translation needed
             UserRiskLevels                           = [System.String[]]$Policy.Conditions.UserRiskLevels
             #no translation needed
@@ -733,11 +733,11 @@ function Set-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $IncludeDeviceStates,
+        $includeDevices,
 
         [Parameter()]
         [System.String[]]
-        $ExcludeDeviceStates,
+        $excludeDevices,
 
         #Further conditions
         [Parameter()]
@@ -1373,13 +1373,13 @@ function Set-TargetResource
         }
 
         Write-Verbose -Message "Set-Targetresource: process device states"
-        if ($IncludeDeviceStates -or $ExcludeDeviceStates)
+        if ($includeDevices -or $excludeDevices)
         {
             #create and provision Device condition object if used
             $conditions.Devices = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessDevicesCondition
-            $conditions.Devices.IncludeDeviceStates = $IncludeDeviceStates
+            $conditions.Devices.includeDevices = $includeDevices
             #no translation or conversion needed
-            $conditions.Devices.ExcludeDeviceStates = $ExcludeDeviceStates
+            $conditions.Devices.excludeDevices = $excludeDevices
             #no translation or conversion needed
         }
         Write-Verbose -Message "Set-Targetresource: process risk levels and app types"
@@ -1627,11 +1627,11 @@ function Test-TargetResource
         #ConditionalAccessDevicesCondition
         [Parameter()]
         [System.String[]]
-        $IncludeDeviceStates,
+        $includeDevices,
 
         [Parameter()]
         [System.String[]]
-        $ExcludeDeviceStates,
+        $excludeDevices,
 
         #Further conditions
         [Parameter()]

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -17,8 +17,8 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
     [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[];
     [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[];
-    [Write, Description("Client Device Compliance states in scope of the Policy.")] String IncludeDeviceStates[];
-    [Write, Description("Client Device Compliance states out of scope of the Policy.")] String ExcludeDeviceStates[];
+    [Write, Description("Client Device Compliance states in scope of the Policy.")] String includeDevices[];
+    [Write, Description("Client Device Compliance states out of scope of the Policy.")] String excludeDevices[];
     [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[];
     [Write, Description("AAD Identity Protection Sign-in Risk Levels in scope of the Policy.")] String SignInRiskLevels[];
     [Write, Description("Client App types in scope of the Policy.")] String ClientAppTypes[];

Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/MSFT_AADMSGroup.psm1

@@ -97,6 +97,7 @@ function Get-TargetResource
             }
             catch
             {
+                Write-Verbose -Message "Couldn't get group by ID, trying by name"
                 $Group = Get-AzureADMSGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
                 if ($Group.Length -gt 1)
                 {
@@ -117,6 +118,7 @@ function Get-TargetResource
 
         if ($null -eq $Group)
         {
+            Write-Verbose -Message "Group was null, returning null"
             return $nullReturn
         }
         else
@@ -294,13 +296,15 @@ function Set-TargetResource
     }
     elseif ($Ensure -eq 'Present' -and $currentGroup.Ensure -eq 'Absent')
     {
-        $currentParameters.Remove("Id")
+        Write-Verbose -Message "Creating new group {$DisplayName}"
+        $currentParameters.Remove("Id") | Out-Null
         try
         {
             New-AzureADMSGroup @currentParameters
         }
         catch
         {
+            Write-Verbose -Message $_
             New-M365DSCLogEntry -Error $_ -Message "Couldn't create group $DisplayName" -Source $MyInvocation.MyCommand.ModuleName
         }
     }

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAcceptedDomain/MSFT_EXOAcceptedDomain.psm1

@@ -10,7 +10,7 @@ function Get-TargetResource
         $Identity,
 
         [Parameter()]
-        [ValidateSet('Authoritative','InternalRelay')]
+        [ValidateSet('Authoritative', 'InternalRelay')]
         [System.String]
         $DomainType = 'Authoritative',
 
@@ -90,36 +90,7 @@ function Get-TargetResource
         if ($null -eq $AcceptedDomain)
         {
             Write-Verbose -Message "AcceptedDomain configuration for $($Identity) does not exist."
-
-            # Check to see if $Identity matches a verified domain in the O365 Tenant
-            $ConnectionMode = New-M365DSCConnection -Platform 'AzureAd' `
-            -InboundParameters $PSBoundParameters
-
-            $VerifiedDomains = Get-AzureADDomain | Where-Object -FilterScript { $_.IsVerified }
-            $MatchingVerifiedDomain = $VerifiedDomains | Where-Object -FilterScript { $_.Name -eq $Identity }
-
-            if ($null -ne $MatchingVerifiedDomain)
-            {
-                Write-Verbose -Message "A verified domain matching $($Identity) does not exist in this O365 Tenant."
-                $nullReturn = @{
-                    DomainType         = $DomainType
-                    Ensure             = $Ensure
-                    GlobalAdminAccount = $GlobalAdminAccount
-                    Identity           = $Identity
-                    MatchSubDomains    = $MatchSubDomains
-                    OutboundOnly       = $OutboundOnly
-                }
-                <#
-                if AcceptedDomain does not exist and does not match a verified domain, return submitted parameters for ReverseDSC.
-                This also prevents Set-TargetResource from running when current state could not be determined
-                #>
-                return $nullReturn
-            }
-            else
-            {
-                # if AcceptedDomain does not exist for a verfied domain, return 'Absent' with submitted parameters to Test-TargetResource.
-                return $nullReturn
-            }
+            return $nullReturn
         }
         else
         {
@@ -178,7 +149,7 @@ function Set-TargetResource
         $Identity,
 
         [Parameter()]
-        [ValidateSet('Authoritative','InternalRelay')]
+        [ValidateSet('Authoritative', 'InternalRelay')]
         [System.String]
         $DomainType = 'Authoritative',
 
@@ -260,7 +231,7 @@ function Test-TargetResource
         $Identity,
 
         [Parameter()]
-        [ValidateSet('Authoritative','InternalRelay')]
+        [ValidateSet('Authoritative', 'InternalRelay')]
         [System.String]
         $DomainType = 'Authoritative',
 
@@ -388,11 +359,11 @@ function Export-TargetResource
         }
         else
         {
-            Write-Host "`r`n" -NoNewLine
+            Write-Host "`r`n" -NoNewline
         }
         foreach ($domain in $AllAcceptedDomains)
         {
-            Write-Host "    |---[$i/$($AllAcceptedDomains.Count)] $($domain.Identity)" -NoNewLine
+            Write-Host "    |---[$i/$($AllAcceptedDomains.Count)] $($domain.Identity)" -NoNewline
 
             $Params = @{
                 Identity              = $domain.Identity

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressBookPolicy/MSFT_EXOAddressBookPolicy.psm1

@@ -93,13 +93,18 @@ function Get-TargetResource
         else
         {
             $result = @{
-                Name               = $AddressBookPolicy.Name
-                AddressLists       = $AddressBookPolicy.AddressLists
-                GlobalAddressList  = $AddressBookPolicy.GlobalAddressList
-                OfflineAddressBook = $AddressBookPolicy.OfflineAddressBook
-                RoomList           = $AddressBookPolicy.RoomList
-                Ensure             = 'Present'
-                GlobalAdminAccount = $GlobalAdminAccount
+                Name                  = $AddressBookPolicy.Name
+                AddressLists          = $AddressBookPolicy.AddressLists
+                GlobalAddressList     = $AddressBookPolicy.GlobalAddressList
+                OfflineAddressBook    = $AddressBookPolicy.OfflineAddressBook
+                RoomList              = $AddressBookPolicy.RoomList
+                Ensure                = 'Present'
+                GlobalAdminAccount    = $GlobalAdminAccount
+                ApplicationId         = $ApplicationId
+                CertificateThumbprint = $CertificateThumbprint
+                CertificatePath       = $CertificatePath
+                CertificatePassword   = $CertificatePassword
+                TenantId              = $TenantId
             }
 
             Write-Verbose -Message "Found Address Book Policy $($Name)"

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1

@@ -190,6 +190,11 @@ function Get-TargetResource
                 RecipientFilter              = $AddressList.RecipientFilter
                 Ensure                       = 'Present'
                 GlobalAdminAccount           = $GlobalAdminAccount
+                ApplicationId                = $ApplicationId
+                CertificateThumbprint        = $CertificateThumbprint
+                CertificatePath              = $CertificatePath
+                CertificatePassword          = $CertificatePassword
+                TenantId                     = $TenantId
             }
 
             Write-Verbose -Message "Found AddressList $($Name)"

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1

@@ -231,6 +231,11 @@ function Get-TargetResource
                 TargetedUsersToProtect                        = $AntiPhishPolicy.TargetedUsersToProtect
                 GlobalAdminAccount                            = $GlobalAdminAccount
                 Ensure                                        = 'Present'
+                ApplicationId                                 = $ApplicationId
+                CertificateThumbprint                         = $CertificateThumbprint
+                CertificatePath                               = $CertificatePath
+                CertificatePassword                           = $CertificatePassword
+                TenantId                                      = $TenantId
             }
 
             Write-Verbose -Message "Found AntiPhishPolicy $($Identity)"

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishRule/MSFT_EXOAntiPhishRule.psm1

@@ -141,6 +141,11 @@ function Get-TargetResource
                     SentToMemberOf            = $AntiPhishRule.SentToMemberOf
                     Ensure                    = 'Present'
                     GlobalAdminAccount        = $GlobalAdminAccount
+                    ApplicationId             = $ApplicationId
+                    CertificateThumbprint     = $CertificateThumbprint
+                    CertificatePath           = $CertificatePath
+                    CertificatePassword       = $CertificatePassword
+                    TenantId                  = $TenantId
                 }
                 if ('Enabled' -eq $AntiPhishRule.State)
                 {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1

@@ -96,7 +96,6 @@ function Get-TargetResource
             }
         }
 
-
         $ApplicationAccessPolicy = $AllApplicationAccessPolicies | Where-Object -FilterScript { $_.Identity -eq $Identity }
 
         if ($null -eq $ApplicationAccessPolicy)
@@ -107,13 +106,18 @@ function Get-TargetResource
         else
         {
             $result = @{
-                Identity           = $ApplicationAccessPolicy.Identity
-                AccessRight        = $ApplicationAccessPolicy.AccessRight
-                AppID              = $ApplicationAccessPolicy.AppID
-                PolicyScopeGroupId = $ApplicationAccessPolicy.ScopeIdentity
-                Description        = $ApplicationAccessPolicy.Description
-                Ensure             = 'Present'
-                GlobalAdminAccount = $GlobalAdminAccount
+                Identity              = $ApplicationAccessPolicy.Identity
+                AccessRight           = $ApplicationAccessPolicy.AccessRight
+                AppID                 = $ApplicationAccessPolicy.AppID
+                PolicyScopeGroupId    = $ApplicationAccessPolicy.ScopeIdentity
+                Description           = $ApplicationAccessPolicy.Description
+                Ensure                = 'Present'
+                GlobalAdminAccount    = $GlobalAdminAccount
+                ApplicationId         = $ApplicationId
+                CertificateThumbprint = $CertificateThumbprint
+                CertificatePath       = $CertificatePath
+                CertificatePassword   = $CertificatePassword
+                TenantId              = $TenantId
             }
 
             Write-Verbose -Message "Found Application Access Policy $($Identity)"

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/MSFT_EXOAtpPolicyForO365.psm1

@@ -27,7 +27,7 @@ function Get-TargetResource
 
         [Parameter()]
         [Boolean]
-        $EnableSafeDocs  = $false,
+        $EnableSafeDocs = $false,
 
         [Parameter()]
         [Boolean]
@@ -105,15 +105,20 @@ function Get-TargetResource
         else
         {
             $result = @{
-                IsSingleInstance                = "Yes"
-                Identity                        = $AtpPolicyForO365.Identity
-                AllowClickThrough               = $AtpPolicyForO365.AllowClickThrough
-                BlockUrls                       = $AtpPolicyForO365.BlockUrls
-                EnableATPForSPOTeamsODB         = $AtpPolicyForO365.EnableATPForSPOTeamsODB
-                EnableSafeDocs                  = $AtpPolicyForO365.EnableSafeDocs
-                EnableSafeLinksForO365Clients   = $AtpPolicyForO365.EnableSafeLinksForO365Clients
-                TrackClicks                     = $AtpPolicyForO365.TrackClicks
-                Ensure                          = 'Present'
+                IsSingleInstance              = "Yes"
+                Identity                      = $AtpPolicyForO365.Identity
+                AllowClickThrough             = $AtpPolicyForO365.AllowClickThrough
+                BlockUrls                     = $AtpPolicyForO365.BlockUrls
+                EnableATPForSPOTeamsODB       = $AtpPolicyForO365.EnableATPForSPOTeamsODB
+                EnableSafeDocs                = $AtpPolicyForO365.EnableSafeDocs
+                EnableSafeLinksForO365Clients = $AtpPolicyForO365.EnableSafeLinksForO365Clients
+                TrackClicks                   = $AtpPolicyForO365.TrackClicks
+                Ensure                        = 'Present'
+                ApplicationId                 = $ApplicationId
+                CertificateThumbprint         = $CertificateThumbprint
+                CertificatePath               = $CertificatePath
+                CertificatePassword           = $CertificatePassword
+                TenantId                      = $TenantId
             }
 
             Write-Verbose -Message "Found AtpPolicyForO365 $($Identity)"
@@ -175,7 +180,7 @@ function Set-TargetResource
 
         [Parameter()]
         [Boolean]
-        $EnableSafeDocs  = $false,
+        $EnableSafeDocs = $false,
 
         [Parameter()]
         [Boolean]
@@ -271,7 +276,7 @@ function Test-TargetResource
 
         [Parameter()]
         [Boolean]
-        $EnableSafeDocs  = $false,
+        $EnableSafeDocs = $false,
 
         [Parameter()]
         [Boolean]
@@ -398,7 +403,7 @@ function Export-TargetResource
             }
             else
             {
-                Write-Host "`r`n" -NoNewLine
+                Write-Host "`r`n" -NoNewline
             }
             $i = 1
             foreach ($atpPolicy in $ATPPolicies)
@@ -413,7 +418,7 @@ function Export-TargetResource
                     CertificatePassword   = $CertificatePassword
                     CertificatePath       = $CertificatePath
                 }
-                Write-Host "    |---[$i/$($ATPPolicies.Length)] $($atpPolicy.Identiy)" -NoNewLine
+                Write-Host "    |---[$i/$($ATPPolicies.Length)] $($atpPolicy.Identiy)" -NoNewline
                 $Results = Get-TargetResource @Params
                 if ($Results.Ensure -eq "Present")
                 {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityAddressSpace/MSFT_EXOAvailabilityAddressSpace.psm1

@@ -119,6 +119,11 @@ function Get-TargetResource
                 TargetAutodiscoverEpr = $TargetAutodiscoverEpr
                 GlobalAdminAccount    = $GlobalAdminAccount
                 Ensure                = 'Present'
+                ApplicationId         = $ApplicationId
+                CertificateThumbprint = $CertificateThumbprint
+                CertificatePath       = $CertificatePath
+                CertificatePassword   = $CertificatePassword
+                TenantId              = $TenantId
             }
 
             Write-Verbose -Message "Found AvailabilityAddressSpace $($Identity)"