From 2e0dbf8c08e1c9a3fbb6adcb53f81245fb105425 Mon Sep 17 00:00:00 2001 From: AtFabianW Date: Thu, 29 Aug 2024 15:39:54 +0200 Subject: [PATCH 01/27] Add support for AccountTransferEnabled parameter --- CHANGELOG.md | 3 +++ .../MSFT_EXOOwaMailboxPolicy.psm1 | 13 +++++++++++++ .../MSFT_EXOOwaMailboxPolicy.schema.mof | 1 + 3 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 332ce5de54..147adf795e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Change log for Microsoft365DSC +* EXOOwaMailboxPolicy + * Add support for AccountTransferEnabled parameter + # 1.24.828.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 index a87e051558..2ccf08d877 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 @@ -9,6 +9,10 @@ function Get-TargetResource [System.String] $Name, + [Parameter()] + [System.Boolean] + $AccountTransferEnabled, + [Parameter()] [ValidateSet('Allow', 'ForceSave', 'Block')] [System.String] @@ -434,6 +438,7 @@ function Get-TargetResource { $result = @{ Name = $OwaMailboxPolicy.Name + AccountTransferEnabled = $OwaMailboxPolicy.AccountTransferEnabled ActionForUnknownFileAndMIMETypes = $OwaMailboxPolicy.ActionForUnknownFileAndMIMETypes ActiveSyncIntegrationEnabled = $OwaMailboxPolicy.ActiveSyncIntegrationEnabled AdditionalAccountsEnabled = $OwaMailboxPolicy.AdditionalAccountsEnabled @@ -556,6 +561,10 @@ function Set-TargetResource [System.String] $Name, + [Parameter()] + [System.Boolean] + $AccountTransferEnabled, + [Parameter()] [ValidateSet('Allow', 'ForceSave', 'Block')] [System.String] @@ -1015,6 +1024,10 @@ function Test-TargetResource [System.String] $Name, + [Parameter()] + [System.Boolean] + $AccountTransferEnabled, + [Parameter()] [ValidateSet('Allow', 'ForceSave', 'Block')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.schema.mof index 2388eeb9c1..63d4455764 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.schema.mof @@ -2,6 +2,7 @@ class MSFT_EXOOwaMailboxPolicy : OMI_BaseResource { [Key, Description("The Name parameter specifies the unique name for the policy. The maximum length is 64 characters.")] String Name; + [Write, Description("The AccountTransferEnabled parameter specifies whether to enable or disable QR code sign-in. By default, QR code sign-in is enabled.")] Boolean AccountTransferEnabled; [Write, Description("The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types"), ValueMap{"Allow","ForceSave","Block"}, Values{"Allow","ForceSave","Block"}] String ActionForUnknownFileAndMIMETypes; [Write, Description("The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web. ")] Boolean ActiveSyncIntegrationEnabled; [Write, Description("No description available.")] Boolean AdditionalAccountsEnabled; From 94b07b0a6b3a886147e0ee7359ee7136dfa18fd0 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Thu, 29 Aug 2024 17:42:19 +0200 Subject: [PATCH 02/27] Fix issue where an unspecified DSC param was not handled correctly --- CHANGELOG.md | 7 +++++++ Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 332ce5de54..18bfd8446b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* M365DSCDRGUtil + * Fixes an issue where a Intune settings catalog DSC param was not handled + correctly when it was not specified. + FIXES [#5000](https://github.com/microsoft/Microsoft365DSC/issues/5000) + # 1.24.828.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index cecfe1f63c..4122bd19ea 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1870,6 +1870,11 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue -SettingDefinition $SettingDefinition ` -DSCParams $DSCParams + if ($null -eq $valuesResult) + { + return $null + } + $values = $valuesResult.Value $SettingValueType = $valuesResult.SettingDefinition.AdditionalProperties.valueDefinition.'@odata.type'.Replace('Definition', '') From 10671d33f80b3bcee22184c3830a76855822be01 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 30 Aug 2024 13:22:29 -0400 Subject: [PATCH 03/27] EXOSweepRule --- CHANGELOG.md | 2 + .../MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 | 492 ++++++++++++++++++ .../MSFT_EXOSweepRule.schema.mof | 21 + .../DSCResources/MSFT_EXOSweepRule/readme.md | 6 + .../MSFT_EXOSweepRule/settings.json | 30 ++ .../Resources/EXOSweepRule/1-Create.ps1 | 37 ++ .../Resources/EXOSweepRule/2-Update.ps1 | 37 ++ .../Resources/EXOSweepRule/3-Remove.ps1 | 32 ++ .../Microsoft365DSC.EXOSweepRule.Tests.ps1 | 242 +++++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 150 ++++++ .../MSFT_ResourceName/MSFT_ResourceName.psm1 | 350 +++++++++++++ .../MSFT_ResourceName.schema.mof | 13 + .../DSCResources/MSFT_ResourceName/readme.md | 6 + .../MSFT_ResourceName/settings.json | 32 ++ .../Resources/ResourceName/1-Create.ps1 | 26 + .../Resources/ResourceName/2-Update.ps1 | 26 + .../Resources/ResourceName/3-Remove.ps1 | 26 + .../Microsoft365DSC.ResourceName.Tests.ps1 | 178 +++++++ 18 files changed, 1706 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 create mode 100644 dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 create mode 100644 dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof create mode 100644 dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/readme.md create mode 100644 dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/settings.json create mode 100644 dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 create mode 100644 dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 create mode 100644 dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 create mode 100644 dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 18bfd8446b..24b85d6bd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* EXOSweepRule + * Initial Release. * M365DSCDRGUtil * Fixes an issue where a Intune settings catalog DSC param was not handled correctly when it was not specified. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 new file mode 100644 index 0000000000..071e688af6 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 @@ -0,0 +1,492 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.String] + $DestinationFolder, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Int32] + $KeepForDays, + + [Parameter()] + [System.Int32] + $KeepLatest, + + [Parameter()] + [System.String] + $Mailbox, + + [Parameter()] + [System.String] + $SenderName, + + [Parameter()] + [System.String] + $SourceFolder, + + [Parameter()] + [System.String] + $SystemCategory, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + } + else + { + $instance = Get-SweepRule -Mailbox $Mailbox -ErrorAction Stop + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Name = $instance.Name + Provider = $instance.Provider + DestinationFolder = $instance.MailboxOwnerId + ":\" + $instance.DestinationFolder + Enabled = [Boolean]$instance.Enabled + KeepForDays = $instance.KeepForDays + KeepLatest = $instance.KeepLatest + Mailbox = $instance.MailboxOwnerId + SenderName = $instance.Sender.Split('"')[1] + SourceFolder = $instance.MailboxOwnerId + ":\" + $instance.SourceFolder + SystemCategory = $instance.SystemCategory + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.String] + $DestinationFolder, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Int32] + $KeepForDays, + + [Parameter()] + [System.Int32] + $KeepLatest, + + [Parameter()] + [System.String] + $Mailbox, + + [Parameter()] + [System.String] + $SenderName, + + [Parameter()] + [System.String] + $SourceFolder, + + [Parameter()] + [System.String] + $SystemCategory, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.Add('Sender', $setParameters.SenderName) + $setParameters.Remove('SenderName') | Out-Null + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new Sweep Rule." + New-SweepRule @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating existing Sweep Rule." + $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript {$_.Name -eq $Name} + $SetParameters.Add('Identity', $instance.RuleId) + Set-SweepRule @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing existing Sweep Rule." + $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript {$_.Name -eq $Name} + Remove-SweepRule -Identity $instance.RuleId -Mailbox $Mailbox + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.String] + $DestinationFolder, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Int32] + $KeepForDays, + + [Parameter()] + [System.Int32] + $KeepLatest, + + [Parameter()] + [System.String] + $Mailbox, + + [Parameter()] + [System.String] + $SenderName, + + [Parameter()] + [System.String] + $SourceFolder, + + [Parameter()] + [System.String] + $SystemCategory, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = @() + $mailboxes = Get-Mailbox + $j = 1 + if ($Script:mailboxes.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + foreach ($mailbox in $mailboxes) + { + Write-Host " |---[$j/$($mailboxes.Count)] $($mailbox.Name)" -NoNewline + [Array] $currentInstances = Get-SweepRule -Mailbox $mailbox.Name -ErrorAction Stop + $Script:exportedInstances += $currentInstances + + $i = 1 + if ($currentInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $currentInstances) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Name + Write-Host " |---[$i/$($currentInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Name = $config.Name + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + $j++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.schema.mof new file mode 100644 index 0000000000..5aa03f7454 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.schema.mof @@ -0,0 +1,21 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOSweepRule")] +class MSFT_EXOSweepRule : OMI_BaseResource +{ + [Key, Description("The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in quotation marks.")] String Name; + [Write, Description("The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in quotation marks. For Sweep rules that you create in Outlook on the web, the default value is Exchange16.")] String Provider; + [Write, Description("The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder.")] String DestinationFolder; + [Write, Description("The Enabled parameter specifies whether the Sweep rule is enabled or disabled.")] Boolean Enabled; + [Write, Description("The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep messages that match the conditions of the rule. After the number of days have passed, the messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepLatest parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.")] UInt32 KeepForDays; + [Write, Description("The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepForDays parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.")] UInt32 KeepLatest; + [Write, Description("The Mailbox parameter specifies the mailbox where you want to create the Sweep rule. You can use any value that uniquely identifies the mailbox.")] String Mailbox; + [Write, Description("The SenderName parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For internal senders, you can use any value that uniquely identifies the sender.")] String SenderName; + [Write, Description("The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder.")] String SourceFolder; + [Write, Description("The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified system category. System categories are available to all mailboxes in the organization.")] String SystemCategory; + [Write, Description("Specify if this rule should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/readme.md new file mode 100644 index 0000000000..8d19acd40e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/readme.md @@ -0,0 +1,6 @@ + +# EXOSweepRule + +## Description + +Use this resource to create Sweep rules in mailboxes. Sweep rules run at regular intervals to help keep your Inbox clean. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json new file mode 100644 index 0000000000..e140437c27 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json @@ -0,0 +1,30 @@ +{ + "resourceName": "EXOSweepRule", + "description": "DUse this resource to create Sweep rules in mailboxes. Sweep rules run at regular intervals to help keep your Inbox clean.", + "roles": { + "read": [ + "Exchange Admin" + ], + "update": [ + "Exchange Admin" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + } + ], + "update": [ + { + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 new file mode 100644 index 0000000000..b39d9e07ef --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $OrganizationName; + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 new file mode 100644 index 0000000000..a7448c805d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 13; # Drift + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $OrganizationName; + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 new file mode 100644 index 0000000000..f922d42e9f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 @@ -0,0 +1,32 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Enabled = $True; + Ensure = "Absent"; + Mailbox = "Test2"; + Name = "From Michelle"; + TenantId = $OrganizationName; + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 new file mode 100644 index 0000000000..3dae0bc239 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 @@ -0,0 +1,242 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Remove-SweepRule -MockWith { + } + + Mock -CommandName Set-SweepRule -MockWith { + } + + Mock -CommandName New-SweepRule -MockWith { + } + + Mock -CommandName Get-Mailbox -MockWith { + return @{ + Name = "Test2"; + } + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + Credential = $Credential; + } + + Mock -CommandName Get-SweepRule -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-SweepRule -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Absent"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + Credential = $Credential; + } + + Mock -CommandName Get-SweepRule -MockWith { + return @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + KeepLatest = 13; #Drift + MailboxOwnerId = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + Sender = "`"michelle@fabrikam.com`" [SMTP:Michell]"; + SourceFolder = "Test2:\Inbox"; + } + } + + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-SweepRule -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + Credential = $Credential; + } + + Mock -CommandName Get-SweepRule -MockWith { + return @{ + DestinationFolder = "Deleted Items"; + Enabled = $True; + KeepLatest = 11; + MailboxOwnerId = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + Sender = "`"michelle@fabrikam.com`" [SMTP:Michell]"; + SourceFolder = "Inbox"; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + + BeforeAll { + $testParams = @{ + DestinationFolder = "Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 15; #Drift + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Inbox"; + Credential = $Credential; + } + + Mock -CommandName Get-SweepRule -MockWith { + return @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + KeepLatest = 11; + Mailbox = "Test2"; + MailboxOwnerId = "Test2"; + Provider = "Exchange16"; + Sender = "`"michelle@fabrikam.com`" [SMTP:Michell]"; + SourceFolder = "Test2:\Inbox"; + } + } + } + + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-SweepRule -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-SweepRule -MockWith { + return @{ + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + KeepLatest = 11; + MailboxOwnerId = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + Sender = "`"michelle@fabrikam.com`" [SMTP:Michell]"; + SourceFolder = "Test2:\Inbox"; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 39fc971c0f..d8d8db6694 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,4 +1,154 @@ # region ExchangeOnlineManagement +function Get-SweepRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $SkipCount, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.Object] + $Mailbox, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassScopeCheck, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ResultSize + ) +} + +function New-SweepRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $DestinationFolder, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.Object] + $SystemCategory, + + [Parameter()] + [System.Object] + $KeepLatest, + + [Parameter()] + [System.Object] + $SourceFolder, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Mailbox, + + [Parameter()] + [System.Object] + $Sender, + + [Parameter()] + [System.Object] + $KeepForDays, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function Remove-SweepRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Mailbox, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Set-SweepRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $Sender, + + [Parameter()] + [System.String] + $Provider, + + [Parameter()] + [System.Object] + $SystemCategory, + + [Parameter()] + [System.Object] + $KeepLatest, + + [Parameter()] + [System.Object] + $SourceFolder, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Mailbox, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $DestinationFolder, + + [Parameter()] + [System.Object] + $KeepForDays, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} + function Get-DefaultTenantBriefingConfig { [CmdletBinding()] diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 new file mode 100644 index 0000000000..7d42466c4c --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.psm1 @@ -0,0 +1,350 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + ##TODO - Replace the PrimaryKey + [Parameter(Mandatory = $true)] + [System.String] + $PrimaryKey, + + ##TODO - Add the list of Parameters + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace the workload by the one associated to your resource + New-M365DSCConnection -Workload 'Workload' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + ##TODO - Replace the PrimaryKey in the Filter by the one for the resource + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.PrimaryKey -eq $PrimaryKey} + } + else + { + ##TODO - Replace the cmdlet by the one to retrieve a specific instance. + $instance = Get-cmdlet -PrimaryKey $PrimaryKey -ErrorAction Stop + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + ##TODO - Add the list of parameters to be returned + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + ##TODO - Replace the PrimaryKey + [Parameter(Mandatory = $true)] + [System.String] + $PrimaryKey, + + ##TODO - Add the list of Parameters + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + ##TODO - Replace by the New cmdlet for the resource + New-Cmdlet @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + ##TODO - Replace by the Update/Set cmdlet for the resource + Set-cmdlet @SetParameters + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + ##TODO - Replace by the Remove cmdlet for the resource + Remove-cmdlet @SetParameters + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + ##TODO - Replace the PrimaryKey + [Parameter(Mandatory = $true)] + [System.String] + $PrimaryKey, + + ##TODO - Add the list of Parameters + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + ##TODO - Replace workload + $ConnectionMode = New-M365DSCConnection -Workload 'Workload' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + ##TODO - Replace Get-Cmdlet by the cmdlet to retrieve all instances + [array] $Script:exportedInstances = Get-Cmdlet -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + ##TODO - Specify the Primary Key + #PrimaryKey = $config.PrimaryKey + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof new file mode 100644 index 0000000000..6fa43ce435 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/MSFT_ResourceName.schema.mof @@ -0,0 +1,13 @@ +[ClassVersion("1.0.0.0"), FriendlyName("ResourceName")] +class MSFT_ResourceName : OMI_BaseResource +{ + [Key, Description("")] String PrimaryKey; + [Write, Description("")] String OtherProperties; + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; \ No newline at end of file diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/readme.md b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/readme.md new file mode 100644 index 0000000000..32e0e7fb27 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/readme.md @@ -0,0 +1,6 @@ + +# ResourceName + +## Description + +##TODO - Provide a short description of what the resource is set to configure. diff --git a/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/settings.json b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/settings.json new file mode 100644 index 0000000000..edf14b05e4 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/DSCResources/MSFT_ResourceName/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "ResourceName", + "description": "Description of what the resource is about.", + "roles": { + "read": [ + "Role" + ], + "update": [ + "Role" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + { + "name": "Permission for Monitoring and Export" + } + ], + "update": [ + { + "name": "Permission for deploying" + } + ] + } + } + } +} diff --git a/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/dev-package/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 new file mode 100644 index 0000000000..c8a1f67413 --- /dev/null +++ b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 @@ -0,0 +1,178 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + ##TODO - Mock any Remove/Set/New cmdlets + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Present' + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return $null + Mock -CommandName Get-Cmdlet -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + ##TODO - Replace the New-Cmdlet by the appropriate one + Should -Invoke -CommandName New-Cmdlet -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Absent' + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return an instance + Mock -CommandName Get-Cmdlet -MockWith { + return @{ + + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + ##TODO - Replace the Remove-Cmdlet by the appropriate one + Should -Invoke -CommandName Remove-Cmdlet -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Present' + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return the desired values + Mock -CommandName Get-Cmdlet -MockWith { + return @{ + + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + BeforeAll { + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Present' + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return a drift + Mock -CommandName Get-Cmdlet -MockWith { + return @{ + + } + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + ##TODO - Replace the Update-Cmdlet by the appropriate one + Should -Invoke -CommandName Update-Cmdlet -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + ##TODO - Mock the Get-Cmdlet to return an instance + Mock -CommandName Get-Cmdlet -MockWith { + return @{ + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From be191adc356e33bb1596772503325c225af46454 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 30 Aug 2024 13:32:53 -0400 Subject: [PATCH 04/27] Update settings.json --- .../DSCResources/MSFT_EXOSweepRule/settings.json | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json index e140437c27..94a78365c5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/settings.json @@ -16,14 +16,8 @@ "update": [] }, "application": { - "read": [ - { - } - ], - "update": [ - { - } - ] + "read": [], + "update": [] } } } From 842d476e2d422ce07dcb2973f1db7947933ccc18 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 30 Aug 2024 13:43:39 -0400 Subject: [PATCH 05/27] Fixed Examples --- .../Examples/Resources/EXOSweepRule/1-Create.ps1 | 6 +++--- .../Examples/Resources/EXOSweepRule/2-Update.ps1 | 6 +++--- .../Examples/Resources/EXOSweepRule/3-Remove.ps1 | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 index b39d9e07ef..320c6a0642 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 @@ -21,8 +21,8 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; DestinationFolder = "Test2:\Deleted Items"; Enabled = $True; Ensure = "Present"; @@ -32,6 +32,6 @@ Configuration Example Provider = "Exchange16"; SenderName = "michelle@fabrikam.com"; SourceFolder = "Test2:\Inbox"; - TenantId = $OrganizationName; + TenantId = $TenantId; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 index a7448c805d..2fb739931e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 @@ -21,8 +21,8 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; DestinationFolder = "Test2:\Deleted Items"; Enabled = $True; Ensure = "Present"; @@ -32,6 +32,6 @@ Configuration Example Provider = "Exchange16"; SenderName = "michelle@fabrikam.com"; SourceFolder = "Test2:\Inbox"; - TenantId = $OrganizationName; + TenantId = $TenantId; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 index f922d42e9f..1f283f9061 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 @@ -21,12 +21,12 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; Enabled = $True; Ensure = "Absent"; Mailbox = "Test2"; Name = "From Michelle"; - TenantId = $OrganizationName; + TenantId = $TenantId; } } From 6d67940bf3370ac8499caf928cd6ec28484c9791 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 30 Aug 2024 13:53:19 -0400 Subject: [PATCH 06/27] Fixed Examples --- .../Resources/EXOSweepRule/1-Create.ps1 | 27 ++++++++++--------- .../Resources/EXOSweepRule/2-Update.ps1 | 27 ++++++++++--------- .../Resources/EXOSweepRule/3-Remove.ps1 | 17 +++++++----- 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 index 320c6a0642..d6b639aee0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/1-Create.ps1 @@ -21,17 +21,20 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ApplicationId; - CertificateThumbprint = $CertificateThumbprint; - DestinationFolder = "Test2:\Deleted Items"; - Enabled = $True; - Ensure = "Present"; - KeepLatest = 11; - Mailbox = "Test2"; - Name = "From Michelle"; - Provider = "Exchange16"; - SenderName = "michelle@fabrikam.com"; - SourceFolder = "Test2:\Inbox"; - TenantId = $TenantId; + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 index 2fb739931e..56b61e41ad 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/2-Update.ps1 @@ -21,17 +21,20 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ApplicationId; - CertificateThumbprint = $CertificateThumbprint; - DestinationFolder = "Test2:\Deleted Items"; - Enabled = $True; - Ensure = "Present"; - KeepLatest = 13; # Drift - Mailbox = "Test2"; - Name = "From Michelle"; - Provider = "Exchange16"; - SenderName = "michelle@fabrikam.com"; - SourceFolder = "Test2:\Inbox"; - TenantId = $TenantId; + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 13; # Drift + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 index 1f283f9061..e1d3a8f543 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSweepRule/3-Remove.ps1 @@ -21,12 +21,15 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - ApplicationId = $ApplicationId; - CertificateThumbprint = $CertificateThumbprint; - Enabled = $True; - Ensure = "Absent"; - Mailbox = "Test2"; - Name = "From Michelle"; - TenantId = $TenantId; + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Enabled = $True; + Ensure = "Absent"; + Mailbox = "Test2"; + Name = "From Michelle"; + TenantId = $TenantId; + } } } From efc54e175fc009efc3a65c08936eeea389c87e67 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 30 Aug 2024 13:54:05 -0400 Subject: [PATCH 07/27] Update Microsoft365DSC.ResourceName.Tests.ps1 --- .../Microsoft365DSC.ResourceName.Tests.ps1 | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 index c8a1f67413..20857e0393 100644 --- a/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 +++ b/dev-package/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ResourceName.Tests.ps1 @@ -121,18 +121,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The instance exists and values are NOT in the desired state" -Fixture { BeforeAll { - BeforeAll { - $testParams = @{ - ##TODO - Add Parameters - Ensure = 'Present' - Credential = $Credential; - } + $testParams = @{ + ##TODO - Add Parameters + Ensure = 'Present' + Credential = $Credential; + } - ##TODO - Mock the Get-Cmdlet to return a drift - Mock -CommandName Get-Cmdlet -MockWith { - return @{ + ##TODO - Mock the Get-Cmdlet to return a drift + Mock -CommandName Get-Cmdlet -MockWith { + return @{ - } } } } From 16b66261cc61abe9b0264f826f3f0b30909983da Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 30 Aug 2024 18:09:23 +0000 Subject: [PATCH 08/27] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOSweepRule.md | 181 +++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 docs/docs/resources/exchange/EXOSweepRule.md diff --git a/docs/docs/resources/exchange/EXOSweepRule.md b/docs/docs/resources/exchange/EXOSweepRule.md new file mode 100644 index 0000000000..12a8fe064b --- /dev/null +++ b/docs/docs/resources/exchange/EXOSweepRule.md @@ -0,0 +1,181 @@ +# EXOSweepRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Name** | Key | String | The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in quotation marks. | | +| **Provider** | Write | String | The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in quotation marks. For Sweep rules that you create in Outlook on the web, the default value is Exchange16. | | +| **DestinationFolder** | Write | String | The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder. | | +| **Enabled** | Write | Boolean | The Enabled parameter specifies whether the Sweep rule is enabled or disabled. | | +| **KeepForDays** | Write | UInt32 | The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep messages that match the conditions of the rule. After the number of days have passed, the messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepLatest parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value. | | +| **KeepLatest** | Write | UInt32 | The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepForDays parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value. | | +| **Mailbox** | Write | String | The Mailbox parameter specifies the mailbox where you want to create the Sweep rule. You can use any value that uniquely identifies the mailbox. | | +| **SenderName** | Write | String | The SenderName parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For internal senders, you can use any value that uniquely identifies the sender. | | +| **SourceFolder** | Write | String | The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder. | | +| **SystemCategory** | Write | String | The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified system category. System categories are available to all mailboxes in the organization. | | +| **Ensure** | Write | String | Specify if this rule should exist or not. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Use this resource to create Sweep rules in mailboxes. Sweep rules run at regular intervals to help keep your Inbox clean. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 13; # Drift + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Enabled = $True; + Ensure = "Absent"; + Mailbox = "Test2"; + Name = "From Michelle"; + TenantId = $TenantId; + } + } +} +``` + From 2713af274db3e330ec38eb8e2f214c9dfffaad0e Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 30 Aug 2024 18:11:40 +0000 Subject: [PATCH 09/27] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 8c4b298910..5b60cd625d 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -14229,6 +14229,96 @@ } ] }, + { + "ClassName": "MSFT_EXOSweepRule", + "Parameters": [ + { + "CIMType": "String", + "Name": "Name", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Provider", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DestinationFolder", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "Enabled", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "KeepForDays", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "KeepLatest", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Mailbox", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SenderName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SourceFolder", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SystemCategory", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOTransportConfig", "Parameters": [ From ead133c28ba6857e4b03da19e90f3efc2c457953 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 30 Aug 2024 18:12:23 +0000 Subject: [PATCH 10/27] Updated {Create} EXO Integration Tests --- .../M365DSCIntegration.EXO.Create.Tests.ps1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 4c95d77baf..f8f29f2774 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -885,6 +885,21 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 11; + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } EXOTransportRule 'ConfigureTransportRule' { Name = "Ethical Wall - Sales and Executives Departments" From b87963a51805cb190e06216f7b22527ef0a68d72 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 30 Aug 2024 18:12:47 +0000 Subject: [PATCH 11/27] Updated {Update} EXO Integration Tests --- .../M365DSCIntegration.EXO.Update.Tests.ps1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 index 01140822ab..fb92ed7632 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 @@ -1227,6 +1227,21 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + DestinationFolder = "Test2:\Deleted Items"; + Enabled = $True; + Ensure = "Present"; + KeepLatest = 13; # Drift + Mailbox = "Test2"; + Name = "From Michelle"; + Provider = "Exchange16"; + SenderName = "michelle@fabrikam.com"; + SourceFolder = "Test2:\Inbox"; + TenantId = $TenantId; + } EXOTransportConfig 'EXOTransportConfig ' { IsSingleInstance = "Yes"; From 652017f7bf99173a3a672ca2877e5e03f61056da Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 30 Aug 2024 18:13:05 +0000 Subject: [PATCH 12/27] Updated {Update} EXO Integration Tests --- .../M365DSCIntegration.EXO.Remove.Tests.ps1 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 index 7c897b2a25..e192eb32a3 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 @@ -536,6 +536,16 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXOSweepRule 'MyRule' + { + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + Enabled = $True; + Ensure = "Absent"; + Mailbox = "Test2"; + Name = "From Michelle"; + TenantId = $TenantId; + } EXOTransportRule 'ConfigureTransportRule' { Name = "Ethical Wall - Sales and Brokerage Departments" From c65e6972428a15fb3bc53ad009182412a5f3972d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 3 Sep 2024 14:05:53 -0400 Subject: [PATCH 13/27] Update CHANGELOG.md --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24b85d6bd6..d9956fd347 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,8 +67,6 @@ * M365DSCUtil * Fix `Compare-PSCustomObjectArrays` by allowing empty arrays as input FIXES [#4952](https://github.com/microsoft/Microsoft365DSC/issues/4952) -* O365OrgSettings - * FIXES [#4741](https://github.com/microsoft/Microsoft365DSC/issues/4741) * MISC * Improve module updates and PowerShell Core support across the DSC resources. From 05020f3364e51ed831ce8a0a0f4f77f82bfd4141 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Wed, 24 Jul 2024 23:41:47 +0200 Subject: [PATCH 14/27] Add Intune Device Control Policy --- CHANGELOG.md | 4 + ...FT_IntuneDeviceControlPolicyWindows10.psm1 | 1174 +++++++++++++++++ ...uneDeviceControlPolicyWindows10.schema.mof | 83 ++ .../readme.md | 6 + .../settings.json | 32 + .../1-Create.ps1 | 63 + .../2-Update.ps1 | 63 + .../3-Remove.ps1 | 34 + .../Modules/M365DSCDRGUtil.psm1 | 64 +- ...tuneDeviceControlPolicyWindows10.Tests.ps1 | 730 ++++++++++ 10 files changed, 2229 insertions(+), 24 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 24b85d6bd6..4eb948450f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,14 @@ * EXOSweepRule * Initial Release. +* IntuneDeviceControlPolicyWindows10 + * Initial Release * M365DSCDRGUtil * Fixes an issue where a Intune settings catalog DSC param was not handled correctly when it was not specified. FIXES [#5000](https://github.com/microsoft/Microsoft365DSC/issues/5000) + * Fixes an issue where the exported nested CIM instances had too many line breaks. + * Fixes an issue where Settings Catalog properties were not correctly handled. # 1.24.828.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 new file mode 100644 index 0000000000..e9a0626642 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 @@ -0,0 +1,1174 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Allow_Deny_Layered, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Unspecified_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Removable_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowFullScanRemovableDriveScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDirectMemoryAccess, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $DeviceEnumerationPolicy, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $RemovableDiskDenyWriteAccess, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUSBConnection, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $AllowBluetooth, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowAdvertising, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDiscoverableMode, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPrepairing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPromptedProximalConnections, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $ServicesAllowedList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PolicyRule, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowStorageCard, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.DeviceManagementConfigurationPolicy" + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Control Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" + + # Retrieve policy specific settings + [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Id ` + -ExpandProperty 'settingDefinitions' ` + -ErrorAction Stop + + $policySettings = @{} + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings + + #region resource generator code + $complexPolicyRule = @() + foreach ($currentPolicyRule in $policySettings.policyRule) + { + $complexEntry = @() + foreach ($currentEntry in $currentPolicyRule.entry) + { + $complexEntry += @{ + Type = $currentEntry.Type + Options = $currentEntry.Options + Sid = $currentEntry.Sid + AccessMask = $currentEntry.AccessMask + ComputerSid = $currentEntry.ComputerSid + } + } + $myPolicyRule = @{} + $myPolicyRule.Add('Entry', $complexEntry) + $myPolicyRule.Add('Name', $currentPolicyRule.name) + $myPolicyRule.Add('ExcludedIdList_GroupId', $currentPolicyRule.excludedIdList_GroupId) + $myPolicyRule.Add('IncludedIdList_GroupId', $currentPolicyRule.includedIdList_GroupId) + $complexPolicyRule += $myPolicyRule + } + $policySettings.Remove('PolicyRule') | Out-Null + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.Name + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id + PolicyRule = $complexPolicyRule + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + $results += $policySettings + + $assignmentsValues = Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $assignmentsValues -IncludeDeviceFilter $true + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Allow_Deny_Layered, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Unspecified_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Removable_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowFullScanRemovableDriveScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDirectMemoryAccess, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $DeviceEnumerationPolicy, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $RemovableDiskDenyWriteAccess, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUSBConnection, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $AllowBluetooth, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowAdvertising, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDiscoverableMode, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPrepairing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPromptedProximalConnections, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $ServicesAllowedList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PolicyRule, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowStorageCard, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $templateReferenceId = '0f2034c6-3cd6-4ee1-bd37-f3c0693e9548_1' + $platforms = 'windows10' + $technologies = 'mdm,microsoftSense' + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Control Policy for Windows10 with Name {$DisplayName}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId + + $createParameters = @{ + Name = $DisplayName + Description = $Description + TemplateReference = @{ templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings + } + + #region resource generator code + $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters + + if ($policy.Id) + { + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Control Policy for Windows10 with Id {$($currentInstance.Id)}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId + + Update-IntuneDeviceConfigurationPolicy ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Name $DisplayName ` + -Description $Description ` + -TemplateReferenceId $templateReferenceId ` + -Platforms $platforms ` + -Technologies $technologies ` + -Settings $settings + + #region resource generator code + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Control Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Allow_Deny_Layered, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Allow, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Allow_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Unspecified_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Instance_IDs_Deny_Retroactive, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Instance_IDs_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny, + + [Parameter()] + [ValidateLength(0, 2048)] + [System.String[]] + $DeviceInstall_Classes_Deny_List, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Classes_Deny_Retroactive, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DeviceInstall_Removable_Deny, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyRead_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_2, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $WPDDevices_DenyWrite_Access_1, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowFullScanRemovableDriveScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDirectMemoryAccess, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $DeviceEnumerationPolicy, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $RemovableDiskDenyWriteAccess, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUSBConnection, + + [Parameter()] + [ValidateSet('0', '1', '2')] + [System.String] + $AllowBluetooth, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowAdvertising, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowDiscoverableMode, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPrepairing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowPromptedProximalConnections, + + [Parameter()] + [ValidateLength(0, 87516)] + [System.String[]] + $ServicesAllowedList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $PolicyRule, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowStorageCard, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Control Policy for Windows10 with Id {$Id} and Name {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + [Hashtable]$ValuesToCheck = @{} + $MyInvocation.MyCommand.Parameters.GetEnumerator() | ForEach-Object { + if ($_.Key -notlike '*Variable' -or $_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction')) + { + if ($null -ne $CurrentValues[$_.Key] -or $null -ne $PSBoundParameters[$_.Key]) + { + $ValuesToCheck.Add($_.Key, $null) + if (-not $PSBoundParameters.ContainsKey($_.Key)) + { + $PSBoundParameters.Add($_.Key, $null) + } + } + } + } + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + $policyTemplateID = "0f2034c6-3cd6-4ee1-bd37-f3c0693e9548_1" + [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter $Filter ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { + $_.TemplateReference.TemplateId -eq $policyTemplateID + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + elseif (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.PolicyRule) + { + $complexMapping = @( + @{ + Name = 'PolicyRule' + CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogPolicyRule' + IsRequired = $False + } + @{ + Name = 'Entry' + CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.PolicyRule ` + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogPolicyRule' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.PolicyRule = $complexTypeStringResult + } + else + { + $Results.Remove('PolicyRule') | Out-Null + } + } + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.PolicyRule) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PolicyRule" -IsCIMArray:$True + } + + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.schema.mof new file mode 100644 index 0000000000..25e4529e0d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.schema.mof @@ -0,0 +1,83 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule +{ + [Write, Description("Entry"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry")] String Entry[]; + [Write, Description("Name")] String Name; + [Write, Description("Excluded ID")] String ExcludedIdList_GroupId[]; + [Write, Description("Included ID")] String IncludedIdList_GroupId[]; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry +{ + [Write, Description("Type (allow: Allow, deny: Deny, auditallowed: AuditAllowed, auditdenied: AuditDenied)"), ValueMap{"allow", "deny", "auditallowed", "auditdenied"}, Values{"allow", "deny", "auditallowed", "auditdenied"}] String Type; + [Write, Description("Options (0: None, 1: ShowNotification, 2: SendEvent, 3: SendNotificationAndEvent, 4: Disable)"), ValueMap{"0", "1", "2", "3", "4"}, Values{"0", "1", "2", "3", "4"}] String Options; + [Write, Description("Sid")] String Sid; + [Write, Description("Access mask (1: WDD_READ_ACCESS, 2: WDD_WRITE_ACCESS, 4: WDD_EXECUTE_ACCESS, 8: WDD_FS_READ_ACCESS, 16: WDD_FS_WRITE_ACCESS, 32: WDD_FS_EXECUTE_ACCESS, 64: WDD_PRINT_ACCESS)"), ValueMap{"1", "2", "4", "8", "16", "32", "64"}, Values{"1", "2", "4", "8", "16", "32", "64"}] SInt32 AccessMask[]; + [Write, Description("Computer Sid")] String ComputerSid; +}; + + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceControlPolicyWindows10")] +class MSFT_IntuneDeviceControlPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Policy description")] String Description; + [Key, Description("Policy name")] String DisplayName; + [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The list of policy rules to apply."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule")] String PolicyRule[]; + [Write, Description("Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Allow_Deny_Layered; + [Write, Description("Allow installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Allow; + [Write, Description("Allowed device IDs")] String DeviceInstall_IDs_Allow_List[]; + [Write, Description("Allow installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Allow; + [Write, Description("Allowed Instance IDs")] String DeviceInstall_Instance_IDs_Allow_List[]; + [Write, Description("Allow installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Allow; + [Write, Description("Allowed classes")] String DeviceInstall_Classes_Allow_List[]; + [Write, Description("Prevent installation of devices not described by other policy settings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Unspecified_Deny; + [Write, Description("Prevent installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Deny; + [Write, Description("Prevented device IDs")] String DeviceInstall_IDs_Deny_List[]; + [Write, Description("Also apply to matching devices that are already installed. (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Deny_Retroactive; + [Write, Description("Prevent installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Deny; + [Write, Description("Also apply to matching devices that are already installed. (Device) (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Deny_Retroactive; + [Write, Description("Prevented Instance IDs")] String DeviceInstall_Instance_IDs_Deny_List[]; + [Write, Description("Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny; + [Write, Description("Prevented Classes")] String DeviceInstall_Classes_Deny_List[]; + [Write, Description("Also apply to matching devices that are already installed. (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny_Retroactive; + [Write, Description("Prevent installation of removable devices (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Removable_Deny; + [Write, Description("WPD Devices: Deny read access (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyRead_Access_2; + [Write, Description("WPD Devices: Deny read access (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyRead_Access_1; + [Write, Description("WPD Devices: Deny write access (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyWrite_Access_2; + [Write, Description("WPD Devices: Deny write access (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyWrite_Access_1; + [Write, Description("Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowFullScanRemovableDriveScanning; + [Write, Description("Allow Direct Memory Access (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDirectMemoryAccess; + [Write, Description("Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DeviceEnumerationPolicy; + [Write, Description("Removable Disk Deny Write Access (0: Disabled., 1: Enabled.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RemovableDiskDenyWriteAccess; + [Write, Description("Allow USB Connection (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUSBConnection; + [Write, Description("Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowBluetooth; + [Write, Description("Allow Advertising (0: Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral., 1: Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowAdvertising; + [Write, Description("Allow Discoverable Mode (0: Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device., 1: Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDiscoverableMode; + [Write, Description("Allow Prepairing (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPrepairing; + [Write, Description("Allow Prompted Proximal Connections (0: Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios, 1: Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPromptedProximalConnections; + [Write, Description("Services Allowed List")] String ServicesAllowedList[]; + [Write, Description("Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStorageCard; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/readme.md new file mode 100644 index 0000000000..11a926f75b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceControlPolicyWindows10 + +## Description + +Intune Device Control Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json new file mode 100644 index 0000000000..750c8444e2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName":"IntuneDeviceControlPolicyWindows10", + "description":"This resource configures an Intune Device Control Policy for Windows10.", + "permissions":{ + "graph":{ + "delegated":{ + "read":[ + { + "name":"DeviceManagementConfiguration.Read.All" + } + ], + "update":[ + { + "name":"DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application":{ + "read":[ + { + "name":"DeviceManagementConfiguration.Read.All" + } + ], + "update":[ + { + "name":"DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/1-Create.ps1 new file mode 100644 index 0000000000..d087f36334 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/1-Create.ps1 @@ -0,0 +1,63 @@ +<# +This example creates a new Device Control Policy. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + AllowStorageCard = "1"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Device Control"; + DeviceInstall_IDs_Allow = "1"; + DeviceInstall_IDs_Allow_List = @("1234"); + PolicyRule = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{ + Name = 'asdf' + Entry = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{ + AccessMask = @( + '1' + '2' + ) + Sid = '1234' + ComputerSid = '1234' + Type = 'allow' + Options = '4' + } + ) + } + ); + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..5281d2a23e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/2-Update.ps1 @@ -0,0 +1,63 @@ +<# +This example updates a Device Control Policy. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + AllowStorageCard = "1"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Device Control"; + DeviceInstall_IDs_Allow = "1"; + DeviceInstall_IDs_Allow_List = @("1234"); + PolicyRule = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{ + Name = 'asdf' + Entry = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{ + AccessMask = @( + '1' + '2' + ) + Sid = '1234' + ComputerSid = '1234' + Type = 'deny' # Updated property + Options = '4' + } + ) + } + ); + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..83cd3c3cbd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceControlPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example removes a Device Control Policy. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + Id = '00000000-0000-0000-0000-000000000000' + DisplayName = 'Device Control' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 4122bd19ea..6bf838c5d6 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -272,7 +272,7 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [switch] - $isArray = $false + $IsArray ) if ($null -eq $ComplexObject) @@ -281,7 +281,7 @@ function Get-M365DSCDRGComplexTypeToString } $indent = '' - for ($i = 0; $i -lt $IndentLevel ; $i++) + for ($i = 0; $i -lt $IndentLevel; $i++) { $indent += ' ' } @@ -299,10 +299,10 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping', $ComplexTypeMapping) + $splat.Add('ComplexTypeMapping', $ComplexTypeMapping) } - $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + $currentProperty += Get-M365DSCDRGComplexTypeToString -IsArray @splat } # PowerShell returns all non-captured stream output, not just the argument of the return statement. @@ -312,7 +312,7 @@ function Get-M365DSCDRGComplexTypeToString } $currentProperty = '' - if ($isArray) + if ($IsArray) { $currentProperty += "`r`n" $currentProperty += $indent @@ -338,29 +338,29 @@ function Get-M365DSCDRGComplexTypeToString { $hashPropertyType = $ComplexObject[$key].GetType().Name.ToLower() - $isArray = $false + $IsArray = $false if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray = $true + $IsArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] - $currentProperty += "`r`n" + #$currentProperty += "`r`n" } else { $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if (-not $isArray) + if (-not $IsArray) { $currentProperty += $indent + $key + ' = ' } - if ($isArray -and $key -in $ComplexTypeMapping.Name) + if ($IsArray -and $key -in $ComplexTypeMapping.Name) { if ($ComplexObject.$key.Count -gt 0) { @@ -369,11 +369,12 @@ function Get-M365DSCDRGComplexTypeToString } } - if ($isArray) + if ($IsArray) { $IndentLevel++ - foreach ($item in $ComplexObject[$key]) + for ($i = 0; $i -lt $ComplexObject[$key].Count; $i++) { + $item = $ComplexObject.$key[$i] if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item @@ -383,11 +384,17 @@ function Get-M365DSCDRGComplexTypeToString -CIMInstanceName $hashPropertyType ` -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -IsArray if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } + if ($i -ne 0) + { + # Remove the line break at the start because every item contains a trailing line break + # which would lead to two line breaks between each item + $nestedPropertyString = $nestedPropertyString.Substring(2) + } $currentProperty += $nestedPropertyString } $IndentLevel-- @@ -405,7 +412,7 @@ function Get-M365DSCDRGComplexTypeToString } $currentProperty += $nestedPropertyString } - if ($isArray) + if ($IsArray) { if ($ComplexObject.$key.Count -gt 0) { @@ -414,7 +421,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += "`r`n" } } - $isArray = $PSBoundParameters.IsArray + $IsArray = $PSBoundParameters.IsArray } else { @@ -432,7 +439,7 @@ function Get-M365DSCDRGComplexTypeToString if ($mappedKey -and $mappedKey.isRequired) { - if ($mappedKey.isArray) + if ($mappedKey.IsArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -451,7 +458,7 @@ function Get-M365DSCDRGComplexTypeToString } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($IsArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1643,8 +1650,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue # GroupSettingCollections are a collection of settings without a value of their own { $_ -eq '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' -or $_ -eq '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' } { - $groupSettingCollectionValue = @{} - $groupSettingCollectionValueChildren = @() + $groupSettingCollectionValue = @() $groupSettingCollectionDefinitionChildren = @() $templates = $SettingTemplates | Where-Object { @@ -1686,6 +1692,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue for ($i = 0; $i -lt $instanceCount; $i++) { + $groupSettingCollectionValueChildren = @() $currentDSCParams = if ($instanceCount -eq 1) { if (-not [System.String]::IsNullOrEmpty($cimDSCParamsName)) { $DSCParams.$cimDSCParamsName @@ -1708,7 +1715,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue foreach ($childDefinition in $groupSettingCollectionDefinitionChildren) { $childSettingName = $childDefinition.Name - $childSettingType = $childDefinition.AdditionalProperties.'@odata.type'.Replace('Definition', 'Instance') + $childSettingType = $childDefinition.AdditionalProperties.'@odata.type'.Replace('Definition', 'Instance').Replace('SettingGroup', 'GroupSetting') $childSettingValueName = $childSettingType.Replace('#microsoft.graph.deviceManagementConfiguration', '').Replace('Instance', 'Value') $childSettingValueType = "#microsoft.graph.deviceManagementConfiguration$($childSettingValueName)" $childSettingValueName = $childSettingValueName.Substring(0, 1).ToLower() + $childSettingValueName.Substring(1, $childSettingValueName.length - 1 ) @@ -1740,10 +1747,15 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $groupSettingCollectionValueChildren += $childSettingValue } } + if ($groupSettingCollectionValueChildren.Count -gt 0) + { + $groupSettingCollectionValue += @{ + children = @($groupSettingCollectionValueChildren) + } + } } - if ($groupSettingCollectionDefinitionChildren.Count -gt 0) { - $groupSettingCollectionValue.Add('children', $groupSettingCollectionValueChildren) + if ($groupSettingCollectionDefinitionChildren.Count -gt 0 -and $groupSettingCollectionValue.Count -gt 0) { $settingValuesToReturn.Add('groupSettingCollectionValue', @($groupSettingCollectionValue)) } } @@ -1988,7 +2000,11 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue # Parent was combined with child setting. Since there can be multiple settings with the same Name, we need to check the Id as well if ($SettingDefinition.Id -eq $childDefinition.Id) { - $global:excludedDscParams += $key + # Only exclude the combined setting if it is not part of a group setting collection (which could be of a separate CIM type) + if ($parentDefinition.AdditionalProperties.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition') + { + $global:excludedDscParams += $key + } $matchCombined = $true } } @@ -2125,7 +2141,7 @@ function Export-IntuneSettingCatalogPolicySettings } elseif ($settingDefinition.AdditionalProperties.options.dependentOn.parentSettingId.Count -gt 0) { - $parentSetting = $SettingDefinitions | Where-Object -FilterScript { $_.Id -eq $($settingDefinition.AdditionalProperties.dependentOn.parentSettingId | Select-Object -Unique -First 1) } + $parentSetting = $SettingDefinitions | Where-Object -FilterScript { $_.Id -eq $($settingDefinition.AdditionalProperties.options.dependentOn.parentSettingId | Select-Object -Unique -First 1) } } $combinationMatches = $SettingDefinitions | Where-Object -FilterScript { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..31712d60ea --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 @@ -0,0 +1,730 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceControlPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName Update-IntuneDeviceConfigurationPolicy -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + Description = 'My Test' + Name = 'Test' + RoleScopeTagIds = @("FakeStringValue") + TemplateReference = @{ + TemplateId = '0f2034c6-3cd6-4ee1-bd37-f3c0693e9548_1' + } + } + } + + Mock -CommandName Get-IntuneSettingCatalogPolicySetting -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicySetting -MockWith { + return @( + @{ + Id = '0' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_bluetooth_servicesallowedlist' + Name = 'ServicesAllowedList' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionDefinition' + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_bluetooth_servicesallowedlist' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '47d9b9c4-e714-4a51-a099-33f548e4ea49' + } + AdditionalProperties = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + simpleSettingCollectionValue = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = 'abcd' + } + ) + } + ) + } + }, + @{ + Id = '1' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_connectivity_allowusbconnection' + Name = 'AllowUSBConnection' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + } + ) + SettingInstance = @( + @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_connectivity_allowusbconnection' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = 'bc92aa99-0993-4c65-a005-d5e5e6701486' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + children = @() + value = '1' + } + } + } + ) + }, + @{ + Id = '2' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + Name = 'Entry' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_id', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_options', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_sid', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_computersid' + ) + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + } + ) + maximumCount = 100 + minimumCount = 1 + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_options' + Name = 'Options' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Disable' + itemId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_options_4' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type_allow' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type' + }, + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type_deny' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type' + Name = 'Type' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Allow' + itemId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type_allow' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist_groupid' + Name = 'GroupId' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_name' + Name = 'Name' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}' + Name = 'ruleid' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + ) + maximumCount = 100 + minimumCount = 1 + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist' + Name = 'ExcludedIdList' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist_groupid' + ) + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + } + ) + maximumCount = 100 + minimumCount = 1 + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_sid' + Name = 'Sid' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_id' + Name = 'Id' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_includedidlist' + Name = 'IncludedIdList' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + Name = 'PolicyRule' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_id', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_name', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_includedidlist', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_excludedidlist', + 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + ) + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}' + } + ) + maximumCount = 1 + minimumCount = 1 + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_includedidlist_groupid' + Name = 'GroupId' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_includedidlist' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_includedidlist' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask' + Name = 'AccessMask' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionDefinition' + maximumCount = 100 + minimumCount = 0 + options = @( + @{ + name = 'WDD_READ_ACCESS' + itemId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask_1' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + }, + @{ + name = 'WDD_WRITE_ACCESS' + itemId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask_2' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + # No more options for clarity + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_id' + Name = 'Id' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_computersid' + Name = 'ComputerSid' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + parentSettingId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = 'a5c5409c-886a-4909-81c7-28156aee9419' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @( + @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @( + @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_id' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '{4fc8d684-1ff9-4525-a67e-9c8525f9fcd7}' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_name' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = 'asdf' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry' + groupSettingCollectionValue = @( + @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type' + choiceSettingValue = @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_options' + choiceSettingValue = @{ + children = @() + value = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_options_4' + } + } + ) + value = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_type_allow' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask' + choiceSettingCollectionValue = @( + @{ + children = @() + value = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask_1' + }, + @{ + children = @() + value = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_accesmask_2' + } + ) + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_sid' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '1234' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_computersid' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '1234' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata_entry_id' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '{51b6ad7f-7b07-493c-94c9-907a1842abd3}' + } + } + ) + } + ) + + } + ) + } + ) + settingDefinitionId = 'device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata' + settingInstanceTemplateReference = @{ + settingInstanceTemplateId = '46c91d1a-89d2-4f6a-93f8-7a1dc4184024' + } + } + ) + } + ) + } + } + } + ) + } + + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyAssignment -MockWith { + return @(@{ + Id = '12345-12345-12345-12345-12345' + Source = 'direct' + SourceId = '12345-12345-12345-12345-12345' + Target = @{ + DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' + DeviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @( + @{ + '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + } + ) + } + }) + } + } + # Test contexts + Context -Name "The IntuneDeviceControlPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + Id = "12345-12345-12345-12345-12345" + DisplayName = "Test" + AllowUSBConnection = "1" + PolicyRule = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule -Property @{ + Entry = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry -Property @{ + AccessMask = @("1", "2") + Sid = "1234" + ComputerSid = "1234" + Type = "allow" + Options = "4" + } -ClientOnly) + ) + Name = "asdf" + } -ClientOnly) + ) + ServicesAllowedList = @("abcd") + RoleScopeTagIds = @("FakeStringValue") + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + + Context -Name "The IntuneDeviceControlPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + Id = "12345-12345-12345-12345-12345" + DisplayName = "Test" + AllowUSBConnection = "1" + PolicyRule = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule -Property @{ + Entry = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry -Property @{ + AccessMask = @("1", "2") + Sid = "1234" + ComputerSid = "1234" + Type = "allow" + Options = "4" + } -ClientOnly) + ) + Name = "asdf" + } -ClientOnly) + ) + ServicesAllowedList = @("abcd") + RoleScopeTagIds = @("FakeStringValue") + Ensure = "Absent" + Credential = $Credential; + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + Context -Name "The IntuneDeviceControlPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + Id = "12345-12345-12345-12345-12345" + DisplayName = "Test" + AllowUSBConnection = "1" + PolicyRule = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule -Property @{ + Entry = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry -Property @{ + AccessMask = @("1", "2") + Sid = "1234" + ComputerSid = "1234" + Type = "allow" + Options = "4" + } -ClientOnly) + ) + Name = "asdf" + } -ClientOnly) + ) + ServicesAllowedList = @("abcd") + RoleScopeTagIds = @("FakeStringValue") + Ensure = "Present" + Credential = $Credential; + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceControlPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + Id = "12345-12345-12345-12345-12345" + DisplayName = "Test" + AllowUSBConnection = "1" + PolicyRule = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule -Property @{ + Entry = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry -Property @{ + AccessMask = @("1", "2") + Sid = "1234" + ComputerSid = "1234" + Type = "deny" # Updated property + Options = "4" + } -ClientOnly) + ) + Name = "asdf" + } -ClientOnly) + ) + ServicesAllowedList = @("abcd") + RoleScopeTagIds = @("FakeStringValue") + Ensure = "Present" + Credential = $Credential; + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-IntuneDeviceConfigurationPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From d11579cb4e75fcc0e0d935034ad8e8c872990b45 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 4 Sep 2024 13:27:00 -0400 Subject: [PATCH 15/27] FabricAdminTenantSettings - Initial Release. --- CHANGELOG.md | 4 + .../MSFT_FabricAdminTenantSettings.psm1 | 2135 +++++++++++++++++ .../MSFT_FabricAdminTenantSettings.schema.mof | 172 ++ .../MSFT_FabricAdminTenantSettings/readme.md | 6 + .../settings.json | 20 + .../Dependencies/Manifest.psd1 | 2 +- .../4-MonitorOnly.ps1 | 45 + Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 1 + .../Modules/M365DSCReverse.psm1 | 2 +- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 4 +- .../WorkloadHelpers/M365DSCFabricHelper.psm1 | 26 + ...365DSC.FabricAdminTenantSettings.Tests.ps1 | 220 ++ 12 files changed, 2633 insertions(+), 4 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 create mode 100644 Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d9956fd347..6d2f2acbd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,14 @@ * EXOSweepRule * Initial Release. +* FabricAdminTenantSettings + * Initial Release. * M365DSCDRGUtil * Fixes an issue where a Intune settings catalog DSC param was not handled correctly when it was not specified. FIXES [#5000](https://github.com/microsoft/Microsoft365DSC/issues/5000) +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.20. # 1.24.828.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 new file mode 100644 index 0000000000..482c9524c7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -0,0 +1,2135 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AADSSOForGateway, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeDetailedMetadata, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeExpressions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminCustomDisclaimer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AISkillArtifactTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowAccessOverPrivateLinks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVAuthenticationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVLocalStorageV2Tenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVToExportDataToFileTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowEndorsementMasterDataSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingReceiverSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowFreeTrial, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestLookup, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestUserToAccessSharedContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowPowerBIASDQOnTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendAOAIDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendNLToDaxDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsCreateAndUseProfiles, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsUseReadAdminAPIs, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AppPush, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactSearchTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASCollectQueryTextTelemetryTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASShareableCloudConnectionBindingSecurityModeTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruContinuousExportTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoInstallPowerBIAppInTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsEntryPoints, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AzureMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BingMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAccessFromPublicNetworks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAutoDiscoverAndPackageRefresh, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockProtectedLabelSharingToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockResourceKeyAuthentication, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CDSAManagement, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifiedCustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifyDatasets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ConfigureFolderRetentionPeriod, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CreateAppWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatamartTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatasetExecuteQueries, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DevelopServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsConsumption, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsCertified, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsPromoted, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DremioSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDataSourceInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDownstreamInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionEdit, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionLessElevated, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ElevatedGuestsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSecurityGroupsOnOutage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToB2BUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToExternalUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Embedding, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableAOAI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableDatasetInPlaceSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableExcelYellowIntegration, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableFabricAirflow, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableNLToDax, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableReassignDataDomainSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EsriVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExpFlightingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportReport, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToCsv, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToExcelSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToImage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToMHTML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToPowerPoint, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToWord, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToXML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportVisualImageTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalDatasetSharingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalSharingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricAddPartnerWorkload, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricFeedbackTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricGAWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricThirdPartyWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitHubTenantSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationCrossGeoTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationSensitivityLabelsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GoogleBigQuerySSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GraphQLTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $HealthcareSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallNonvalidatedTemplateApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $KustoDashboardTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LiveConnection, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LogAnalyticsAttachForWorkspaceAdmins, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $M365DataSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Mirroring, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ODSPRefreshEnforcementTenantAllowAutomaticUpdate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointAllowSharingTenantSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointViewerIntegrationTenantSettingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeFileExplorer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeForThirdParty, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OnPremAnalyzeInExcel, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerBIGoalsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerPlatformSolutionsIntegrationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Printing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PromoteContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishContentPack, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishToWeb, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaFeedbackLoop, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaLsdlSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QueryScaleOutTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RedshiftSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RestrictMyFolderCapacity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RetailSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RScriptVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ServicePrincipalAccess, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareLinkToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareToTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SnowflakeSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $StorytellingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SustainabilitySolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TemplatePublish, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TenantSettingPublishGetHelpInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TridentPrivatePreview, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetrics, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetricsTrackUserLevelInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UseDatasetsAcrossWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $VisualizeListInPowerBI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebContentTilesTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebModelingTenantSwitch, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'Fabric' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances + } + else + { + $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + "/v1/admin/tenantsettings" + $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + IsSingleInstance = 'Yes' + AADSSOForGateway = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AADSSOForGateway'}) + AdminApisIncludeDetailedMetadata = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminApisIncludeDetailedMetadata'}) + AdminApisIncludeExpressions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminApisIncludeExpressions'}) + AdminCustomDisclaimer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminCustomDisclaimer'}) + AISkillArtifactTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AISkillArtifactTenantSwitch'}) + AllowAccessOverPrivateLinks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowAccessOverPrivateLinks'}) + AllowCVAuthenticationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVAuthenticationTenant'}) + AllowCVLocalStorageV2Tenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVLocalStorageV2Tenant'}) + AllowCVToExportDataToFileTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVToExportDataToFileTenant'}) + AllowEndorsementMasterDataSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowEndorsementMasterDataSwitch'}) + AllowExternalDataSharingReceiverSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowExternalDataSharingReceiverSwitch'}) + AllowExternalDataSharingSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowExternalDataSharingSwitch'}) + AllowFreeTrial = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowFreeTrial'}) + AllowGuestLookup = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowGuestLookup'}) + AllowGuestUserToAccessSharedContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowGuestUserToAccessSharedContent'}) + AllowPowerBIASDQOnTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowPowerBIASDQOnTenant'}) + AllowSendAOAIDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowSendAOAIDataToOtherRegions'}) + AllowSendNLToDaxDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowSendNLToDaxDataToOtherRegions'}) + AllowServicePrincipalsCreateAndUseProfiles = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowServicePrincipalsCreateAndUseProfiles'}) + AllowServicePrincipalsUseReadAdminAPIs = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowServicePrincipalsUseReadAdminAPIs'}) + AppPush = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AppPush'}) + ArtifactSearchTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ArtifactSearchTenant'}) + ASCollectQueryTextTelemetryTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASCollectQueryTextTelemetryTenantSwitch'}) + ASShareableCloudConnectionBindingSecurityModeTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASShareableCloudConnectionBindingSecurityModeTenant'}) + ASWritethruContinuousExportTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASWritethruContinuousExportTenantSwitch'}) + ASWritethruTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASWritethruTenantSwitch'}) + AutoInstallPowerBIAppInTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutoInstallPowerBIAppInTeamsTenant'}) + AutomatedInsightsEntryPoints = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutomatedInsightsEntryPoints'}) + AutomatedInsightsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutomatedInsightsTenant'}) + AzureMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AzureMap'}) + BingMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BingMap'}) + BlockAccessFromPublicNetworks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockAccessFromPublicNetworks'}) + BlockAutoDiscoverAndPackageRefresh = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockAutoDiscoverAndPackageRefresh'}) + BlockProtectedLabelSharingToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockProtectedLabelSharingToEntireOrg'}) + BlockResourceKeyAuthentication = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockResourceKeyAuthentication'}) + CDSAManagement = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CDSAManagement'}) + CertifiedCustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CertifiedCustomVisualsTenant'}) + CertifyDatasets = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CertifyDatasets'}) + ConfigureFolderRetentionPeriod = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ConfigureFolderRetentionPeriod'}) + CreateAppWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CreateAppWorkspaces'}) + CustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CustomVisualsTenant'}) + DatamartTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DatamartTenant'}) + DatasetExecuteQueries = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DatasetExecuteQueries'}) + DevelopServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DevelopServiceApps'}) + DiscoverDatasetsConsumption = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsConsumption'}) + DiscoverDatasetsSettingsCertified = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsSettingsCertified'}) + DiscoverDatasetsSettingsPromoted = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsSettingsPromoted'}) + DremioSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DremioSSO'}) + EimInformationProtectionDataSourceInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionDataSourceInheritanceSetting'}) + EimInformationProtectionDownstreamInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionDownstreamInheritanceSetting'}) + EimInformationProtectionEdit = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionEdit'}) + EimInformationProtectionLessElevated = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionLessElevated'}) + EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting'}) + ElevatedGuestsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ElevatedGuestsTenant'}) + EmailSecurityGroupsOnOutage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSecurityGroupsOnOutage'}) + EmailSubscriptionsToB2BUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionsToB2BUsers'}) + EmailSubscriptionsToExternalUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionsToExternalUsers'}) + EmailSubscriptionTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionTenant'}) + Embedding = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Embedding'}) + EnableAOAI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableAOAI'}) + EnableDatasetInPlaceSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableDatasetInPlaceSharing'}) + EnableExcelYellowIntegration = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableExcelYellowIntegration'}) + EnableFabricAirflow = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableFabricAirflow'}) + EnableNLToDax = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableNLToDax'}) + EnableReassignDataDomainSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableReassignDataDomainSwitch'}) + EsriVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EsriVisual'}) + ExpFlightingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExpFlightingTenant'}) + ExportReport = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportReport'}) + ExportToCsv = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToCsv'}) + ExportToExcelSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToExcelSetting'}) + ExportToImage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToImage'}) + ExportToMHTML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToMHTML'}) + ExportToPowerPoint = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToPowerPoint'}) + ExportToWord = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToWord'}) + ExportToXML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToXML'}) + ExportVisualImageTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportVisualImageTenant'}) + ExternalDatasetSharingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExternalDatasetSharingTenant'}) + ExternalSharingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExternalSharingV2'}) + FabricAddPartnerWorkload = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricAddPartnerWorkload'}) + FabricFeedbackTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricFeedbackTenantSwitch'}) + FabricGAWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricGAWorkloads'}) + FabricThirdPartyWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricThirdPartyWorkloads'}) + GitHubTenantSettings = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitHubTenantSettings'}) + GitIntegrationCrossGeoTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationCrossGeoTenantSwitch'}) + GitIntegrationSensitivityLabelsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationSensitivityLabelsTenantSwitch'}) + GitIntegrationTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationTenantSwitch'}) + GoogleBigQuerySSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GoogleBigQuerySSO'}) + GraphQLTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GraphQLTenant'}) + HealthcareSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'HealthcareSolutionsTenantSwitch'}) + InstallNonvalidatedTemplateApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'InstallNonvalidatedTemplateApps'}) + InstallServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'InstallServiceApps'}) + KustoDashboardTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'KustoDashboardTenantSwitch'}) + LiveConnection = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'LiveConnection'}) + LogAnalyticsAttachForWorkspaceAdmins = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'LogAnalyticsAttachForWorkspaceAdmins'}) + M365DataSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'M365DataSharing'}) + Mirroring = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Mirroring'}) + ODSPRefreshEnforcementTenantAllowAutomaticUpdate = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ODSPRefreshEnforcementTenantAllowAutomaticUpdate'}) + OneDriveSharePointAllowSharingTenantSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneDriveSharePointAllowSharingTenantSetting'}) + OneDriveSharePointViewerIntegrationTenantSettingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneDriveSharePointViewerIntegrationTenantSettingV2'}) + OneLakeFileExplorer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneLakeFileExplorer'}) + OneLakeForThirdParty = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneLakeForThirdParty'}) + OnPremAnalyzeInExcel = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OnPremAnalyzeInExcel'}) + PowerBIGoalsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PowerBIGoalsTenant'}) + PowerPlatformSolutionsIntegrationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PowerPlatformSolutionsIntegrationTenant'}) + Printing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Printing'}) + PromoteContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PromoteContent'}) + PublishContentPack = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PublishContentPack'}) + PublishToWeb = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PublishToWeb'}) + QnaFeedbackLoop = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QnaFeedbackLoop'}) + QnaLsdlSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QnaLsdlSharing'}) + QueryScaleOutTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QueryScaleOutTenant'}) + RedshiftSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RedshiftSSO'}) + RestrictMyFolderCapacity = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RestrictMyFolderCapacity'}) + RetailSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RetailSolutionsTenantSwitch'}) + RScriptVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RScriptVisual'}) + ServicePrincipalAccess = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ServicePrincipalAccess'}) + ShareLinkToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ShareLinkToEntireOrg'}) + ShareToTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ShareToTeamsTenant'}) + SnowflakeSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'SnowflakeSSO'}) + StorytellingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'StorytellingTenant'}) + SustainabilitySolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'SustainabilitySolutionsTenantSwitch'}) + TemplatePublish = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TemplatePublish'}) + TenantSettingPublishGetHelpInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TenantSettingPublishGetHelpInfo'}) + TridentPrivatePreview = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TridentPrivatePreview'}) + UsageMetrics = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UsageMetrics'}) + UsageMetricsTrackUserLevelInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UsageMetricsTrackUserLevelInfo'}) + UseDatasetsAcrossWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UseDatasetsAcrossWorkspaces'}) + VisualizeListInPowerBI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'VisualizeListInPowerBI'}) + WebContentTilesTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'WebContentTilesTenant'}) + WebModelingTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'WebModelingTenantSwitch'}) + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AADSSOForGateway, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeDetailedMetadata, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeExpressions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminCustomDisclaimer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AISkillArtifactTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowAccessOverPrivateLinks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVAuthenticationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVLocalStorageV2Tenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVToExportDataToFileTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowEndorsementMasterDataSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingReceiverSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowFreeTrial, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestLookup, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestUserToAccessSharedContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowPowerBIASDQOnTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendAOAIDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendNLToDaxDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsCreateAndUseProfiles, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsUseReadAdminAPIs, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AppPush, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactSearchTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASCollectQueryTextTelemetryTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASShareableCloudConnectionBindingSecurityModeTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruContinuousExportTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoInstallPowerBIAppInTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsEntryPoints, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AzureMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BingMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAccessFromPublicNetworks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAutoDiscoverAndPackageRefresh, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockProtectedLabelSharingToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockResourceKeyAuthentication, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CDSAManagement, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifiedCustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifyDatasets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ConfigureFolderRetentionPeriod, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CreateAppWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatamartTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatasetExecuteQueries, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DevelopServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsConsumption, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsCertified, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsPromoted, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DremioSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDataSourceInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDownstreamInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionEdit, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionLessElevated, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ElevatedGuestsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSecurityGroupsOnOutage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToB2BUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToExternalUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Embedding, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableAOAI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableDatasetInPlaceSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableExcelYellowIntegration, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableFabricAirflow, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableNLToDax, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableReassignDataDomainSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EsriVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExpFlightingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportReport, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToCsv, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToExcelSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToImage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToMHTML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToPowerPoint, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToWord, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToXML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportVisualImageTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalDatasetSharingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalSharingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricAddPartnerWorkload, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricFeedbackTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricGAWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricThirdPartyWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitHubTenantSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationCrossGeoTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationSensitivityLabelsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GoogleBigQuerySSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GraphQLTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $HealthcareSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallNonvalidatedTemplateApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $KustoDashboardTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LiveConnection, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LogAnalyticsAttachForWorkspaceAdmins, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $M365DataSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Mirroring, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ODSPRefreshEnforcementTenantAllowAutomaticUpdate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointAllowSharingTenantSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointViewerIntegrationTenantSettingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeFileExplorer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeForThirdParty, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OnPremAnalyzeInExcel, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerBIGoalsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerPlatformSolutionsIntegrationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Printing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PromoteContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishContentPack, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishToWeb, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaFeedbackLoop, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaLsdlSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QueryScaleOutTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RedshiftSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RestrictMyFolderCapacity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RetailSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RScriptVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ServicePrincipalAccess, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareLinkToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareToTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SnowflakeSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $StorytellingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SustainabilitySolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TemplatePublish, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TenantSettingPublishGetHelpInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TridentPrivatePreview, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetrics, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetricsTrackUserLevelInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UseDatasetsAcrossWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $VisualizeListInPowerBI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebContentTilesTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebModelingTenantSwitch, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Warning -Message "This resource is read-only and does not support changing the settings. It is used for monitoring purposes only." +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AADSSOForGateway, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeDetailedMetadata, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminApisIncludeExpressions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AdminCustomDisclaimer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AISkillArtifactTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowAccessOverPrivateLinks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVAuthenticationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVLocalStorageV2Tenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowCVToExportDataToFileTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowEndorsementMasterDataSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingReceiverSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowExternalDataSharingSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowFreeTrial, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestLookup, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGuestUserToAccessSharedContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowPowerBIASDQOnTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendAOAIDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowSendNLToDaxDataToOtherRegions, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsCreateAndUseProfiles, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowServicePrincipalsUseReadAdminAPIs, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AppPush, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactSearchTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASCollectQueryTextTelemetryTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASShareableCloudConnectionBindingSecurityModeTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruContinuousExportTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ASWritethruTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutoInstallPowerBIAppInTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsEntryPoints, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AutomatedInsightsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AzureMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BingMap, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAccessFromPublicNetworks, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockAutoDiscoverAndPackageRefresh, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockProtectedLabelSharingToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $BlockResourceKeyAuthentication, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CDSAManagement, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifiedCustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CertifyDatasets, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ConfigureFolderRetentionPeriod, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CreateAppWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $CustomVisualsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatamartTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DatasetExecuteQueries, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DevelopServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsConsumption, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsCertified, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DiscoverDatasetsSettingsPromoted, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DremioSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDataSourceInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionDownstreamInheritanceSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionEdit, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionLessElevated, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ElevatedGuestsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSecurityGroupsOnOutage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToB2BUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionsToExternalUsers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EmailSubscriptionTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Embedding, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableAOAI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableDatasetInPlaceSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableExcelYellowIntegration, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableFabricAirflow, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableNLToDax, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnableReassignDataDomainSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EsriVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExpFlightingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportReport, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToCsv, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToExcelSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToImage, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToMHTML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToPowerPoint, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToWord, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportToXML, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExportVisualImageTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalDatasetSharingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ExternalSharingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricAddPartnerWorkload, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricFeedbackTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricGAWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $FabricThirdPartyWorkloads, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitHubTenantSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationCrossGeoTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationSensitivityLabelsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GitIntegrationTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GoogleBigQuerySSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $GraphQLTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $HealthcareSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallNonvalidatedTemplateApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $InstallServiceApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $KustoDashboardTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LiveConnection, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $LogAnalyticsAttachForWorkspaceAdmins, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $M365DataSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Mirroring, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ODSPRefreshEnforcementTenantAllowAutomaticUpdate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointAllowSharingTenantSetting, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneDriveSharePointViewerIntegrationTenantSettingV2, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeFileExplorer, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OneLakeForThirdParty, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OnPremAnalyzeInExcel, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerBIGoalsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PowerPlatformSolutionsIntegrationTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Printing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PromoteContent, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishContentPack, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $PublishToWeb, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaFeedbackLoop, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QnaLsdlSharing, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $QueryScaleOutTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RedshiftSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RestrictMyFolderCapacity, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RetailSolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $RScriptVisual, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ServicePrincipalAccess, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareLinkToEntireOrg, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ShareToTeamsTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SnowflakeSSO, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $StorytellingTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $SustainabilitySolutionsTenantSwitch, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TemplatePublish, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TenantSettingPublishGetHelpInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $TridentPrivatePreview, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetrics, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UsageMetricsTrackUserLevelInfo, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UseDatasetsAcrossWorkspaces, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $VisualizeListInPowerBI, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebContentTilesTenant, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WebModelingTenantSwitch, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + Write-Verbose -Message "Difference found for $key" + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'Fabric' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + "/v1/admin/tenantsettings" + [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' + + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $dscContent = '' + $params = @{ + IsSingleInstance = 'Yes' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $newResults = ([Hashtable]$Results).Clone() + foreach ($key in $Results.Keys) + { + if ($null -ne $Results.$key -and $key -notin $params.Keys) + { + $newResults.$key = Get-M365DSCFabricTenantSettingAsString -Setting $Results.$key + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $newResults ` + -Credential $Credential + foreach ($key in $Results.Keys) + { + if ($null -ne $Results.$key -and $key -notin $params.Keys) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName $key + } + } + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Get-M365DSCFabricTenantSettingAsString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = $true)] + [System.Collections.Hashtable] + $Setting + ) + + $StringContent += "MSFT_FabricTenantSetting {`r`n" + $StringContent += " settingName = '" + $setting.settingName + "'`r`n" + if (-not [System.String]::IsNullOrEmpty($setting.canSpecifySecurityGroups)) + { + $StringContent += " canSpecifySecurityGroups = `$" + $setting.canSpecifySecurityGroups + "`r`n" + } + if (-not [System.String]::IsNullOrEmpty($setting.delegateToWorkspace)) + { + $StringContent += " delegateToWorkspace = `$" + $setting.delegateToWorkspace + "`r`n" + } + if (-not [System.String]::IsNullOrEmpty($setting.delegatedFrom)) + { + $StringContent += " delegatedFrom = '" + $setting.delegatedFrom + "'`r`n" + } + $StringContent += " enabled = `$" + $setting.enabled + "`r`n" + if (-not [System.String]::IsNullOrEmpty($setting.tenantSettingGroup)) + { + $StringContent += " tenantSettingGroup = '" + $setting.tenantSettingGroup + "'`r`n" + } + $StringContent += " title = '" + $setting.title + "'`r`n" + if (-not [System.String]::IsNullOrEmpty($setting.properties)) + { + $StringContent += " properties = @(" + foreach ($property in $setting.properties) + { + $StringContent += " MSFT_FabricTenantSettingProperty{`r`n" + $StringContent += " name = '$($property.name)'`r`n" + $StringContent += " value = '$($property.value)'`r`n" + $StringContent += " type = '$($property.type)'`r`n" + $StringContent += " }`r`n" + } + $StringContent += ")" + } + if (-not [System.String]::IsNullOrEmpty($setting.excludedSecurityGroups)) + { + $excludedSecurityGroupsValue = $setting.excludedSecurityGroups -join "','" + if ($setting.excludedSecurityGroups.Length -gt 1) + { + $excludedSecurityGroupsValue = $excludedSecurityGroupsValue.Substring(0, $excludedSecurityGroupsValue.Length -3) + } + $StringContent += " excludedSecurityGroups = @('" + $excludedSecurityGroupsValue + "')`r`n" + } + if (-not [System.String]::IsNullOrEmpty($setting.enabledSecurityGroups)) + { + $enabledSecurityGroupsValue = $setting.enabledSecurityGroups -join "','" + if ($setting.enabledSecurityGroups.Length -gt 1) + { + $enabledSecurityGroupsValue = $setting.enabledSecurityGroups -join "','" + $enabledSecurityGroupsValue = $enabledSecurityGroupsValue.Substring(0, $enabledSecurityGroupsValue.Length -3) + } + $StringContent += " enabledSecurityGroups = @('" + $enabledSecurityGroupsValue + "')`r`n" + } + $StringContent += " }`r`n" + return $StringContent +} + +function Get-M365DSCFabricTenantSettingObject +{ + [CmdletBinding()] + [OutputType([PSCustomObject])] + param( + [Parameter()] + $Setting + ) + + if ($null -eq $Setting) + { + return $null + } + + Write-Verbose -Message "Retrieving values for setting {$($Setting.settingName)}" + + $values = @{ + settingName = $Setting.settingName + enabled = [Boolean]$Setting.enabled + title = $Setting.title.Replace("'", "''") + } + if (-not [System.String]::IsNullOrEmpty($Setting.canSpecifySecurityGroups)) + { + $values.Add('canSpecifySecurityGroups', [Boolean]$Setting.canSpecifySecurityGroups) + } + if (-not [System.String]::IsNullOrEmpty($Setting.delegateToWorkspace)) + { + $values.Add('delegateToWorkspace', $Setting.delegateToWorkspace) + } + if (-not [System.String]::IsNullOrEmpty($Setting.delegatedFrom)) + { + $values.Add('delegatedFrom', $Setting.delegatedFrom) + } + if (-not [System.String]::IsNullOrEmpty($Setting.tenantSettingGroup)) + { + $values.Add('tenantSettingGroup', $Setting.tenantSettingGroup) + } + if ($null -ne $Setting.properties -and $Setting.properties.Length -gt 0) + { + $propertiesValue = @() + foreach ($property in $Setting.Properties) + { + $curProperty = @{ + name = $property.name + value = $property.value.Replace("'", "''") + type = $property.type + } + $propertiesValue += $curProperty + } + + $values.Add('properties', $propertiesValue) + } + if ($null -ne $Setting.excludedSecurityGroups -and $Setting.excludedSecurityGroups.Length -gt 0) + { + $values.Add('excludedSecurityGroups', [Array]$Setting.excludedSecurityGroups.name) + } + if ($null -ne $Setting.enabledSecurityGroups -and $Setting.enabledSecurityGroups.Length -gt 0) + { + $values.Add('enabledSecurityGroups', [Array]$Setting.enabledSecurityGroups.name) + } + return $values +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof new file mode 100644 index 0000000000..4b91816f4a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof @@ -0,0 +1,172 @@ +[ClassVersion("1.0.0")] +class MSFT_FabricDelegatedFrom +{ + [Write, Description("The setting is delegated from a capacity.")] String Capacity; + [Write, Description("The setting is delegated from a domain.")] String Domain; + [Write, Description("The setting is delegated from a tenant.")] String Tenant; +}; + +[ClassVersion("1.0.0")] +class MSFT_FabricTenantSettingProperty +{ + [Write, Description("The name of the property.")] String name; + [Write, Description("The type of the property.")] String type; + [Write, Description("The value of the property.")] String value; +}; + +[ClassVersion("1.0.0")] +class MSFT_FabricTenantSetting +{ + [Write, Description("Indicates if the tenant setting is enabled for a security group. 0 - The tenant setting is enabled for the entire organization.")] Boolean canSpecifySecurityGroups; + [Write, Description("Indicates whether the tenant setting can be delegated to a workspace admin. False - Workspace admin cannot override the tenant setting.")] Boolean delegateToWorkspace; + [Write, Description("Tenant setting delegated from tenant, capacity or domain."), EmbeddedInstance("MSFT_FabricDelegatedFrom")] string delegatedFrom; + [Write, Description("The name of the tenant setting.")] String settingName; + [Write, Description("The status of the tenant setting.")] Boolean enabled; + [Write, Description("Tenant setting group name.")] String tenantSettingGroup; + [Write, Description("The title of the tenant setting.")] String title; + [Write, Description("Tenant setting properties."), EmbeddedInstance("MSFT_FabricTenantSettingProperty")] String properties[]; + [Write, Description("A list of excluded security groups.")] String excludedSecurityGroups[]; + [Write, Description("A list of enabled security groups.")] String enabledSecurityGroups[]; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("FabricAdminTenantSettings")] +class MSFT_FabricAdminTenantSettings : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Microsoft Entra single sign-on for data gateway"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AADSSOForGateway; + [Write, Description("Enhance admin APIs responses with detailed metadata"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AdminApisIncludeDetailedMetadata; + [Write, Description("Enhance admin APIs responses with DAX and mashup expressions"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AdminApisIncludeExpressions; + [Write, Description("Show a custom message before publishing reports"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AdminCustomDisclaimer; + [Write, Description("Users can create and share AI skill item types (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AISkillArtifactTenantSwitch; + [Write, Description("Azure Private Link"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowAccessOverPrivateLinks; + [Write, Description("AppSource Custom Visuals SSO"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowCVAuthenticationTenant; + [Write, Description("Allow access to the browser's local storage"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowCVLocalStorageV2Tenant; + [Write, Description("Allow downloads from custom visuals"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowCVToExportDataToFileTenant; + [Write, Description("Endorse master data (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowEndorsementMasterDataSwitch; + [Write, Description("Users can accept external data shares (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowExternalDataSharingReceiverSwitch; + [Write, Description("External data sharing (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowExternalDataSharingSwitch; + [Write, Description("Users can try Microsoft Fabric paid features"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowFreeTrial; + [Write, Description("Users can see guest users in lists of suggested people"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowGuestLookup; + [Write, Description("Guest users can access Microsoft Fabric"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowGuestUserToAccessSharedContent; + [Write, Description("Allow DirectQuery connections to Power BI semantic models"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowPowerBIASDQOnTenant; + [Write, Description("Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowSendAOAIDataToOtherRegions; + [Write, Description("Allow user data to leave their geography"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowSendNLToDaxDataToOtherRegions; + [Write, Description("Allow service principals to create and use profiles"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowServicePrincipalsCreateAndUseProfiles; + [Write, Description("Service principals can access read-only admin APIs"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowServicePrincipalsUseReadAdminAPIs; + [Write, Description("Push apps to end users"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AppPush; + [Write, Description("Use global search for Power BI"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ArtifactSearchTenant; + [Write, Description("Microsoft can store query text to aid in support investigations"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASCollectQueryTextTelemetryTenantSwitch; + [Write, Description("Enable granular access control for all data connections"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASShareableCloudConnectionBindingSecurityModeTenant; + [Write, Description("Semantic models can export data to OneLake (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASWritethruContinuousExportTenantSwitch; + [Write, Description("Users can store semantic model tables in OneLake (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASWritethruTenantSwitch; + [Write, Description("Install Power BI app for Microsoft Teams automatically"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AutoInstallPowerBIAppInTeamsTenant; + [Write, Description("Show entry points for insights (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AutomatedInsightsEntryPoints; + [Write, Description("Receive notifications for top insights (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AutomatedInsightsTenant; + [Write, Description("Use Azure Maps visual"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AzureMap; + [Write, Description("Map and filled map visuals"), EmbeddedInstance("MSFT_FabricTenantSetting")] string BingMap; + [Write, Description("Block Public Internet Access"), EmbeddedInstance("MSFT_FabricTenantSetting")] string BlockAccessFromPublicNetworks; + [Write, Description("Block republish and disable package refresh"), EmbeddedInstance("MSFT_FabricTenantSetting")] string BlockAutoDiscoverAndPackageRefresh; + [Write, Description("Restrict content with protected labels from being shared via link with everyone in your organization"), EmbeddedInstance("MSFT_FabricTenantSetting")] string BlockProtectedLabelSharingToEntireOrg; + [Write, Description("Block ResourceKey Authentication"), EmbeddedInstance("MSFT_FabricTenantSetting")] string BlockResourceKeyAuthentication; + [Write, Description("Create and use Gen1 dataflows"), EmbeddedInstance("MSFT_FabricTenantSetting")] string CDSAManagement; + [Write, Description("Add and use certified visuals only (block uncertified)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string CertifiedCustomVisualsTenant; + [Write, Description("Certification"), EmbeddedInstance("MSFT_FabricTenantSetting")] string CertifyDatasets; + [Write, Description("Define workspace retention period"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ConfigureFolderRetentionPeriod; + [Write, Description("Create workspaces"), EmbeddedInstance("MSFT_FabricTenantSetting")] string CreateAppWorkspaces; + [Write, Description("Allow visuals created using the Power BI SDK"), EmbeddedInstance("MSFT_FabricTenantSetting")] string CustomVisualsTenant; + [Write, Description("Create Datamarts (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DatamartTenant; + [Write, Description("Semantic Model Execute Queries REST API"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DatasetExecuteQueries; + [Write, Description("Publish template apps"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DevelopServiceApps; + [Write, Description("Discover content"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DiscoverDatasetsConsumption; + [Write, Description("Make certified content discoverable "), EmbeddedInstance("MSFT_FabricTenantSetting")] string DiscoverDatasetsSettingsCertified; + [Write, Description("Make promoted content discoverable"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DiscoverDatasetsSettingsPromoted; + [Write, Description("Dremio SSO"), EmbeddedInstance("MSFT_FabricTenantSetting")] string DremioSSO; + [Write, Description("Apply sensitivity labels from data sources to their data in Power BI"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EimInformationProtectionDataSourceInheritanceSetting; + [Write, Description("Automatically apply sensitivity labels to downstream content"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EimInformationProtectionDownstreamInheritanceSetting; + [Write, Description("Allow users to apply sensitivity labels for content"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EimInformationProtectionEdit; + [Write, Description("Increase the number of users who can edit and republish encrypted PBIX files (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EimInformationProtectionLessElevated; + [Write, Description("Allow workspace admins to override automatically applied sensitivity labels"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting; + [Write, Description("Guest users can browse and access Fabric content"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ElevatedGuestsTenant; + [Write, Description("Receive email notifications for service outages or incidents"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EmailSecurityGroupsOnOutage; + [Write, Description("Guest users can set up and subscribe to email subscriptions"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EmailSubscriptionsToB2BUsers; + [Write, Description("Users can send email subscriptions to guest users"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EmailSubscriptionsToExternalUsers; + [Write, Description("Users can set up email subscriptions"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EmailSubscriptionTenant; + [Write, Description("Embed content in apps"), EmbeddedInstance("MSFT_FabricTenantSetting")] string Embedding; + [Write, Description("Users can use Copilot and other features powered by Azure OpenAI"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableAOAI; + [Write, Description("Allow specific users to turn on external data sharing"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableDatasetInPlaceSharing; + [Write, Description("Allow connections to featured tables"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableExcelYellowIntegration; + [Write, Description("Users can create and use data workflows (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableFabricAirflow; + [Write, Description("Allow quick measure suggestions (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableNLToDax; + [Write, Description("Allow tenant and domain admins to override workspace assignments (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EnableReassignDataDomainSwitch; + [Write, Description("Use ArcGIS Maps for Power BI"), EmbeddedInstance("MSFT_FabricTenantSetting")] string EsriVisual; + [Write, Description("Help Power BI optimize your experience"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExpFlightingTenant; + [Write, Description("Download reports"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportReport; + [Write, Description("Export to .csv"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToCsv; + [Write, Description("Export to Excel"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToExcelSetting; + [Write, Description("Export reports as image files"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToImage; + [Write, Description("Export reports as MHTML documents"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToMHTML; + [Write, Description("Export reports as PowerPoint presentations or PDF documents"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToPowerPoint; + [Write, Description("Export reports as Word documents"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToWord; + [Write, Description("Export reports as XML documents"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportToXML; + [Write, Description("Copy and paste visuals"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExportVisualImageTenant; + [Write, Description("Guest users can work with shared semantic models in their own tenants"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExternalDatasetSharingTenant; + [Write, Description("Users can invite guest users to collaborate through item sharing and permissions"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ExternalSharingV2; + [Write, Description("Capacity admins and contributors can add and remove additional workloads"), EmbeddedInstance("MSFT_FabricTenantSetting")] string FabricAddPartnerWorkload; + [Write, Description("Product Feedback"), EmbeddedInstance("MSFT_FabricTenantSetting")] string FabricFeedbackTenantSwitch; + [Write, Description("Users can create Fabric items"), EmbeddedInstance("MSFT_FabricTenantSetting")] string FabricGAWorkloads; + [Write, Description("Capacity admins can develop additional workloads"), EmbeddedInstance("MSFT_FabricTenantSetting")] string FabricThirdPartyWorkloads; + [Write, Description("Users can sync workspace items with GitHub repositories "), EmbeddedInstance("MSFT_FabricTenantSetting")] string GitHubTenantSettings; + [Write, Description("Users can export items to Git repositories in other geographical locations (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string GitIntegrationCrossGeoTenantSwitch; + [Write, Description("Users can export workspace items with applied sensitivity labels to Git repositories (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string GitIntegrationSensitivityLabelsTenantSwitch; + [Write, Description("Users can synchronize workspace items with their Git repositories (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string GitIntegrationTenantSwitch; + [Write, Description("Google BigQuery SSO"), EmbeddedInstance("MSFT_FabricTenantSetting")] string GoogleBigQuerySSO; + [Write, Description("API for GraphQL (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string GraphQLTenant; + [Write, Description("Healthcare data solutions (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string HealthcareSolutionsTenantSwitch; + [Write, Description("Install template apps not listed in AppSource"), EmbeddedInstance("MSFT_FabricTenantSetting")] string InstallNonvalidatedTemplateApps; + [Write, Description("Install template apps"), EmbeddedInstance("MSFT_FabricTenantSetting")] string InstallServiceApps; + [Write, Description("Users can create Real-Time Dashboards (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string KustoDashboardTenantSwitch; + [Write, Description("Users can work with semantic models in Excel using a live connection"), EmbeddedInstance("MSFT_FabricTenantSetting")] string LiveConnection; + [Write, Description("Azure Log Analytics connections for workspace administrators"), EmbeddedInstance("MSFT_FabricTenantSetting")] string LogAnalyticsAttachForWorkspaceAdmins; + [Write, Description("Users can see Microsoft Fabric metadata in Microsoft 365"), EmbeddedInstance("MSFT_FabricTenantSetting")] string M365DataSharing; + [Write, Description("Database Mirroring (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string Mirroring; + [Write, Description("Semantic model owners can choose to automatically update semantic models from files imported from OneDrive or SharePoint"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ODSPRefreshEnforcementTenantAllowAutomaticUpdate; + [Write, Description("Users can share links to Power BI files stored in OneDrive and SharePoint through Power BI Desktop (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string OneDriveSharePointAllowSharingTenantSetting; + [Write, Description("Users can view Power BI files saved in OneDrive and SharePoint (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string OneDriveSharePointViewerIntegrationTenantSettingV2; + [Write, Description("Users can sync data in OneLake with the OneLake File Explorer app"), EmbeddedInstance("MSFT_FabricTenantSetting")] string OneLakeFileExplorer; + [Write, Description("Users can access data stored in OneLake with apps external to Fabric"), EmbeddedInstance("MSFT_FabricTenantSetting")] string OneLakeForThirdParty; + [Write, Description("Allow XMLA endpoints and Analyze in Excel with on-premises semantic models"), EmbeddedInstance("MSFT_FabricTenantSetting")] string OnPremAnalyzeInExcel; + [Write, Description("Create and use Metrics"), EmbeddedInstance("MSFT_FabricTenantSetting")] string PowerBIGoalsTenant; + [Write, Description("Power Platform Solutions Integration (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string PowerPlatformSolutionsIntegrationTenant; + [Write, Description("Print dashboards and reports"), EmbeddedInstance("MSFT_FabricTenantSetting")] string Printing; + [Write, Description("Featured content"), EmbeddedInstance("MSFT_FabricTenantSetting")] string PromoteContent; + [Write, Description("Publish apps to the entire organization"), EmbeddedInstance("MSFT_FabricTenantSetting")] string PublishContentPack; + [Write, Description("Publish to web"), EmbeddedInstance("MSFT_FabricTenantSetting")] string PublishToWeb; + [Write, Description("Review questions"), EmbeddedInstance("MSFT_FabricTenantSetting")] string QnaFeedbackLoop; + [Write, Description("Synonym sharing"), EmbeddedInstance("MSFT_FabricTenantSetting")] string QnaLsdlSharing; + [Write, Description("Scale out queries for large semantic models"), EmbeddedInstance("MSFT_FabricTenantSetting")] string QueryScaleOutTenant; + [Write, Description("Redshift SSO"), EmbeddedInstance("MSFT_FabricTenantSetting")] string RedshiftSSO; + [Write, Description("Block users from reassigning personal workspaces (My Workspace)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string RestrictMyFolderCapacity; + [Write, Description("Retail data solutions (preview) "), EmbeddedInstance("MSFT_FabricTenantSetting")] string RetailSolutionsTenantSwitch; + [Write, Description("Interact with and share R and Python visuals"), EmbeddedInstance("MSFT_FabricTenantSetting")] string RScriptVisual; + [Write, Description("Service principals can use Fabric APIs"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ServicePrincipalAccess; + [Write, Description("Allow shareable links to grant access to everyone in your organization"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ShareLinkToEntireOrg; + [Write, Description("Enable Microsoft Teams integration"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ShareToTeamsTenant; + [Write, Description("Snowflake SSO"), EmbeddedInstance("MSFT_FabricTenantSetting")] string SnowflakeSSO; + [Write, Description("Enable Power BI add-in for PowerPoint"), EmbeddedInstance("MSFT_FabricTenantSetting")] string StorytellingTenant; + [Write, Description("Sustainability solutions (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string SustainabilitySolutionsTenantSwitch; + [Write, Description("Create template organizational apps"), EmbeddedInstance("MSFT_FabricTenantSetting")] string TemplatePublish; + [Write, Description("Publish Get Help information"), EmbeddedInstance("MSFT_FabricTenantSetting")] string TenantSettingPublishGetHelpInfo; + [Write, Description("Data Activator (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string TridentPrivatePreview; + [Write, Description("Usage metrics for content creators"), EmbeddedInstance("MSFT_FabricTenantSetting")] string UsageMetrics; + [Write, Description("Per-user data in usage metrics for content creators"), EmbeddedInstance("MSFT_FabricTenantSetting")] string UsageMetricsTrackUserLevelInfo; + [Write, Description("Use semantic models across workspaces"), EmbeddedInstance("MSFT_FabricTenantSetting")] string UseDatasetsAcrossWorkspaces; + [Write, Description("Integration with SharePoint and Microsoft Lists"), EmbeddedInstance("MSFT_FabricTenantSetting")] string VisualizeListInPowerBI; + [Write, Description("Web content on dashboard tiles"), EmbeddedInstance("MSFT_FabricTenantSetting")] string WebContentTilesTenant; + [Write, Description("Users can edit data models in the Power BI service (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string WebModelingTenantSwitch; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/readme.md new file mode 100644 index 0000000000..f4ea4850a7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/readme.md @@ -0,0 +1,6 @@ + +# FabricAdminTenantSettings + +## Description + +This resource configures the tenant settings for Microsoft Fabric. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/settings.json new file mode 100644 index 0000000000..f2e3b8aade --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "FabricAdminTenantSettings", + "description": "This resource configures the tenant settings for Microsoft Fabric.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index e3f1d08163..717197df8f 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -90,7 +90,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.19" + RequiredVersion = "1.1.20" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 b/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 new file mode 100644 index 0000000000..3bb328f122 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IsSingleInstance = 'Yes' + AADSSOForGateway = MSFT_FabricTenantSetting { + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }; + AdminApisIncludeDetailedMetadata = MSFT_FabricTenantSetting { + settingName = 'AdminApisIncludeDetailedMetadata' + canSpecifySecurityGroups = $True + enabled = $True + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @('MyExcludedGroup') + enabledSecurityGroups = @('Group1','Group2') + }; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } +} diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index afbbe21dd2..cd94876636 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -79,6 +79,7 @@ 'Modules/M365DSCDRGUtil.psm1', 'Modules/EncodingHelpers/M365DSCEmojis.psm1', 'Modules/EncodingHelpers/M365DSCStringEncoding.psm1', + 'Modules/WorkloadHelpers/M365DSCFabricHelper.psm1', 'Modules/M365DSCConfigurationHelper.psm1' ) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 index be090cf9a6..61ed490d9b 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 @@ -41,7 +41,7 @@ function Start-M365DSCConfigurationExtract $MaxProcesses = 16, [Parameter()] - [ValidateSet('AAD', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'TEAMS', 'PP', 'PLANNER')] + [ValidateSet('AAD', 'FABRIC', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'TEAMS', 'PP', 'PLANNER')] [System.String[]] $Workloads, diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 7fad40386a..5dec239d62 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1161,7 +1161,7 @@ function Export-M365DSCConfiguration $Components, [Parameter(ParameterSetName = 'Export')] - [ValidateSet('AAD', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'PLANNER', 'PP', 'TEAMS')] + [ValidateSet('AAD', 'FABRIC', 'SPO', 'EXO', 'INTUNE', 'SC', 'OD', 'O365', 'PLANNER', 'PP', 'TEAMS')] [System.String[]] $Workloads, @@ -1708,7 +1708,7 @@ function New-M365DSCConnection param ( [Parameter(Mandatory = $true)] - [ValidateSet('ExchangeOnline', 'Intune', ` + [ValidateSet('AzureDevOPS', 'ExchangeOnline', 'Fabric', 'Intune', ` 'SecurityComplianceCenter', 'PnP', 'PowerPlatforms', ` 'MicrosoftTeams', 'MicrosoftGraph', 'Tasks')] [System.String] diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 new file mode 100644 index 0000000000..ca390ae10c --- /dev/null +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 @@ -0,0 +1,26 @@ +function Invoke-M365DSCFabricWebRequest +{ + [OutputType([PSCustomObject])] + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.String] + $Uri, + + [Parameter()] + [System.String] + $Method = 'GET', + + [Parameter()] + [System.Collections.Hashtable] + $Body + ) + + $headers = @{ + Authorization = $global:MsCloudLoginConnectionProfile.Fabric.AccessToken + } + + $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $Body + $result = ConvertFrom-Json $response.Content + return $result +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 new file mode 100644 index 0000000000..da1e78d7ae --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 @@ -0,0 +1,220 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "ServicePrincipalWithThumbprint" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + AADSSOForGateway = (New-CimInstance -ClassName MSFT_FabricTenantSetting -Property @{ + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + } -ClientOnly); + AdminApisIncludeDetailedMetadata = (New-CimInstance -ClassName MSFT_FabricTenantSetting -Property @{ + settingName = 'AdminApisIncludeDetailedMetadata' + canSpecifySecurityGroups = $True + enabled = $True + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @('MyExcludedGroup') + enabledSecurityGroups = @('Group1','Group2') + } -ClientOnly) + ApplicationId = (New-GUID).ToString() + TenantId = 'Contoso.com' + CertificateThumbprint = (New-GUID).ToString() + } + + Mock -CommandName Invoke-M365DSCFabricWebRequest -MockWith { + return @{ + tenantSettings = @( + @{ + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }, + @{ + settingName = 'AdminApisIncludeDetailedMetadata' + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + canSpecifySecurityGroups = $True + enabled = $True + excludedSecurityGroups = @( + @{ + Name = "MyExcludedGroup" + } + ) + enabledSecurityGroups = @( + @{ + Name = "Group1" + }, + @{ + Name = "Group2" + } + ) + } + ) + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + AADSSOForGateway = (New-CimInstance -ClassName MSFT_FabricTenantSetting -Property @{ + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + } -ClientOnly); + AdminApisIncludeDetailedMetadata = (New-CimInstance -ClassName MSFT_FabricTenantSetting -Property @{ + settingName = 'AdminApisIncludeDetailedMetadata' + canSpecifySecurityGroups = $True + enabled = $True + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @('MyExcludedGroup') + enabledSecurityGroups = @('Group1','Group4') # Drift + } -ClientOnly) + ApplicationId = (New-GUID).ToString() + TenantId = 'Contoso.com' + CertificateThumbprint = (New-GUID).ToString() + } + + Mock -CommandName Invoke-M365DSCFabricWebRequest -MockWith { + return @{ + tenantSettings = @( + @{ + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }, + @{ + settingName = 'AdminApisIncludeDetailedMetadata' + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @( + @{ + Name = "MyExcludedGroup" + } + ) + enabledSecurityGroups = @( + @{ + Name = "Group1" + }, + @{ + Name = "Group2" + } + ) + } + ) + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + ApplicationId = (New-GUID).ToString() + TenantId = 'Contoso.com' + CertificateThumbprint = (New-GUID).ToString() + } + + Mock -CommandName Invoke-M365DSCFabricWebRequest -MockWith { + return @{ + tenantSettings = @( + @{ + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }, + @{ + settingName = 'AdminApisIncludeDetailedMetadata' + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @( + @{ + Name = "MyExcludedGroup" + } + ) + enabledSecurityGroups = @( + @{ + Name = "Group1" + }, + @{ + Name = "Group4" # Drift + } + ) + } + ) + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 2776a433cd499f65158b85d919a38f777995d080 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 4 Sep 2024 13:27:09 -0400 Subject: [PATCH 16/27] Update Generic.psm1 --- Tests/Unit/Stubs/Generic.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1 index a18029efcf..6ebc93dda5 100644 --- a/Tests/Unit/Stubs/Generic.psm1 +++ b/Tests/Unit/Stubs/Generic.psm1 @@ -356,9 +356,6 @@ function New-M365DSCConnection [CmdletBinding()] param( [Parameter(Mandatory = $true)] - [ValidateSet('ExchangeOnline', 'Intune', ` - 'SecurityComplianceCenter', 'MSOnline', 'PnP', 'PowerPlatforms', ` - 'MicrosoftTeams', 'MicrosoftGraph', 'Tasks')] [System.String] $Workload, From 975a3a74f89f65ca3e4cc5c4b6e020dd5189883d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 4 Sep 2024 14:25:33 -0400 Subject: [PATCH 17/27] Fixed Example --- .../4-MonitorOnly.ps1 | 43 ++++++++++--------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 b/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 index 3bb328f122..21984dd722 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/FabricAdminTenantSettings/4-MonitorOnly.ps1 @@ -21,25 +21,28 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IsSingleInstance = 'Yes' - AADSSOForGateway = MSFT_FabricTenantSetting { - settingName = 'AADSSOForGateway' - canSpecifySecurityGroups = $False - enabled = $True - tenantSettingGroup = 'Integration settings' - title = 'Microsoft Entra single sign-on for data gateway' - }; - AdminApisIncludeDetailedMetadata = MSFT_FabricTenantSetting { - settingName = 'AdminApisIncludeDetailedMetadata' - canSpecifySecurityGroups = $True - enabled = $True - tenantSettingGroup = 'Admin API settings' - title = 'Enhance admin APIs responses with detailed metadata' - excludedSecurityGroups = @('MyExcludedGroup') - enabledSecurityGroups = @('Group1','Group2') - }; - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint + FabricAdminTenantSettings "FabricAdminTenantSettings" + { + IsSingleInstance = 'Yes' + AADSSOForGateway = MSFT_FabricTenantSetting { + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }; + AdminApisIncludeDetailedMetadata = MSFT_FabricTenantSetting { + settingName = 'AdminApisIncludeDetailedMetadata' + canSpecifySecurityGroups = $True + enabled = $True + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @('MyExcludedGroup') + enabledSecurityGroups = @('Group1','Group2') + }; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } } } From 568d901f5105ce4fa0f6b3a6b912166bdb3d531f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 4 Sep 2024 14:37:12 -0400 Subject: [PATCH 18/27] Update MSFT_FabricAdminTenantSettings.schema.mof --- .../MSFT_FabricAdminTenantSettings.schema.mof | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof index 4b91816f4a..d52886c0bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof @@ -163,7 +163,6 @@ class MSFT_FabricAdminTenantSettings : OMI_BaseResource [Write, Description("Integration with SharePoint and Microsoft Lists"), EmbeddedInstance("MSFT_FabricTenantSetting")] string VisualizeListInPowerBI; [Write, Description("Web content on dashboard tiles"), EmbeddedInstance("MSFT_FabricTenantSetting")] string WebContentTilesTenant; [Write, Description("Users can edit data models in the Power BI service (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string WebModelingTenantSwitch; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; From fe00c158ae9c69607c8ca4159a4f825cedd1b0bd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 4 Sep 2024 19:39:08 -0400 Subject: [PATCH 19/27] Update MSFT_FabricAdminTenantSettings.psm1 --- .../MSFT_FabricAdminTenantSettings.psm1 | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index 482c9524c7..52a0e3bea4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -1854,7 +1854,6 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -1874,12 +1873,13 @@ function Test-TargetResource if (-Not $testResult) { Write-Verbose -Message "Difference found for $key" + Write-Verbose -Message "Current Values: $($source | Out-String)" + Write-Verbose -Message "Desired Values: $($target | Out-String)" $testResult = $false break } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -1975,14 +1975,23 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $newResults ` -Credential $Credential + $fixQuotes = $false foreach ($key in $Results.Keys) { if ($null -ne $Results.$key -and $key -notin $params.Keys) { + if ($currentDSCBlock.Contains('`"')) + { + $fixQuotes = $true + } $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName $key + -ParameterName $key } } + if ($fixQuotes) + { + $currentDSCBlock = $currentDSCBlock.Replace('`', '"') + } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -2032,7 +2041,7 @@ function Get-M365DSCFabricTenantSettingAsString { $StringContent += " tenantSettingGroup = '" + $setting.tenantSettingGroup + "'`r`n" } - $StringContent += " title = '" + $setting.title + "'`r`n" + $StringContent += " title = '" + $setting.title.Replace("'", "''") + "'`r`n" if (-not [System.String]::IsNullOrEmpty($setting.properties)) { $StringContent += " properties = @(" @@ -2040,7 +2049,7 @@ function Get-M365DSCFabricTenantSettingAsString { $StringContent += " MSFT_FabricTenantSettingProperty{`r`n" $StringContent += " name = '$($property.name)'`r`n" - $StringContent += " value = '$($property.value)'`r`n" + $StringContent += " value = '$($property.value.Replace("'", "''"))'`r`n" $StringContent += " type = '$($property.type)'`r`n" $StringContent += " }`r`n" } @@ -2049,20 +2058,11 @@ function Get-M365DSCFabricTenantSettingAsString if (-not [System.String]::IsNullOrEmpty($setting.excludedSecurityGroups)) { $excludedSecurityGroupsValue = $setting.excludedSecurityGroups -join "','" - if ($setting.excludedSecurityGroups.Length -gt 1) - { - $excludedSecurityGroupsValue = $excludedSecurityGroupsValue.Substring(0, $excludedSecurityGroupsValue.Length -3) - } $StringContent += " excludedSecurityGroups = @('" + $excludedSecurityGroupsValue + "')`r`n" } if (-not [System.String]::IsNullOrEmpty($setting.enabledSecurityGroups)) { $enabledSecurityGroupsValue = $setting.enabledSecurityGroups -join "','" - if ($setting.enabledSecurityGroups.Length -gt 1) - { - $enabledSecurityGroupsValue = $setting.enabledSecurityGroups -join "','" - $enabledSecurityGroupsValue = $enabledSecurityGroupsValue.Substring(0, $enabledSecurityGroupsValue.Length -3) - } $StringContent += " enabledSecurityGroups = @('" + $enabledSecurityGroupsValue + "')`r`n" } $StringContent += " }`r`n" @@ -2088,7 +2088,7 @@ function Get-M365DSCFabricTenantSettingObject $values = @{ settingName = $Setting.settingName enabled = [Boolean]$Setting.enabled - title = $Setting.title.Replace("'", "''") + title = $Setting.title } if (-not [System.String]::IsNullOrEmpty($Setting.canSpecifySecurityGroups)) { @@ -2113,7 +2113,7 @@ function Get-M365DSCFabricTenantSettingObject { $curProperty = @{ name = $property.name - value = $property.value.Replace("'", "''") + value = $property.value type = $property.type } $propertiesValue += $curProperty From 42197206627a07a81831aa373adca8b2bc830b39 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 10:53:12 +0000 Subject: [PATCH 20/27] Updated Resources and Cmdlet documentation pages --- .../exchange/FabricAdminTenantSettings.md | 264 ++++++++++++++++++ .../cmdlets/Export-M365DSCConfiguration.md | 2 +- 2 files changed, 265 insertions(+), 1 deletion(-) create mode 100644 docs/docs/resources/exchange/FabricAdminTenantSettings.md diff --git a/docs/docs/resources/exchange/FabricAdminTenantSettings.md b/docs/docs/resources/exchange/FabricAdminTenantSettings.md new file mode 100644 index 0000000000..01041f2bb0 --- /dev/null +++ b/docs/docs/resources/exchange/FabricAdminTenantSettings.md @@ -0,0 +1,264 @@ +# FabricAdminTenantSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes'. | `Yes` | +| **AADSSOForGateway** | Write | MSFT_FabricTenantSetting | Microsoft Entra single sign-on for data gateway | | +| **AdminApisIncludeDetailedMetadata** | Write | MSFT_FabricTenantSetting | Enhance admin APIs responses with detailed metadata | | +| **AdminApisIncludeExpressions** | Write | MSFT_FabricTenantSetting | Enhance admin APIs responses with DAX and mashup expressions | | +| **AdminCustomDisclaimer** | Write | MSFT_FabricTenantSetting | Show a custom message before publishing reports | | +| **AISkillArtifactTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can create and share AI skill item types (preview) | | +| **AllowAccessOverPrivateLinks** | Write | MSFT_FabricTenantSetting | Azure Private Link | | +| **AllowCVAuthenticationTenant** | Write | MSFT_FabricTenantSetting | AppSource Custom Visuals SSO | | +| **AllowCVLocalStorageV2Tenant** | Write | MSFT_FabricTenantSetting | Allow access to the browser's local storage | | +| **AllowCVToExportDataToFileTenant** | Write | MSFT_FabricTenantSetting | Allow downloads from custom visuals | | +| **AllowEndorsementMasterDataSwitch** | Write | MSFT_FabricTenantSetting | Endorse master data (preview) | | +| **AllowExternalDataSharingReceiverSwitch** | Write | MSFT_FabricTenantSetting | Users can accept external data shares (preview) | | +| **AllowExternalDataSharingSwitch** | Write | MSFT_FabricTenantSetting | External data sharing (preview) | | +| **AllowFreeTrial** | Write | MSFT_FabricTenantSetting | Users can try Microsoft Fabric paid features | | +| **AllowGuestLookup** | Write | MSFT_FabricTenantSetting | Users can see guest users in lists of suggested people | | +| **AllowGuestUserToAccessSharedContent** | Write | MSFT_FabricTenantSetting | Guest users can access Microsoft Fabric | | +| **AllowPowerBIASDQOnTenant** | Write | MSFT_FabricTenantSetting | Allow DirectQuery connections to Power BI semantic models | | +| **AllowSendAOAIDataToOtherRegions** | Write | MSFT_FabricTenantSetting | Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance | | +| **AllowSendNLToDaxDataToOtherRegions** | Write | MSFT_FabricTenantSetting | Allow user data to leave their geography | | +| **AllowServicePrincipalsCreateAndUseProfiles** | Write | MSFT_FabricTenantSetting | Allow service principals to create and use profiles | | +| **AllowServicePrincipalsUseReadAdminAPIs** | Write | MSFT_FabricTenantSetting | Service principals can access read-only admin APIs | | +| **AppPush** | Write | MSFT_FabricTenantSetting | Push apps to end users | | +| **ArtifactSearchTenant** | Write | MSFT_FabricTenantSetting | Use global search for Power BI | | +| **ASCollectQueryTextTelemetryTenantSwitch** | Write | MSFT_FabricTenantSetting | Microsoft can store query text to aid in support investigations | | +| **ASShareableCloudConnectionBindingSecurityModeTenant** | Write | MSFT_FabricTenantSetting | Enable granular access control for all data connections | | +| **ASWritethruContinuousExportTenantSwitch** | Write | MSFT_FabricTenantSetting | Semantic models can export data to OneLake (preview) | | +| **ASWritethruTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can store semantic model tables in OneLake (preview) | | +| **AutoInstallPowerBIAppInTeamsTenant** | Write | MSFT_FabricTenantSetting | Install Power BI app for Microsoft Teams automatically | | +| **AutomatedInsightsEntryPoints** | Write | MSFT_FabricTenantSetting | Show entry points for insights (preview) | | +| **AutomatedInsightsTenant** | Write | MSFT_FabricTenantSetting | Receive notifications for top insights (preview) | | +| **AzureMap** | Write | MSFT_FabricTenantSetting | Use Azure Maps visual | | +| **BingMap** | Write | MSFT_FabricTenantSetting | Map and filled map visuals | | +| **BlockAccessFromPublicNetworks** | Write | MSFT_FabricTenantSetting | Block Public Internet Access | | +| **BlockAutoDiscoverAndPackageRefresh** | Write | MSFT_FabricTenantSetting | Block republish and disable package refresh | | +| **BlockProtectedLabelSharingToEntireOrg** | Write | MSFT_FabricTenantSetting | Restrict content with protected labels from being shared via link with everyone in your organization | | +| **BlockResourceKeyAuthentication** | Write | MSFT_FabricTenantSetting | Block ResourceKey Authentication | | +| **CDSAManagement** | Write | MSFT_FabricTenantSetting | Create and use Gen1 dataflows | | +| **CertifiedCustomVisualsTenant** | Write | MSFT_FabricTenantSetting | Add and use certified visuals only (block uncertified) | | +| **CertifyDatasets** | Write | MSFT_FabricTenantSetting | Certification | | +| **ConfigureFolderRetentionPeriod** | Write | MSFT_FabricTenantSetting | Define workspace retention period | | +| **CreateAppWorkspaces** | Write | MSFT_FabricTenantSetting | Create workspaces | | +| **CustomVisualsTenant** | Write | MSFT_FabricTenantSetting | Allow visuals created using the Power BI SDK | | +| **DatamartTenant** | Write | MSFT_FabricTenantSetting | Create Datamarts (preview) | | +| **DatasetExecuteQueries** | Write | MSFT_FabricTenantSetting | Semantic Model Execute Queries REST API | | +| **DevelopServiceApps** | Write | MSFT_FabricTenantSetting | Publish template apps | | +| **DiscoverDatasetsConsumption** | Write | MSFT_FabricTenantSetting | Discover content | | +| **DiscoverDatasetsSettingsCertified** | Write | MSFT_FabricTenantSetting | Make certified content discoverable | | +| **DiscoverDatasetsSettingsPromoted** | Write | MSFT_FabricTenantSetting | Make promoted content discoverable | | +| **DremioSSO** | Write | MSFT_FabricTenantSetting | Dremio SSO | | +| **EimInformationProtectionDataSourceInheritanceSetting** | Write | MSFT_FabricTenantSetting | Apply sensitivity labels from data sources to their data in Power BI | | +| **EimInformationProtectionDownstreamInheritanceSetting** | Write | MSFT_FabricTenantSetting | Automatically apply sensitivity labels to downstream content | | +| **EimInformationProtectionEdit** | Write | MSFT_FabricTenantSetting | Allow users to apply sensitivity labels for content | | +| **EimInformationProtectionLessElevated** | Write | MSFT_FabricTenantSetting | Increase the number of users who can edit and republish encrypted PBIX files (preview) | | +| **EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting** | Write | MSFT_FabricTenantSetting | Allow workspace admins to override automatically applied sensitivity labels | | +| **ElevatedGuestsTenant** | Write | MSFT_FabricTenantSetting | Guest users can browse and access Fabric content | | +| **EmailSecurityGroupsOnOutage** | Write | MSFT_FabricTenantSetting | Receive email notifications for service outages or incidents | | +| **EmailSubscriptionsToB2BUsers** | Write | MSFT_FabricTenantSetting | Guest users can set up and subscribe to email subscriptions | | +| **EmailSubscriptionsToExternalUsers** | Write | MSFT_FabricTenantSetting | Users can send email subscriptions to guest users | | +| **EmailSubscriptionTenant** | Write | MSFT_FabricTenantSetting | Users can set up email subscriptions | | +| **Embedding** | Write | MSFT_FabricTenantSetting | Embed content in apps | | +| **EnableAOAI** | Write | MSFT_FabricTenantSetting | Users can use Copilot and other features powered by Azure OpenAI | | +| **EnableDatasetInPlaceSharing** | Write | MSFT_FabricTenantSetting | Allow specific users to turn on external data sharing | | +| **EnableExcelYellowIntegration** | Write | MSFT_FabricTenantSetting | Allow connections to featured tables | | +| **EnableFabricAirflow** | Write | MSFT_FabricTenantSetting | Users can create and use data workflows (preview) | | +| **EnableNLToDax** | Write | MSFT_FabricTenantSetting | Allow quick measure suggestions (preview) | | +| **EnableReassignDataDomainSwitch** | Write | MSFT_FabricTenantSetting | Allow tenant and domain admins to override workspace assignments (preview) | | +| **EsriVisual** | Write | MSFT_FabricTenantSetting | Use ArcGIS Maps for Power BI | | +| **ExpFlightingTenant** | Write | MSFT_FabricTenantSetting | Help Power BI optimize your experience | | +| **ExportReport** | Write | MSFT_FabricTenantSetting | Download reports | | +| **ExportToCsv** | Write | MSFT_FabricTenantSetting | Export to .csv | | +| **ExportToExcelSetting** | Write | MSFT_FabricTenantSetting | Export to Excel | | +| **ExportToImage** | Write | MSFT_FabricTenantSetting | Export reports as image files | | +| **ExportToMHTML** | Write | MSFT_FabricTenantSetting | Export reports as MHTML documents | | +| **ExportToPowerPoint** | Write | MSFT_FabricTenantSetting | Export reports as PowerPoint presentations or PDF documents | | +| **ExportToWord** | Write | MSFT_FabricTenantSetting | Export reports as Word documents | | +| **ExportToXML** | Write | MSFT_FabricTenantSetting | Export reports as XML documents | | +| **ExportVisualImageTenant** | Write | MSFT_FabricTenantSetting | Copy and paste visuals | | +| **ExternalDatasetSharingTenant** | Write | MSFT_FabricTenantSetting | Guest users can work with shared semantic models in their own tenants | | +| **ExternalSharingV2** | Write | MSFT_FabricTenantSetting | Users can invite guest users to collaborate through item sharing and permissions | | +| **FabricAddPartnerWorkload** | Write | MSFT_FabricTenantSetting | Capacity admins and contributors can add and remove additional workloads | | +| **FabricFeedbackTenantSwitch** | Write | MSFT_FabricTenantSetting | Product Feedback | | +| **FabricGAWorkloads** | Write | MSFT_FabricTenantSetting | Users can create Fabric items | | +| **FabricThirdPartyWorkloads** | Write | MSFT_FabricTenantSetting | Capacity admins can develop additional workloads | | +| **GitHubTenantSettings** | Write | MSFT_FabricTenantSetting | Users can sync workspace items with GitHub repositories | | +| **GitIntegrationCrossGeoTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can export items to Git repositories in other geographical locations (preview) | | +| **GitIntegrationSensitivityLabelsTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can export workspace items with applied sensitivity labels to Git repositories (preview) | | +| **GitIntegrationTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can synchronize workspace items with their Git repositories (preview) | | +| **GoogleBigQuerySSO** | Write | MSFT_FabricTenantSetting | Google BigQuery SSO | | +| **GraphQLTenant** | Write | MSFT_FabricTenantSetting | API for GraphQL (preview) | | +| **HealthcareSolutionsTenantSwitch** | Write | MSFT_FabricTenantSetting | Healthcare data solutions (preview) | | +| **InstallNonvalidatedTemplateApps** | Write | MSFT_FabricTenantSetting | Install template apps not listed in AppSource | | +| **InstallServiceApps** | Write | MSFT_FabricTenantSetting | Install template apps | | +| **KustoDashboardTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can create Real-Time Dashboards (preview) | | +| **LiveConnection** | Write | MSFT_FabricTenantSetting | Users can work with semantic models in Excel using a live connection | | +| **LogAnalyticsAttachForWorkspaceAdmins** | Write | MSFT_FabricTenantSetting | Azure Log Analytics connections for workspace administrators | | +| **M365DataSharing** | Write | MSFT_FabricTenantSetting | Users can see Microsoft Fabric metadata in Microsoft 365 | | +| **Mirroring** | Write | MSFT_FabricTenantSetting | Database Mirroring (preview) | | +| **ODSPRefreshEnforcementTenantAllowAutomaticUpdate** | Write | MSFT_FabricTenantSetting | Semantic model owners can choose to automatically update semantic models from files imported from OneDrive or SharePoint | | +| **OneDriveSharePointAllowSharingTenantSetting** | Write | MSFT_FabricTenantSetting | Users can share links to Power BI files stored in OneDrive and SharePoint through Power BI Desktop (preview) | | +| **OneDriveSharePointViewerIntegrationTenantSettingV2** | Write | MSFT_FabricTenantSetting | Users can view Power BI files saved in OneDrive and SharePoint (preview) | | +| **OneLakeFileExplorer** | Write | MSFT_FabricTenantSetting | Users can sync data in OneLake with the OneLake File Explorer app | | +| **OneLakeForThirdParty** | Write | MSFT_FabricTenantSetting | Users can access data stored in OneLake with apps external to Fabric | | +| **OnPremAnalyzeInExcel** | Write | MSFT_FabricTenantSetting | Allow XMLA endpoints and Analyze in Excel with on-premises semantic models | | +| **PowerBIGoalsTenant** | Write | MSFT_FabricTenantSetting | Create and use Metrics | | +| **PowerPlatformSolutionsIntegrationTenant** | Write | MSFT_FabricTenantSetting | Power Platform Solutions Integration (preview) | | +| **Printing** | Write | MSFT_FabricTenantSetting | Print dashboards and reports | | +| **PromoteContent** | Write | MSFT_FabricTenantSetting | Featured content | | +| **PublishContentPack** | Write | MSFT_FabricTenantSetting | Publish apps to the entire organization | | +| **PublishToWeb** | Write | MSFT_FabricTenantSetting | Publish to web | | +| **QnaFeedbackLoop** | Write | MSFT_FabricTenantSetting | Review questions | | +| **QnaLsdlSharing** | Write | MSFT_FabricTenantSetting | Synonym sharing | | +| **QueryScaleOutTenant** | Write | MSFT_FabricTenantSetting | Scale out queries for large semantic models | | +| **RedshiftSSO** | Write | MSFT_FabricTenantSetting | Redshift SSO | | +| **RestrictMyFolderCapacity** | Write | MSFT_FabricTenantSetting | Block users from reassigning personal workspaces (My Workspace) | | +| **RetailSolutionsTenantSwitch** | Write | MSFT_FabricTenantSetting | Retail data solutions (preview) | | +| **RScriptVisual** | Write | MSFT_FabricTenantSetting | Interact with and share R and Python visuals | | +| **ServicePrincipalAccess** | Write | MSFT_FabricTenantSetting | Service principals can use Fabric APIs | | +| **ShareLinkToEntireOrg** | Write | MSFT_FabricTenantSetting | Allow shareable links to grant access to everyone in your organization | | +| **ShareToTeamsTenant** | Write | MSFT_FabricTenantSetting | Enable Microsoft Teams integration | | +| **SnowflakeSSO** | Write | MSFT_FabricTenantSetting | Snowflake SSO | | +| **StorytellingTenant** | Write | MSFT_FabricTenantSetting | Enable Power BI add-in for PowerPoint | | +| **SustainabilitySolutionsTenantSwitch** | Write | MSFT_FabricTenantSetting | Sustainability solutions (preview) | | +| **TemplatePublish** | Write | MSFT_FabricTenantSetting | Create template organizational apps | | +| **TenantSettingPublishGetHelpInfo** | Write | MSFT_FabricTenantSetting | Publish Get Help information | | +| **TridentPrivatePreview** | Write | MSFT_FabricTenantSetting | Data Activator (preview) | | +| **UsageMetrics** | Write | MSFT_FabricTenantSetting | Usage metrics for content creators | | +| **UsageMetricsTrackUserLevelInfo** | Write | MSFT_FabricTenantSetting | Per-user data in usage metrics for content creators | | +| **UseDatasetsAcrossWorkspaces** | Write | MSFT_FabricTenantSetting | Use semantic models across workspaces | | +| **VisualizeListInPowerBI** | Write | MSFT_FabricTenantSetting | Integration with SharePoint and Microsoft Lists | | +| **WebContentTilesTenant** | Write | MSFT_FabricTenantSetting | Web content on dashboard tiles | | +| **WebModelingTenantSwitch** | Write | MSFT_FabricTenantSetting | Users can edit data models in the Power BI service (preview) | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_FabricDelegatedFrom + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Capacity** | Write | String | The setting is delegated from a capacity. | | +| **Domain** | Write | String | The setting is delegated from a domain. | | +| **Tenant** | Write | String | The setting is delegated from a tenant. | | + +### MSFT_FabricTenantSettingProperty + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The name of the property. | | +| **type** | Write | String | The type of the property. | | +| **value** | Write | String | The value of the property. | | + +### MSFT_FabricTenantSetting + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **canSpecifySecurityGroups** | Write | Boolean | Indicates if the tenant setting is enabled for a security group. 0 - The tenant setting is enabled for the entire organization. | | +| **delegateToWorkspace** | Write | Boolean | Indicates whether the tenant setting can be delegated to a workspace admin. False - Workspace admin cannot override the tenant setting. | | +| **delegatedFrom** | Write | MSFT_FabricDelegatedFrom | Tenant setting delegated from tenant, capacity or domain. | | +| **settingName** | Write | String | The name of the tenant setting. | | +| **enabled** | Write | Boolean | The status of the tenant setting. | | +| **tenantSettingGroup** | Write | String | Tenant setting group name. | | +| **title** | Write | String | The title of the tenant setting. | | +| **properties** | Write | MSFT_FabricTenantSettingProperty[] | Tenant setting properties. | | +| **excludedSecurityGroups** | Write | StringArray[] | A list of excluded security groups. | | +| **enabledSecurityGroups** | Write | StringArray[] | A list of enabled security groups. | | + + +## Description + +This resource configures the tenant settings for Microsoft Fabric. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + FabricAdminTenantSettings "FabricAdminTenantSettings" + { + IsSingleInstance = 'Yes' + AADSSOForGateway = MSFT_FabricTenantSetting { + settingName = 'AADSSOForGateway' + canSpecifySecurityGroups = $False + enabled = $True + tenantSettingGroup = 'Integration settings' + title = 'Microsoft Entra single sign-on for data gateway' + }; + AdminApisIncludeDetailedMetadata = MSFT_FabricTenantSetting { + settingName = 'AdminApisIncludeDetailedMetadata' + canSpecifySecurityGroups = $True + enabled = $True + tenantSettingGroup = 'Admin API settings' + title = 'Enhance admin APIs responses with detailed metadata' + excludedSecurityGroups = @('MyExcludedGroup') + enabledSecurityGroups = @('Group1','Group2') + }; + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md b/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md index d9129c936a..2bef8f6002 100644 --- a/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md +++ b/docs/docs/user-guide/cmdlets/Export-M365DSCConfiguration.md @@ -17,7 +17,7 @@ This function does not generate any output. | FileName | False | String | | | Specifies the name of the file in which the exported DSC configuration should be stored. | | ConfigurationName | False | String | | | Specifies the name of the configuration that will be generated. | | Components | False | String[] | | | Specifies the components for which an export should be created. | -| Workloads | False | String[] | | AAD, SPO, EXO, INTUNE, SC, OD, O365, PLANNER, PP, TEAMS | Specifies the workload for which an export should be created for all resources. | +| Workloads | False | String[] | | AAD, FABRIC, SPO, EXO, INTUNE, SC, OD, O365, PLANNER, PP, TEAMS | Specifies the workload for which an export should be created for all resources. | | Mode | False | String | Default | Lite, Default, Full | Specifies the mode of the export: Lite, Default or Full. | | MaxProcesses | False | Object | | | Specifies the maximum number of processes that should run simultanious. | | GenerateInfo | False | Boolean | | | Specifies if each exported resource should get a link to the Wiki article of the resource. | From fa8ea8a372884a8b901422ee452dc4500fb7b47d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 10:55:34 +0000 Subject: [PATCH 21/27] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 780 ++++++++++++++++++ 1 file changed, 780 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 5b60cd625d..4c7d37b508 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -15389,6 +15389,786 @@ } ] }, + { + "ClassName": "MSFT_FabricDelegatedFrom", + "Parameters": [ + { + "CIMType": "String", + "Name": "Capacity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Domain", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Tenant", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_FabricTenantSettingProperty", + "Parameters": [ + { + "CIMType": "String", + "Name": "name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "type", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "value", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_FabricTenantSetting", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "canSpecifySecurityGroups", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "delegateToWorkspace", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricDelegatedFrom", + "Name": "delegatedFrom", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "settingName", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "enabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "tenantSettingGroup", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "title", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSettingProperty[]", + "Name": "properties", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "excludedSecurityGroups", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "enabledSecurityGroups", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_FabricAdminTenantSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AADSSOForGateway", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AdminApisIncludeDetailedMetadata", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AdminApisIncludeExpressions", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AdminCustomDisclaimer", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AISkillArtifactTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowAccessOverPrivateLinks", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowCVAuthenticationTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowCVLocalStorageV2Tenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowCVToExportDataToFileTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowEndorsementMasterDataSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowExternalDataSharingReceiverSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowExternalDataSharingSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowFreeTrial", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowGuestLookup", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowGuestUserToAccessSharedContent", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowPowerBIASDQOnTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowSendAOAIDataToOtherRegions", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowSendNLToDaxDataToOtherRegions", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowServicePrincipalsCreateAndUseProfiles", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowServicePrincipalsUseReadAdminAPIs", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AppPush", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ArtifactSearchTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ASCollectQueryTextTelemetryTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ASShareableCloudConnectionBindingSecurityModeTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ASWritethruContinuousExportTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ASWritethruTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AutoInstallPowerBIAppInTeamsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AutomatedInsightsEntryPoints", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AutomatedInsightsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AzureMap", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "BingMap", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "BlockAccessFromPublicNetworks", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "BlockAutoDiscoverAndPackageRefresh", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "BlockProtectedLabelSharingToEntireOrg", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "BlockResourceKeyAuthentication", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "CDSAManagement", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "CertifiedCustomVisualsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "CertifyDatasets", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ConfigureFolderRetentionPeriod", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "CreateAppWorkspaces", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "CustomVisualsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DatamartTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DatasetExecuteQueries", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DevelopServiceApps", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DiscoverDatasetsConsumption", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DiscoverDatasetsSettingsCertified", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DiscoverDatasetsSettingsPromoted", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "DremioSSO", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EimInformationProtectionDataSourceInheritanceSetting", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EimInformationProtectionDownstreamInheritanceSetting", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EimInformationProtectionEdit", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EimInformationProtectionLessElevated", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ElevatedGuestsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EmailSecurityGroupsOnOutage", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EmailSubscriptionsToB2BUsers", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EmailSubscriptionsToExternalUsers", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EmailSubscriptionTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "Embedding", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableAOAI", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableDatasetInPlaceSharing", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableExcelYellowIntegration", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableFabricAirflow", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableNLToDax", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EnableReassignDataDomainSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "EsriVisual", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExpFlightingTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportReport", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToCsv", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToExcelSetting", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToImage", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToMHTML", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToPowerPoint", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToWord", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportToXML", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExportVisualImageTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExternalDatasetSharingTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ExternalSharingV2", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "FabricAddPartnerWorkload", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "FabricFeedbackTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "FabricGAWorkloads", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "FabricThirdPartyWorkloads", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GitHubTenantSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GitIntegrationCrossGeoTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GitIntegrationSensitivityLabelsTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GitIntegrationTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GoogleBigQuerySSO", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "GraphQLTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "HealthcareSolutionsTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "InstallNonvalidatedTemplateApps", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "InstallServiceApps", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "KustoDashboardTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "LiveConnection", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "LogAnalyticsAttachForWorkspaceAdmins", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "M365DataSharing", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "Mirroring", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ODSPRefreshEnforcementTenantAllowAutomaticUpdate", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "OneDriveSharePointAllowSharingTenantSetting", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "OneDriveSharePointViewerIntegrationTenantSettingV2", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "OneLakeFileExplorer", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "OneLakeForThirdParty", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "OnPremAnalyzeInExcel", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "PowerBIGoalsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "PowerPlatformSolutionsIntegrationTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "Printing", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "PromoteContent", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "PublishContentPack", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "PublishToWeb", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "QnaFeedbackLoop", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "QnaLsdlSharing", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "QueryScaleOutTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "RedshiftSSO", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "RestrictMyFolderCapacity", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "RetailSolutionsTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "RScriptVisual", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ServicePrincipalAccess", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ShareLinkToEntireOrg", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ShareToTeamsTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "SnowflakeSSO", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "StorytellingTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "SustainabilitySolutionsTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "TemplatePublish", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "TenantSettingPublishGetHelpInfo", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "TridentPrivatePreview", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "UsageMetrics", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "UsageMetricsTrackUserLevelInfo", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "UseDatasetsAcrossWorkspaces", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "VisualizeListInPowerBI", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "WebContentTilesTenant", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "WebModelingTenantSwitch", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments", "Parameters": [ From a36970eece2d558bccb474a859132d9cd3e2b1dc Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 14:55:59 +0000 Subject: [PATCH 22/27] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOOwaMailboxPolicy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/exchange/EXOOwaMailboxPolicy.md b/docs/docs/resources/exchange/EXOOwaMailboxPolicy.md index b5b36683c3..2804f2d078 100644 --- a/docs/docs/resources/exchange/EXOOwaMailboxPolicy.md +++ b/docs/docs/resources/exchange/EXOOwaMailboxPolicy.md @@ -5,6 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Name** | Key | String | The Name parameter specifies the unique name for the policy. The maximum length is 64 characters. | | +| **AccountTransferEnabled** | Write | Boolean | The AccountTransferEnabled parameter specifies whether to enable or disable QR code sign-in. By default, QR code sign-in is enabled. | | | **ActionForUnknownFileAndMIMETypes** | Write | String | The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types | `Allow`, `ForceSave`, `Block` | | **ActiveSyncIntegrationEnabled** | Write | Boolean | The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web. | | | **AdditionalAccountsEnabled** | Write | Boolean | No description available. | | From a2a12bc4a57f989ce1306d1720b44973391f0c3a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 14:58:54 +0000 Subject: [PATCH 23/27] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 4c7d37b508..1ed0315464 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -12032,6 +12032,11 @@ "Name": "Name", "Option": "Key" }, + { + "CIMType": "Boolean", + "Name": "AccountTransferEnabled", + "Option": "Write" + }, { "CIMType": "String", "Name": "ActionForUnknownFileAndMIMETypes", From fa5fce7c0a84eb530f482500dba39268cf089240 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 15:07:45 +0000 Subject: [PATCH 24/27] Updated Resources and Cmdlet documentation pages --- .../IntuneDeviceControlPolicyWindows10.md | 293 ++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceControlPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceControlPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceControlPolicyWindows10.md new file mode 100644 index 0000000000..39762924d8 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceControlPolicyWindows10.md @@ -0,0 +1,293 @@ +# IntuneDeviceControlPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Policy description | | +| **DisplayName** | Key | String | Policy name | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **PolicyRule** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule[] | The list of policy rules to apply. | | +| **DeviceInstall_Allow_Deny_Layered** | Write | String | Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_IDs_Allow** | Write | String | Allow installation of devices that match any of these device IDs (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_IDs_Allow_List** | Write | StringArray[] | Allowed device IDs | | +| **DeviceInstall_Instance_IDs_Allow** | Write | String | Allow installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Instance_IDs_Allow_List** | Write | StringArray[] | Allowed Instance IDs | | +| **DeviceInstall_Classes_Allow** | Write | String | Allow installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Classes_Allow_List** | Write | StringArray[] | Allowed classes | | +| **DeviceInstall_Unspecified_Deny** | Write | String | Prevent installation of devices not described by other policy settings (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_IDs_Deny** | Write | String | Prevent installation of devices that match any of these device IDs (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_IDs_Deny_List** | Write | StringArray[] | Prevented device IDs | | +| **DeviceInstall_IDs_Deny_Retroactive** | Write | String | Also apply to matching devices that are already installed. (0: False, 1: True) | `0`, `1` | +| **DeviceInstall_Instance_IDs_Deny** | Write | String | Prevent installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Instance_IDs_Deny_Retroactive** | Write | String | Also apply to matching devices that are already installed. (Device) (0: False, 1: True) | `0`, `1` | +| **DeviceInstall_Instance_IDs_Deny_List** | Write | StringArray[] | Prevented Instance IDs | | +| **DeviceInstall_Classes_Deny** | Write | String | Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Classes_Deny_List** | Write | StringArray[] | Prevented Classes | | +| **DeviceInstall_Classes_Deny_Retroactive** | Write | String | Also apply to matching devices that are already installed. (0: False, 1: True) | `0`, `1` | +| **DeviceInstall_Removable_Deny** | Write | String | Prevent installation of removable devices (0: Disabled, 1: Enabled) | `0`, `1` | +| **WPDDevices_DenyRead_Access_2** | Write | String | WPD Devices: Deny read access (0: Disabled, 1: Enabled) | `0`, `1` | +| **WPDDevices_DenyRead_Access_1** | Write | String | WPD Devices: Deny read access (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **WPDDevices_DenyWrite_Access_2** | Write | String | WPD Devices: Deny write access (0: Disabled, 1: Enabled) | `0`, `1` | +| **WPDDevices_DenyWrite_Access_1** | Write | String | WPD Devices: Deny write access (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowFullScanRemovableDriveScanning** | Write | String | Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.) | `0`, `1` | +| **AllowDirectMemoryAccess** | Write | String | Allow Direct Memory Access (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **DeviceEnumerationPolicy** | Write | String | Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive)) | `0`, `1`, `2` | +| **RemovableDiskDenyWriteAccess** | Write | String | Removable Disk Deny Write Access (0: Disabled., 1: Enabled.) | `0`, `1` | +| **AllowUSBConnection** | Write | String | Allow USB Connection (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowBluetooth** | Write | String | Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.) | `0`, `1`, `2` | +| **AllowAdvertising** | Write | String | Allow Advertising (0: Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral., 1: Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.) | `0`, `1` | +| **AllowDiscoverableMode** | Write | String | Allow Discoverable Mode (0: Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device., 1: Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.) | `0`, `1` | +| **AllowPrepairing** | Write | String | Allow Prepairing (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowPromptedProximalConnections** | Write | String | Allow Prompted Proximal Connections (0: Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios, 1: Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios) | `0`, `1` | +| **ServicesAllowedList** | Write | StringArray[] | Services Allowed List | | +| **AllowStorageCard** | Write | String | Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.) | `0`, `1` | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Entry** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry[] | Entry | | +| **Name** | Write | String | Name | | +| **ExcludedIdList_GroupId** | Write | StringArray[] | Excluded ID | | +| **IncludedIdList_GroupId** | Write | StringArray[] | Included ID | | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Type** | Write | String | Type (allow: Allow, deny: Deny, auditallowed: AuditAllowed, auditdenied: AuditDenied) | `allow`, `deny`, `auditallowed`, `auditdenied` | +| **Options** | Write | String | Options (0: None, 1: ShowNotification, 2: SendEvent, 3: SendNotificationAndEvent, 4: Disable) | `0`, `1`, `2`, `3`, `4` | +| **Sid** | Write | String | Sid | | +| **AccessMask** | Write | SInt32Array[] | Access mask (1: WDD_READ_ACCESS, 2: WDD_WRITE_ACCESS, 4: WDD_EXECUTE_ACCESS, 8: WDD_FS_READ_ACCESS, 16: WDD_FS_WRITE_ACCESS, 32: WDD_FS_EXECUTE_ACCESS, 64: WDD_PRINT_ACCESS) | `1`, `2`, `4`, `8`, `16`, `32`, `64` | +| **ComputerSid** | Write | String | Computer Sid | | + + +## Description + +Intune Device Control Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Device Control Policy. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + AllowStorageCard = "1"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Device Control"; + DeviceInstall_IDs_Allow = "1"; + DeviceInstall_IDs_Allow_List = @("1234"); + PolicyRule = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{ + Name = 'asdf' + Entry = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{ + AccessMask = @( + '1' + '2' + ) + Sid = '1234' + ComputerSid = '1234' + Type = 'allow' + Options = '4' + } + ) + } + ); + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example updates a Device Control Policy. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + AllowStorageCard = "1"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Device Control"; + DeviceInstall_IDs_Allow = "1"; + DeviceInstall_IDs_Allow_List = @("1234"); + PolicyRule = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{ + Name = 'asdf' + Entry = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{ + AccessMask = @( + '1' + '2' + ) + Sid = '1234' + ComputerSid = '1234' + Type = 'deny' # Updated property + Options = '4' + } + ) + } + ); + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example removes a Device Control Policy. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + Id = '00000000-0000-0000-0000-000000000000' + DisplayName = 'Device Control' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + From 4a78048ee6bca292537cface74142ea01b1bab6d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 15:10:13 +0000 Subject: [PATCH 25/27] Updated {Create} Intune Integration Tests --- ...M365DSCIntegration.INTUNE.Create.Tests.ps1 | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 375dd122e6..09a05d0878 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -2054,6 +2054,44 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneDeviceControlPolicyWindows10 'ConfigureDeviceControlPolicy' + { + AllowStorageCard = "1"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '11111111-1111-1111-1111-111111111111' + } + ); + Description = 'Description' + DisplayName = "Device Control"; + DeviceInstall_IDs_Allow = "1"; + DeviceInstall_IDs_Allow_List = @("1234"); + PolicyRule = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{ + Name = 'asdf' + Entry = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{ + AccessMask = @( + '1' + '2' + ) + Sid = '1234' + ComputerSid = '1234' + Type = 'allow' + Options = '4' + } + ) + } + ); + Ensure = "Present"; + Id = '00000000-0000-0000-0000-000000000000' + RoleScopeTagIds = @("0"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' { DisplayName = 'My DSC Limit' From e0f2cbf773e2158f14a232a3c9079a093944d8ba Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 5 Sep 2024 15:10:32 +0000 Subject: [PATCH 26/27] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 300 ++++++++++++++++++ 1 file changed, 300 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 1ed0315464..ff560fdb1f 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -29974,6 +29974,306 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule", + "Parameters": [ + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry[]", + "Name": "Entry", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Name", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExcludedIdList_GroupId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "IncludedIdList_GroupId", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry", + "Parameters": [ + { + "CIMType": "String", + "Name": "Type", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Options", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Sid", + "Option": "Write" + }, + { + "CIMType": "SInt32[]", + "Name": "AccessMask", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ComputerSid", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneDeviceControlPolicyWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "RoleScopeTagIds", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule[]", + "Name": "PolicyRule", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Allow_Deny_Layered", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_IDs_Allow", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_IDs_Allow_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Instance_IDs_Allow", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_Instance_IDs_Allow_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Classes_Allow", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_Classes_Allow_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Unspecified_Deny", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_IDs_Deny", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_IDs_Deny_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_IDs_Deny_Retroactive", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Instance_IDs_Deny", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Instance_IDs_Deny_Retroactive", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_Instance_IDs_Deny_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Classes_Deny", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_Classes_Deny_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Classes_Deny_Retroactive", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Removable_Deny", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WPDDevices_DenyRead_Access_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WPDDevices_DenyRead_Access_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WPDDevices_DenyWrite_Access_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WPDDevices_DenyWrite_Access_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowFullScanRemovableDriveScanning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowDirectMemoryAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceEnumerationPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RemovableDiskDenyWriteAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowUSBConnection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowBluetooth", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowAdvertising", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowDiscoverableMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowPrepairing", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowPromptedProximalConnections", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ServicesAllowedList", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowStorageCard", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneDeviceEnrollmentLimitRestriction", "Parameters": [ From 76490b998b04ebfd1493957423610252cc39058a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Sep 2024 11:15:44 -0400 Subject: [PATCH 27/27] Release 1.24.904.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 86 ++++---------------- 2 files changed, 17 insertions(+), 71 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90a1121bd1..2c2ad6918c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.904.1 * EXOOwaMailboxPolicy * Add support for AccountTransferEnabled parameter diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index cd94876636..829a2cef89 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-08-28 +# Generated on: 2024-09-05 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.828.1' + ModuleVersion = '1.24.904.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -143,76 +143,22 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAdministrativeUnit - * Fix Properties for Dynamic Administrative Units in Graph have moved -* AADConditionalAccessPolicy - * Fixing issue where the resource crashed when trying to retrieve groups - and users from Entra ID which no longer existed - * Fixes an issue where the `AuthenticationFlows` property changed in Graph - and updates on the documentation for the possible values of `TransferMethods`. - FIXES [#4961](https://github.com/microsoft/Microsoft365DSC/issues/4961) - FIXES [#4960](https://github.com/microsoft/Microsoft365DSC/issues/4960) - FIXES [#4734](https://github.com/microsoft/Microsoft365DSC/issues/4734) - FIXES [#4725](https://github.com/microsoft/Microsoft365DSC/issues/4725) -* AADGroup - * FIXES [#4994](https://github.com/microsoft/Microsoft365DSC/issues/4994) -* EXOAuthenticationPolicyAssignment - * Removes the 1000 user limit when exporting authentication policy assignments - FIXES [#4956](https://github.com/microsoft/Microsoft365DSC/issues/4956) -* EXOHostedContentFilterRule - * Dont check if associated `EXOHostedContentFilterPolicy` is present - while removing resource since its not required - * EXORoleGroup - * Fix an issue where roles that have empty members cannot be compared - FIXES [#4977] (https://github.com/microsoft/Microsoft365DSC/issues/4977) -* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy - * Fixed issue if `PasswordComplexity` was set to 5 by allowing that value - FIXES [#4963](https://github.com/microsoft/Microsoft365DSC/issues/4963) -* IntuneDeviceCompliancePolicyWindows10 - * Fix extraction of property `TpmRequired` -* IntuneDeviceConfigurationCustomPolicyWindows10 - * Change app and delegated permissions for reading to - DeviceManagementConfiguration.ReadWrite.All to cope with - getOmaSettingPlainTextValue which is only working if RW is granted - FIXES [#4412](https://github.com/microsoft/Microsoft365DSC/issues/4412) -* IntuneDeviceRemediation - * Add export of global remediation scripts. -* O365OrgSettings - * FIXES [#4741](https://github.com/microsoft/Microsoft365DSC/issues/4741) -* SCAutoSensitivityLabelPolicy - * Fixes issue where Mode=Enabled is not supported for SP and OD. Changing - property to TestWithoutNotifications in those instances. - FIXES [#4990](https://github.com/microsoft/Microsoft365DSC/issues/4990) -* SCAutoSensitivityLabelRule - * Fixes issue where the export was looping through all possible workloads - instead of the actually targeted workload - FIXES [#4989](https://github.com/microsoft/Microsoft365DSC/issues/4989) -* SCSensitivityLabel - * Corrected issue where ExternalAccess properties were configured inverted - FIXES [#3782](https://github.com/microsoft/Microsoft365DSC/issues/3782) + ReleaseNotes = '* EXOOwaMailboxPolicy + * Add support for AccountTransferEnabled parameter +* EXOSweepRule + * Initial Release. +* FabricAdminTenantSettings + * Initial Release. +* IntuneDeviceControlPolicyWindows10 + * Initial Release * M365DSCDRGUtil - * Update Intune Settings Catalog Handling. - * Fixes an issue where the `MSFT_IntuneDeviceRemediationPolicyAssignments` - type would trigger an incorrect comparison in `Compare-M365DSCComplexObject`. -* M365DSCResourceGenerator - * Update Intune resource generation for the Settings Catalog. -* M365DSCUtil - * Fix `Compare-PSCustomObjectArrays` by allowing empty arrays as input - FIXES [#4952](https://github.com/microsoft/Microsoft365DSC/issues/4952) -* O365OrgSettings - * FIXES [#4741](https://github.com/microsoft/Microsoft365DSC/issues/4741) -* MISC - * Improve module updates and PowerShell Core support across the DSC - resources. - FIXES [#4941](https://github.com/microsoft/Microsoft365DSC/issues/4941) - * Replace some `Write-Host` occurrences in core engine with - appropriate alternatives. - FIXES [#4943](https://github.com/microsoft/Microsoft365DSC/issues/4943) - * Fixed a typo within M365DSCReport.psm1 related to a .png file - FIXES [#4983](https://github.com/microsoft/Microsoft365DSC/pull/4983) + * Fixes an issue where a Intune settings catalog DSC param was not handled + correctly when it was not specified. + FIXES [#5000](https://github.com/microsoft/Microsoft365DSC/issues/5000) + * Fixes an issue where the exported nested CIM instances had too many line breaks. + * Fixes an issue where Settings Catalog properties were not correctly handled. * DEPENDENCIES - * Updated MicrosoftTeams to version 6.5.0. - * Updated MSCloudLoginAssistant to version 1.1.19.' + * Updated MSCloudLoginAssistant to version 1.1.20.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false