Merge pull request #5072 from PetRich-MSFT/EXOAntiPhish-Dmarc

Support DmarcQuarantineAction and DmarcRejectAction on EXOAntiPhishPolicy
microsoft · Sep 20, 2024 · 1afb5c9 · 1afb5c9
2 parents 581d157 + 04f7136
commit 1afb5c9
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 1 deletion.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1
@@ -151,6 +151,16 @@ function Get-TargetResource
         [System.String]
         $TargetedUserQuarantineTag,
 
+        [Parameter()]
+        [System.String]
+        [ValidateSet('MoveToJmf', 'Quarantine')]
+        $DmarcQuarantineAction,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Quarantine', 'Reject')]
+        $DmarcRejectAction,
+
         [Parameter()]
         [System.Management.Automation.PSCredential]
         $Credential,
@@ -277,6 +287,8 @@ function Get-TargetResource
                 TargetedUserProtectionAction                  = $TargetedUserProtectionActionValue
                 TargetedUsersToProtect                        = $AntiPhishPolicy.TargetedUsersToProtect
                 TargetedUserQuarantineTag                     = $AntiPhishPolicy.TargetedUserQuarantineTag
+                DmarcQuarantineAction                         = $AntiPhishPolicy.DmarcQuarantineAction
+                DmarcRejectAction                             = $AntiPhishPolicy.DmarcRejectAction
                 Credential                                    = $Credential
                 Ensure                                        = 'Present'
                 ApplicationId                                 = $ApplicationId
@@ -457,6 +469,16 @@ function Set-TargetResource
         [System.String]
         $TargetedUserQuarantineTag,
 
+        [Parameter()]
+        [System.String]
+        [ValidateSet('MoveToJmf', 'Quarantine')]
+        $DmarcQuarantineAction,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Quarantine', 'Reject')]
+        $DmarcRejectAction,
+
         [Parameter()]
         [System.Management.Automation.PSCredential]
         $Credential,
@@ -694,6 +716,16 @@ function Test-TargetResource
         [System.String]
         $TargetedUserQuarantineTag,
 
+        [Parameter()]
+        [System.String]
+        [ValidateSet('MoveToJmf', 'Quarantine')]
+        $DmarcQuarantineAction,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Quarantine', 'Reject')]
+        $DmarcRejectAction,
+
         [Parameter()]
         [System.Management.Automation.PSCredential]
         $Credential,

diff --git a/...s/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/...s/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof
@@ -36,6 +36,8 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[];
     [Write, Description("The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.")] String TargetedUsersToProtect[];
     [Write, Description("The TargetedUserQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection.")] String TargetedUserQuarantineTag;
+    [Write, Description("The DmarcQuarantineAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=quarantine"), ValueMap{"MoveToJmf","Quarantine"}, Values{"MoveToJmf","Quarantine"}] String DmarcQuarantineAction;
+    [Write, Description("The DmarcRejectAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=reject."), ValueMap{"Quarantine","Reject"}, Values{"Quarantine","Reject"}] String DmarcRejectAction;
     [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
     [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;

diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/1-Create.ps1
@@ -45,6 +45,8 @@ Configuration Example
             EnableUnusualCharactersSafetyTips     = $null
             TargetedUserActionRecipients          = $null
             Ensure                                = "Present"
+            DmarcQuarantineAction                 = "Quarantine"
+            DmarcRejectAction                     = "Reject"
             ApplicationId         = $ApplicationId
             TenantId              = $TenantId
             CertificateThumbprint = $CertificateThumbprint

diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/2-Update.ps1
@@ -45,6 +45,8 @@ Configuration Example
             EnableUnusualCharactersSafetyTips     = $null
             TargetedUserActionRecipients          = $null
             Ensure                                = "Present"
+            DmarcQuarantineAction                 = "Quarantine"
+            DmarcRejectAction                     = "Reject"
             ApplicationId         = $ApplicationId
             TenantId              = $TenantId
             CertificateThumbprint = $CertificateThumbprint

diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAntiPhishPolicy/3-Remove.ps1
@@ -44,6 +44,8 @@ Configuration Example
             EnableOrganizationDomainsProtection   = $null
             EnableUnusualCharactersSafetyTips     = $null
             TargetedUserActionRecipients          = $null
+            DmarcQuarantineAction                 = "Quarantine"
+            DmarcRejectAction                     = "Reject"
             Ensure                                = "Present"
             ApplicationId         = $ApplicationId
             TenantId              = $TenantId

diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1
@@ -101,6 +101,8 @@
                     EnableOrganizationDomainsProtection   = $null
                     EnableUnusualCharactersSafetyTips     = $null
                     TargetedUserActionRecipients          = $null
+                    DmarcQuarantineAction                 = "Quarantine"
+                    DmarcRejectAction                     = "Reject"
                     Ensure                                = "Present"
                     ApplicationId         = $ApplicationId
                     TenantId              = $TenantId

diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1
@@ -92,6 +92,8 @@
                     EnableOrganizationDomainsProtection   = $null
                     EnableUnusualCharactersSafetyTips     = $null
                     TargetedUserActionRecipients          = $null
+                    DmarcQuarantineAction                 = "Quarantine"
+                    DmarcRejectAction                     = "Reject"
                     Ensure                                = "Present"
                     ApplicationId         = $ApplicationId
                     TenantId              = $TenantId
@@ -469,7 +471,7 @@
                 }
                 EXORecipientPermission 'AddSendAs'
                 {
-        
+
                     Identity     = 'AdeleV@$Domain'
                     Trustee      = "admin@$TenantId"
                     Ensure       = 'Absent'

diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1
@@ -101,6 +101,8 @@
                     EnableOrganizationDomainsProtection   = $null
                     EnableUnusualCharactersSafetyTips     = $null
                     TargetedUserActionRecipients          = $null
+                    DmarcQuarantineAction                 = "Quarantine"
+                    DmarcRejectAction                     = "Reject"
                     Ensure                                = "Present"
                     ApplicationId         = $ApplicationId
                     TenantId              = $TenantId