Merge pull request #1310 from microsoft/Dev

Release 1.21.714.1
microsoft · Jul 14, 2021 · c7b5520 · c7b5520
2 parents 5cde552 + c7830ab
commit c7b5520
Show file tree

Hide file tree

Showing 19 changed files with 338 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # Change log for Microsoft365DSC
 
+# 1.21.714.1
+
+* EXOHostedContentFilterPolicy
+  * Fixed issues with null values falsely detected as drifts;
+    ISSUE #1165
+* DEPENDENCIES
+  * Removed dependency on Microsoft.Graph.Groups.Planner;
+  * Updated Microsoft.Graph.Teams to version 1.6.1;
+  * Updated MSCloudLoginAssistant to version 1.0.54;
+* MISC
+  * Allowed for Desired and Current values to be captured by the Telemetry engine
+    if an organization is using a custom App Insights account;
+    ISSUE #1222
+
 # 1.21.707.1
 
 * EXODkimSigningConfig

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/readme.md
@@ -9,8 +9,8 @@ This resource configures an Azure Active Directory Application.
 To authenticate via Azure Active Directory, this resource required the following Application permissions:
 
 * **Automate**
-  * None
+  * Application.ReadWrite.All
 * **Export**
-  * None
+  * Directory.Read.All, Application.Read.All
 
 NOTE: All permisions listed above require admin consent.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/settings.json
@@ -0,0 +1,20 @@
+{
+    "description": "This resource configures an Azure Active Directory Application.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"User.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "User.Write.All"
+                },
+                {
+                    "name": "User.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json
@@ -0,0 +1,23 @@
+{
+    "description": "This resource configures an Azure Active Directory Conditional Access Policy.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Policy.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Policy.Read.All"
+                },
+                {
+                    "name": "Policy.ReadWrite.ConditionalAccess"
+                },
+                {
+                    "name": "Application.Read.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures the Azure Active Directory groups naming policy.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Group.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Group.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures the Azure Active Directory groups settings.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Directory.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Directory.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroup/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures an Azure Active Directory group.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Group.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Group.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroupLifecyclePolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADMSGroupLifecyclePolicy/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures an Azure Active Directory Group Lifecycle Policy (e.g. Expiration).",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Directory.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Directory.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/settings.json
@@ -0,0 +1,20 @@
+{
+    "description": "This resource configures the Azure AD Named Location Policies in Azure Active Directory.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Policy.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Policy.Read.All"
+                },
+                {
+                    "name": "Policy.ReadWrite.ConditionalAccess"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPolicy/settings.json
@@ -0,0 +1,29 @@
+{
+    "description": "This resource configures the Azure AD Policies.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Policy.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Policy.ReadWrite.ApplicationConfiguration"
+                },
+                {
+                    "name": "Policy.ReadWrite.Authorization"
+                },
+                {
+                    "name": "Policy.ReadWrite.ApplicationConfiguration"
+                },
+                {
+                    "name": "Policy.ReadWrite.ConditionalAccess"
+                },
+                {
+                    "name": "Policy.Read.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures an Azure Active Directory role definition. To configure custom roles you require an Azure AD Premium P1 license. The account used to configure role definitions based on this resource needs either to be a 'Global Administrator' or a 'Privileged role administrator'.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"RoleManagement.Read.Directory"
+                }
+            ],
+            "update": [
+                {
+                    "name": "RoleManagement.ReadWrite.Directory"
+                }
+            ]
+        }
+    ]
+}
diff --git a/...Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof b/...Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof
@@ -17,5 +17,8 @@ class MSFT_AADServicePrincipal : OMI_BaseResource
     [Write, Description("The type of the service principal.")] String ServicePrincipalType;
     [Write, Description("Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}")] String Tags[];
     [Write, Description("Specify if the Azure AD App should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
+    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
+    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
+    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; 
     [Write, Description("Credentials of the Azure AD Admin"), EmbeddedInstance("MSFT_Credential")] string GlobalAdminAccount;
 };
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures an Azure Active Directory ServicePrincipal.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name":"Application.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Application.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/settings.json
@@ -0,0 +1,17 @@
+{
+    "description": "This resource configures the Azure AD Tenant Details.",
+    "permissions": [
+        {
+            "read": [
+                {
+                    "name": "Organization.Read.All"
+                }
+            ],
+            "update": [
+                {
+                    "name": "Organization.ReadWrite.All"
+                }
+            ]
+        }
+    ]
+}
diff --git a/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1
@@ -984,9 +984,29 @@ function Test-TargetResource
     $ValuesToCheck.Remove('CertificatePath') | Out-Null
     $ValuesToCheck.Remove('CertificatePassword') | Out-Null
 
+    if ($null -ne $ValuesToCheck.AllowedSenders -and $ValuesToCheck.AllowedSenders.Length -eq 0)
+    {
+        $ValuesToCheck.AllowedSenders = $null
+    }
+
+    if ($null -ne $ValuesToCheck.AllowedSenderDomains -and $ValuesToCheck.AllowedSenderDomains.Length -eq 0)
+    {
+        $ValuesToCheck.AllowedSenderDomains = $null
+    }
+
+    if ($null -ne $ValuesToCheck.BlockedSenders -and $ValuesToCheck.BlockedSenders.Length -eq 0)
+    {
+        $ValuesToCheck.BlockedSenders = $null
+    }
+
+    if ($null -ne $ValuesToCheck.BlockedSenderDomains -and $ValuesToCheck.BlockedSenderDomains.Length -eq 0)
+    {
+        $ValuesToCheck.BlockedSenderDomains = $null
+    }
+
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
-        -DesiredValues $PSBoundParameters `
+        -DesiredValues $ValuesToCheck `
         -ValuesToCheck $ValuesToCheck.Keys
 
     Write-Verbose -Message "Test-TargetResource returned $TestResult"

diff --git a/...s/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1 b/...s/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1
@@ -774,7 +774,7 @@ function Set-TargetResource
 
     $isAutoExpandingArchiveEnabled = Get-OrganizationConfig | Select-Object -Property AutoExpandingArchiveEnabled
 
-    if ($isAutoExpandingArchiveEnabled -eq $True)
+    if ($isAutoExpandingArchiveEnabled.AutoExpandingArchiveEnabled -eq $True)
     {
         $SetValues.Remove('AutoExpandingArchive') | Out-Null
     } 

diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1
@@ -3,15 +3,15 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 2021-07-07
+# Generated on: 2021-07-14
 
 @{
 
     # Script module or binary module file associated with this manifest.
     # RootModule = ''
 
     # Version number of this module.
-    ModuleVersion     = '1.21.707.1'
+    ModuleVersion     = '1.21.714.1'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
@@ -67,10 +67,6 @@
             ModuleName      = "Microsoft.Graph.Authentication"
             RequiredVersion = "1.6.0"
         },
-        @{
-            ModuleName      = "Microsoft.Graph.Groups.Planner"
-            RequiredVersion = "0.9.1"
-        },
         @{
             ModuleName      = "Microsoft.Graph.Intune"
             RequiredVersion = "6.1907.1.0"
@@ -81,7 +77,7 @@
         },
         @{
             ModuleName      = "Microsoft.Graph.Teams"
-            RequiredVersion = "1.6.0"
+            RequiredVersion = "1.6.1"
         },
         @{
             ModuleName      = "Microsoft.PowerApps.Administration.PowerShell"
@@ -93,7 +89,7 @@
         },
         @{
             ModuleName      = "MSCloudLoginAssistant"
-            RequiredVersion = "1.0.53"
+            RequiredVersion = "1.0.54"
         },
         @{
             ModuleName      = "PnP.PowerShell"
@@ -122,12 +118,13 @@
         'modules\M365DSCAgent.psm1',
         'modules\M365DSCErrorHandler.psm1',
         'modules\M365DSCLogEngine.psm1',
+        'modules\M365DSCPermissions.psm1',
+        'modules\M365DSCReport.psm1',
         'modules\M365DSCReverse.psm1',
         'modules\M365DSCReverseGUI.psm1',
         'modules\M365DSCStubsUtility.psm1',
         'modules\M365DSCTelemetryEngine.psm1',
         'modules\M365DSCUtil.psm1',
-        'modules\M365DSCReport.psm1',
         'modules\EncodingHelpers\M365DSCEmojis.psm1',
         'modules\EncodingHelpers\M365DSCStringEncoding.psm1'
     )
@@ -177,25 +174,17 @@
             IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
             # ReleaseNotes of this module
-            ReleaseNotes = "* EXODkimSigningConfig
-            * Change the logic to remove an entry to disable it instead since the
-              cmdlet didn't exist to remove it.
-              ISSUE #1253
-          * EXOHostedContentFilterPolicy
-            * Fixed the value type for the senders addresses, regions and domains;
-              ISSUE #1165
-          * EXOOutboundConnector
-            * Fixed the creation logic to include ValidationRecipients;
+            ReleaseNotes = "* EXOHostedContentFilterPolicy
+            * Fixed issues with null values falsely detected as drifts;
               ISSUE #1165
-          * EXOSharedMailbox
-            * Improved speed of extraction and removed warning about maximum 1,000
-              items retrieved;
           * DEPENDENCIES
-            * Updated Microsoft.PowerApps.Administration.PowerShell to 2.0.127;
+            * Removed dependency on Microsoft.Graph.Groups.Planner;
+            * Updated Microsoft.Graph.Teams to version 1.6.1;
+            * Updated MSCloudLoginAssistant to version 1.0.54;
           * MISC
-            * Delta Report - Fixes to compare null arrays properly and report as
-              a discrepancy.
-              ISSUES #1178 & #1249"
+            * Allowed for Desired and Current values to be captured by the Telemetry engine
+              if an organization is using a custom App Insights account;
+              ISSUE #1222"
 
             # Flag to indicate whether the module requires explicit user acceptance for install/update
             # RequireLicenseAcceptance = $false