diff --git a/CHANGELOG.md b/CHANGELOG.md index 9042b2aae8..5883411a56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADAuthenticationContext + * Initial Release. * AADConditionalAccessPolicy * Adds support for Authentication Context. FIXES [#3813](https://github.com/microsoft/Microsoft365DSC/issues/3813) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 new file mode 100644 index 0000000000..0869dca002 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 @@ -0,0 +1,397 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + + $getValue = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -AuthenticationContextClassReferenceId $Id ` + -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find Authentication Context with Id {$Id}" + return $nullResult + } + Write-Verbose -Message "Authentication Context Policy with Id {$Id} was found." + + $results = @{ + Id = $getValue.Id + DisplayName = $getValue.DisplayName + Description = $getValue.Description + IsAvailable = [Boolean]$getValue.IsAvailable + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating new Authentication Context with Id {$Id}" + New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference @BoundParameters | Out-Null + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Authentication Context with Id {$($currentInstance.Id)}" + $BoundParameters.Add('AuthenticationContextClassReferenceId', $Id) + $BoundParameters.Remove('Id') | Out-Null + Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference @BoundParameters | Out-Null + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Authentication Context with Id {$($currentInstance.Id)}" + Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -AuthenticationContextClassReferenceId $Id | Out-Null + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Authentication Context Id {$Id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + " - " + $config.DisplayName + + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof new file mode 100644 index 0000000000..b7f86d5f21 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationContextClassReference")] +class MSFT_AADAuthenticationContextClassReference : OMI_BaseResource +{ + [Key, Description("Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25."), ValueMap{"c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"}, Values{"c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"}] String Id; + [Write, Description("A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX")] String DisplayName; + [Write, Description("A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.")] String Description; + [Write, Description("Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it's set to false, it shouldn't be shown in admin UX experiences because the value isn't currently available for selection.")] Boolean IsAvailable; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md new file mode 100644 index 0000000000..212cc73c9b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md @@ -0,0 +1,6 @@ + +# AADAuthenticationMethodPolicy + +## Description + +Azure AD Authentication Method Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json new file mode 100644 index 0000000000..249e208352 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json @@ -0,0 +1,40 @@ +{ + "resourceName": "AADAuthenticationMethodPolicy", + "description": "This resource configures an Azure AD Authentication Method Policy.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Authentication Policy Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 new file mode 100644 index 0000000000..33c0004a94 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" + { + Credential = $credsCredential; + Description = "Context test"; + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 new file mode 100644 index 0000000000..a41d9b3ac9 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 @@ -0,0 +1,188 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADAuthenticationContextClassReference" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + } + + Mock -CommandName Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + return @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -Exactly 1 + } + } + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + return @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + return @{ + Description = "This is my super context test"; + DisplayName = "My Super Drifted Context"; # Drift + Id = "c3"; + IsAvailable = $True; + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { + return @{ + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 8b41f10e85..abed4acd5c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -30128,6 +30128,83 @@ function Get-MgBetaIdentityConditionalAccess $Break ) } +function Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Get-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] @@ -31127,6 +31204,63 @@ function Get-MgBetaPolicyTokenLifetimePolicy $HttpPipelineAppend ) } +function New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAvailable, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] @@ -31356,11 +31490,11 @@ function New-MgBetaPolicyCrossTenantAccessPolicyPartner [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $InboundTrust, [Parameter()] [PSObject] - $InboundTrust, + $AutomaticUserConsentSettings, [Parameter()] [PSObject] @@ -31370,6 +31504,10 @@ function New-MgBetaPolicyCrossTenantAccessPolicyPartner [PSObject] $B2BDirectConnectOutbound, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, + [Parameter()] [PSObject] $B2BDirectConnectInbound, @@ -31525,6 +31663,55 @@ function Remove-MgBetaIdentityConditionalAccess $HttpPipelineAppend ) } +function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Remove-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] @@ -31693,16 +31880,16 @@ function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $InputObject, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AuthenticationMethodConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -31717,10 +31904,6 @@ function Remove-MgBetaPolicyAuthenticationStrengthPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, - [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -31757,6 +31940,10 @@ function Remove-MgBetaPolicyAuthenticationStrengthPolicy [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $AuthenticationStrengthPolicyId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break @@ -31970,6 +32157,71 @@ function Update-MgBetaIdentityConditionalAccess $HttpPipelineAppend ) } +function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAvailable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Update-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] @@ -32119,6 +32371,10 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $ReportSuspiciousActivitySettings, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -32165,8 +32421,8 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $InputObject, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] @@ -32177,8 +32433,8 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AuthenticationMethodConfigurationId, [Parameter()] [System.String] @@ -32456,6 +32712,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [System.String] $Description, + [Parameter()] + [PSObject] + $Templates, + [Parameter()] [System.String] $DisplayName, @@ -32472,10 +32732,6 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $Partners, @@ -32496,6 +32752,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -32525,6 +32785,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault [System.Management.Automation.SwitchParameter] $IsServiceDefault, + [Parameter()] + [System.Collections.Hashtable] + $InvitationRedemptionIdentityProviderConfiguration, + [Parameter()] [PSObject] $TenantRestrictions, @@ -32539,11 +32803,11 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $InboundTrust, [Parameter()] [PSObject] - $InboundTrust, + $AutomaticUserConsentSettings, [Parameter()] [PSObject] @@ -32634,6 +32898,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyPartner [PSObject] $B2BDirectConnectOutbound, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, + [Parameter()] [System.String] $CrossTenantAccessPolicyConfigurationPartnerTenantId, @@ -32972,6 +33240,7 @@ function Update-MgBetaPolicyTokenLifetimePolicy ) } #endregion + #region Microsoft.Graph.Beta.Teams function Get-MgBetaTeam {