From 6eab0bb6accc3b29a0a3f421e206c3ffe4f914cf Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Mon, 2 Dec 2024 19:37:13 +0000 Subject: [PATCH 01/45] In Progress --- .../MSFT_IntuneVPNConfigurationPolicyIOS.psm1 | 1321 +++++++++++++++++ ...IntuneVPNConfigurationPolicyIOS.schema.mof | 101 ++ .../readme.md | 6 + .../settings.json | 44 + ...NConfigurationPolicyAndroidEnterprise.psm1 | 1321 +++++++++++++++++ ...gurationPolicyAndroidEnterprise.schema.mof | 75 + .../readme.md | 6 + .../settings.json | 44 + ...eVPNConfigurationPolicyAndroid-Example.ps1 | 21 + ...uneVPNConfigurationPolicyAndroid.Tests.ps1 | 566 +++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 291 ++++ 11 files changed, 3796 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 new file mode 100644 index 0000000000..eea9be1cc9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 @@ -0,0 +1,1321 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for iOS with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune VPN Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + + $complexServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.server) + { + $myservers = @{} + $myservers.Add('address', $currentservers.address) + $myservers.Add('description', $currentservers.description) + $myservers.Add('isDefaultServer', $currentservers.isDefaultServer) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexServers += $myservers + } + } + + $complexProxyServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.proxyServer) + { + $myservers = @{} + $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl) + $myservers.Add('address', $currentservers.address) + $myservers.Add('port', $currentservers.port) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexProxyServers += $myservers + } + } + + $complexCustomData = @() + foreach ($value in $getValue.AdditionalProperties.customData) + { + $myCustomdata = @{} + $myCustomdata.Add('key', $value.key) + $myCustomdata.Add('value', $value.value) + if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomData += $myCustomdata + } + } + + $complexCustomKeyValueData = @() + foreach ($value in $getValue.AdditionalProperties.customKeyValueData) + { + $myCVdata = @{} + $myCVdata.Add('name', $value.name) + $myCVdata.Add('value', $value.value) + if ($myCVdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomKeyValueData += $myCVdata + } + } + + $complexTargetedMobileApps = @() + foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) + { + $myTMAdata = @{} + $myTMAdata.Add('address', $value.address) + $myTMAdata.Add('publisher', $value.publisher) + $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) + $myTMAdata.Add('appId', $value.appId) + if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexTargetedMobileApps += $myTMAdata + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + connectionName = $getValue.AdditionalProperties.connectionName + connectionType = $getValue.AdditionalProperties.connectionType + enableSplitTunneling = $getValue.AdditionalProperties.enableSplitTunneling + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod + safariDomains = $getValue.AdditionalProperties.safariDomains + associatedDomains = $getValue.AdditionalProperties.associatedDomains + excludedDomains = $getValue.AdditionalProperties.excludedDomains + optInToDeviceIdSharing = $getValue.AdditionalProperties.optInToDeviceIdSharing + excludeList = $getValue.AdditionalProperties.excludeList + server = $complexServers + customData = $complexCustomData #$getValue.AdditionalProperties.customData + customKeyValueData = $complexCustomKeyValueData #$getValue.AdditionalProperties.customKeyValueData + onDemandRules = $getValue.AdditionalProperties.onDemandRules + proxyServer = $complexProxyServers + targetedMobileApps = $complexTargetedMobileApps #$getValue.AdditionalProperties.targetedMobileApps + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + loginGroupOrDomain = $getValue.AdditionalProperties.loginGroupOrDomain + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + identifier = $getValue.AdditionalProperties.identifier + enablePerApp = $getValue.AdditionalProperties.enablePerApp + providerType = $getValue.AdditionalProperties.providerType + disableOnDemandUserOverride = $getValue.AdditionalProperties.disableOnDemandUserOverride + disconnectOnIdle = $getValue.AdditionalProperties.disconnectOnIdle + disconnectOnIdleTimerInSeconds = $getValue.AdditionalProperties.disconnectOnIdleTimerInSeconds + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + cloudName = $getValue.AdditionalProperties.cloudName + strictEnforcement = $getValue.AdditionalProperties.strictEnforcement + userDomain = $getValue.AdditionalProperties.userDomain + + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #proxy and server values need converting before new- / update- cmdlets will accept parameters + #creating hashtables now for use later in both present/present and present/absent blocks + $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters + + if ($allTargetValues -match '\bserver=\(\{([^\)]+)\}\)') + { + $serverBlock = $matches[1] + } + + $serverHashtable = @{} + $serverBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $serverHashtable[$key] = $value + } + } + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') + { + $proxyBlock = $matches[1] + } + + $proxyHashtable = @{} + $proxyBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $proxyHashtable[$key] = $value + } + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + if ($AdditionalProperties.server) + { + $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + if ($AdditionalProperties) + { + + if ($AdditionalProperties.server) + { + $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + #add the additional properties to the updateparameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + } + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.server) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.server ` + -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.server = $complexTypeStringResult + } + else + { + $Results.Remove('server') | Out-Null + } + } + + if ($null -ne $Results.onDemandRules) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.onDemandRules ` + -CIMInstanceName 'MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule' #MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.onDemandRules = $complexTypeStringResult + } + else + { + $Results.Remove('onDemandRules') | Out-Null + } + } + + if ($null -ne $Results.proxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.proxyServer ` + -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.proxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('proxyServer') | Out-Null + } + } + + if ($null -ne $Results.customData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customData ` + -CIMInstanceName 'MSFT_CustomData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customData = $complexTypeStringResult + } + else + { + $Results.Remove('customData') | Out-Null + } + } + + if ($null -ne $Results.customKeyValueData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customKeyValueData ` + -CIMInstanceName 'MSFT_customKeyValueData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customKeyValueData = $complexTypeStringResult + } + else + { + $Results.Remove('customKeyValueData') | Out-Null + } + } + + if ($null -ne $Results.targetedMobileApps) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.targetedMobileApps ` + -CIMInstanceName 'MSFT_targetedMobileApps' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.targetedMobileApps = $complexTypeStringResult + } + else + { + $Results.Remove('targetedMobileApps') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.server) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "server" -isCIMArray:$True + } + + if ($Results.onDemandRules) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "onDemandRules" -isCIMArray:$True + } + + if ($Results.proxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True + } + + if ($Results.customData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True + } + + if ($Results.customKeyValueData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True + } + + if ($Results.targetedMobileApps) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True + } + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'connectionName' + 'connectionType' + 'enableSplitTunneling' + 'authenticationMethod' + 'enablePerApp' + 'safariDomains' + 'associatedDomains' + 'excludedDomains' + 'disableOnDemandUserOverride' + 'disconnectOnIdle' + 'proxyServer' + 'optInToDeviceIdSharing' + 'excludeList' + 'microsoftTunnelSiteId' + 'server' + 'customData' + 'customKeyValueData' + 'onDemandRules' + 'targetedMobileApps' + 'version' + 'loginGroupOrDomain' + 'role' + 'realm' + 'identifier' + 'providerType' + 'disconnectOnIdleTimerInSeconds' + 'cloudName' + 'strictEnforcement' + 'userDomain' + ) + + $results = @{'@odata.type' = '#microsoft.graph.iosVpnConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof new file mode 100644 index 0000000000..afb00a93df --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof @@ -0,0 +1,101 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule +{ + [Write, Description("Network Service Set Identifiers (SSIDs).")] String ssids[]; + [Write, Description("DNS Search Domains.")] String dnsSearchDomains[]; + [Write, Description("A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches.")] String probeUrl; + [Write, Description("Action. Possible values are: connect, evaluateConnection, ignore, disconnect."), ValueMap{"connect", "evaluateConnection", "ignore", "disconnect"}, Values{"connect", "evaluateConnection", "ignore", "disconnect"}] String action; + [Write, Description("Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect."), ValueMap{"connectIfNeeded", "neverConnect"}, Values{"connectIfNeeded", "neverConnect"}] String domainAction; + [Write, Description("Domains, Only applicable when Action is evaluate connection.")] String domains[]; + [Write, Description("Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded.")] String probeRequiredUrl; + [Write, Description("Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular."), ValueMap{"notConfigured", "ethernet", "wiFi", "cellular"}, Values{"notConfigured", "ethernet", "wiFi", "cellular"}] String interfaceTypeMatch; + [Write, Description("DNS Search Server Address.")] String dnsServerAddressMatch[]; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String address; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyIOS")] +class MSFT_IntuneVPNConfigurationPolicyIOS : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Send all network traffic through VPN.")] Boolean enableSplitTunneling; + [Write, Description("Authentication method for this VPN connection."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.")] String safariDomains[]; + [Write, Description("Associated Domains. These domains will be linked with the VPN configuration.")] String associatedDomains[]; + [Write, Description("Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated.")] String excludedDomains[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.")] Boolean optInToDeviceIdSharing; + [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String excludeList[]; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String server[]; + [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("On-Demand Rules. This collection can contain a maximum of 500 elements."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule")] String onDemandRules[]; + [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String targetedMobileApps[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + [Write, Description("Version of the device configuration. Inherited from deviceConfiguration.")] uint32 version; + [Write, Description("Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration.")] String loginGroupOrDomain; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String realm; + [Write, Description("Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration.")] String identifier; + [Write, Description("Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration.")] Boolean enablePerApp; + [Write, Description("Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel."), ValueMap{"notConfigured", "appProxy", "packetTunnel"}, Values{"notConfigured", "appProxy", "packetTunnel"}] String providerType; + [Write, Description("Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration.")] Boolean disableOnDemandUserOverride; + [Write, Description("Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration")] Boolean disconnectOnIdle; + [Write, Description("The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration.")] uint32 disconnectOnIdleTimerInSeconds; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("Zscaler only. Zscaler cloud which the user is assigned to.")] String cloudName; + [Write, Description("Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked.")] Boolean strictEnforcement; + [Write, Description("Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.")] String userDomain; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md new file mode 100644 index 0000000000..a82c357af2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md @@ -0,0 +1,6 @@ + +# IntuneVPNConfigurationPolicyIOS + +## Description + +This resource configures an Intune VPN Configuration Policy for iOS Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json new file mode 100644 index 0000000000..48a95f699a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneVPNConfigurationPolicyIOS", + "description": "This resource configures an Intune VPN Configuration Policy for iOS Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 new file mode 100644 index 0000000000..3436b6d5ed --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -0,0 +1,1321 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Enterprise with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune VPN Policy for Android Enterprise with id {$id} and DisplayName {$DisplayName} was found" + + $complexServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.servers) + { + $myservers = @{} + $myservers.Add('address', $currentservers.address) + $myservers.Add('description', $currentservers.description) + $myservers.Add('isDefaultServer', $currentservers.isDefaultServer) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexServers += $myservers + } + } + + $complexProxyServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.proxyServer) + { + $myservers = @{} + $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl) + $myservers.Add('address', $currentservers.address) + $myservers.Add('port', $currentservers.port) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexProxyServers += $myservers + } + } + + $complexCustomData = @() + foreach ($value in $getValue.AdditionalProperties.customData) + { + $myCustomdata = @{} + $myCustomdata.Add('key', $value.key) + $myCustomdata.Add('value', $value.value) + if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomData += $myCustomdata + } + } + + $complexCustomKeyValueData = @() + foreach ($value in $getValue.AdditionalProperties.customKeyValueData) + { + $myCVdata = @{} + $myCVdata.Add('name', $value.name) + $myCVdata.Add('value', $value.value) + if ($myCVdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomKeyValueData += $myCVdata + } + } + + $complexTargetedMobileApps = @() + foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) + { + $myTMAdata = @{} + $myTMAdata.Add('address', $value.address) + $myTMAdata.Add('publisher', $value.publisher) + $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) + $myTMAdata.Add('appId', $value.appId) + if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexTargetedMobileApps += $myTMAdata + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + connectionName = $getValue.AdditionalProperties.connectionName + connectionType = $getValue.AdditionalProperties.connectionType + enableSplitTunneling = $getValue.AdditionalProperties.enableSplitTunneling + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod + safariDomains = $getValue.AdditionalProperties.safariDomains + associatedDomains = $getValue.AdditionalProperties.associatedDomains + excludedDomains = $getValue.AdditionalProperties.excludedDomains + optInToDeviceIdSharing = $getValue.AdditionalProperties.optInToDeviceIdSharing + excludeList = $getValue.AdditionalProperties.excludeList + servers = $complexServers + customData = $complexCustomData #$getValue.AdditionalProperties.customData + customKeyValueData = $complexCustomKeyValueData #$getValue.AdditionalProperties.customKeyValueData + onDemandRules = $getValue.AdditionalProperties.onDemandRules + proxyServer = $complexProxyServers + targetedMobileApps = $complexTargetedMobileApps #$getValue.AdditionalProperties.targetedMobileApps + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + loginGroupOrDomain = $getValue.AdditionalProperties.loginGroupOrDomain + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + identifier = $getValue.AdditionalProperties.identifier + enablePerApp = $getValue.AdditionalProperties.enablePerApp + providerType = $getValue.AdditionalProperties.providerType + disableOnDemandUserOverride = $getValue.AdditionalProperties.disableOnDemandUserOverride + disconnectOnIdle = $getValue.AdditionalProperties.disconnectOnIdle + disconnectOnIdleTimerInSeconds = $getValue.AdditionalProperties.disconnectOnIdleTimerInSeconds + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + cloudName = $getValue.AdditionalProperties.cloudName + strictEnforcement = $getValue.AdditionalProperties.strictEnforcement + userDomain = $getValue.AdditionalProperties.userDomain + + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #proxy and server values need converting before new- / update- cmdlets will accept parameters + #creating hashtables now for use later in both present/present and present/absent blocks + $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters + + if ($allTargetValues -match '\bservers=\(\{([^\)]+)\}\)') + { + $serverBlock = $matches[1] + } + + $serverHashtable = @{} + $serverBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $serverHashtable[$key] = $value + } + } + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') + { + $proxyBlock = $matches[1] + } + + $proxyHashtable = @{} + $proxyBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $proxyHashtable[$key] = $value + } + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + if ($AdditionalProperties.servers) + { + $AdditionalProperties.Remove('servers') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('servers',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + if ($AdditionalProperties) + { + + if ($AdditionalProperties.servers) + { + $AdditionalProperties.Remove('servers') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('servers',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + #add the additional properties to the updateparameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + } + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.servers) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.servers ` + -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.servers = $complexTypeStringResult + } + else + { + $Results.Remove('servers') | Out-Null + } + } + + if ($null -ne $Results.onDemandRules) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.onDemandRules ` + -CIMInstanceName 'MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule' #MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.onDemandRules = $complexTypeStringResult + } + else + { + $Results.Remove('onDemandRules') | Out-Null + } + } + + if ($null -ne $Results.proxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.proxyServer ` + -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.proxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('proxyServer') | Out-Null + } + } + + if ($null -ne $Results.customData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customData ` + -CIMInstanceName 'MSFT_CustomData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customData = $complexTypeStringResult + } + else + { + $Results.Remove('customData') | Out-Null + } + } + + if ($null -ne $Results.customKeyValueData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customKeyValueData ` + -CIMInstanceName 'MSFT_customKeyValueData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customKeyValueData = $complexTypeStringResult + } + else + { + $Results.Remove('customKeyValueData') | Out-Null + } + } + + if ($null -ne $Results.targetedMobileApps) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.targetedMobileApps ` + -CIMInstanceName 'MSFT_targetedMobileApps' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.targetedMobileApps = $complexTypeStringResult + } + else + { + $Results.Remove('targetedMobileApps') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.servers) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True + } + + if ($Results.onDemandRules) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "onDemandRules" -isCIMArray:$True + } + + if ($Results.proxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True + } + + if ($Results.customData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True + } + + if ($Results.customKeyValueData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True + } + + if ($Results.targetedMobileApps) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True + } + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'connectionName' + 'connectionType' + 'enableSplitTunneling' + 'authenticationMethod' + 'enablePerApp' + 'safariDomains' + 'associatedDomains' + 'excludedDomains' + 'disableOnDemandUserOverride' + 'disconnectOnIdle' + 'proxyServer' + 'optInToDeviceIdSharing' + 'excludeList' + 'microsoftTunnelSiteId' + 'servers' + 'customData' + 'customKeyValueData' + 'onDemandRules' + 'targetedMobileApps' + 'version' + 'loginGroupOrDomain' + 'role' + 'realm' + 'identifier' + 'providerType' + 'disconnectOnIdleTimerInSeconds' + 'cloudName' + 'strictEnforcement' + 'userDomain' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidVpnConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof new file mode 100644 index 0000000000..031ac9c87b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof @@ -0,0 +1,75 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String address; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidEnterprise")] +class MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Version of the device configuration. Inherited from deviceConfiguration.")] uint32 version; + [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[]; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Targeted App package IDs.")] String targetedPackageIds[]; + [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[]; + [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn; + [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md new file mode 100644 index 0000000000..606dfcd648 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md @@ -0,0 +1,6 @@ + +# IntuneVPNConfigurationPolicyAndroidEnterprise + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json new file mode 100644 index 0000000000..e4a0357e4b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneVPNConfigurationPolicyAndroidEnterprise", + "description": "This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 new file mode 100644 index 0000000000..b8a2ed700a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 @@ -0,0 +1,21 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroid 'Example' + { + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 new file mode 100644 index 0000000000..c92490e2e3 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 @@ -0,0 +1,566 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneVPNConfigurationPolicyAndroid" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + + # Test contexts + Context -Name "The IntuneVPNConfigurationPolicyAndroid should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AuthenticationMethod = "certificate" + ConnectionName = "FakeStringValue" + ConnectionType = "ciscoAnyConnect" + customData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ + value = "FakeStringValue" + key = "FakeStringValue" + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ + value = "FakeStringValue" + name = "FakeStringValue" + } -ClientOnly) + ) + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DisplayName = "FakeStringValue" + fingerprint = "FakeStringValue" + Id = "FakeStringValue" + realm = "FakeStringValue" + role = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + servers = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } -ClientOnly) + ) + SupportsScopeTags = $True + Version = 25 + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneVPNConfigurationPolicyAndroid exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AuthenticationMethod = "certificate" + ConnectionName = "FakeStringValue" + ConnectionType = "ciscoAnyConnect" + customData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ + value = "FakeStringValue" + key = "FakeStringValue" + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ + value = "FakeStringValue" + name = "FakeStringValue" + } -ClientOnly) + ) + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DisplayName = "FakeStringValue" + fingerprint = "FakeStringValue" + Id = "FakeStringValue" + realm = "FakeStringValue" + role = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + servers = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } -ClientOnly) + ) + SupportsScopeTags = $True + Version = 25 + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + role = "FakeStringValue" + connectionName = "FakeStringValue" + customData = @( + @{ + value = "FakeStringValue" + key = "FakeStringValue" + } + ) + realm = "FakeStringValue" + connectionType = "ciscoAnyConnect" + '@odata.type' = "#microsoft.graph.androidVpnConfiguration" + authenticationMethod = "certificate" + servers = @( + @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } + ) + fingerprint = "FakeStringValue" + customKeyValueData = @( + @{ + value = "FakeStringValue" + name = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsEdition = @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsVersion = @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + SupportsScopeTags = $True + Version = 25 + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneVPNConfigurationPolicyAndroid Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AuthenticationMethod = "certificate" + ConnectionName = "FakeStringValue" + ConnectionType = "ciscoAnyConnect" + customData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ + value = "FakeStringValue" + key = "FakeStringValue" + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ + value = "FakeStringValue" + name = "FakeStringValue" + } -ClientOnly) + ) + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DisplayName = "FakeStringValue" + fingerprint = "FakeStringValue" + Id = "FakeStringValue" + realm = "FakeStringValue" + role = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + servers = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } -ClientOnly) + ) + SupportsScopeTags = $True + Version = 25 + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + role = "FakeStringValue" + connectionName = "FakeStringValue" + customData = @( + @{ + value = "FakeStringValue" + key = "FakeStringValue" + } + ) + realm = "FakeStringValue" + connectionType = "ciscoAnyConnect" + '@odata.type' = "#microsoft.graph.androidVpnConfiguration" + authenticationMethod = "certificate" + servers = @( + @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } + ) + fingerprint = "FakeStringValue" + customKeyValueData = @( + @{ + value = "FakeStringValue" + name = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsEdition = @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsVersion = @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + SupportsScopeTags = $True + Version = 25 + + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneVPNConfigurationPolicyAndroid exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AuthenticationMethod = "certificate" + ConnectionName = "FakeStringValue" + ConnectionType = "ciscoAnyConnect" + customData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ + value = "FakeStringValue" + key = "FakeStringValue" + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ + value = "FakeStringValue" + name = "FakeStringValue" + } -ClientOnly) + ) + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } -ClientOnly) + DisplayName = "FakeStringValue" + fingerprint = "FakeStringValue" + Id = "FakeStringValue" + realm = "FakeStringValue" + role = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + servers = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } -ClientOnly) + ) + SupportsScopeTags = $True + Version = 25 + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + customData = @( + @{ + value = "FakeStringValue" + key = "FakeStringValue" + } + ) + role = "FakeStringValue" + realm = "FakeStringValue" + connectionType = "ciscoAnyConnect" + connectionName = "FakeStringValue" + servers = @( + @{ + address = "FakeStringValue" + description = "FakeStringValue" + } + ) + authenticationMethod = "certificate" + fingerprint = "FakeStringValue" + customKeyValueData = @( + @{ + value = "FakeStringValue" + name = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsEdition = @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsVersion = @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + Version = 7 + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + role = "FakeStringValue" + connectionName = "FakeStringValue" + customData = @( + @{ + value = "FakeStringValue" + key = "FakeStringValue" + } + ) + realm = "FakeStringValue" + connectionType = "ciscoAnyConnect" + '@odata.type' = "#microsoft.graph.androidVpnConfiguration" + authenticationMethod = "certificate" + servers = @( + @{ + address = "FakeStringValue" + description = "FakeStringValue" + isDefaultServer = $True + } + ) + fingerprint = "FakeStringValue" + customKeyValueData = @( + @{ + value = "FakeStringValue" + name = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + DeviceManagementApplicabilityRuleDeviceMode = @{ + DeviceMode = "standardConfiguration" + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsEdition = @{ + OsEditionTypes = @("windows10Enterprise") + Name = "FakeStringValue" + RuleType = "include" + } + DeviceManagementApplicabilityRuleOsVersion = @{ + MaxOSVersion = "FakeStringValue" + Name = "FakeStringValue" + MinOSVersion = "FakeStringValue" + RuleType = "include" + } + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + SupportsScopeTags = $True + Version = 25 + + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index e3024b7ad6..ab05d33001 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -104998,3 +104998,294 @@ function Update-MgBetaDeviceManagementRoleScopeTagAssignment #endregion +#region MgDeviceManagementDeviceConfigurationAssignment +function Get-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Collections.Hashtable] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Collections.Hashtable] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + From 829731e2efeaa57a6192fc1584fde024e01287ad Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Tue, 3 Dec 2024 15:43:41 +0000 Subject: [PATCH 02/45] First Draft Complete for AE --- ...NConfigurationPolicyAndroidEnterprise.psm1 | 470 ++++----------- ...gurationPolicyAndroidEnterprise.schema.mof | 1 - .../1-Create.ps1 | 47 ++ .../2-Update.ps1 | 48 ++ .../3-Remove.ps1 | 34 ++ ...uneVPNConfigurationPolicyAndroid.Tests.ps1 | 566 ------------------ ...igurationPolicyAndroidEnterprise.Tests.ps1 | 477 +++++++++++++++ 7 files changed, 719 insertions(+), 924 deletions(-) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 delete mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 index 3436b6d5ed..ead0aeb093 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -16,68 +16,68 @@ function Get-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, - - [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + $alwaysOn, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $servers, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -115,65 +115,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - #latest updates - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) try @@ -296,21 +238,21 @@ function Get-TargetResource Id = $getValue.Id Description = $getValue.Description DisplayName = $getValue.DisplayName + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod connectionName = $getValue.AdditionalProperties.connectionName - connectionType = $getValue.AdditionalProperties.connectionType - enableSplitTunneling = $getValue.AdditionalProperties.enableSplitTunneling - authenticationMethod = $getValue.AdditionalProperties.authenticationMethod - safariDomains = $getValue.AdditionalProperties.safariDomains - associatedDomains = $getValue.AdditionalProperties.associatedDomains - excludedDomains = $getValue.AdditionalProperties.excludedDomains - optInToDeviceIdSharing = $getValue.AdditionalProperties.optInToDeviceIdSharing - excludeList = $getValue.AdditionalProperties.excludeList + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm servers = $complexServers - customData = $complexCustomData #$getValue.AdditionalProperties.customData - customKeyValueData = $complexCustomKeyValueData #$getValue.AdditionalProperties.customKeyValueData - onDemandRules = $getValue.AdditionalProperties.onDemandRules + connectionType = $getValue.AdditionalProperties.connectionType proxyServer = $complexProxyServers - targetedMobileApps = $complexTargetedMobileApps #$getValue.AdditionalProperties.targetedMobileApps + targetedPackageIds = $getValue.AdditionalProperties.targetedPackageIds + targetedMobileApps = $complexTargetedMobileApps + alwaysOn = $getValue.AdditionalProperties.alwaysOn + alwaysOnLockdown = $getValue.AdditionalProperties.alwaysOnLockdown + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + proxyExclusionList = $getValue.AdditionalProperties.proxyExclusionList + customData = $complexCustomData + customKeyValueData = $complexCustomKeyValueData Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -319,21 +261,6 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens - version = $getValue.AdditionalProperties.version - loginGroupOrDomain = $getValue.AdditionalProperties.loginGroupOrDomain - role = $getValue.AdditionalProperties.role - realm = $getValue.AdditionalProperties.realm - identifier = $getValue.AdditionalProperties.identifier - enablePerApp = $getValue.AdditionalProperties.enablePerApp - providerType = $getValue.AdditionalProperties.providerType - disableOnDemandUserOverride = $getValue.AdditionalProperties.disableOnDemandUserOverride - disconnectOnIdle = $getValue.AdditionalProperties.disconnectOnIdle - disconnectOnIdleTimerInSeconds = $getValue.AdditionalProperties.disconnectOnIdleTimerInSeconds - microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId - cloudName = $getValue.AdditionalProperties.cloudName - strictEnforcement = $getValue.AdditionalProperties.strictEnforcement - userDomain = $getValue.AdditionalProperties.userDomain - } $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id @@ -377,68 +304,68 @@ function Set-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, + $alwaysOn, [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $servers, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -476,65 +403,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - #latest updates - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) try @@ -580,6 +449,7 @@ function Set-TargetResource $serverHashtable[$key] = $value } } + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') { $proxyBlock = $matches[1] @@ -621,17 +491,6 @@ function Set-TargetResource } } - if ($AdditionalProperties.servers) - { - $AdditionalProperties.Remove('servers') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('servers',$serverHashtable) #replaced with the hashtable we created earlier - } - if ($AdditionalProperties.proxyServer) - { - $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier - } - $CreateParameters.add('AdditionalProperties', $AdditionalProperties) #region resource generator code @@ -675,19 +534,7 @@ function Set-TargetResource } if ($AdditionalProperties) - { - - if ($AdditionalProperties.servers) - { - $AdditionalProperties.Remove('servers') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('servers',$serverHashtable) #replaced with the hashtable we created earlier - } - if ($AdditionalProperties.proxyServer) - { - $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier - } - + { #add the additional properties to the updateparameters $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } @@ -728,68 +575,68 @@ function Test-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, - - [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + $alwaysOn, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $servers, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -827,64 +674,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -1085,21 +875,6 @@ function Export-TargetResource } } - if ($null -ne $Results.onDemandRules) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.onDemandRules ` - -CIMInstanceName 'MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule' #MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule - if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) - { - $Results.onDemandRules = $complexTypeStringResult - } - else - { - $Results.Remove('onDemandRules') | Out-Null - } - } - if ($null -ne $Results.proxyServer) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1171,11 +946,6 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True } - if ($Results.onDemandRules) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "onDemandRules" -isCIMArray:$True - } - if ($Results.proxyServer) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True @@ -1248,35 +1018,21 @@ function Get-M365DSCAdditionalProperties ) $additionalProperties = @( + 'authenticationMethod' 'connectionName' + 'role' + 'realm' + 'servers' 'connectionType' - 'enableSplitTunneling' - 'authenticationMethod' - 'enablePerApp' - 'safariDomains' - 'associatedDomains' - 'excludedDomains' - 'disableOnDemandUserOverride' - 'disconnectOnIdle' 'proxyServer' - 'optInToDeviceIdSharing' - 'excludeList' + 'targetedPackageIds' + 'targetedMobileApps' + 'alwaysOn' + 'alwaysOnLockdown' 'microsoftTunnelSiteId' - 'servers' + 'proxyExclusionList' 'customData' 'customKeyValueData' - 'onDemandRules' - 'targetedMobileApps' - 'version' - 'loginGroupOrDomain' - 'role' - 'realm' - 'identifier' - 'providerType' - 'disconnectOnIdleTimerInSeconds' - 'cloudName' - 'strictEnforcement' - 'userDomain' ) $results = @{'@odata.type' = '#microsoft.graph.androidVpnConfiguration' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof index 031ac9c87b..f1c432dfa5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof @@ -47,7 +47,6 @@ class MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise : OMI_BaseResource [Write, Description("Id of the Intune policy.")] String Id; [Key, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Version of the device configuration. Inherited from deviceConfiguration.")] uint32 version; [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; [Write, Description("Connection name displayed to the user.")] String connectionName; [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 new file mode 100644 index 0000000000..11e82a89de --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 new file mode 100644 index 0000000000..985814c5b1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 @@ -0,0 +1,48 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 new file mode 100644 index 0000000000..d9f0f34fc5 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Absent"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 deleted file mode 100644 index c92490e2e3..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroid.Tests.ps1 +++ /dev/null @@ -1,566 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneVPNConfigurationPolicyAndroid" -GenericStubModule $GenericStubPath -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName Get-PSSession -MockWith { - } - - Mock -CommandName Remove-PSSession -MockWith { - } - - Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { - } - - Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { - } - - Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - $Script:exportedInstances =$null - $Script:ExportMode = $false - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfigurationAssignment -MockWith { - } - - } - - # Test contexts - Context -Name "The IntuneVPNConfigurationPolicyAndroid should exist but it DOES NOT" -Fixture { - BeforeAll { - $testParams = @{ - AuthenticationMethod = "certificate" - ConnectionName = "FakeStringValue" - ConnectionType = "ciscoAnyConnect" - customData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ - value = "FakeStringValue" - key = "FakeStringValue" - } -ClientOnly) - ) - customKeyValueData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ - value = "FakeStringValue" - name = "FakeStringValue" - } -ClientOnly) - ) - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DisplayName = "FakeStringValue" - fingerprint = "FakeStringValue" - Id = "FakeStringValue" - realm = "FakeStringValue" - role = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - servers = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } -ClientOnly) - ) - SupportsScopeTags = $True - Version = 25 - Ensure = "Present" - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { - return $null - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It 'Should Create the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 - } - } - - Context -Name "The IntuneVPNConfigurationPolicyAndroid exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - AuthenticationMethod = "certificate" - ConnectionName = "FakeStringValue" - ConnectionType = "ciscoAnyConnect" - customData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ - value = "FakeStringValue" - key = "FakeStringValue" - } -ClientOnly) - ) - customKeyValueData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ - value = "FakeStringValue" - name = "FakeStringValue" - } -ClientOnly) - ) - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DisplayName = "FakeStringValue" - fingerprint = "FakeStringValue" - Id = "FakeStringValue" - realm = "FakeStringValue" - role = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - servers = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } -ClientOnly) - ) - SupportsScopeTags = $True - Version = 25 - Ensure = 'Absent' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - role = "FakeStringValue" - connectionName = "FakeStringValue" - customData = @( - @{ - value = "FakeStringValue" - key = "FakeStringValue" - } - ) - realm = "FakeStringValue" - connectionType = "ciscoAnyConnect" - '@odata.type' = "#microsoft.graph.androidVpnConfiguration" - authenticationMethod = "certificate" - servers = @( - @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } - ) - fingerprint = "FakeStringValue" - customKeyValueData = @( - @{ - value = "FakeStringValue" - name = "FakeStringValue" - } - ) - } - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsEdition = @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsVersion = @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - SupportsScopeTags = $True - Version = 25 - - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 - } - } - - Context -Name "The IntuneVPNConfigurationPolicyAndroid Exists and Values are already in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - AuthenticationMethod = "certificate" - ConnectionName = "FakeStringValue" - ConnectionType = "ciscoAnyConnect" - customData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ - value = "FakeStringValue" - key = "FakeStringValue" - } -ClientOnly) - ) - customKeyValueData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ - value = "FakeStringValue" - name = "FakeStringValue" - } -ClientOnly) - ) - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DisplayName = "FakeStringValue" - fingerprint = "FakeStringValue" - Id = "FakeStringValue" - realm = "FakeStringValue" - role = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - servers = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } -ClientOnly) - ) - SupportsScopeTags = $True - Version = 25 - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - role = "FakeStringValue" - connectionName = "FakeStringValue" - customData = @( - @{ - value = "FakeStringValue" - key = "FakeStringValue" - } - ) - realm = "FakeStringValue" - connectionType = "ciscoAnyConnect" - '@odata.type' = "#microsoft.graph.androidVpnConfiguration" - authenticationMethod = "certificate" - servers = @( - @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } - ) - fingerprint = "FakeStringValue" - customKeyValueData = @( - @{ - value = "FakeStringValue" - name = "FakeStringValue" - } - ) - } - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsEdition = @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsVersion = @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - SupportsScopeTags = $True - Version = 25 - - } - } - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name "The IntuneVPNConfigurationPolicyAndroid exists and values are NOT in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - AuthenticationMethod = "certificate" - ConnectionName = "FakeStringValue" - ConnectionType = "ciscoAnyConnect" - customData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValue -Property @{ - value = "FakeStringValue" - key = "FakeStringValue" - } -ClientOnly) - ) - customKeyValueData = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunekeyValuePair -Property @{ - value = "FakeStringValue" - name = "FakeStringValue" - } -ClientOnly) - ) - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleDeviceMode -Property @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsEdition = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsEdition -Property @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DeviceManagementApplicabilityRuleOsVersion = (New-CimInstance -ClassName MSFT_IntunedeviceManagementApplicabilityRuleOsVersion -Property @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } -ClientOnly) - DisplayName = "FakeStringValue" - fingerprint = "FakeStringValue" - Id = "FakeStringValue" - realm = "FakeStringValue" - role = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - servers = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunevpnServer -Property @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } -ClientOnly) - ) - SupportsScopeTags = $True - Version = 25 - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - customData = @( - @{ - value = "FakeStringValue" - key = "FakeStringValue" - } - ) - role = "FakeStringValue" - realm = "FakeStringValue" - connectionType = "ciscoAnyConnect" - connectionName = "FakeStringValue" - servers = @( - @{ - address = "FakeStringValue" - description = "FakeStringValue" - } - ) - authenticationMethod = "certificate" - fingerprint = "FakeStringValue" - customKeyValueData = @( - @{ - value = "FakeStringValue" - name = "FakeStringValue" - } - ) - } - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsEdition = @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsVersion = @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - Version = 7 - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 - } - } - - Context -Name 'ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - role = "FakeStringValue" - connectionName = "FakeStringValue" - customData = @( - @{ - value = "FakeStringValue" - key = "FakeStringValue" - } - ) - realm = "FakeStringValue" - connectionType = "ciscoAnyConnect" - '@odata.type' = "#microsoft.graph.androidVpnConfiguration" - authenticationMethod = "certificate" - servers = @( - @{ - address = "FakeStringValue" - description = "FakeStringValue" - isDefaultServer = $True - } - ) - fingerprint = "FakeStringValue" - customKeyValueData = @( - @{ - value = "FakeStringValue" - name = "FakeStringValue" - } - ) - } - description = "FakeStringValue" - DeviceManagementApplicabilityRuleDeviceMode = @{ - DeviceMode = "standardConfiguration" - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsEdition = @{ - OsEditionTypes = @("windows10Enterprise") - Name = "FakeStringValue" - RuleType = "include" - } - DeviceManagementApplicabilityRuleOsVersion = @{ - MaxOSVersion = "FakeStringValue" - Name = "FakeStringValue" - MinOSVersion = "FakeStringValue" - RuleType = "include" - } - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - RoleScopeTagIds = @("FakeStringValue") - SupportsScopeTags = $True - Version = 25 - - } - } - } - - It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 new file mode 100644 index 0000000000..32b2075d4e --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 @@ -0,0 +1,477 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneVPNConfigurationPolicyAndroidEnterprise' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneVPNConfigurationPolicyAndroidEnterprise doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + address = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneVPNConfigurationPolicyAndroidEnterprise already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + address = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.CHANGED.com' #changed value + } + ) + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + targetedMobileApps = @( + @{ + address = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' # + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + address = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + targetedMobileApps = @( + @{ + address = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file From 1e6b3811c33f1f2cf2dc1d51913d9338b14a7f19 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Tue, 3 Dec 2024 18:51:45 +0000 Subject: [PATCH 03/45] Work in progress for DeviceOwner and Enterprise modules --- ...onfigurationPolicyAndroidDeviceOwner.psm1} | 502 +++++------------- ...urationPolicyAndroidDeviceOwner.schema.mof | 74 +++ ...IntuneVPNConfigurationPolicyIOS.schema.mof | 101 ---- .../readme.md | 4 +- .../settings.json | 4 +- ...NConfigurationPolicyAndroidEnterprise.psm1 | 14 +- ...gurationPolicyAndroidEnterprise.schema.mof | 2 +- 7 files changed, 227 insertions(+), 474 deletions(-) rename Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/{MSFT_IntuneVPNConfigurationPolicyIOS.psm1 => MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1} (75%) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 similarity index 75% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 index eea9be1cc9..753e005c84 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 @@ -16,68 +16,68 @@ function Get-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, + $alwaysOn, [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $server, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -115,65 +115,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - #latest updates - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) try @@ -212,23 +154,23 @@ function Get-TargetResource { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` } } #endregion if ($null -eq $getValue) { - Write-Verbose -Message "No Intune VPN Policy for iOS with Id {$id} was found" + Write-Verbose -Message "No Intune VPN Policy for Android Device Owner with Id {$id} was found" return $nullResult } $Id = $getValue.Id - Write-Verbose -Message "An Intune VPN Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune VPN Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" $complexServers = @() - foreach ($currentservers in $getValue.AdditionalProperties.server) + foreach ($currentservers in $getValue.AdditionalProperties.servers) { $myservers = @{} $myservers.Add('address', $currentservers.address) @@ -296,21 +238,21 @@ function Get-TargetResource Id = $getValue.Id Description = $getValue.Description DisplayName = $getValue.DisplayName + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod connectionName = $getValue.AdditionalProperties.connectionName - connectionType = $getValue.AdditionalProperties.connectionType - enableSplitTunneling = $getValue.AdditionalProperties.enableSplitTunneling - authenticationMethod = $getValue.AdditionalProperties.authenticationMethod - safariDomains = $getValue.AdditionalProperties.safariDomains - associatedDomains = $getValue.AdditionalProperties.associatedDomains - excludedDomains = $getValue.AdditionalProperties.excludedDomains - optInToDeviceIdSharing = $getValue.AdditionalProperties.optInToDeviceIdSharing - excludeList = $getValue.AdditionalProperties.excludeList - server = $complexServers - customData = $complexCustomData #$getValue.AdditionalProperties.customData - customKeyValueData = $complexCustomKeyValueData #$getValue.AdditionalProperties.customKeyValueData - onDemandRules = $getValue.AdditionalProperties.onDemandRules + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + servers = $complexServers + connectionType = $getValue.AdditionalProperties.connectionType proxyServer = $complexProxyServers - targetedMobileApps = $complexTargetedMobileApps #$getValue.AdditionalProperties.targetedMobileApps + targetedPackageIds = $getValue.AdditionalProperties.targetedPackageIds + targetedMobileApps = $complexTargetedMobileApps + alwaysOn = $getValue.AdditionalProperties.alwaysOn + alwaysOnLockdown = $getValue.AdditionalProperties.alwaysOnLockdown + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + proxyExclusionList = $getValue.AdditionalProperties.proxyExclusionList + customData = $complexCustomData + customKeyValueData = $complexCustomKeyValueData Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -319,21 +261,6 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens - version = $getValue.AdditionalProperties.version - loginGroupOrDomain = $getValue.AdditionalProperties.loginGroupOrDomain - role = $getValue.AdditionalProperties.role - realm = $getValue.AdditionalProperties.realm - identifier = $getValue.AdditionalProperties.identifier - enablePerApp = $getValue.AdditionalProperties.enablePerApp - providerType = $getValue.AdditionalProperties.providerType - disableOnDemandUserOverride = $getValue.AdditionalProperties.disableOnDemandUserOverride - disconnectOnIdle = $getValue.AdditionalProperties.disconnectOnIdle - disconnectOnIdleTimerInSeconds = $getValue.AdditionalProperties.disconnectOnIdleTimerInSeconds - microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId - cloudName = $getValue.AdditionalProperties.cloudName - strictEnforcement = $getValue.AdditionalProperties.strictEnforcement - userDomain = $getValue.AdditionalProperties.userDomain - } $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id @@ -377,68 +304,68 @@ function Set-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, + $alwaysOn, [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $server, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -476,65 +403,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - #latest updates - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) try @@ -567,12 +436,12 @@ function Set-TargetResource #creating hashtables now for use later in both present/present and present/absent blocks $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters - if ($allTargetValues -match '\bserver=\(\{([^\)]+)\}\)') + <# if ($allTargetValues -match '\bservers=\(\{([^\)]+)\}\)') { $serverBlock = $matches[1] } - $serverHashtable = @{} + $serverHashtable = @{} $serverBlock -split ";" | ForEach-Object { if ($_ -match '^(.*?)=(.*)$') { $key = $matches[1].Trim() @@ -580,6 +449,7 @@ function Set-TargetResource $serverHashtable[$key] = $value } } +#> if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') { $proxyBlock = $matches[1] @@ -620,12 +490,7 @@ function Set-TargetResource $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } } - - if ($AdditionalProperties.server) - { - $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier - } + if ($AdditionalProperties.proxyServer) { $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept @@ -674,20 +539,14 @@ function Set-TargetResource } } - if ($AdditionalProperties) + if ($AdditionalProperties.proxyServer) { - - if ($AdditionalProperties.server) - { - $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier - } - if ($AdditionalProperties.proxyServer) - { - $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept - $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier - } - + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + if ($AdditionalProperties) + { #add the additional properties to the updateparameters $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } @@ -728,68 +587,68 @@ function Test-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, [Parameter()] [System.String] - $connectionName, + $role, [Parameter()] - [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $connectionType, + $realm, [Parameter()] - [System.Boolean] - $enableSplitTunneling, - + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + [Parameter()] - [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] [System.String] - $authenticationMethod, - - [Parameter()] - [System.string[]] - $safariDomains, + $connectionType, [Parameter()] - [System.string[]] - $associatedDomains, + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, [Parameter()] [System.string[]] - $excludedDomains, + $targetedPackageIds, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $proxyServer, + $targetedMobileApps, [Parameter()] [System.Boolean] - $optInToDeviceIdSharing, + $alwaysOn, [Parameter()] - [System.string[]] - $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $server, + [System.Boolean] + $alwaysOnLockdown, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customData, + [System.string] + $microsoftTunnelSiteId, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $customKeyValueData, + [System.string[]] + $proxyExclusionList, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $onDemandRules, + $customData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] - $targetedMobileApps, + $customKeyValueData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -827,64 +686,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $AccessTokens, - - [Parameter()] - [System.UInt32] - $version, - - [Parameter()] - [System.String] - $loginGroupOrDomain, - - [Parameter()] - [System.String] - $role, - - [Parameter()] - [System.String] - $realm, - - [Parameter()] - [System.String] - $identifier, - - [Parameter()] - [System.Boolean] - $enablePerApp, - - [Parameter()] - [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] - [System.String] - $providerType, - - [Parameter()] - [System.Boolean] - $disableOnDemandUserOverride, - - [Parameter()] - [System.Boolean] - $disconnectOnIdle, - - [Parameter()] - [System.UInt32] - $disconnectOnIdleTimerInSeconds, - - [Parameter()] - [System.String] - $microsoftTunnelSiteId, - - [Parameter()] - [System.String] - $cloudName, - - [Parameter()] - [System.Boolean] - $strictEnforcement, - - [Parameter()] - [System.String] - $userDomain + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -1018,7 +820,7 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` -ErrorAction Stop | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` } #endregion @@ -1070,33 +872,18 @@ function Export-TargetResource } } - if ($null -ne $Results.server) + if ($null -ne $Results.servers) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.server ` + -ComplexObject $Results.servers ` -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { - $Results.server = $complexTypeStringResult - } - else - { - $Results.Remove('server') | Out-Null - } - } - - if ($null -ne $Results.onDemandRules) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.onDemandRules ` - -CIMInstanceName 'MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule' #MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule - if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) - { - $Results.onDemandRules = $complexTypeStringResult + $Results.servers = $complexTypeStringResult } else { - $Results.Remove('onDemandRules') | Out-Null + $Results.Remove('servers') | Out-Null } } @@ -1166,14 +953,9 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.server) + if ($Results.servers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "server" -isCIMArray:$True - } - - if ($Results.onDemandRules) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "onDemandRules" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True } if ($Results.proxyServer) @@ -1248,38 +1030,24 @@ function Get-M365DSCAdditionalProperties ) $additionalProperties = @( + 'authenticationMethod' 'connectionName' + 'role' + 'realm' + 'servers' 'connectionType' - 'enableSplitTunneling' - 'authenticationMethod' - 'enablePerApp' - 'safariDomains' - 'associatedDomains' - 'excludedDomains' - 'disableOnDemandUserOverride' - 'disconnectOnIdle' 'proxyServer' - 'optInToDeviceIdSharing' - 'excludeList' + 'targetedPackageIds' + 'targetedMobileApps' + 'alwaysOn' + 'alwaysOnLockdown' 'microsoftTunnelSiteId' - 'server' + 'proxyExclusionList' 'customData' 'customKeyValueData' - 'onDemandRules' - 'targetedMobileApps' - 'version' - 'loginGroupOrDomain' - 'role' - 'realm' - 'identifier' - 'providerType' - 'disconnectOnIdleTimerInSeconds' - 'cloudName' - 'strictEnforcement' - 'userDomain' ) - $results = @{'@odata.type' = '#microsoft.graph.iosVpnConfiguration' } + $results = @{'@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' } $cloneProperties = $Properties.clone() foreach ($property in $cloneProperties.Keys) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof new file mode 100644 index 0000000000..7fa9bb2c06 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -0,0 +1,74 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String name; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidDeviceOwner")] +class MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[]; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Targeted App package IDs.")] String targetedPackageIds[]; + [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[]; + [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn; + [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof deleted file mode 100644 index afb00a93df..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof +++ /dev/null @@ -1,101 +0,0 @@ -[ClassVersion("1.0.0.0")] -class MSFT_DeviceManagementConfigurationPolicyAssignments -{ - [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; - [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; - [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; - [Write, Description("The group Id that is the target of the assignment.")] String groupId; - [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; - [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; -}; -[ClassVersion("1.0.0.0")] -class MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule -{ - [Write, Description("Network Service Set Identifiers (SSIDs).")] String ssids[]; - [Write, Description("DNS Search Domains.")] String dnsSearchDomains[]; - [Write, Description("A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches.")] String probeUrl; - [Write, Description("Action. Possible values are: connect, evaluateConnection, ignore, disconnect."), ValueMap{"connect", "evaluateConnection", "ignore", "disconnect"}, Values{"connect", "evaluateConnection", "ignore", "disconnect"}] String action; - [Write, Description("Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect."), ValueMap{"connectIfNeeded", "neverConnect"}, Values{"connectIfNeeded", "neverConnect"}] String domainAction; - [Write, Description("Domains, Only applicable when Action is evaluate connection.")] String domains[]; - [Write, Description("Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded.")] String probeRequiredUrl; - [Write, Description("Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular."), ValueMap{"notConfigured", "ethernet", "wiFi", "cellular"}, Values{"notConfigured", "ethernet", "wiFi", "cellular"}] String interfaceTypeMatch; - [Write, Description("DNS Search Server Address.")] String dnsServerAddressMatch[]; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphVpnServer -{ - [Write, Description("Address (IP address, FQDN or URL)")] String address; - [Write, Description("Description.")] String description; - [Write, Description("Default server.")] Boolean isDefaultServer; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftvpnProxyServer -{ - [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; - [Write, Description("Address.")] String address; - [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; -}; -[ClassVersion("1.0.0")] -class MSFT_targetedMobileApps -{ - [Write, Description("The application name.")] String address; - [Write, Description("The publisher of the application.")] String publisher; - [Write, Description("The Store URL of the application.")] String appStoreUrl; - [Write, Description("The application or bundle identifier of the application.")] String appId; -}; -class MSFT_CustomData -{ - [Write, Description("Key for the custom data entry.")] String key; - [Write, Description("Value for the custom data entry.")] String value; -}; -class MSFT_customKeyValueData -{ - [Write, Description("Name for the custom data entry.")] String name; - [Write, Description("Value for the custom data entry.")] String value; -}; - -[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyIOS")] -class MSFT_IntuneVPNConfigurationPolicyIOS : OMI_BaseResource -{ - [Write, Description("Id of the Intune policy.")] String Id; - [Key, Description("Display name of the Intune policy.")] String DisplayName; - [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Connection name displayed to the user.")] String connectionName; - [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; - [Write, Description("Send all network traffic through VPN.")] Boolean enableSplitTunneling; - [Write, Description("Authentication method for this VPN connection."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; - [Write, Description("Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.")] String safariDomains[]; - [Write, Description("Associated Domains. These domains will be linked with the VPN configuration.")] String associatedDomains[]; - [Write, Description("Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated.")] String excludedDomains[]; - [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; - [Write, Description("Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.")] Boolean optInToDeviceIdSharing; - [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String excludeList[]; - [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String server[]; - [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customData")] String customData[]; - [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; - [Write, Description("On-Demand Rules. This collection can contain a maximum of 500 elements."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule")] String onDemandRules[]; - [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String targetedMobileApps[]; - [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; - [Write, Description("Version of the device configuration. Inherited from deviceConfiguration.")] uint32 version; - [Write, Description("Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration.")] String loginGroupOrDomain; - [Write, Description("Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String role; - [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String realm; - [Write, Description("Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration.")] String identifier; - [Write, Description("Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration.")] Boolean enablePerApp; - [Write, Description("Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel."), ValueMap{"notConfigured", "appProxy", "packetTunnel"}, Values{"notConfigured", "appProxy", "packetTunnel"}] String providerType; - [Write, Description("Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration.")] Boolean disableOnDemandUserOverride; - [Write, Description("Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration")] Boolean disconnectOnIdle; - [Write, Description("The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration.")] uint32 disconnectOnIdleTimerInSeconds; - [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; - [Write, Description("Zscaler only. Zscaler cloud which the user is assigned to.")] String cloudName; - [Write, Description("Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked.")] Boolean strictEnforcement; - [Write, Description("Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.")] String userDomain; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md index a82c357af2..7b5f001ecb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md @@ -1,6 +1,6 @@ -# IntuneVPNConfigurationPolicyIOS +# IntuneVPNConfigurationPolicyAndroidDeviceOwner ## Description -This resource configures an Intune VPN Configuration Policy for iOS Device. +This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json index 48a95f699a..a2d19acdc4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json @@ -1,6 +1,6 @@ { - "resourceName": "IntuneVPNConfigurationPolicyIOS", - "description": "This resource configures an Intune VPN Configuration Policy for iOS Device.", + "resourceName": "IntuneVPNConfigurationPolicyAndroidDeviceOwner", + "description": "This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices.", "permissions": { "graph": { "delegated": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 index ead0aeb093..cb501ded05 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -490,7 +490,13 @@ function Set-TargetResource $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } } - + + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) #region resource generator code @@ -533,6 +539,12 @@ function Set-TargetResource } } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties) { #add the additional properties to the updateparameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof index f1c432dfa5..384e163043 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof @@ -25,7 +25,7 @@ class MSFT_MicrosoftvpnProxyServer [ClassVersion("1.0.0")] class MSFT_targetedMobileApps { - [Write, Description("The application name.")] String address; + [Write, Description("The application name.")] String name; [Write, Description("The publisher of the application.")] String publisher; [Write, Description("The Store URL of the application.")] String appStoreUrl; [Write, Description("The application or bundle identifier of the application.")] String appId; From 59bb71faffcc258ea0e963ef55d0f70636fdd16d Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 4 Dec 2024 08:24:29 +0100 Subject: [PATCH 04/45] Added CSV-option to New-M365DSCReportFromConfiguration --- .../Modules/M365DSCReport.psm1 | 95 ++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 7258cda1bd..4dca1767d0 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -554,6 +554,95 @@ function New-M365DSCConfigurationToExcel $excel.Quit() } +<# +.Description +This function creates a new CSV file from the specified exported configuration + +.Functionality +Internal, Hidden +#> +function New-M365DSCConfigurationToCSV +{ + [CmdletBinding()] + param + ( + [Parameter()] + [Array] + $ParsedContent, + + [Parameter(Mandatory = $true)] + [System.String] + $OutputPath + ) + + $modelRow = @{'Component Name'=$null; Property=$null; Value = $null} + $row = 0 + $csvOutput = @() + + foreach ($resource in $parsedContent) + { + $beginRow = $row + foreach ($property in $resource.Keys) + { + $newRow = $modelRow.Clone() + if ($property -ne 'ResourceName' -and $property -ne 'Credential') + { + $newRow.'Component Name' = $resource.ResourceName + $newRow.Property = $property + try + { + if ([System.String]::IsNullOrEmpty($resource.$property)) + { + $newRow.Value = "`$Null" + } + else + { + if ($resource.$property.GetType().Name -eq 'Object[]') + { + $value = $resource.$property | Out-String + $newRow.Value = $value + } + else + { + $value = ($resource.$property).ToString().Replace('$', '') + $value = $value.Replace('@', '') + $value = $value.Replace('(', '') + $value = $value.Replace(')', '') + $newRow.Value = $value + } + } + + } + catch + { + New-M365DSCLogEntry -Message 'Error during conversion to CSV:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + if ($property -in @('Identity', 'Name', 'IsSingleInstance', 'DisplayName')) + { + $OriginPropertyName = $csvOutput[$beginRow].Property + $OriginPropertyValue = $csvOutput[$beginRow].Value + $CurrentPropertyName = $newRow.Property + $CurrentPropertyValue = $newRow.Value + + $csvOutput[$beginRow].Property = $CurrentPropertyName + $csvOutput[$beginRow].Value = $CurrentPropertyValue + $newRow.Property = $OriginPropertyName + $newRow.Value = $OriginPropertyValue + + } + $csvOutput += [pscustomobject]$newRow + $row++ + } + } + } + $csvOutput | Out-File -FilePath $OutputPath -Encoding utf8 -Force +} + <# .Description This function creates a report from the specified exported configuration, @@ -586,7 +675,7 @@ function New-M365DSCReportFromConfiguration param ( [Parameter(Mandatory = $true)] - [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown')] + [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown', 'CSV')] [System.String] $Type, @@ -638,6 +727,10 @@ function New-M365DSCReportFromConfiguration $templateName = $Template.Name.Split('.')[0] New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName } + 'CSV' + { + New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath + } } } else From 90843fe3b7bb2467c0959abfd5d9cd4c97d6a893 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 4 Dec 2024 09:22:21 +0100 Subject: [PATCH 05/45] fix CSV output-format --- Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 4dca1767d0..1d194367d9 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -640,7 +640,7 @@ function New-M365DSCConfigurationToCSV } } } - $csvOutput | Out-File -FilePath $OutputPath -Encoding utf8 -Force + $csvOutput | Export-Csv -Path $OutputPath -Encoding UTF8 -Delimiter ',' -NoTypeInformation } <# From 2da4f66afc2557497e576c66cdbcf486fe78dfc3 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 4 Dec 2024 12:37:14 +0100 Subject: [PATCH 06/45] added dynamic parameter that is only used with Type CSV --- .../Modules/M365DSCReport.psm1 | 36 +++++++++++++++++-- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 1d194367d9..9ad01fa90e 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -572,7 +572,11 @@ function New-M365DSCConfigurationToCSV [Parameter(Mandatory = $true)] [System.String] - $OutputPath + $OutputPath, + + [Parameter()] + [System.String] + $Delimiter = ',' ) $modelRow = @{'Component Name'=$null; Property=$null; Value = $null} @@ -640,7 +644,7 @@ function New-M365DSCConfigurationToCSV } } } - $csvOutput | Export-Csv -Path $OutputPath -Encoding UTF8 -Delimiter ',' -NoTypeInformation + $csvOutput | Export-Csv -Path $OutputPath -Encoding UTF8 -Delimiter $Delimiter -NoTypeInformation } <# @@ -687,6 +691,31 @@ function New-M365DSCReportFromConfiguration [System.String] $OutputPath ) + DynamicParam # parameter 'Delimiter' is only available when Type = 'CSV' + { + $paramDictionary = [System.Management.Automation.RuntimeDefinedParameterDictionary]::new() + if ($Type -eq 'CSV') + { + $delimiterAttr = [System.Management.Automation.ParameterAttribute]::New() + $delimiterAttr.Mandatory = $false + $attributeCollection = [System.Collections.ObjectModel.Collection[System.Attribute]]::New() + $attributeCollection.Add($delimiterAttr) + $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection) + $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel + $paramDictionary.Add("Delimiter", $delimiterParam) + } + return $paramDictionary + } + +begin +{ + if ($PSBoundParameters.ContainsKey('Delimiter')) + { + $Delimiter = $PSBoundParameters.Delimiter + } +} +process # required with DynamicParam +{ # Validate that the latest version of the module is installed. Test-M365DSCModuleValidity @@ -729,7 +758,7 @@ function New-M365DSCReportFromConfiguration } 'CSV' { - New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath + New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath -Delimiter $Delimiter } } } @@ -738,6 +767,7 @@ function New-M365DSCReportFromConfiguration Write-Warning -Message "Parsed content was null. No report was generated." } } +} <# .Description From 386770f71892980d85b0a7e223d935404f3a4c02 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 4 Dec 2024 11:45:09 +0000 Subject: [PATCH 07/45] First PR Adds support for Android Device Owner and Enterprise VPN configurations --- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 2 +- ...NConfigurationPolicyAndroidEnterprise.psm1 | 2 +- ...eVPNConfigurationPolicyAndroid-Example.ps1 | 21 - .../1-Create.ps1 | 75 +++ .../2-Update.ps1 | 75 +++ .../3-Remove.ps1 | 34 ++ ...gurationPolicyAndroidDeviceOwner.Tests.ps1 | 477 ++++++++++++++++++ ...igurationPolicyAndroidEnterprise.Tests.ps1 | 10 +- 8 files changed, 668 insertions(+), 28 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 index 753e005c84..f34b00d45a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 @@ -223,7 +223,7 @@ function Get-TargetResource foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) { $myTMAdata = @{} - $myTMAdata.Add('address', $value.address) + $myTMAdata.Add('name', $value.name) $myTMAdata.Add('publisher', $value.publisher) $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) $myTMAdata.Add('appId', $value.appId) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 index cb501ded05..7c13122890 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -223,7 +223,7 @@ function Get-TargetResource foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) { $myTMAdata = @{} - $myTMAdata.Add('address', $value.address) + $myTMAdata.Add('name', $value.name) $myTMAdata.Add('publisher', $value.publisher) $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) $myTMAdata.Add('appId', $value.appId) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 deleted file mode 100644 index b8a2ed700a..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroid/1-IntuneVPNConfigurationPolicyAndroid-Example.ps1 +++ /dev/null @@ -1,21 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneVPNConfigurationPolicyAndroid 'Example' - { - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 new file mode 100644 index 0000000000..10e519c590 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 @@ -0,0 +1,75 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..db354ee608 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,75 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = '' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.NEWserver.com:8080' #CHANGED VALUE + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..0760ff8be4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 new file mode 100644 index 0000000000..e9fbe0e949 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 @@ -0,0 +1,477 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneVPNConfigurationPolicyAndroidDeviceOwner' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneVPNConfigurationPolicyAndroidDeviceOwner doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneVPNConfigurationPolicyAndroidDeviceOwner already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.CHANGED.com' #changed value + } + ) + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' # + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 index 32b2075d4e..6248661dbb 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 @@ -99,7 +99,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance ` -ClassName MSFT_targetedMobileApps ` -Property @{ - address = 'FakeStringValue' + name = 'FakeStringValue' publisher = 'FakeStringValue' appStoreUrl = 'FakeStringValue' appId = 'FakeStringValue' @@ -175,7 +175,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance ` -ClassName MSFT_targetedMobileApps ` -Property @{ - address = 'FakeStringValue' + name = 'FakeStringValue' publisher = 'FakeStringValue' appStoreUrl = 'FakeStringValue' appId = 'FakeStringValue' @@ -223,7 +223,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) targetedMobileApps = @( @{ - address = 'FakeStringValue' + name = 'FakeStringValue' publisher = 'FakeStringValue' appStoreUrl = 'FakeStringValue' appId = 'FakeStringValue' @@ -295,7 +295,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance ` -ClassName MSFT_targetedMobileApps ` -Property @{ - address = 'FakeStringValue' + name = 'FakeStringValue' publisher = 'FakeStringValue' appStoreUrl = 'FakeStringValue' appId = 'FakeStringValue' @@ -342,7 +342,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) targetedMobileApps = @( @{ - address = 'FakeStringValue' + name = 'FakeStringValue' publisher = 'FakeStringValue' appStoreUrl = 'FakeStringValue' appId = 'FakeStringValue' From a486c917544987a4bb0ced456097d239535d1dcb Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 4 Dec 2024 12:50:03 +0100 Subject: [PATCH 08/45] updated changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 059fe494b6..2641adeced 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ * MISC * M365DSCDRGUtil * Add separate check for strings with ordinal comparison and standardized line breaks. + * M365DSCReport + * Add support for creating report in CSV-format # 1.24.1127.1 From 6c3e137e4fba3e2dbc4bfa31f092da22a33badfb Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 4 Dec 2024 11:57:05 +0000 Subject: [PATCH 09/45] Removed unneeded code and comments --- ...neVPNConfigurationPolicyAndroidDeviceOwner.psm1 | 14 -------------- ...uneVPNConfigurationPolicyAndroidEnterprise.psm1 | 14 -------------- 2 files changed, 28 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 index f34b00d45a..7cce954857 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 @@ -436,20 +436,6 @@ function Set-TargetResource #creating hashtables now for use later in both present/present and present/absent blocks $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters - <# if ($allTargetValues -match '\bservers=\(\{([^\)]+)\}\)') - { - $serverBlock = $matches[1] - } - - $serverHashtable = @{} - $serverBlock -split ";" | ForEach-Object { - if ($_ -match '^(.*?)=(.*)$') { - $key = $matches[1].Trim() - $value = $matches[2].Trim() - $serverHashtable[$key] = $value - } - } -#> if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') { $proxyBlock = $matches[1] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 index 7c13122890..26830190cb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -435,20 +435,6 @@ function Set-TargetResource #proxy and server values need converting before new- / update- cmdlets will accept parameters #creating hashtables now for use later in both present/present and present/absent blocks $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters - - if ($allTargetValues -match '\bservers=\(\{([^\)]+)\}\)') - { - $serverBlock = $matches[1] - } - - $serverHashtable = @{} - $serverBlock -split ";" | ForEach-Object { - if ($_ -match '^(.*?)=(.*)$') { - $key = $matches[1].Trim() - $value = $matches[2].Trim() - $serverHashtable[$key] = $value - } - } if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') { From b06d43f4e66c49db8910d439e65594abf50b483d Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 4 Dec 2024 12:28:28 +0000 Subject: [PATCH 10/45] Added ChangeLog Updates --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f0e3b0325..fa55c5617e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ reading and troubleshooting * IntuneTrustedRootCertificateIOS * Initial release +* IntuneVPNConfigurationPolicyAndroidDeviceOwner + * Initial release +* IntuneVPNConfigurationPolicyAndroidEnterprise + * Initial release * M365DSCDRGUtil * Add separate check for strings with ordinal comparison and standardized line breaks. * M365DSCUtil From 0c2f8ee3dead0cbccca6268e6aaa42112c030e95 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 4 Dec 2024 14:59:10 +0100 Subject: [PATCH 11/45] add separator-line in CSV-file between resources --- Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 9ad01fa90e..aa2e7505db 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -585,6 +585,14 @@ function New-M365DSCConfigurationToCSV foreach ($resource in $parsedContent) { + $newRow = $modelRow.Clone() + if ($row -gt 0) + { + write-verbose "add separator-line in CSV-file between resources" + $newRow.'Component Name' = '======================' + $csvOutput += [pscustomobject]$newRow + $row++ + } $beginRow = $row foreach ($property in $resource.Keys) { From 3127157f16100f08ea418b408dc255a805638aef Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 4 Dec 2024 13:59:12 +0000 Subject: [PATCH 12/45] Fixed typo in examples --- .../IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 | 2 +- .../IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 index 11e82a89de..4bc3f9b8da 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 @@ -35,7 +35,7 @@ Configuration Example DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; Ensure = "Present"; Id = "12345678-1234-abcd-1234-12345678ABCD"; - server = @( + servers = @( MSFT_MicrosoftGraphvpnServer{ isDefaultServer = $True description = 'server' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 index 985814c5b1..2e221f6fe3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 @@ -28,7 +28,6 @@ Configuration Example TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; Assignments = @(); - associatedDomains = @(); authenticationMethod = "usernameAndPassword"; connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; connectionType = "ciscoAnyConnect"; @@ -36,7 +35,7 @@ Configuration Example DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; Ensure = "Present"; Id = "12345678-1234-abcd-1234-12345678ABCD"; - server = @( + servers = @( MSFT_MicrosoftGraphvpnServer{ isDefaultServer = $True description = 'server' From e5312c9fd0cf16aa5cc3c44480cbd821a726d04b Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 4 Dec 2024 22:31:29 +0100 Subject: [PATCH 13/45] Added Unreleased section --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8c8952a7b..c605e0b348 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Change log for Microsoft365DSC +# UNRELEASED + # 1.24.1204.1 * All resources From b576c3f36c7d4de277648be57fbe1401eeb78330 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Thu, 5 Dec 2024 08:14:11 +0100 Subject: [PATCH 14/45] added -message to write-verbose and updated formatting --- Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index aa2e7505db..1d2b633558 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -588,7 +588,7 @@ function New-M365DSCConfigurationToCSV $newRow = $modelRow.Clone() if ($row -gt 0) { - write-verbose "add separator-line in CSV-file between resources" + Write-Verbose -Message "add separator-line in CSV-file between resources" $newRow.'Component Name' = '======================' $csvOutput += [pscustomobject]$newRow $row++ @@ -623,7 +623,6 @@ function New-M365DSCConfigurationToCSV $newRow.Value = $value } } - } catch { @@ -645,7 +644,6 @@ function New-M365DSCConfigurationToCSV $csvOutput[$beginRow].Value = $CurrentPropertyValue $newRow.Property = $OriginPropertyName $newRow.Value = $OriginPropertyValue - } $csvOutput += [pscustomobject]$newRow $row++ From e68ba0649717b331cd4150242153ca4356f9ed94 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Thu, 5 Dec 2024 08:19:22 +0100 Subject: [PATCH 15/45] fixed indentation --- .../Modules/M365DSCReport.psm1 | 104 +++++++++--------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 1d2b633558..1ecbbefb85 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -713,66 +713,66 @@ function New-M365DSCReportFromConfiguration return $paramDictionary } -begin -{ - if ($PSBoundParameters.ContainsKey('Delimiter')) + begin { - $Delimiter = $PSBoundParameters.Delimiter + if ($PSBoundParameters.ContainsKey('Delimiter')) + { + $Delimiter = $PSBoundParameters.Delimiter + } } -} -process # required with DynamicParam -{ - - # Validate that the latest version of the module is installed. - Test-M365DSCModuleValidity - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() - $data.Add('Event', 'Report') - $data.Add('Type', $Type) - Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport' - #endregion - - [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath - - if ($null -ne $parsedContent) + process # required with DynamicParam { - switch ($Type) + + # Validate that the latest version of the module is installed. + Test-M365DSCModuleValidity + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() + $data.Add('Event', 'Report') + $data.Add('Type', $Type) + Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport' + #endregion + + [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath + + if ($null -ne $parsedContent) { - 'Excel' - { - New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath - } - 'HTML' + switch ($Type) { - $template = Get-Item $ConfigurationPath - $templateName = $Template.Name.Split('.')[0] - New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName - } - 'JSON' - { - New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath - } - 'Markdown' - { - $template = Get-Item $ConfigurationPath - $templateName = $Template.Name.Split('.')[0] - New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName - } - 'CSV' - { - New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath -Delimiter $Delimiter + 'Excel' + { + New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath + } + 'HTML' + { + $template = Get-Item $ConfigurationPath + $templateName = $Template.Name.Split('.')[0] + New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName + } + 'JSON' + { + New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath + } + 'Markdown' + { + $template = Get-Item $ConfigurationPath + $templateName = $Template.Name.Split('.')[0] + New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName + } + 'CSV' + { + New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath -Delimiter $Delimiter + } } } + else + { + Write-Warning -Message "Parsed content was null. No report was generated." + } } - else - { - Write-Warning -Message "Parsed content was null. No report was generated." - } -} } <# From 66c15b3bd9a96081a0c1239bb141c78ccd1d4d22 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Thu, 5 Dec 2024 10:13:26 +0000 Subject: [PATCH 16/45] Minor mod to examples --- .../IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 | 1 + .../IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 | 1 + 2 files changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 index 10e519c590..bc5b78f2b0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 @@ -28,6 +28,7 @@ Configuration Example TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; Assignments = @(); + alwaysOn = $False; authenticationMethod = "azureAD"; connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; connectionType = "microsoftProtect"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 index db354ee608..ad62d13621 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 @@ -28,6 +28,7 @@ Configuration Example TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; Assignments = @(); + alwaysOn = $False; authenticationMethod = "azureAD"; connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; connectionType = "microsoftProtect"; From afb0eb588ac17c4a24190e94a99bca1aabd5aab6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Dec 2024 06:55:44 -0500 Subject: [PATCH 17/45] IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile Fixes --- CHANGELOG.md | 5 +- ...ntAndroidDeviceOwnerEnrollmentProfile.psm1 | 100 +++++++++++++++--- ...oidDeviceOwnerEnrollmentProfile.schema.mof | 4 +- 3 files changed, 94 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c605e0b348..3fd9dba19d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,10 @@ # UNRELEASED -# 1.24.1204.1 +* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile + * Fixing issue with the way the QrCodeImage propety was exported and handled. + +# 1.24.12024.1 * All resources * Applying project default formatting on all files, to improve diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 index 1595ccce2b..94ac105d20 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -50,7 +50,7 @@ function Get-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -149,6 +149,14 @@ function Get-TargetResource -All ` -Filter "displayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue + + # Need to do another call by id to get QrCode info. Can't just expand the property. + if ($null -ne $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message 'Found by DisplayName, now retrieving additional details by id.' + $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` + -AndroidDeviceOwnerEnrollmentProfileId $androidDeviceOwnerEnrollmentProfile.Id + } } if ($null -eq $androidDeviceOwnerEnrollmentProfile) @@ -157,6 +165,15 @@ function Get-TargetResource return $nullResult } + $QrCodeImageValue = $null + if ($null -ne $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type) + { + $QrCodeImageValue = @{ + type = $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type + value = [Array] ($androidDeviceOwnerEnrollmentProfile.QrCodeImage.Value -join ',') + } + } + $results = @{ Id = $androidDeviceOwnerEnrollmentProfile.Id DisplayName = $androidDeviceOwnerEnrollmentProfile.DisplayName @@ -169,7 +186,7 @@ function Get-TargetResource EnrollmentTokenUsageCount = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenUsageCount IsTeamsDeviceProfile = $androidDeviceOwnerEnrollmentProfile.IsTeamsDeviceProfile QrCodeContent = $androidDeviceOwnerEnrollmentProfile.QrCodeContent - QrCodeImage = $androidDeviceOwnerEnrollmentProfile.QrCodeImage + QrCodeImage = $QrCodeImageValue RoleScopeTagIds = $androidDeviceOwnerEnrollmentProfile.RoleScopeTagIds TokenCreationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenCreationDateTime.ToString() TokenExpirationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenExpirationDateTime.ToString() @@ -253,7 +270,7 @@ function Set-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -334,6 +351,21 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + if ($null -ne $QrCodeImage) + { + $QrCodeImageValue = @{ + type = $QrCodeImage.type + value = [System.Byte[]] @() + } + + foreach ($byteValue in $QrCodeImage.value) + { + $convertedValue = [System.Byte]([BitConverter]::GetBytes($byteValue))[0] + $QrCodeImageValue.value += $convertedValue + } + $setParameters.QrCodeImage = $QrCodeImageValue + $setParameters.QrCodeImage.value = [System.Byte[]]($setParameters.QrCodeImage.value) + } # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -411,7 +443,7 @@ function Test-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -491,19 +523,42 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of AndroidDeviceOwnerEnrollmentProfile: {$DisplayName}" + $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('WifiPassword') | Out-Null - $CurrentValues = Get-TargetResource @PSBoundParameters + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + Write-Verbose -Message "Found drift in property {$key}" + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + if ($TestResult) + { + $TestResult = Test-M365DSCParameterState ` + -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys - $TestResult = Test-M365DSCParameterState ` - -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $TestResult" + } return $TestResult } @@ -598,12 +653,33 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ($Results.QrCodeImage) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.QrCodeImage ` + -CIMInstanceName 'IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage' + if ($complexTypeStringResult) + { + $Results.QrCodeImage = $complexTypeStringResult + $Results.QrCodeImage = $Results.QrCodeImage.ReplacE("@('", "@(").Replace("')", "`)") + } + else + { + $Results.Remove('QrCodeImage') | Out-Null + } + } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + + if ($Results.QrCodeImage) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'QrCodeImage' -IsCIMArray:$false + + } + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof index 22fe3fc6f1..e1f919cd70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof @@ -2,7 +2,7 @@ class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage { [Write, Description("Indicates the content mime type.")] String type; - [Write, Description("The byte array that contains the actual content.")] String value; + [Write, Description("The byte array that contains the actual content.")] UInt32 value[]; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile")] @@ -21,7 +21,7 @@ class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseRe [Write, Description("Total number of Android devices that have enrolled using this enrollment profile.")] UInt32 EnrolledDeviceCount; [Write, Description("Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000")] UInt32 EnrollmentTokenUsageCount; [Write, Description("String used to generate a QR code for the token.")] String QrCodeContent; - [Write, Description("String used to generate a QR code for the token.")] String QrCodeImage; + [Write, Description("String used to generate a QR code for the token."), EmbeddedInstance("MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage")] String QrCodeImage; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.")] Boolean ConfigureWifi; [Write, Description("String that contains the wi-fi login ssid")] String WifiSsid; From 5a7f2036269bc91f26e408a97122e8ced9db485d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Dec 2024 06:56:49 -0500 Subject: [PATCH 18/45] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fd9dba19d..f13236c777 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ # UNRELEASED * IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile - * Fixing issue with the way the QrCodeImage propety was exported and handled. + * Fixing issue with the way the QrCodeImage property was exported and handled. # 1.24.12024.1 From b65a6d18896665a1b23dc3bb8376875fbe9b4a17 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Dec 2024 07:49:12 -0500 Subject: [PATCH 19/45] Various Fixes --- CHANGELOG.md | 4 ++-- ...gementAndroidDeviceOwnerEnrollmentProfile.psm1} | 3 ++- ...AndroidDeviceOwnerEnrollmentProfile.schema.mof} | 8 ++++---- .../readme.md | 2 +- .../settings.json | 2 +- .../1-Create.ps1 | 2 +- .../2-Update.ps1 | 2 +- .../3-Remove.ps1 | 2 +- Modules/Microsoft365DSC/SchemaDefinition.json | 4 ++-- .../M365DSCIntegration.INTUNE.Create.Tests.ps1 | 14 +++++++------- ...tAndroidDeviceOwnerEnrollmentProfile.Tests.ps1} | 0 ...ManagmentAndroidDeviceOwnerEnrollmentProfile.md | 12 +++++------- 12 files changed, 27 insertions(+), 28 deletions(-) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 => MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1} (99%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof => MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof} (90%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile => MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile}/readme.md (64%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile => MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile}/settings.json (91%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile => IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile}/1-Create.ps1 (91%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile => IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile}/2-Update.ps1 (91%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile => IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile}/3-Remove.ps1 (91%) rename Tests/Unit/Microsoft365DSC/{Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 => Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index f13236c777..56473f1c18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ # UNRELEASED -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Fixing issue with the way the QrCodeImage property was exported and handled. # 1.24.12024.1 @@ -384,7 +384,7 @@ selected * Fixed retrieval of resource when it cannot be found by `Id` * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Initial release. * IntuneEndpointDetectionAndResponsePolicyWindows10 * Fixes an issue with `AutoFromConnector` as the Configuration package type. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 similarity index 99% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 index 94ac105d20..c4cbe29809 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -528,6 +528,7 @@ function Test-TargetResource $ValuesToCheck.Remove('WifiPassword') | Out-Null #Compare Cim instances + $TestResult = $true foreach ($key in $PSBoundParameters.Keys) { $source = $PSBoundParameters.$key @@ -656,7 +657,7 @@ function Export-TargetResource if ($Results.QrCodeImage) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.QrCodeImage ` - -CIMInstanceName 'IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage' + -CIMInstanceName 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage' if ($complexTypeStringResult) { $Results.QrCodeImage = $complexTypeStringResult diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof similarity index 90% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof index e1f919cd70..0fa6acdc22 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof @@ -1,12 +1,12 @@ [ClassVersion("1.0.0.0")] -class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage +class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage { [Write, Description("Indicates the content mime type.")] String type; [Write, Description("The byte array that contains the actual content.")] UInt32 value[]; }; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile")] -class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile")] +class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource { [Key, Description("Display name for the enrollment profile.")] String DisplayName; [Write, Description("Unique GUID for the enrollment profile. Read-Only.")] String Id; @@ -21,7 +21,7 @@ class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseRe [Write, Description("Total number of Android devices that have enrolled using this enrollment profile.")] UInt32 EnrolledDeviceCount; [Write, Description("Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000")] UInt32 EnrollmentTokenUsageCount; [Write, Description("String used to generate a QR code for the token.")] String QrCodeContent; - [Write, Description("String used to generate a QR code for the token."), EmbeddedInstance("MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage")] String QrCodeImage; + [Write, Description("String used to generate a QR code for the token."), EmbeddedInstance("MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage")] String QrCodeImage; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.")] Boolean ConfigureWifi; [Write, Description("String that contains the wi-fi login ssid")] String WifiSsid; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md similarity index 64% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md index 14e5fe1b0d..8b23554c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md @@ -1,4 +1,4 @@ -# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile ## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json similarity index 91% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json index 8507274e9b..243c0277e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json @@ -1,5 +1,5 @@ { - "resourceName": "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile", + "resourceName": "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", "description": "Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management.", "permissions": { "graph": { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 index a5095ed687..8394456533 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 @@ -22,7 +22,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 index c3fe6117bf..0652e3612d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 @@ -21,7 +21,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 index 6bc56f61c7..f4ce34adac 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 @@ -21,7 +21,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index eb7af2d696..45e7adf24f 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -40356,7 +40356,7 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage", + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", "Parameters": [ { "CIMType": "String", @@ -40371,7 +40371,7 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile", + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", "Parameters": [ { "CIMType": "String", diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index b5e98a4478..fdb4ead05c 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -364,7 +364,7 @@ AppleIdentifier = "Apple ID"; Certificate = "FakeCertMIIFdjCCBF6gAwIBAgIIMVIk4qQ3QnQwDQYJKoZIhvcNAQELBQAwgYwxQDA+BgNVBAMMN0FwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0yNDEwMjUxODE0NThaFw0yNTEwMjUxODE0NTdaMIGPMUwwSgYKCZImiZPyLGQBAQw8Y29tLmFwcGxlLm1nbXQuRXh0ZXJuYWwuMDA1NWU3ZTktNDkyYi00ZDQ2LTk2N2EtMjhmYzVkNDllZGI2MTIwMAYDVQQDDClBUFNQOjAwNTVlN2U5LTQ5MmItNGQ0Ni05NjdhLTI4ZmM1ZDQ5ZWRiNjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrEk6ojXS2lXZCW0P6Wtkv36ko7E1pDlu90IbKN+tesevGhghARFrGNJaRnCjjh7m430KMx2HmwuH08VHpevne2ANdSBOgbVD/8tbkfLN4GeO7Z+E0O5WvEKJ0h0IloV4PjhfZm367n7WDBGmAEXp/aUU91TDIGvAlwUB6M/s7WDypfKenpU7VI7BBNHOn/LwaeNyyTsr8/bn+D7CRDPb6UBYPc5wyQoEjgEjByprUB4qkICfjjvDqg0S+x/gkk4U6QDhjFcUb439EpUyUhbYFH/Opjq5uJ22xueTX3FLQII6ZFoPcC/NJLpwdEDGOOHEHb62ahrwTxzYNGoOG5v/NAgMBAAGjggHVMIIB0TAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFPe+fCFgkds9G3vYOjKBad+ebH+bMIIBHAYDVR0gBIIBEzCCAQ8wggELBgkqhkiG92NkBQEwgf0wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5MBMGA1UdJQQMMAoGCCsGAQUFBwMCMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FhaTJjYS5jcmwwHQYDVR0OBBYEFE1pV3J04vJkpwqxzg040WR6U/7IMAsGA1UdDwQEAwIHgDAQBgoqhkiG92NkBgMCBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAPVKFj5stCpsUT+lcC36hzR2wh8/fys/QFNFuFn57x4oe9kBvvyAXqLBhPm/J3lC+0oU/AJf3EYXwTGNxo2gCiPhJcomX3WXnbYrZHU/TH8umhtVgGqd6Xlke9iFwypidHC9dHWmwud4V42oAMZ9FHItSwh5o6rQMoZop7uKD72vxSuunEWFymF9S22DJ0oums1Ya8JmUpNfMzkyGVMMZs1OCYpzQxYpuwC+sMAVfGucp1IRLutccRGYeSV4LTN4CwfWreCPnPGjkBEmGqmusn5t/THirGjRBykUARWFpthx1wmJqHFqeAv4nhbcR/+Fu4gQQQaayX0dauBcU0T57=="; DataSharingConsetGranted = $True; - + Ensure = "Present"; ApplicationId = $ApplicationId; TenantId = $TenantId; @@ -713,7 +713,7 @@ { Name = 'hosted_app' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair { Name = 'user_script' @@ -747,7 +747,7 @@ Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' @@ -756,7 +756,7 @@ Id = '4d654df9-6826-470f-af4e-d37491663c76' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' @@ -2411,7 +2411,7 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile' + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile' { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -2527,7 +2527,7 @@ ApplicationId = $ApplicationId; TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; - + } IntuneEndpointDetectionAndResponsePolicyMacOS 'myEDRPolicy' { @@ -2540,7 +2540,7 @@ ApplicationId = $ApplicationId; TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; - + } IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 similarity index 100% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 diff --git a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md index 5418d04e0f..e5bbfaa8ad 100644 --- a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md +++ b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md @@ -1,4 +1,4 @@ -# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile ## Parameters @@ -32,7 +32,7 @@ | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | -### MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage +### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage #### Parameters @@ -97,8 +97,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost - { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -147,7 +146,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -195,8 +194,7 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC node localhost - { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; From 7320bbf0c4d62c983a778baee4ee5f8e9012cad8 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 5 Dec 2024 14:48:47 +0100 Subject: [PATCH 20/45] change eq to match --- .../MSFT_PPPowerAppsEnvironment.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 index 6854e56b39..e496148206 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 @@ -78,7 +78,7 @@ function Get-TargetResource try { - $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -match $DisplayName } if ($null -eq $environment) { From 6bf1b4c41e321c9e5aa8fe0a6005375bea1da005 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 5 Dec 2024 14:51:45 +0100 Subject: [PATCH 21/45] Add change log --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b49ce39589..4a297fc8e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,8 @@ FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) * EXOTransportRule * Fixed conditional logic for creation and update. +* PPPowerAppsEnvironmant + * Fixed [[#5508](https://github.com/microsoft/Microsoft365DSC/issues/5508)] * IntuneTrustedRootCertificateIOS * Initial release * IntuneVPNConfigurationPolicyIOS From c1cd37d435021c253a70905658d32ba39afd947e Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Thu, 5 Dec 2024 15:18:52 +0100 Subject: [PATCH 22/45] Fix export of Firewall policy settings --- CHANGELOG.md | 3 + .../MSFT_IntuneFirewallPolicyWindows10.psm1 | 9 +- ...SC.IntuneFirewallPolicyWindows10.Tests.ps1 | 144 ++++++++++++++++++ 3 files changed, 155 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c605e0b348..65d9636efd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* IntuneFirewallPolicyWindows10 + * Fix export of properties that appear multiple times in subsections. + # 1.24.1204.1 * All resources diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index 143dd5854a..b8bf713da7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -492,12 +492,19 @@ function Get-TargetResource # Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -All ` -DeviceManagementConfigurationPolicyId $Id ` -ExpandProperty 'settingDefinitions' ` -ErrorAction Stop + $policyTemplateId = $getValue.TemplateReference.TemplateId + [array]$settingDefinitions = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate ` + -DeviceManagementConfigurationPolicyTemplateId $policyTemplateId ` + -ExpandProperty 'settingDefinitions' ` + -All ` + -ErrorAction Stop | Select-Object -ExpandProperty SettingDefinitions $policySettings = @{} - $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -AllSettingDefinitions $settingDefinitions $results = @{ #region resource generator code diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 index 9dae7098d7..f4455f536b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 @@ -279,6 +279,150 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -MockWith { + return @( + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp' + Name = 'DisableStatefulFtp' + OffsetUri = '/MdmStore/Global/DisableStatefulFtp' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/DomainProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/PublicProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + } + ) + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + Name = 'Target' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/Target' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + } + ) + name = 'WSL' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + Name = '{VMCreatorId}' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + ) + maximumCount = 1 + minimumCount = 0 + } + } + ) + } + ) + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { } From 3e20acf5215af4243f970c513044360957bd0d2d Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Thu, 5 Dec 2024 18:06:19 +0100 Subject: [PATCH 23/45] Restrict nested object creation and generation --- CHANGELOG.md | 5 + .../Modules/M365DSCDRGUtil.psm1 | 34 +++++- .../M365DSCResourceGenerator.psm1 | 112 ++++++++++++------ 3 files changed, 107 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c605e0b348..f8c56ca5b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ # UNRELEASED +* M365DSCDRGUtil + * Improve settings catalog handling for nested objects. +* M365DSCResourceGenerator + * Fixes an issue with nested object creation. + # 1.24.1204.1 * All resources diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index d7b2a9be5a..2858541d08 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -831,7 +831,11 @@ function Convert-M365DSCDRGComplexTypeToHashtable [Parameter()] [switch] - $SingleLevel + $SingleLevel, + + [Parameter()] + [switch] + $ExcludeUnchangedProperties ) if ($null -eq $ComplexObject) @@ -854,6 +858,24 @@ function Convert-M365DSCDRGComplexTypeToHashtable #However, an array can be preserved on return by prepending it with the array construction operator (,) return , [hashtable[]]$results } + + if ($SingleLevel) + { + $returnObject = @{} + $keys = $ComplexObject.CimInstanceProperties | Where-Object -FilterScript { $_.Name -ne 'PSComputerName' } + foreach ($key in $keys) + { + if ($ExcludeUnchangedProperties -and -not $key.IsValueModified) + { + continue + } + $propertyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + $propertyValue = $ComplexObject.$($key.Name) + $returnObject.Add($propertyName, $propertyValue) + } + return [hashtable]$returnObject + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) @@ -1656,8 +1678,8 @@ function Get-IntuneSettingCatalogPolicySetting $userSettingTemplates = $SettingTemplates | Where-object -FilterScript { $_.SettingInstanceTemplate.SettingDefinitionId.StartsWith("user_") } - $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel - $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel + $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel -ExcludeUnchangedProperties + $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel -ExcludeUnchangedProperties $combinedSettingInstances = @() $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $deviceDscParams -SettingTemplates $deviceSettingTemplates $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $userDscParams -SettingTemplates $userSettingTemplates @@ -1692,8 +1714,8 @@ function Get-IntuneSettingCatalogPolicySetting } $settingValueName = $settingType.Replace('#microsoft.graph.deviceManagementConfiguration', '').Replace('Instance', 'Value') $settingValueName = $settingValueName.Substring(0, 1).ToLower() + $settingValueName.Substring(1, $settingValueName.length - 1 ) - $settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type' - if ($null -ne $settingValueType) + [string]$settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type' + if (-not [System.String]::IsNullOrEmpty($settingValueType)) { $settingValueType = $settingValueType.Replace('ValueTemplate', 'Value') } @@ -1838,7 +1860,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $DSCParams = @{ $cimDSCParamsName = if ($instanceCount -eq 1) { $newDSCParams.$cimDSCParamsName[0] } else { $newDSCParams.$cimDSCParamsName } } - $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren + $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren + $SettingDefinition } for ($i = 0; $i -lt $instanceCount; $i++) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index c23fd156db..f89162869b 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -388,42 +388,7 @@ $($userDefinitionSettings.MOF -join "`r`n") { $parameter -match '\$.*$' $parameterName = $Matches[0].Replace('$', '') - $parameterType = 'IntuneSettingsCatalog' + $parameterName + $(if ($parameterName -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" }) - $cimInstance = $definitionSettings.MOFInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" } - $rowFilter = '\[.*;' - $cimRows = [regex]::Matches($cimInstance, $rowFilter) | Foreach-Object { - $_.Value - } - $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;' - $cimProperties = @() - foreach ($row in $cimRows) - { - $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object { - $props = @{ - Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '') - IsArray = $_.Value.Contains('[]') - IsComplexType = $row.Contains('EmbeddedInstance') - } - if ($props.IsComplexType) - { - Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually." - $props.Type = $row.Split(' ')[2].Replace('EmbeddedInstance("', '').Replace('")]', '') - } - $props - } - } - $parameterInformation += @{ - Name = $parameterName - IsComplexType = $true - IsMandatory = $false - IsArray = $parameter -match '\[.*\[\]\]' - Type = $parameterType - Properties = $cimProperties - } - - Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. " - Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template." - Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly." + $parameterInformation += Get-ComplexParameter -Parameter $parameterName -CimInstance $definitionSettings.MOFInstance -ResourceName $ResourceName } Write-Warning -Message "* Update all occurences of 'Name' from parameters to 'DisplayName', since security and settings catalog policies use 'Name' internally, but the DSC resource uses 'DisplayName' for clarity." @@ -1375,6 +1340,77 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments } } +function Get-ComplexParameter { + param ( + [Parameter(Mandatory = $true)] + [System.String] + $Parameter, + + [Parameter(Mandatory = $true)] + [System.String] + $CimInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $ResourceName + ) + + $parameterType = 'IntuneSettingsCatalog' + $Parameter + $(if ($Parameter -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" }) + $filteredCimInstance = $CimInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" } + $splittedCimInstance = $filteredCimInstance.Split("`n") + $rowFilter = '\[.*;' + $startRow = for ($i = 0; $i -lt $splittedCimInstance.Count; $i++) { + if ($splittedCimInstance[$i] -like "*$parameterType*") + { + $i + break + } + } + $endRow = for ($i = $startRow; $i -lt $splittedCimInstance.Count; $i++) { + if ($splittedCimInstance[$i] -like "*};*") + { + $i + break + } + } + + $cimInstanceOfInterest = $splittedCimInstance[$startRow..$endRow] + $cimRows = [regex]::Matches($cimInstanceOfInterest -join "`n", $rowFilter) | Foreach-Object { + $_.Value + } + $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;' + $cimProperties = @() + foreach ($row in $cimRows) + { + $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object { + $props = @{ + Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '') + IsArray = $_.Value.Contains('[]') + IsComplexType = $row.Contains('EmbeddedInstance') + } + if ($props.IsComplexType) + { + Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually." + $props.Type = $row.Split(', ')[2].Replace('EmbeddedInstance("', '').Split(' ')[0].Replace('")]', '') + $props.Properties = (Get-ComplexParameter -Parameter $props.Name -CimInstance $CimInstance -ResourceName $ResourceName).Properties + } + $props + } + } + @{ + Name = $parameterName + IsComplexType = $true + IsMandatory = $false + IsArray = $parameter -match '\[.*\[\]\]' + Type = $parameterType + Properties = $cimProperties + } + + Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. " + Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template." + Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly." +} + function Get-MgGraphModuleCmdLetDifference { $modules = Get-Module -Name Microsoft.Graph.* -ListAvailable | Sort-Object -Property Name, Version | Out-GridView -PassThru @@ -3933,8 +3969,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { } $instanceName = "MSFT_MicrosoftGraphIntuneSettingsCatalog" - if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or - ($Level -eq 1 -and $type -like "GroupCollection*" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) + if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or + ($Level -eq 1 -and $type -eq "GroupCollectionCollection" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) { $instanceName = $ParentInstanceName + $settingName } From b5eeaf14ef58b7f618141f601b8652d6efabe6e2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Dec 2024 12:46:03 -0500 Subject: [PATCH 24/45] Update settings.json --- .../settings.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json index ea3b134fe1..e2cda87a9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json @@ -15,6 +15,20 @@ "read": [], "update": [] } + }, + "WindowsDefenderATP":{ + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + "Machine.Read.All" + ], + "update": [ + "Machine.ReadWrite.All" + ] + } } } } From bc524b629a52cc733d087dadf535c3fe313fa7dc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 5 Dec 2024 15:16:43 -0500 Subject: [PATCH 25/45] Update MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 --- ...ntAndroidDeviceOwnerEnrollmentProfile.psm1 | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 index c4cbe29809..d2805adee7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -524,18 +524,25 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of AndroidDeviceOwnerEnrollmentProfile: {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = $PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() $ValuesToCheck.Remove('WifiPassword') | Out-Null + $ValuesToCheck.Remove("QrCodeImage") | Out-Null + $ValuesToCheck.Remove("QrCodeContent") | Out-Null + $ValuesToCheck.Remove("TokenValue") | Out-Null + $ValuesToCheck.Remove("TokenCreationDateTime") | Out-Null + $ValuesToCheck.Remove("TokenExpirationDateTime") | Out-Null #Compare Cim instances + Write-Verbose -Message "Evaluating CIM Instances" $TestResult = $true - foreach ($key in $PSBoundParameters.Keys) + $RemainingValuesToCheck = $ValuesToCheck + foreach ($key in $ValuesToCheck.Keys) { - $source = $PSBoundParameters.$key + $source = $ValuesToCheck.$key $target = $CurrentValues.$key if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') { - $testResult = Compare-M365DSCComplexObject ` + $TestResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) @@ -545,18 +552,18 @@ function Test-TargetResource break } - $ValuesToCheck.Remove($key) | Out-Null + $RemainingValuesToCheck.Remove($key) | Out-Null } } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $RemainingValuesToCheck)" if ($TestResult) { $TestResult = Test-M365DSCParameterState ` -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + -ValuesToCheck $RemainingValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" } From 52e2aee93c833fadff83cfd272f738b80e05caa4 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 6 Dec 2024 12:35:03 +0000 Subject: [PATCH 26/45] Updated Resources and Cmdlet documentation pages --- ...mentAndroidDeviceOwnerEnrollmentProfile.md | 223 ++++++++++++++++++ 1 file changed, 223 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md diff --git a/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md new file mode 100644 index 0000000000..7b3ad2b526 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md @@ -0,0 +1,223 @@ +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | Display name for the enrollment profile. | | +| **Id** | Write | String | Unique GUID for the enrollment profile. Read-Only. | | +| **AccountId** | Write | String | Intune AccountId GUID the enrollment profile belongs to. | | +| **Description** | Write | String | Description for the enrollment profile. | | +| **EnrollmentMode** | Write | String | The enrollment mode of devices that use this enrollment profile. | `corporateOwnedDedicatedDevice`, `corporateOwnedFullyManaged`, `corporateOwnedWorkProfile`, `corporateOwnedAOSPUserlessDevice`, `corporateOwnedAOSPUserAssociatedDevice` | +| **EnrollmentTokenType** | Write | String | The enrollment token type for an enrollment profile. | `default`, `corporateOwnedDedicatedDeviceWithAzureADSharedMode`, `deviceStaging` | +| **TokenValue** | Write | String | Value of the most recently created token for this enrollment profile. | | +| **TokenCreationDateTime** | Write | String | Date time the most recently created token was created. | | +| **TokenExpirationDateTime** | Write | String | Date time the most recently created token will expire. | | +| **EnrolledDeviceCount** | Write | UInt32 | Total number of Android devices that have enrolled using this enrollment profile. | | +| **EnrollmentTokenUsageCount** | Write | UInt32 | Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000 | | +| **QrCodeContent** | Write | String | String used to generate a QR code for the token. | | +| **QrCodeImage** | Write | MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage | String used to generate a QR code for the token. | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **ConfigureWifi** | Write | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. | | +| **WifiSsid** | Write | String | String that contains the wi-fi login ssid | | +| **WifiPassword** | Write | PSCredential | String that contains the wi-fi login password. The parameter is a PSCredential object. | | +| **WifiSecurityType** | Write | String | String that contains the wi-fi security type. | `none`, `wpa`, `wep` | +| **WifiHidden** | Write | Boolean | Boolean that indicates if hidden wifi networks are enabled | | +| **IsTeamsDeviceProfile** | Write | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **type** | Write | String | Indicates the content mime type. | | +| **value** | Write | UInt32Array[] | The byte array that contains the actual content. | | + +## Description + +Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Present"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $False; + WifiSecurityType = "none"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Present"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $True; #Drift + WifiSecurityType = "none"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Absent"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $False; + WifiSecurityType = "none"; + } + } +} +``` + From 5495441e7814ded8b4ae4261646ac60d038408bd Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 6 Dec 2024 12:37:28 +0000 Subject: [PATCH 27/45] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 172 +++++++++--------- 1 file changed, 86 insertions(+), 86 deletions(-) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 45e7adf24f..8e8e8806e4 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -40221,100 +40221,110 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagementComplianceSettings", + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", "Parameters": [ { "CIMType": "String", - "Name": "IsSingleInstance", - "Option": "Key" + "Name": "type", + "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "SecureByDefault", + "CIMType": "UInt32[]", + "Name": "value", "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" }, { - "CIMType": "UInt32", - "Name": "DeviceComplianceCheckinThresholdDays", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "AccountId", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "TokenValue", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "TokenCreationDateTime", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "TokenExpirationDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "UInt32", + "Name": "EnrolledDeviceCount", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "UInt32", + "Name": "EnrollmentTokenUsageCount", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay", - "Parameters": [ + }, { "CIMType": "String", - "Name": "Id", - "Option": "Key" + "Name": "QrCodeContent", + "Option": "Write" }, { - "CIMType": "String", - "Name": "BindStatus", + "CIMType": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", + "Name": "QrCodeImage", "Option": "Write" }, { - "CIMType": "String", - "Name": "OwnerUserPrincipalName", + "CIMType": "String[]", + "Name": "RoleScopeTagIds", "Option": "Write" }, { - "CIMType": "String", - "Name": "OwnerOrganizationName", + "CIMType": "Boolean", + "Name": "ConfigureWifi", "Option": "Write" }, { "CIMType": "String", - "Name": "EnrollmentTarget", + "Name": "WifiSsid", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "WifiPassword", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "DeviceOwnerManagementEnabled", + "Name": "WifiHidden", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AndroidDeviceOwnerFullyManagedEnrollmentEnabled", + "Name": "IsTeamsDeviceProfile", "Option": "Write" }, { - "CIMType": "String", + "CIMType": "string", "Name": "Ensure", "Option": "Write" }, @@ -40338,11 +40348,6 @@ "Name": "CertificateThumbprint", "Option": "Write" }, - { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", - "Option": "Write" - }, { "CIMType": "Boolean", "Name": "ManagedIdentity", @@ -40356,110 +40361,100 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", + "ClassName": "MSFT_IntuneDeviceManagementComplianceSettings", "Parameters": [ { "CIMType": "String", - "Name": "type", - "Option": "Write" + "Name": "IsSingleInstance", + "Option": "Key" }, { - "CIMType": "String", - "Name": "value", + "CIMType": "Boolean", + "Name": "SecureByDefault", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", - "Parameters": [ - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Id", + "CIMType": "UInt32", + "Name": "DeviceComplianceCheckinThresholdDays", "Option": "Write" }, { - "CIMType": "String", - "Name": "AccountId", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "TokenValue", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "String", - "Name": "TokenCreationDateTime", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "TokenExpirationDateTime", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "EnrolledDeviceCount", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "EnrollmentTokenUsageCount", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay", + "Parameters": [ { "CIMType": "String", - "Name": "QrCodeContent", - "Option": "Write" + "Name": "Id", + "Option": "Key" }, { "CIMType": "String", - "Name": "QrCodeImage", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "RoleScopeTagIds", + "Name": "BindStatus", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConfigureWifi", + "CIMType": "String", + "Name": "OwnerUserPrincipalName", "Option": "Write" }, { "CIMType": "String", - "Name": "WifiSsid", + "Name": "OwnerOrganizationName", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "WifiPassword", + "CIMType": "String", + "Name": "EnrollmentTarget", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "WifiHidden", + "Name": "DeviceOwnerManagementEnabled", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IsTeamsDeviceProfile", + "Name": "AndroidDeviceOwnerFullyManagedEnrollmentEnabled", "Option": "Write" }, { - "CIMType": "string", + "CIMType": "String", "Name": "Ensure", "Option": "Write" }, @@ -40483,6 +40478,11 @@ "Name": "CertificateThumbprint", "Option": "Write" }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, { "CIMType": "Boolean", "Name": "ManagedIdentity", From 55ba015512ea6124bfa314514561738d62d973af Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 6 Dec 2024 12:38:44 +0000 Subject: [PATCH 28/45] Updated {Create} Intune Integration Tests --- .../M365DSCIntegration.INTUNE.Create.Tests.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index fdb4ead05c..a3f43ddd26 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -364,7 +364,7 @@ AppleIdentifier = "Apple ID"; Certificate = "FakeCertMIIFdjCCBF6gAwIBAgIIMVIk4qQ3QnQwDQYJKoZIhvcNAQELBQAwgYwxQDA+BgNVBAMMN0FwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0yNDEwMjUxODE0NThaFw0yNTEwMjUxODE0NTdaMIGPMUwwSgYKCZImiZPyLGQBAQw8Y29tLmFwcGxlLm1nbXQuRXh0ZXJuYWwuMDA1NWU3ZTktNDkyYi00ZDQ2LTk2N2EtMjhmYzVkNDllZGI2MTIwMAYDVQQDDClBUFNQOjAwNTVlN2U5LTQ5MmItNGQ0Ni05NjdhLTI4ZmM1ZDQ5ZWRiNjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrEk6ojXS2lXZCW0P6Wtkv36ko7E1pDlu90IbKN+tesevGhghARFrGNJaRnCjjh7m430KMx2HmwuH08VHpevne2ANdSBOgbVD/8tbkfLN4GeO7Z+E0O5WvEKJ0h0IloV4PjhfZm367n7WDBGmAEXp/aUU91TDIGvAlwUB6M/s7WDypfKenpU7VI7BBNHOn/LwaeNyyTsr8/bn+D7CRDPb6UBYPc5wyQoEjgEjByprUB4qkICfjjvDqg0S+x/gkk4U6QDhjFcUb439EpUyUhbYFH/Opjq5uJ22xueTX3FLQII6ZFoPcC/NJLpwdEDGOOHEHb62ahrwTxzYNGoOG5v/NAgMBAAGjggHVMIIB0TAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFPe+fCFgkds9G3vYOjKBad+ebH+bMIIBHAYDVR0gBIIBEzCCAQ8wggELBgkqhkiG92NkBQEwgf0wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5MBMGA1UdJQQMMAoGCCsGAQUFBwMCMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FhaTJjYS5jcmwwHQYDVR0OBBYEFE1pV3J04vJkpwqxzg040WR6U/7IMAsGA1UdDwQEAwIHgDAQBgoqhkiG92NkBgMCBAIFADANBgkqhkiG9w0BAQsFAAOCAQEAPVKFj5stCpsUT+lcC36hzR2wh8/fys/QFNFuFn57x4oe9kBvvyAXqLBhPm/J3lC+0oU/AJf3EYXwTGNxo2gCiPhJcomX3WXnbYrZHU/TH8umhtVgGqd6Xlke9iFwypidHC9dHWmwud4V42oAMZ9FHItSwh5o6rQMoZop7uKD72vxSuunEWFymF9S22DJ0oums1Ya8JmUpNfMzkyGVMMZs1OCYpzQxYpuwC+sMAVfGucp1IRLutccRGYeSV4LTN4CwfWreCPnPGjkBEmGqmusn5t/THirGjRBykUARWFpthx1wmJqHFqeAv4nhbcR/+Fu4gQQQaayX0dauBcU0T57=="; DataSharingConsetGranted = $True; - + Ensure = "Present"; ApplicationId = $ApplicationId; TenantId = $TenantId; @@ -713,7 +713,7 @@ { Name = 'hosted_app' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair { Name = 'user_script' @@ -747,7 +747,7 @@ Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' @@ -756,7 +756,7 @@ Id = '4d654df9-6826-470f-af4e-d37491663c76' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' @@ -2527,7 +2527,7 @@ ApplicationId = $ApplicationId; TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; - + } IntuneEndpointDetectionAndResponsePolicyMacOS 'myEDRPolicy' { @@ -2540,7 +2540,7 @@ ApplicationId = $ApplicationId; TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; - + } IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' { From 5d00a023198a1ca7a5de94208235b4a926bb3be8 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Fri, 6 Dec 2024 12:56:10 +0000 Subject: [PATCH 29/45] Fix policy retrieval --- CHANGELOG.md | 3 +++ .../MSFT_AADFeatureRolloutPolicy.psm1 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca5bb76ad6..98afd374ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* AADFeatureRolloutPolicy + * Fixed policy retrieval + FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) * IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Fixing issue with the way the QrCodeImage property was exported and handled. * IntuneFirewallPolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 index 26944c5c3c..68edefd6e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 @@ -98,10 +98,7 @@ function Get-TargetResource { $getValue = Get-MgBetaPolicyFeatureRolloutPolicy ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.FeatureRolloutPolicy' - } + -ErrorAction SilentlyContinue } } #endregion From 3816547a092a0b297e1c3a63448d34b0888894e2 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Mon, 9 Dec 2024 14:56:13 +0000 Subject: [PATCH 30/45] Update CHANGELOG.md --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea2fe4b283..7f16ea4f0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,8 +30,6 @@ * Initial release * IntuneVPNConfigurationPolicyAndroidDeviceOwner * Initial release -* IntuneVPNConfigurationPolicyAndroidEnterprise - * Initial release * M365DSCDRGUtil * Add separate check for strings with ordinal comparison and standardized line breaks. * M365DSCUtil From 5b3e40e5abb72a324fbfcfcb6e950cd09f5a1f45 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Mon, 9 Dec 2024 21:42:27 +0000 Subject: [PATCH 31/45] Revert "Update CHANGELOG.md" This reverts commit 3816547a092a0b297e1c3a63448d34b0888894e2. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f16ea4f0f..ea2fe4b283 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,8 @@ * Initial release * IntuneVPNConfigurationPolicyAndroidDeviceOwner * Initial release +* IntuneVPNConfigurationPolicyAndroidEnterprise + * Initial release * M365DSCDRGUtil * Add separate check for strings with ordinal comparison and standardized line breaks. * M365DSCUtil From daafec220c178b52b7c749327a660e7bccea3703 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Mon, 9 Dec 2024 21:44:55 +0000 Subject: [PATCH 32/45] removed M365DSCDRGUtil/M365DSCUtil entries --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea2fe4b283..ca925a2ef9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,10 +32,6 @@ * Initial release * IntuneVPNConfigurationPolicyAndroidEnterprise * Initial release -* M365DSCDRGUtil - * Add separate check for strings with ordinal comparison and standardized line breaks. -* M365DSCUtil - * Add separate check for strings with ordinal comparison and standardized line breaks. * IntuneVPNConfigurationPolicyIOS * Initial release. * M365DSCRuleEvaluation From 5fb0446d156e609a84a335fc234c8f16f5216cc0 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 10 Dec 2024 13:32:44 +0000 Subject: [PATCH 33/45] Updated Resources and Cmdlet documentation pages --- .../user-guide/cmdlets/New-M365DSCReportFromConfiguration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md index 507fad21f2..5c67a55f34 100644 --- a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md +++ b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md @@ -13,7 +13,7 @@ This function does not generate any output. | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | -| Type | True | String | | Excel, HTML, JSON, Markdown | The type of report that should be created: Excel or HTML. | +| Type | True | String | | Excel, HTML, JSON, Markdown, CSV | The type of report that should be created: Excel or HTML. | | ConfigurationPath | True | String | | | The path to the exported DSC configuration that the report should be created for. | | OutputPath | True | String | | | The output path of the report. | From 59326804d51616eae988273f8f84ed37eb527a4a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 10 Dec 2024 13:34:01 +0000 Subject: [PATCH 34/45] Updated Resources and Cmdlet documentation pages --- ...PNConfigurationPolicyAndroidDeviceOwner.md | 324 ++++++++++++++++++ ...VPNConfigurationPolicyAndroidEnterprise.md | 266 ++++++++++++++ 2 files changed, 590 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md create mode 100644 docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md new file mode 100644 index 0000000000..64f3069235 --- /dev/null +++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md @@ -0,0 +1,324 @@ +# IntuneVPNConfigurationPolicyAndroidDeviceOwner + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` | +| **connectionName** | Write | String | Connection name displayed to the user. | | +| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | | +| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` | +| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | | +| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | | +| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | | +| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | | +| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | | +| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | | +| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | | +| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphVpnServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **address** | Write | String | Address (IP address, FQDN or URL) | | +| **description** | Write | String | Description. | | +| **isDefaultServer** | Write | Boolean | Default server. | | + +### MSFT_MicrosoftvpnProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | | +| **address** | Write | String | Address. | | +| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | | + +### MSFT_targetedMobileApps + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The application name. | | +| **publisher** | Write | String | The publisher of the application. | | +| **appStoreUrl** | Write | String | The Store URL of the application. | | +| **appId** | Write | String | The application or bundle identifier of the application. | | + +### MSFT_CustomData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **key** | Write | String | Key for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + +### MSFT_customKeyValueData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | Name for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = '' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.NEWserver.com:8080' #CHANGED VALUE + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md new file mode 100644 index 0000000000..b325f4cfdc --- /dev/null +++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md @@ -0,0 +1,266 @@ +# IntuneVPNConfigurationPolicyAndroidEnterprise + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` | +| **connectionName** | Write | String | Connection name displayed to the user. | | +| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | | +| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` | +| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | | +| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | | +| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | | +| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | | +| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | | +| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | | +| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | | +| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphVpnServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **address** | Write | String | Address (IP address, FQDN or URL) | | +| **description** | Write | String | Description. | | +| **isDefaultServer** | Write | Boolean | Default server. | | + +### MSFT_MicrosoftvpnProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | | +| **address** | Write | String | Address. | | +| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | | + +### MSFT_targetedMobileApps + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The application name. | | +| **publisher** | Write | String | The publisher of the application. | | +| **appStoreUrl** | Write | String | The Store URL of the application. | | +| **appId** | Write | String | The application or bundle identifier of the application. | | + +### MSFT_CustomData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **key** | Write | String | Key for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + +### MSFT_customKeyValueData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | Name for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Absent"; + } + } +} +``` + From 770107dda5ab7ac8ed97a03c401fbd396288be6a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 10 Dec 2024 13:36:49 +0000 Subject: [PATCH 35/45] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 352 ++++++++++++++++-- 1 file changed, 316 insertions(+), 36 deletions(-) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 8e8e8806e4..a4fdffd024 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -47491,126 +47491,406 @@ ] }, { - "ClassName": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule", + "ClassName": "MSFT_MicrosoftvpnProxyServer", "Parameters": [ { - "CIMType": "String[]", - "Name": "ssids", + "CIMType": "String", + "Name": "automaticConfigurationScriptUrl", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "dnsSearchDomains", + "CIMType": "String", + "Name": "address", "Option": "Write" }, { - "CIMType": "String", - "Name": "probeUrl", + "CIMType": "uint32", + "Name": "port", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_targetedMobileApps", + "Parameters": [ { "CIMType": "String", - "Name": "action", + "Name": "name", "Option": "Write" }, { "CIMType": "String", - "Name": "domainAction", + "Name": "publisher", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "domains", + "CIMType": "String", + "Name": "appStoreUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "probeRequiredUrl", + "Name": "appId", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_CustomData", + "Parameters": [ { "CIMType": "String", - "Name": "interfaceTypeMatch", + "Name": "key", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "dnsServerAddressMatch", + "CIMType": "String", + "Name": "value", "Option": "Write" } ] }, { - "ClassName": "MSFT_MicrosoftvpnProxyServer", + "ClassName": "MSFT_customKeyValueData", "Parameters": [ { "CIMType": "String", - "Name": "automaticConfigurationScriptUrl", + "Name": "name", "Option": "Write" }, { "CIMType": "String", - "Name": "address", - "Option": "Write" - }, - { - "CIMType": "uint32", - "Name": "port", + "Name": "value", "Option": "Write" } ] }, { - "ClassName": "MSFT_targetedMobileApps", + "ClassName": "MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner", "Parameters": [ { "CIMType": "String", - "Name": "name", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "publisher", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "appStoreUrl", + "Name": "authenticationMethod", "Option": "Write" }, { "CIMType": "String", - "Name": "appId", + "Name": "connectionName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "role", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "realm", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphvpnServer[]", + "Name": "servers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionType", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftvpnProxyServer[]", + "Name": "proxyServer", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "targetedPackageIds", + "Option": "Write" + }, + { + "CIMType": "MSFT_targetedMobileApps[]", + "Name": "targetedMobileApps", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOn", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOnLockdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "microsoftTunnelSiteId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "proxyExclusionList", + "Option": "Write" + }, + { + "CIMType": "MSFT_customData[]", + "Name": "customData", + "Option": "Write" + }, + { + "CIMType": "MSFT_customKeyValueData[]", + "Name": "customKeyValueData", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_CustomData", + "ClassName": "MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise", "Parameters": [ { "CIMType": "String", - "Name": "key", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "value", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "authenticationMethod", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "role", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "realm", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphvpnServer[]", + "Name": "servers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionType", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftvpnProxyServer[]", + "Name": "proxyServer", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "targetedPackageIds", + "Option": "Write" + }, + { + "CIMType": "MSFT_targetedMobileApps[]", + "Name": "targetedMobileApps", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOn", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOnLockdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "microsoftTunnelSiteId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "proxyExclusionList", + "Option": "Write" + }, + { + "CIMType": "MSFT_customData[]", + "Name": "customData", + "Option": "Write" + }, + { + "CIMType": "MSFT_customKeyValueData[]", + "Name": "customKeyValueData", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_customKeyValueData", + "ClassName": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule", "Parameters": [ + { + "CIMType": "String[]", + "Name": "ssids", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "dnsSearchDomains", + "Option": "Write" + }, { "CIMType": "String", - "Name": "name", + "Name": "probeUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "value", + "Name": "action", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "domainAction", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "domains", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "probeRequiredUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "interfaceTypeMatch", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "dnsServerAddressMatch", "Option": "Write" } ] From ec191418f77b28a53c33951c7067798565f1d734 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 10 Dec 2024 13:37:43 +0000 Subject: [PATCH 36/45] Updated {Create} Intune Integration Tests --- ...M365DSCIntegration.INTUNE.Create.Tests.ps1 | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index a3f43ddd26..d2945db555 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -3179,6 +3179,77 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneVPNConfigurationPolicyAndroidDeviceOwner 'IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example' + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + IntuneVPNConfigurationPolicyAndroidEnterprise 'IntuneVPNConfigurationPolicyAndroidEnterprise-Example' + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } IntuneVPNConfigurationPolicyIOS 'IntuneVPNConfigurationPolicyIOS-Example' { ApplicationId = $ApplicationId; From e7be4377878ff2fa5a43c4b0db055479ca6af054 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 11 Dec 2024 09:04:50 -0500 Subject: [PATCH 37/45] FIXES #5524 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 381baa62a0..049098e031 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* AADApplication + * Changed logic to remove all permissions when an empty array is specified. + FIXES [#5524](https://github.com/microsoft/Microsoft365DSC/issues/5524) * AADFeatureRolloutPolicy * Fixed policy retrieval FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) From 49a77954db2bb6e6729d55df5342dd58f86bab53 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 11 Dec 2024 09:04:59 -0500 Subject: [PATCH 38/45] Update MSFT_AADApplication.psm1 --- .../MSFT_AADApplication.psm1 | 121 ++++++++++-------- 1 file changed, 68 insertions(+), 53 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index f60e307747..fafb1baac3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -975,72 +975,81 @@ function Set-TargetResource } } - if ($needToUpdatePermissions -and -not [System.String]::IsNullOrEmpty($Permissions) -and $Permissions.Length -gt 0) + if ($needToUpdatePermissions -and $null -ne $Permissions) { Write-Verbose -Message "Will update permissions for Azure AD Application {$($currentAADApp.DisplayName)}" - $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique - $allRequiredAccess = @() - foreach ($sourceAPI in $allSourceAPIs) + if ($Permissions.Length -eq 0) { - Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}" - $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI } - $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'" - $currentAPIAccess = @{ - ResourceAppId = $apiPrincipal.AppId - ResourceAccess = @() - } - foreach ($permission in $permissionsForcurrentAPI) + Write-Verbose -Message "Desired set of permissions is empty, removing all permissions on the app." + $allRequiredAccess = @() + } + else + { + $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique + $allRequiredAccess = @() + + foreach ($sourceAPI in $allSourceAPIs) { - if ($permission.Type -eq 'Delegated') + Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}" + $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI } + $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'" + $currentAPIAccess = @{ + ResourceAppId = $apiPrincipal.AppId + ResourceAccess = @() + } + foreach ($permission in $permissionsForcurrentAPI) { - $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name } - $scopeId = $null - if ($null -eq $scope) + if ($permission.Type -eq 'Delegated') { - $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name } + $scopeId = $null + if ($null -eq $scope) { - $scopeId = $permission.Name + $ObjectGuid = [System.Guid]::empty + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $scopeId = $permission.Name + } } - } - else - { - $scopeId = $scope.Id - } - Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}" - $delPermission = @{ - Id = $scopeId - Type = 'Scope' - } - $currentAPIAccess.ResourceAccess += $delPermission - } - elseif ($permission.Type -eq 'AppOnly') - { - $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name } - $roleId = $null - if ($null -eq $role) - { - $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + else { - $roleId = $permission.Name + $scopeId = $scope.Id } + Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}" + $delPermission = @{ + Id = $scopeId + Type = 'Scope' + } + $currentAPIAccess.ResourceAccess += $delPermission } - else + elseif ($permission.Type -eq 'AppOnly') { - $roleId = $role.Id - } - $appPermission = @{ - Id = $roleId - Type = 'Role' + $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name } + $roleId = $null + if ($null -eq $role) + { + $ObjectGuid = [System.Guid]::empty + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $roleId = $permission.Name + } + } + else + { + $roleId = $role.Id + } + $appPermission = @{ + Id = $roleId + Type = 'Role' + } + $currentAPIAccess.ResourceAccess += $appPermission } - $currentAPIAccess.ResourceAccess += $appPermission } - } - if ($null -ne $currentAPIAccess) - { - $allRequiredAccess += $currentAPIAccess + if ($null -ne $currentAPIAccess) + { + $allRequiredAccess += $currentAPIAccess + } } } @@ -1298,9 +1307,15 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0) + if ($CurrentValues.Permissions.Length -gt 0 -and ` + $null -ne $CurrentValues.Permissions.Name) { - $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name) + $differenceObject = $Permissions.Name + if ($null -eq $differenceObject) + { + $differenceObject = @() + } + $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject $differenceObject $driftedParams = @{} if ($null -ne $permissionsDiff) { From 3269486b3b0e016852329312aeda9e68770edf34 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 11 Dec 2024 09:07:44 -0500 Subject: [PATCH 39/45] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 049098e031..1aa45e1fdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ * AADApplication * Changed logic to remove all permissions when an empty array is specified. - FIXES [#5524](https://github.com/microsoft/Microsoft365DSC/issues/5524) + FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) * AADFeatureRolloutPolicy * Fixed policy retrieval FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) From 555d4da61185aaef57550e973ee12517d2142fad Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 11 Dec 2024 13:08:21 -0500 Subject: [PATCH 40/45] Updated MSCloudLoginAssistant --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 381baa62a0..8fd9a0b3c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ * Improve settings catalog handling for nested objects. * M365DSCResourceGenerator * Fixes an issue with nested object creation. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.29. # 1.24.1204.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index e6dd487257..815cde6893 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -122,7 +122,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.28" + RequiredVersion = "1.1.29" }, @{ ModuleName = 'PnP.PowerShell' From d38c8e13d5f3bed10936fe6cbfc8823b86495b29 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 11 Dec 2024 21:23:48 +0100 Subject: [PATCH 41/45] Release v1.24.1211.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 56 ++++++-------------- 2 files changed, 18 insertions(+), 40 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d231ca1f0..f900f26c0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.1211.1 * AADApplication * Changed logic to remove all permissions when an empty array is specified. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 272d12703e..063a1c0551 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-12-04 +# Generated on: 2024-12-11 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1204.1' + ModuleVersion = '1.24.1211.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,44 +147,22 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* All resources - * Applying project default formatting on all files, to improve - reading and troubleshooting. -* AADAccessReviewDefinition - * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype. -* AADActivityBasedTimeoutPolicy - * Added support for AccessTokens. -* AADClaimsMappingPolicy + ReleaseNotes = '* AADApplication + * Changed logic to remove all permissions when an empty array is specified. + FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) +* AADFeatureRolloutPolicy * Fixed policy retrieval - FIXES [#5505](https://github.com/microsoft/Microsoft365DSC/issues/5505) -* AADIdentityAPIConnector - * Changed the export logic to export passwords as credential objects instead of string. -* AADRoleManagementPolicyRule - * Added the logic to handle filters in the Export logic flow. -* EXOAuthenticationPolicyAssignment - * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. -* EXOClientAccessRule - * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. -* EXOManagementRoleAssignment - * Changed logic to detect drift. -* EXOServicePrincipal - * Removed ObjectID from the return of the Get-TargetResource method. -* EXOTeamsProtectionPolicy - * Initial release - FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) -* EXOTransportRule - * Fixed conditional logic for creation and update. -* IntuneTrustedRootCertificateIOS - * Initial release -* IntuneVPNConfigurationPolicyIOS - * Initial release. -* M365DSCRuleEvaluation - * Only attempt to pass AccessTokens if specified. -* SPORetentionLabelsSettings - * Initial release. -* MISC - * M365DSCDRGUtil - * Add separate check for strings with ordinal comparison and standardized line breaks.' + FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile + * Fixing issue with the way the QrCodeImage property was exported and handled. +* IntuneFirewallPolicyWindows10 + * Fix export of properties that appear multiple times in subsections. +* M365DSCDRGUtil + * Improve settings catalog handling for nested objects. +* M365DSCResourceGenerator + * Fixes an issue with nested object creation. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.29.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 28ee71b8001fd2020e5f020de660f51f804c3538 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Wed, 11 Dec 2024 21:54:50 +0100 Subject: [PATCH 42/45] Migrate MSCloudLoginAssistant authentication context access to cmdlets --- CHANGELOG.md | 4 ++ .../MSFT_AADAdminConsentRequestPolicy.psm1 | 2 +- .../MSFT_AADAdministrativeUnit.psm1 | 10 ++--- .../MSFT_AADApplication.psm1 | 6 +-- ...AADAuthenticationMethodPolicyExternal.psm1 | 8 ++-- .../MSFT_AADAuthenticationRequirement.psm1 | 4 +- .../MSFT_AADConditionalAccessPolicy.psm1 | 6 +-- .../MSFT_AADDeviceRegistrationPolicy.psm1 | 2 +- .../MSFT_AADEnrichedAuditLogs.psm1 | 2 +- ...AADEntitlementManagementAccessPackage.psm1 | 8 ++-- ...lementManagementConnectedOrganization.psm1 | 10 ++--- .../MSFT_AADFederationConfiguration.psm1 | 10 ++--- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 10 ++--- .../MSFT_AADIdentityB2XUserFlow.psm1 | 8 ++-- ...T_AADIdentityProtectionPolicySettings.psm1 | 6 +-- .../MSFT_AADNamedLocationPolicy.psm1 | 4 +- ...MSFT_AADNetworkAccessForwardingPolicy.psm1 | 2 +- ...DOnPremisesPublishingProfilesSettings.psm1 | 4 +- ...tionCertificateBasedAuthConfiguration.psm1 | 4 +- .../MSFT_AADRemoteNetwork.psm1 | 4 +- .../MSFT_AADServicePrincipal.psm1 | 14 +++---- .../MSFT_AADVerifiedIdAuthority.psm1 | 2 +- .../MSFT_AADVerifiedIdAuthorityContract.psm1 | 2 +- .../MSFT_AzureVerifiedIdFaceCheck.psm1 | 2 +- .../MSFT_EXOManagementRoleAssignment.psm1 | 4 +- .../MSFT_FabricAdminTenantSettings.psm1 | 4 +- .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 2 +- .../MSFT_IntuneAccountProtectionPolicy.psm1 | 2 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 6 +-- ...neAppleMDMPushNotificationCertificate.psm1 | 2 +- .../MSFT_IntuneDeviceCleanupRule.psm1 | 6 +-- ...AdministrativeTemplatePolicyWindows10.psm1 | 14 +++---- ...urationSCEPCertificatePolicyWindows10.psm1 | 8 ++-- ...figurationWiredNetworkPolicyWindows10.psm1 | 18 ++++---- ...neDeviceEnrollmentStatusPageWindows10.psm1 | 6 +-- ...uneDeviceManagementComplianceSettings.psm1 | 2 +- ...ManagementEnrollmentAndroidGooglePlay.psm1 | 6 +-- .../MSFT_IntuneDiskEncryptionMacOS.psm1 | 2 +- .../MSFT_IntuneMobileAppsMacOSLobApp.psm1 | 6 +-- ...IntuneMobileAppsWindowsOfficeSuiteApp.psm1 | 4 +- .../MSFT_IntunePolicySets.psm1 | 2 +- .../MSFT_IntuneRoleAssignment.psm1 | 4 +- ...neSettingCatalogCustomPolicyWindows10.psm1 | 2 +- .../MSFT_O365Group/MSFT_O365Group.psm1 | 6 +-- .../MSFT_O365OrgSettings.psm1 | 41 +++++++++---------- .../MSFT_PlannerTask/MSFT_PlannerTask.psm1 | 6 +-- .../MSFT_SPOTenantSettings.psm1 | 4 +- .../MSFT_TeamsChannelTab.psm1 | 2 +- .../MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 | 2 +- .../Modules/M365DSCDRGUtil.psm1 | 2 +- .../Modules/M365DSCTelemetryEngine.psm1 | 2 +- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 +- .../M365DSCAzureDevOPSHelper.psm1 | 2 +- .../M365DSCDefenderHelper.psm1 | 2 +- .../WorkloadHelpers/M365DSCFabricHelper.psm1 | 2 +- 55 files changed, 155 insertions(+), 152 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f900f26c0c..67ee8001c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Change log for Microsoft365DSC +# UNRELEASED + # 1.24.1211.1 * AADApplication @@ -16,6 +18,8 @@ * Improve settings catalog handling for nested objects. * M365DSCResourceGenerator * Fixes an issue with nested object creation. +* MISC + * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets. * DEPENDENCIES * Updated MSCloudLoginAssistant to version 1.1.29. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 index 3aa77cfbdb..f888d5f7ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 @@ -272,7 +272,7 @@ function Set-TargetResource $updateJSON = ConvertTo-Json $updateParameters Write-Verbose -Message "Updating the Entra Id Admin Consent Request Policy with values: $updateJSON" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/adminConsentRequestPolicy' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/adminConsentRequestPolicy' Invoke-MgGraphRequest -Method 'PUT' ` -Uri $Uri ` -Body $updateJSON | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 184a4d6c9c..104f0d3693 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -188,7 +188,7 @@ function Get-TargetResource foreach ($auMember in $auMembers) { $member = @{} - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" $memberObject = Invoke-MgGraphRequest -Uri $url if ($memberObject.'@odata.type' -match 'user') { @@ -233,7 +233,7 @@ function Get-TargetResource } } Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" $memberObject = Invoke-MgGraphRequest -Uri $url Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') @@ -563,7 +563,7 @@ function Set-TargetResource foreach ($member in $memberSpecification) { Write-Verbose -Message "Adding new dynamic member {$($member.Id)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($member.Type)/$($member.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($member.Type)/$($member.Id)" $memberBodyParam = @{ '@odata.id' = $url } @@ -657,7 +657,7 @@ function Set-TargetResource { Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$memberType/$($memberObject.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$memberType/$($memberObject.Id)" $memberBodyParam = @{ '@odata.id' = $url } @@ -789,7 +789,7 @@ function Set-TargetResource Write-Verbose -Message "Removing AU {$DisplayName}" # Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1 # https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529 - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null #Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index fafb1baac3..7e2297c501 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -391,7 +391,7 @@ function Get-TargetResource try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" $oppInfo = Invoke-MgGraphRequest -Method GET ` -Uri $Uri ` -ErrorAction SilentlyContinue @@ -931,7 +931,7 @@ function Set-TargetResource { $Type = 'directoryObjects' } - $ObjectUri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject + $ObjectUri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject $ownerObject = @{ '@odata.id' = $ObjectUri } @@ -1152,7 +1152,7 @@ function Set-TargetResource $onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing" Invoke-MgGraphRequest -Method 'PATCH' ` -Uri $Uri ` -Body $onPremisesPayload diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 index ecd65ce44b..e5412c6fed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 @@ -96,7 +96,7 @@ function Get-TargetResource } else { - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } @@ -334,7 +334,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the Azure AD Authentication Method Policy External with name {$($currentInstance.displayName)}" - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName } $params.Remove('displayName') | Out-Null @@ -347,7 +347,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing the Azure AD Authentication Method Policy External with Id {$($currentInstance.displayName)}" - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName } Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $getValue.Id @@ -539,7 +539,7 @@ function Export-TargetResource { #region resource generator code $desiredType = '#microsoft.graph.externalAuthenticationMethodConfiguration' - $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $getPolicy.AuthenticationMethodConfigurations | Where-Object -FilterScript { $_.'@odata.type' -eq $desiredType } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 index a858c0fc4d..bb76b820b1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 @@ -62,7 +62,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters $getValue = $null - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" $getValue = Invoke-MgGraphRequest -Method Get -Uri $url if ($null -eq $getValue) @@ -155,7 +155,7 @@ function Set-TargetResource #endregion $currentInstance = Get-TargetResource @PSBoundParameters - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" $params = @{} if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index d7e0d55a4e..7f81b5de49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1457,7 +1457,7 @@ function Set-TargetResource if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule')) { #check if the custom attribute exist. - $customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions') + $customattribute = Invoke-MgGraphRequest -Method GET -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions') $ServicePrincipalFilterRule -match 'CustomSecurityAttribute.(?.*) -.*' $attrinrule = $matches.attribute if ($customattribute.value.id -contains $attrinrule) @@ -1817,7 +1817,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating existing policy with values: $(Convert-M365DscHashtableToString -Hashtable $NewParameters)" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)" Invoke-MgGraphRequest -Method PATCH -Uri $Uri -Body $NewParameters } catch @@ -1841,7 +1841,7 @@ function Set-TargetResource { try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identity/conditionalAccess/policies' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identity/conditionalAccess/policies' Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $NewParameters } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 index 70c85ef25f..5a427827ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 @@ -428,7 +428,7 @@ function Set-TargetResource } } } - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/deviceRegistrationPolicy' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/deviceRegistrationPolicy' Write-Verbose -Message "Updating Device Registration Policy with payload:`r`n$(ConvertTo-Json $updateParameters -Depth 10)" Invoke-MgGraphRequest -Method PUT -Uri $uri -Body $updateParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 index 3b82984982..d6ec9888e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 @@ -176,7 +176,7 @@ function Set-TargetResource } } $body = ConvertTo-Json $values -Depth 10 -Compress - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body } function Test-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 2ef5d6db5a..8a3aa932e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -355,7 +355,7 @@ function Set-TargetResource foreach ($incompatibleAccessPackage in $IncompatibleAccessPackages) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" } New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` @@ -368,7 +368,7 @@ function Set-TargetResource foreach ($IncompatibleGroup in $IncompatibleGroups) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$IncompatibleGroup" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$IncompatibleGroup" } New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef ` @@ -485,7 +485,7 @@ function Set-TargetResource foreach ($incompatibleAccessPackage in $toBeAdded.InputObject) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" } New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` @@ -522,7 +522,7 @@ function Set-TargetResource { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$incompatibleGroup" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$incompatibleGroup" } New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 1e50576601..dbc861052d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -436,7 +436,7 @@ function Set-TargetResource } Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" $TenantIdValue = $CreateParameters.IdentitySources.TenantId - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" $DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName $newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName @@ -446,7 +446,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -459,7 +459,7 @@ function Set-TargetResource $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -515,7 +515,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -553,7 +553,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 index 47bd688e1b..ba7d827343 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 @@ -102,7 +102,7 @@ function Get-TargetResource } else { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' $instances = Invoke-MgGraphRequest $uri -Method Get if (-not [System.String]::IsNullOrEmpty($Id)) { @@ -256,7 +256,7 @@ function Set-TargetResource # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' Write-Verbose -Message "Creating federation configuration {$DisplayName}" $body = ConvertTo-Json $instanceParams -Depth 10 -Compress Invoke-MgGraphRequest -Uri $uri -Method POST -Body $body @@ -264,7 +264,7 @@ function Set-TargetResource # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' Write-Verbose -Message "Updating federation configuration {$DisplayName}" $body = ConvertTo-Json $instanceParams -Depth 10 -Compress Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $body @@ -272,7 +272,7 @@ function Set-TargetResource # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' Write-Verbose -Message "Removing federation configuration {$DisplayName}" Invoke-MgGraphRequest -Uri $uri -Method DELETE } @@ -431,7 +431,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' [array] $Script:exportedInstances = Invoke-MgGraphRequest $uri -Method Get $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 538b67f9f6..780169150e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -266,7 +266,7 @@ function Get-TargetResource # Licenses $assignedLicensesValues = $null - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' ` -Uri $uri @@ -689,7 +689,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $ownerObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } try { @@ -751,7 +751,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null } @@ -759,7 +759,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null } @@ -809,7 +809,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}" $groupAsMemberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" } New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 index c0973a0bee..68ef0c9491 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 @@ -269,7 +269,7 @@ function Set-TargetResource foreach ($provider in $IdentityProviders) { $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}" @@ -318,7 +318,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'" $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -330,7 +330,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'" $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -344,7 +344,7 @@ function Set-TargetResource foreach ($provider in $providersToAdd) { $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 index bdc8f788a7..3758dbb64b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' $instance = Invoke-MgGraphRequest -Method Get -Uri $url if ($null -eq $instance) @@ -153,7 +153,7 @@ function Set-TargetResource $updateJSON = ConvertTo-Json $updateParameters Write-Verbose -Message "Updating the AAD Identity Protection Policy settings with values: $updateJSON" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $updateJSON } @@ -283,7 +283,7 @@ function Export-TargetResource { $Script:ExportMode = $true - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' [array] $Script:exportedInstances = Invoke-MgGraphRequest -Method Get -Uri $url $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index 7a1aab4d46..abd58c3f0c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -315,7 +315,7 @@ function Set-TargetResource Write-Verbose -Message "Creating New AAD Named Location {$Displayname)} with attributes: $VerboseAttributes" $JSONValue = ConvertTo-Json $desiredValues | Out-String Write-Verbose -Message "JSON: $JSONValue" - $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations' + $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations' Invoke-MgGraphRequest -Method POST ` -Uri $APIUrl ` -Body $JSONValue | Out-Null @@ -330,7 +330,7 @@ function Set-TargetResource Write-Verbose -Message "Updating AAD Named Location {$Displayname)} with attributes: $VerboseAttributes" $JSONValue = ConvertTo-Json $desiredValues | Out-String Write-Verbose -Message "JSON: $JSONValue" - $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)" + $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)" Invoke-MgGraphRequest -Method PATCH ` -Uri $APIUrl ` -Body $JSONValue | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 index 4233abf5fa..60713f2585 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 @@ -221,7 +221,7 @@ function Set-TargetResource rules = $rulesParam } - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 index 87c5b715b6..c73a60ed8f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" $instance = Invoke-MgGraphRequest -Uri $uri -Method Get if ($null -eq $instance) { @@ -151,7 +151,7 @@ function Set-TargetResource isEnabled = $IsEnabled } $body = ConvertTo-Json $settings - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $Body | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 index f0bb93c5de..109cc8b9a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 @@ -201,7 +201,7 @@ function Set-TargetResource # Delete the old configuration Write-Verbose -Message 'Removing the current Azure AD Organization Certificate Based Auth Configuration.' - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE if ($Ensure -eq 'Present') { @@ -225,7 +225,7 @@ function Set-TargetResource certificateAuthorities = $createCertAuthorities } - $policy = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params + $policy = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 index d18a49b234..09860c448d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 @@ -267,7 +267,7 @@ function Set-TargetResource '@context' = '#$delta' value = @(@{}) } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params #adding forwarding profiles if required if ($forwardingProfilesList.Count -gt 0) @@ -276,7 +276,7 @@ function Set-TargetResource '@context' = '#$delta' value = $forwardingProfilesList } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index dea562de05..0ec87681ed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -237,7 +237,7 @@ function Get-TargetResource } [Array]$complexDelegatedPermissionClassifications = @() - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get foreach ($permissionClassification in $permissionClassifications.Value) { @@ -553,7 +553,7 @@ function Set-TargetResource { $userInfo = Get-MgUser -UserId $owner $body = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" } Write-Verbose -Message "Adding new owner {$owner}" $newOwner = New-MgServicePrincipalOwnerByRef -ServicePrincipalId $newSP.Id -BodyParameter $body @@ -568,7 +568,7 @@ function Set-TargetResource classification = $permissionClassification.Classification permissionName = $permissionClassification.permissionName } - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" Invoke-MgGraphRequest -Uri $Uri -Method Post -Body $params } } @@ -601,7 +601,7 @@ function Set-TargetResource $CSAParams = @{ customSecurityAttributes = $currentAADServicePrincipal.CustomSecurityAttributes } - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams } Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters @@ -709,7 +709,7 @@ function Set-TargetResource if ($diff.SideIndicator -eq '=>') { $body = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" } Write-Verbose -Message "Adding owner {$($userInfo.Id)}" New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` @@ -728,7 +728,7 @@ function Set-TargetResource if ($null -ne $DelegatedPermissionClassifications) { # removing old perm classifications - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" $permissionClassificationList = Invoke-MgGraphRequest -Uri $Uri -Method Get foreach ($permissionClassification in $permissionClassificationList.Value) { @@ -1250,7 +1250,7 @@ function Get-CustomSecurityAttributes [String]$ServicePrincipalId ) - $customSecurityAttributes = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get + $customSecurityAttributes = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get $customSecurityAttributes = $customSecurityAttributes.customSecurityAttributes $newCustomSecurityAttributes = @() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 index 841db686a5..8da0f80edd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 @@ -568,7 +568,7 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken 'Content-Type' = 'application/json' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 index 798db5e0fb..0ff063c803 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 @@ -915,7 +915,7 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken 'Content-Type' = 'application/json' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 index 2198e9fce0..467f46d674 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 @@ -342,7 +342,7 @@ function Export-TargetResource try { $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken } $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $headers diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index fd2489cdf2..8563e58c42 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -382,12 +382,12 @@ function Set-TargetResource } while (-not $testResults -and $retries -gt 0) # Need to force reconnect to Exchange for the new permissions to kick in. - if ($null -ne $Global:MSCloudLoginConnectionProfile.ExchangeOnline) + if ($null -ne (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline)) { Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.' Start-Sleep 20 Write-Verbose -Message 'Disconnecting from Exchange Online' - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() + Reset-MSCloudLoginConnectionProfileContext } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index c8230fed2e..c5594b62f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -574,7 +574,7 @@ function Get-TargetResource } else { - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' } if ($null -eq $instance) @@ -1941,7 +1941,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' if ($null -ne $Global:M365DSCExportResourceInstancesCount) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 7c11b42a97..c6f59d5c4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -551,7 +551,7 @@ function Set-TargetResource #Update-MgBetaDeviceManagementIntent does not support updating the property settings #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time #Using Rest to reduce the number of calls - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index c6bb81224f..ba9f0795c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -452,7 +452,7 @@ function Set-TargetResource #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time #Using Rest to reduce the number of calls - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index d0fbc61d7e..72b5ef5b63 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1336,7 +1336,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignment try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" $response = Invoke-MgGraphRequest -Method Get ` -Uri $Url return $response.value @@ -1367,7 +1367,7 @@ function Update-IntuneAppProtectionPolicyiOSAssignment ) try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" $body = ($Assignments | ConvertTo-Json -Depth 20 -Compress) Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload {$Url}: `r`n$body" Invoke-MgGraphRequest -Method POST ` @@ -1401,7 +1401,7 @@ function Update-IntuneAppProtectionPolicyiOSApp try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" # Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload: `r`n$JSONContent" Invoke-MgGraphRequest -Method POST ` -Uri $Url ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 index c5b4c9199c..b05929a5a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 @@ -225,7 +225,7 @@ function Set-TargetResource $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' If ($consentInstance.Granted -eq $False) { - Invoke-MgGraphRequest -Method POST -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' } + Invoke-MgGraphRequest -Method POST -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index 8f3ac88c57..c9c5895ece 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -78,7 +78,7 @@ function Get-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $return = @{ @@ -188,7 +188,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $body = @{ DeviceInactivityBeforeRetirementInDays = "$(if ($Enabled) { $DeviceInactivityBeforeRetirementInDays } else { 0 })" } @@ -340,7 +340,7 @@ function Export-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' [array]$cleanupRules = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 0d5fa40465..3d9afb7b6d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -424,7 +424,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -432,7 +432,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -520,7 +520,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -528,7 +528,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -554,7 +554,7 @@ function Set-TargetResource $currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId } $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -564,7 +564,7 @@ function Set-TargetResource } $complexDefinitionValue = @{ id = $currentDefinitionValue.Id - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -993,7 +993,7 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" $body = @{} $DefinitionValueToRemoveIds = @() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 index e68a3d86bf..0b4497b084 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 @@ -522,7 +522,7 @@ function Set-TargetResource } #region resource generator code - $CreateParameters.Add('rootCertificate@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") + $CreateParameters.Add('rootCertificate@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") $CreateParameters.Add('@odata.type', '#microsoft.graph.windows81SCEPCertificateProfile') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -1012,7 +1012,7 @@ function Get-DeviceConfigurationPolicyRootCertificate [System.String] $DeviceConfigurationPolicyId ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate" $result = Invoke-MgGraphRequest -Method Get -Uri $Uri -ErrorAction Stop return $result @@ -1032,9 +1032,9 @@ function Update-DeviceConfigurationPolicyRootCertificateId $RootCertificateId ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref" $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" } Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 28a61c850c..e8f2cf23e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -564,7 +564,7 @@ function Set-TargetResource -CertificateId $RootCertificatesForServerValidationIds[$i] ` -CertificateDisplayName $RootCertificatesForServerValidationDisplayNames[$i] ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $rootCertificatesForServerValidation += "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $rootCertificatesForServerValidation += "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" } $CreateParameters.Add('rootCertificatesForServerValidation@odata.bind', $rootCertificatesForServerValidation) } @@ -579,7 +579,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('identityCertificateForClientAuthentication@odata.bind', $ref) } @@ -593,7 +593,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryIdentityCertificateForClientAuthentication@odata.bind', $ref) } @@ -603,7 +603,7 @@ function Set-TargetResource -CertificateId $RootCertificateForClientValidationId ` -CertificateDisplayName $RootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('rootCertificateForClientValidation@odata.bind', $ref) } @@ -613,7 +613,7 @@ function Set-TargetResource -CertificateId $SecondaryRootCertificateForClientValidationId ` -CertificateDisplayName $SecondaryRootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryRootCertificateForClientValidation@odata.bind', $ref) } @@ -1189,7 +1189,7 @@ function Get-DeviceConfigurationPolicyCertificate [System.String] $CertificateName ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName" try { $result = Invoke-MgGraphRequest -Method Get -Uri $Uri 4>$null @@ -1228,7 +1228,7 @@ function Update-DeviceConfigurationPolicyCertificateId [System.String] $CertificateName ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref" if ($CertificateName -eq 'rootCertificatesForServerValidation') { @@ -1242,7 +1242,7 @@ function Update-DeviceConfigurationPolicyCertificateId foreach ($certificateId in $CertificateIds) { $ref = @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')" } Invoke-MgGraphRequest -Method $method -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null @@ -1270,7 +1270,7 @@ function Remove-DeviceConfigurationPolicyCertificateId foreach ($certificateId in $CertificateIds) { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index f5a9a6e758..445e2d2428 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -411,7 +411,7 @@ function Set-TargetResource $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop Update-DeviceEnrollmentConfigurationPriority ` @@ -449,7 +449,7 @@ function Set-TargetResource $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop if ($PSBoundParameters.ContainsKey('Priority') -and $Priority -ne $currentInstance.Priority) @@ -827,7 +827,7 @@ function Update-DeviceEnrollmentConfigurationPriority ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority" $body = @{'priority' = $Priority } | ConvertTo-Json -Depth 100 #write-verbose -Message $body Invoke-MgGraphRequest ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 index 4768ea03b2..56b2d35928 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 @@ -65,7 +65,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/settings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/settings' $settings = Invoke-MgGraphRequest -Method 'GET' -Uri $uri $results = @{ IsSingleInstance = 'Yes' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 index d5274b53e4..3bc1e3949f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 @@ -226,7 +226,7 @@ function Set-TargetResource if ($dataSharingConsent.granted -eq $false) { Write-Verbose -Message 'Consent not granted, requesting consent...' - $consentResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{ + $consentResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{ DataSharingConsentId = 'androidManagedStore' } -ContentType 'application/json' } @@ -239,7 +239,7 @@ function Set-TargetResource # hostName = "intune.microsoft.com" # } - # $signupUrl = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{ + # $signupUrl = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{ # hostName = "intune.microsoft.com" # } -ContentType "application/json" @@ -249,7 +249,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}" - $unbindResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json' + $unbindResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 index 282ecce2df..09fd5184be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 @@ -378,7 +378,7 @@ function Set-TargetResource Update-MgBetaDeviceManagementIntent -DeviceManagementIntentId $currentInstance.Id -BodyParameter $UpdateParameters #region resource generator code - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 17eef55b35..615b33c648 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -451,8 +451,8 @@ function Set-TargetResource throw "Mobile App Category with DisplayName $($category.DisplayName) not found." } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -522,7 +522,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 index ae5cde27a3..1368a66c89 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 @@ -490,7 +490,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -561,7 +561,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index 465fc6b8bc..f44b492b8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -347,7 +347,7 @@ function Set-TargetResource Update-MgBetaDeviceAppManagementPolicySet @UpdateParameters - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update" if ($null -ne ($itemamendments = Get-ItemsAmendmentsObject -currentObjectItems $currentInstance.Items -targetObjectItems $items)) { Invoke-MgGraphRequest -Method POST -Uri $url -Body $itemamendments diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 257f402310..e70d0bdb77 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -361,7 +361,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } $null = New-MgBetaDeviceManagementRoleAssignment -BodyParameter $CreateParameters } @@ -376,7 +376,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } Update-MgBetaDeviceManagementRoleAssignment -BodyParameter $UpdateParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index a70eabcd0b..23203de188 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -930,7 +930,7 @@ function Update-IntuneDeviceConfigurationPolicy ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId" $policy = @{ 'name' = $Name diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 index 3533a0e8a9..43d40e0b40 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 @@ -352,7 +352,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $member).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" + $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } @@ -398,7 +398,7 @@ function Set-TargetResource Write-Verbose -Message "Adding Owner {$owner}" $userId = (Get-MgUser -UserId $owner).Id $newGroupOwner = @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/users/{$userId}" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/users/{$userId}" } New-MgGroupOwnerByRef -GroupId $ADGroup[0].Id -BodyParameter $newGroupOwner @@ -410,7 +410,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $owner).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" + $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index da043b7400..aa2d5c8056 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -162,11 +162,10 @@ function Get-TargetResource # Workaround for issue when if connected to S+C prior to calling cmdlet, an error about an invalid token is thrown. # If connected to S+C, then we need to re-initialize the connection to EXO. - if ($Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected -and ` - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Connected) + if ((Get-MSCloudLoginConnectionProfile -Workload SecurityComplianceCenter).Connected -and ` + (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline).Connected) { - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() - $Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected = $false + Reset-MSCloudLoginConnectionProfileContext } $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -1139,10 +1138,10 @@ function Get-M365DSCO365OrgSettingsPlannerConfig try { - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` - -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method GET ` $Uri -ErrorAction Stop return $results @@ -1182,9 +1181,9 @@ function Set-M365DSCO365OrgSettingsPlannerConfig } $requestBody = $flags | ConvertTo-Json - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` - -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method PATCH ` -Body $requestBody ` $Uri @@ -1203,7 +1202,7 @@ function Get-M365DSCOrgSettingsInstallationOptions try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' $results = Invoke-MgGraphRequest -Method GET -Uri $url return $results } @@ -1231,7 +1230,7 @@ function Update-M365DSCOrgSettingsInstallationOptions try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1258,7 +1257,7 @@ function Get-M365DSCOrgSettingsForms try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1283,7 +1282,7 @@ function Update-M365DSCOrgSettingsForms try { Write-Verbose -Message 'Updating Forms Settings' - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1305,7 +1304,7 @@ function Get-M365DSCOrgSettingsDynamicsCustomerVoice try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1329,7 +1328,7 @@ function Update-M365DSCOrgSettingsDynamicsCustomerVoice try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1351,7 +1350,7 @@ function Get-M365DSCOrgSettingsAppsAndServices try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1375,7 +1374,7 @@ function Update-M365DSCOrgSettingsAppsAndServices try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1396,7 +1395,7 @@ function Get-M365DSCOrgSettingsToDo try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1420,7 +1419,7 @@ function Update-M365DSCOrgSettingsToDo try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1443,7 +1442,7 @@ function Get-M365DSCOrgSettingsAdminCenterReport try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1464,9 +1463,9 @@ function Update-M365DSCOrgSettingsAdminCenterReport $DisplayConcealedNames ) $VerbosePreference = 'SilentlyContinue' - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings' $body = @{ - '@odata.context' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' + '@odata.context' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' displayConcealedNames = $DisplayConcealedNames } Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 index 7581137a90..a4cd0a15e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 @@ -492,7 +492,7 @@ function Set-TargetResource Write-Verbose -Message "Updating Task with:`r`n$JSONDetails" # Need to continue to rely on Invoke-MgGraphRequest Invoke-MgGraphRequest -Method PATCH ` - -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId" ` + -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId" ` -Headers $Headers ` -Body $JSONDetails @@ -504,7 +504,7 @@ function Set-TargetResource $JSONDetails = (ConvertTo-Json $details) Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails" Invoke-MgGraphRequest -Method PATCH ` - -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId/details" ` + -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId/details" ` -Headers $Headers ` -Body $JSONDetails @@ -940,7 +940,7 @@ function Get-M365DSCPlannerTasksFromPlan $Credential ) $results = @() - $uri = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/plans/$PlanId/tasks" + $uri = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/plans/$PlanId/tasks" $taskResponse = Invoke-MSCloudLoginMicrosoftGraphAPI -Credential $Credential ` -Uri $uri ` -Method Get diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index ae9cc174be..cdc32fb589 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -212,7 +212,7 @@ function Get-TargetResource 'AllowSelectSecurityGroupsInSPSitesList') $response = Invoke-PnPSPRestMethod -Method Get ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" + -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" return @{ @@ -536,7 +536,7 @@ function Set-TargetResource { Write-Verbose -Message 'Updating properties via REST PATCH call.' Invoke-PnPSPRestMethod -Method PATCH ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant" ` + -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant" ` -Content $paramsToUpdate } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index f2ae6eaa49..325e64db5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -368,7 +368,7 @@ function Set-TargetResource Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" $additionalProperties = @{ - 'teamsApp@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp" + 'teamsApp@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp" } $CurrentParameters.Add('AdditionalProperties', $additionalProperties) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 index 13b7e219ae..e739efbf41 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 @@ -443,7 +443,7 @@ function Set-TargetResource Write-Verbose -Message "Retrieving Group Owner {$currentOwner}" $ownerUser = Get-MgUser -Search $currentOwner -ConsistencyLevel eventual - $ownerOdataID = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)" + $ownerOdataID = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)" Write-Verbose -Message "Adding Owner {$($ownerUser.Id)} to Group {$($group.Id)}" try diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 2858541d08..9ed3c0922c 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -2547,7 +2547,7 @@ function Update-IntuneDeviceConfigurationPolicy try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" $policy = @{ 'name' = $Name diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index cd9fb23c62..a99991adbe 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -118,7 +118,7 @@ function Add-M365DSCTelemetryEvent } $Script:M365DSCCurrentRoles = @() - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/me?$select=id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id' $currentUser = Invoke-MgGraphRequest -Uri $uri -Method GET $currentUserId = $currentUser.id diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index e6f62bf958..c5e20e3cfb 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1437,7 +1437,7 @@ function Export-M365DSCConfiguration try { Disconnect-MgGraph -ErrorAction Stop | Out-Null - $global:MsCloudLoginConnectionProfile.MicrosoftGraph.Connected = $false + Reset-MSCloudLoginConnectionProfileContext } catch { diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 index 92375e9444..864993c93d 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 @@ -21,7 +21,7 @@ function Invoke-M365DSCAzureDevOPSWebRequest ) $headers = @{ - Authorization = $global:MsCloudLoginConnectionProfile.AzureDevOPS.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AzureDevOPS).AccessToken 'Content-Type' = $ContentType } diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 index ebbec02b6e..df62ffcf32 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 @@ -18,7 +18,7 @@ function Invoke-M365DSCDefenderREST $bodyJSON = ConvertTo-Json $Body -Depth 10 -Compress $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.DefenderForEndpoint.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload DefenderForEndpoint).AccessToken "Content-Type" = "application/json" } $response = Invoke-WebRequest -Method $Method ` diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 index ca390ae10c..a7b8bbae4a 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 @@ -17,7 +17,7 @@ function Invoke-M365DSCFabricWebRequest ) $headers = @{ - Authorization = $global:MsCloudLoginConnectionProfile.Fabric.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload Fabric).AccessToken } $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $Body From 05fc142e1d7edf3d794cc1aaf147b8f1f96afb96 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Wed, 11 Dec 2024 22:39:16 +0100 Subject: [PATCH 43/45] Add mocked command to tests --- ResourceGenerator/UnitTest.Template.ps1 | 6 ++++++ ...65DSC.AADAdminConsentRequestPolicy.Tests.ps1 | 3 +++ ...rosoft365DSC.AADAdministrativeUnit.Tests.ps1 | 3 +++ .../Microsoft365DSC.AADApplication.Tests.ps1 | 3 +++ ...AuthenticationMethodPolicyExternal.Tests.ps1 | 3 +++ ...65DSC.AADAuthenticationRequirement.Tests.ps1 | 3 +++ ...t365DSC.AADConditionalAccessPolicy.Tests.ps1 | 2 ++ ...365DSC.AADDeviceRegistrationPolicy.Tests.ps1 | 3 +++ ...crosoft365DSC.AADEnrichedAuditLogs.Tests.ps1 | 5 ++++- ...EntitlementManagementAccessPackage.Tests.ps1 | 3 +++ ...entManagementConnectedOrganization.Tests.ps1 | 3 +++ ...t365DSC.AADFederationConfiguration.Tests.ps1 | 3 +++ .../Microsoft365DSC.AADGroup.Tests.ps1 | 3 +++ ...osoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 | 3 +++ ...ADIdentityProtectionPolicySettings.Tests.ps1 | 3 +++ ...osoft365DSC.AADNamedLocationPolicy.Tests.ps1 | 3 +++ ...C.AADNetworkAccessForwardingPolicy.Tests.ps1 | 3 +++ ...PremisesPublishingProfilesSettings.Tests.ps1 | 3 +++ ...nCertificateBasedAuthConfiguration.Tests.ps1 | 3 +++ .../Microsoft365DSC.AADRemoteNetwork.Tests.ps1 | 3 +++ ...icrosoft365DSC.AADServicePrincipal.Tests.ps1 | 4 +++- ...osoft365DSC.AADVerifiedIdAuthority.Tests.ps1 | 5 ++++- ...DSC.AADVerifiedIdAuthorityContract.Tests.ps1 | 17 ++++++++++------- ...oft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 | 3 +++ ...365DSC.EXOManagementRoleAssignment.Tests.ps1 | 6 ++++++ ...ft365DSC.FabricAdminTenantSettings.Tests.ps1 | 3 +++ ...5DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 | 3 +++ ...5DSC.IntuneAccountProtectionPolicy.Tests.ps1 | 3 +++ ...65DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 | 5 ++++- ...ppleMDMPushNotificationCertificate.Tests.ps1 | 3 +++ ...soft365DSC.IntuneDeviceCleanupRule.Tests.ps1 | 3 +++ ...inistrativeTemplatePolicyWindows10.Tests.ps1 | 3 +++ ...tionSCEPCertificatePolicyWindows10.Tests.ps1 | 3 +++ ...urationWiredNetworkPolicyWindows10.Tests.ps1 | 3 +++ ...eviceEnrollmentStatusPageWindows10.Tests.ps1 | 2 ++ ...DeviceManagementComplianceSettings.Tests.ps1 | 3 +++ ...agementEnrollmentAndroidGooglePlay.Tests.ps1 | 1 + ...ft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 | 3 +++ ...365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 | 3 +++ ...uneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 | 3 +++ .../Microsoft365DSC.IntunePolicySets.Tests.ps1 | 3 +++ ...crosoft365DSC.IntuneRoleAssignment.Tests.ps1 | 3 +++ ...ettingCatalogCustomPolicyWindows10.Tests.ps1 | 3 +++ .../Microsoft365DSC.O365Group.Tests.ps1 | 3 +++ .../Microsoft365DSC.O365OrgSettings.Tests.ps1 | 6 ++++++ .../Microsoft365DSC.PlannerTask.Tests.ps1 | 3 +++ .../Microsoft365DSC.SPOTenantSettings.Tests.ps1 | 3 +++ .../Microsoft365DSC.TeamsChannelTab.Tests.ps1 | 3 +++ .../Microsoft365DSC.TeamsTeam.Tests.ps1 | 2 ++ 49 files changed, 161 insertions(+), 11 deletions(-) diff --git a/ResourceGenerator/UnitTest.Template.ps1 b/ResourceGenerator/UnitTest.Template.ps1 index 456efa2ffb..5547276186 100644 --- a/ResourceGenerator/UnitTest.Template.ps1 +++ b/ResourceGenerator/UnitTest.Template.ps1 @@ -27,6 +27,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 index 0e517729de..8c913408a9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index f9b56e9ab3..0c35485867 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Add-M365DSCTelemetryEvent -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Confirm-M365DSCDependencies -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index 2a713b43f4..d27befe1a4 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 index ec4f10ace8..fa4d32cc54 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 index 04b2234a09..b98bb26460 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 index 78a0fa3010..44e159540e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 @@ -26,7 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { } Mock -CommandName New-M365DSCConnection -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 index 5a438157f0..03e9998394 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaDirectoryAttributeSet -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 index 403ed9873f..8d094fce83 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } @@ -85,7 +88,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential; } } - + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 index 92dfca03b2..7ee2a2a695 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index b0ec9d4a0a..fa55f1cbe5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaEntitlementManagementConnectedOrganization -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 index 63a52ce0d5..b972d800e9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 06e568b265..44561e63a6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 index b0dd2cbd56..97b4a3f657 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 index 0b1586f83f..86e9d1d5e6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 index dbd6467749..dec1193386 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 @@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 index 45562b9072..8c17890f68 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 index a8552503e0..1734dd8b93 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 index 0f0800c5a8..1cfbb6993a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 index 80f13f2dcd..5e88c9a116 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-MgBetaNetworkAccessConnectivityRemoteNetwork -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 index b2f735572e..d603524a7d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 @@ -23,10 +23,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.com', $secpasswd) - Mock -CommandName Get-PSSession -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Remove-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 index 95be94a0da..0c01f44993 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } @@ -75,7 +78,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } It 'Should Create the id from the Set method' { - Set-TargetResource @testParams + Set-TargetResource @testParams Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 2 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 index 4fc725b180..6e058fd01b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } @@ -62,7 +65,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) attestations = (New-CimInstance -ClassName MSFT_AADVerifiedIdAuthorityContractAttestations -Property @{ required = $True - } -ClientOnly) + } -ClientOnly) } -ClientOnly) Ensure = 'Present' @@ -92,7 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @() } @@ -108,7 +111,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } It 'Should Create the id from the Set method' { - Set-TargetResource @testParams + Set-TargetResource @testParams Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 4 } } @@ -195,7 +198,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -416,7 +419,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -628,7 +631,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -799,7 +802,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 index cde4d69eaf..6453346a50 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 index fc8ba8aec7..bd265e2b50 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 @@ -29,6 +29,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 index da1e78d7ae..6fa2cd7b08 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "ServicePrincipalWithThumbprint" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 index 524bbbe878..9a325b1f44 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Save-M365DSCPartialExport -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 index db536619f4..2f60f5a80c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index 7b0a983390..f9816cfe26 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } @@ -55,7 +58,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { @{ id = '3eacc231-d77b-4efb-bb5f-310f68bd6198' DisplayName = 'MyExcludedGroup' - }, + }, @{ id = '6ee86c9f-2b3c-471d-ad38-ff4673ed723e' DisplayName = 'MyAssignedGroup' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 index ed85027560..df50dddc7f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 index e276673109..285a396bab 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index 1bdab9fafa..280beac665 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 index 7af27e93c3..18255505f7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 index f93421bccd..9961c061bd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index 4aa84407d2..671e217fe8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -26,6 +26,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith {} + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {} + Mock -CommandName Get-PSSession -MockWith {} Mock -CommandName Remove-PSSession -MockWith {} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 index d074c4be78..74821ea2f9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 index 3b34d8d51e..5560d09194 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 @@ -18,6 +18,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith {} + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {} Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } Mock -CommandName Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting -MockWith {} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 index 83a37dd25a..c199828d14 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 index 0e5552d5fd..9661d9fa2a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 index ff169134f0..f1054f03ec 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 index c6742bc497..4ceff9776a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 index 9dbc8a713c..c4c962dc2d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 index d8b2b14c14..f3b3350c30 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 index 689076b986..f82ac6aa03 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index be6cb38e38..36439be509 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -28,6 +28,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 index ff88c6593e..fe372d8589 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Connect-Graph -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 index de2f686924..c87fdb9bfd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 index d301eb29ba..c15f4eaca2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 @@ -30,6 +30,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 index d14b7cb764..bb298c8291 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 @@ -27,6 +27,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Global:PartialExportFileName = 'c:\TestPath' + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } Mock -CommandName Save-M365DSCPartialExport -MockWith { } From e5c195bad7ca2489fa0f6927a44cddecc31d5b00 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Wed, 11 Dec 2024 23:00:12 +0100 Subject: [PATCH 44/45] Add stubs functions --- Tests/Unit/Stubs/Generic.psm1 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1 index 6ad5a76fa7..eedf2c58dd 100644 --- a/Tests/Unit/Stubs/Generic.psm1 +++ b/Tests/Unit/Stubs/Generic.psm1 @@ -1273,3 +1273,20 @@ function Disable-EOPProtectionPolicyRule $Identity ) } + + +#region MSCloudLoginAssistant +function Get-MSCloudLoginConnectionProfile{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Workload + ) +} + +function Reset-MSCloudLoginConnectionProfileContext +{ +} +#endregion From eedd02151b67a3000785207720d31bf56819a32d Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 11 Dec 2024 23:20:22 +0100 Subject: [PATCH 45/45] Updated manifest --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 063a1c0551..ae8e5158c3 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -161,6 +161,8 @@ * Improve settings catalog handling for nested objects. * M365DSCResourceGenerator * Fixes an issue with nested object creation. +* MISC + * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets. * DEPENDENCIES * Updated MSCloudLoginAssistant to version 1.1.29.'