From ba1bf743850be56714192e37867dccc6bde992a3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 20 Oct 2023 08:33:39 -0400 Subject: [PATCH 1/3] Initial --- CHANGELOG.md | 2 + ...ADAuthenticationContextClassReference.psm1 | 414 +++++++++++++++ ...enticationContextClassReference.schema.mof | 15 + .../readme.md | 6 + .../settings.json | 40 ++ ...nticationContextClassReference-Example.ps1 | 38 ++ ...henticationContextClassReference.Tests.ps1 | 489 ++++++++++++++++++ 7 files changed, 1004 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index a032116246..72f6f2b504 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADAuthenticationContext + * Initial Release. * AADConditionalAccessPolicy * Adds support for Authentication Context. FIXES [#3813](https://github.com/microsoft/Microsoft365DSC/issues/3813) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 new file mode 100644 index 0000000000..843b58d9e8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 @@ -0,0 +1,414 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + + $getValue = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -AuthenticationContextClassReferenceId $Id ` + -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find Authentication Context with Id {$Id}" + return $nullResult + } + Write-Verbose -Message "Authentication Context Policy with Id {$Id} was found." + + $results = @{ + Id = $getValue.Id + DisplayName = $getValue.DisplayName + Description = $getValue.Description + IsAvailable = [Boolean]$getValue.IsAvailable + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Authentication Method Policy instance cannot be created" + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Authentication Method Policy with Id {$($currentInstance.Id)}" + + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.AuthenticationMethodsPolicy") + Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Authentication Method Policy with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaPolicyAuthenticationMethodPolicy + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [ValidateSet('c1', 'c2', 'c3', 'c4', 'c5', 'c6', 'c7', 'c8', 'c9', 'c10', 'c11', 'c12', 'c13', 'c14', 'c15', 'c16', 'c17', 'c18', 'c19', 'c20', 'c21', 'c22', 'c23', 'c24', 'c25')] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $IsAvailable, + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Authentication Context Id {$Id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + " - " + $config.DisplayName + + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof new file mode 100644 index 0000000000..ed2055f575 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationContext")] +class MSFT_AADAuthenticationContext : OMI_BaseResource +{ + [Key, Description("Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25. ")] String Id; + [Write, Description("A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX")] String DisplayName; + [Write, Description("A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.")] String Description; + [Write, Description("Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it's set to false, it shouldn't be shown in admin UX experiences because the value isn't currently available for selection.")] Boolean IsAvailable; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md new file mode 100644 index 0000000000..212cc73c9b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/readme.md @@ -0,0 +1,6 @@ + +# AADAuthenticationMethodPolicy + +## Description + +Azure AD Authentication Method Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json new file mode 100644 index 0000000000..249e208352 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json @@ -0,0 +1,40 @@ +{ + "resourceName": "AADAuthenticationMethodPolicy", + "description": "This resource configures an Azure AD Authentication Method Policy.", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Authentication Policy Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.AuthenticationMethod" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 new file mode 100644 index 0000000000..55efb80fe2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + { + ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Present"; + Id = "authenticationMethodsPolicy"; + PolicyMigrationState = "preMigration"; + PolicyVersion = "1.4"; + RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ + AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ + SnoozeDurationInDays = 1 + IncludeTargets = @( + MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ + TargetedAuthenticationMethod = 'microsoftAuthenticator' + TargetType = 'group' + Id = 'all_users' + } + ) + State = 'default' + } + }; + TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 new file mode 100644 index 0000000000..9d4ad3d0d2 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 @@ -0,0 +1,489 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADAuthenticationMethodPolicy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Update-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + } + + Mock -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + } + # Test contexts + Context -Name "The AADAuthenticationMethodPolicy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ + AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } -ClientOnly) + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + } -ClientOnly) + SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ + State = "default" + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name "The AADAuthenticationMethodPolicy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ + AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } -ClientOnly) + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + } -ClientOnly) + SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ + State = "default" + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = @{ + AuthenticationMethodsRegistrationCampaign = @{ + IncludeTargets = @( + @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + } + SystemCredentialPreferences = @{ + State = "default" + IncludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 + } + } + Context -Name "The AADAuthenticationMethodPolicy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ + AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } -ClientOnly) + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + } -ClientOnly) + SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ + State = "default" + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = @{ + AuthenticationMethodsRegistrationCampaign = @{ + IncludeTargets = @( + @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + } + SystemCredentialPreferences = @{ + State = "default" + IncludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADAuthenticationMethodPolicy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ + AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } -ClientOnly) + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + } -ClientOnly) + SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ + State = "default" + IncludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + ExcludeTargets = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ + TargetType = "user" + Id = "FakeStringValue" + } -ClientOnly) + ) + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + return @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 7 + RegistrationEnforcement = @{ + AuthenticationMethodsRegistrationCampaign = @{ + IncludeTargets = @( + @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } + ) + State = "default" + SnoozeDurationInDays = 7 + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + } + SystemCredentialPreferences = @{ + State = "default" + IncludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyMigrationState = "preMigration" + PolicyVersion = "FakeStringValue" + ReconfirmationInDays = 25 + RegistrationEnforcement = @{ + AuthenticationMethodsRegistrationCampaign = @{ + IncludeTargets = @( + @{ + Id = "FakeStringValue" + TargetType = "user" + TargetedAuthenticationMethod = "FakeStringValue" + } + ) + State = "default" + SnoozeDurationInDays = 25 + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + } + SystemCredentialPreferences = @{ + State = "default" + IncludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + ExcludeTargets = @( + @{ + TargetType = "user" + Id = "FakeStringValue" + } + ) + } + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 237db1fcd012c678f1fbf044005e1e408cf349c8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 20 Oct 2023 09:18:28 -0400 Subject: [PATCH 2/3] Fixes --- ...ADAuthenticationContextClassReference.psm1 | 37 +- ...enticationContextClassReference.schema.mof | 8 +- ...nticationContextClassReference-Example.ps1 | 39 +- ...henticationContextClassReference.Tests.ps1 | 407 +++--------------- 4 files changed, 82 insertions(+), 409 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 index 843b58d9e8..0869dca002 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -124,7 +124,7 @@ function Set-TargetResource [System.String] $Id, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $DisplayName, @@ -179,41 +179,24 @@ function Set-TargetResource #endregion $currentInstance = Get-TargetResource @PSBoundParameters - $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Authentication Method Policy instance cannot be created" + Write-Verbose -Message "Creating new Authentication Context with Id {$Id}" + New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference @BoundParameters | Out-Null } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the Authentication Method Policy with Id {$($currentInstance.Id)}" - - $UpdateParameters = ([Hashtable]$BoundParameters).clone() - $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters - - $UpdateParameters.Remove('Id') | Out-Null - - $keys = (([Hashtable]$UpdateParameters).clone()).Keys - foreach ($key in $keys) - { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') - { - $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key - } - } - #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.AuthenticationMethodsPolicy") - Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters - #endregion + Write-Verbose -Message "Updating the Authentication Context with Id {$($currentInstance.Id)}" + $BoundParameters.Add('AuthenticationContextClassReferenceId', $Id) + $BoundParameters.Remove('Id') | Out-Null + Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference @BoundParameters | Out-Null } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Azure AD Authentication Method Policy with Id {$($currentInstance.Id)}" - #region resource generator code - Remove-MgBetaPolicyAuthenticationMethodPolicy - #endregion + Write-Verbose -Message "Removing the Authentication Context with Id {$($currentInstance.Id)}" + Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -AuthenticationContextClassReferenceId $Id | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof index ed2055f575..b7f86d5f21 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.schema.mof @@ -1,7 +1,7 @@ -[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationContext")] -class MSFT_AADAuthenticationContext : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationContextClassReference")] +class MSFT_AADAuthenticationContextClassReference : OMI_BaseResource { - [Key, Description("Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25. ")] String Id; + [Key, Description("Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25."), ValueMap{"c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"}, Values{"c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"}] String Id; [Write, Description("A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX")] String DisplayName; [Write, Description("A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.")] String Description; [Write, Description("Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it's set to false, it shouldn't be shown in admin UX experiences because the value isn't currently available for selection.")] Boolean IsAvailable; @@ -11,5 +11,5 @@ class MSFT_AADAuthenticationContext : OMI_BaseResource [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 index 55efb80fe2..33c0004a94 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 @@ -5,34 +5,25 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC - Node localhost + node localhost { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "preMigration"; - PolicyVersion = "1.4"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; + Description = "Context test"; + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 index 9d4ad3d0d2..a41d9b3ac9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationContextClassReference.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "AADAuthenticationMethodPolicy" -GenericStubModule $GenericStubPath + -DscResource "AADAuthenticationContextClassReference" -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -27,10 +27,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } - Mock -CommandName Update-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { } - Mock -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { } Mock -CommandName New-M365DSCConnection -MockWith { @@ -42,54 +42,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } # Test contexts - Context -Name "The AADAuthenticationMethodPolicy should exist but it DOES NOT" -Fixture { + Context -Name "The instance should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = "Present" + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; Credential = $Credential; } - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { return $null } } @@ -101,99 +65,23 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADAuthenticationMethodPolicy exists but it SHOULD NOT" -Fixture { + Context -Name "The instance exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = 'Absent' + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; Credential = $Credential; } - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" - } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; } } } @@ -208,201 +96,52 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Remove the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 + Should -Invoke -CommandName Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -Exactly 1 } } - Context -Name "The AADAuthenticationMethodPolicy Exists and Values are already in the desired state" -Fixture { + Context -Name "The instance exists and values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = 'Present' - Credential = $Credential; + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; } - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" - } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; } } } - It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name "The AADAuthenticationMethodPolicy exists and values are NOT in the desired state" -Fixture { + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = 'Present' - Credential = $Credential; + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + Credential = $Credential; } - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { return @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 7 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 7 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } + Description = "This is my super context test"; + DisplayName = "My Super Drifted Context"; # Drift + Id = "c3"; + IsAvailable = $True; } } } @@ -417,7 +156,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 + Should -Invoke -CommandName Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -Exactly 1 } } @@ -426,55 +165,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" $testParams = @{ - Credential = $Credential + Credential = $Credential; } - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { + Mock -CommandName Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" - } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - + Description = "This is my super context test"; + DisplayName = "My Super Context"; + Id = "c3"; + IsAvailable = $True; } } } From c61409116ac736870001053a4d992f6dc56ea043 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 20 Oct 2023 09:50:35 -0400 Subject: [PATCH 3/3] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 309 +++++++++++++++++++++++++++-- 1 file changed, 289 insertions(+), 20 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 8b41f10e85..abed4acd5c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -30128,6 +30128,83 @@ function Get-MgBetaIdentityConditionalAccess $Break ) } +function Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Get-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] @@ -31127,6 +31204,63 @@ function Get-MgBetaPolicyTokenLifetimePolicy $HttpPipelineAppend ) } +function New-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAvailable, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] @@ -31356,11 +31490,11 @@ function New-MgBetaPolicyCrossTenantAccessPolicyPartner [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $InboundTrust, [Parameter()] [PSObject] - $InboundTrust, + $AutomaticUserConsentSettings, [Parameter()] [PSObject] @@ -31370,6 +31504,10 @@ function New-MgBetaPolicyCrossTenantAccessPolicyPartner [PSObject] $B2BDirectConnectOutbound, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, + [Parameter()] [PSObject] $B2BDirectConnectInbound, @@ -31525,6 +31663,55 @@ function Remove-MgBetaIdentityConditionalAccess $HttpPipelineAppend ) } +function Remove-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Remove-MgBetaIdentityConditionalAccessNamedLocation { [CmdletBinding()] @@ -31693,16 +31880,16 @@ function Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $InputObject, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AuthenticationMethodConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -31717,10 +31904,6 @@ function Remove-MgBetaPolicyAuthenticationStrengthPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $AuthenticationStrengthPolicyId, - [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -31757,6 +31940,10 @@ function Remove-MgBetaPolicyAuthenticationStrengthPolicy [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $AuthenticationStrengthPolicyId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break @@ -31970,6 +32157,71 @@ function Update-MgBetaIdentityConditionalAccess $HttpPipelineAppend ) } +function Update-MgBetaIdentityConditionalAccessAuthenticationContextClassReference +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAvailable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $AuthenticationContextClassReferenceId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} function Update-MgBetaIdentityConditionalAccessPolicy { [CmdletBinding()] @@ -32119,6 +32371,10 @@ function Update-MgBetaPolicyAuthenticationMethodPolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $ReportSuspiciousActivitySettings, + [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -32165,8 +32421,8 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $InputObject, [Parameter()] - [System.String] - $AuthenticationMethodConfigurationId, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] @@ -32177,8 +32433,8 @@ function Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfig $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $AuthenticationMethodConfigurationId, [Parameter()] [System.String] @@ -32456,6 +32712,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [System.String] $Description, + [Parameter()] + [PSObject] + $Templates, + [Parameter()] [System.String] $DisplayName, @@ -32472,10 +32732,6 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $Partners, @@ -32496,6 +32752,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -32525,6 +32785,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault [System.Management.Automation.SwitchParameter] $IsServiceDefault, + [Parameter()] + [System.Collections.Hashtable] + $InvitationRedemptionIdentityProviderConfiguration, + [Parameter()] [PSObject] $TenantRestrictions, @@ -32539,11 +32803,11 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyDefault [Parameter()] [PSObject] - $AutomaticUserConsentSettings, + $InboundTrust, [Parameter()] [PSObject] - $InboundTrust, + $AutomaticUserConsentSettings, [Parameter()] [PSObject] @@ -32634,6 +32898,10 @@ function Update-MgBetaPolicyCrossTenantAccessPolicyPartner [PSObject] $B2BDirectConnectOutbound, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsInMultiTenantOrganization, + [Parameter()] [System.String] $CrossTenantAccessPolicyConfigurationPartnerTenantId, @@ -32972,6 +33240,7 @@ function Update-MgBetaPolicyTokenLifetimePolicy ) } #endregion + #region Microsoft.Graph.Beta.Teams function Get-MgBetaTeam {