Skip to content

Commit

Permalink
Merge pull request #3983 from NikCharlebois/VariousFixes
Browse files Browse the repository at this point in the history
Various Fixes
  • Loading branch information
NikCharlebois authored Nov 30, 2023
2 parents ba92563 + ccabc54 commit 65aa728
Show file tree
Hide file tree
Showing 9 changed files with 219 additions and 150 deletions.
47 changes: 26 additions & 21 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,18 @@

# UNRELEASED

* IntuneAntivirusPolicyWindows10SettingCatalog
* Skipped settingValueTemplateReference and settingInstanceTemplateReference for severethreats, highseveritythreats, moderateseveritythreats, lowseveritythreats as per API requirements observed in the Intune portal
FIXES [#3818](https://github.com/microsoft/Microsoft365DSC/issues/3818)
FIXES [#3955](https://github.com/microsoft/Microsoft365DSC/issues/3955)
* AADRoleSetting
* Export sorted by DisplayName for better comparison
* Enable Filter property to be used on export
FIXES [#3919](https://github.com/microsoft/Microsoft365DSC/issues/3919)
* AADUser
* Added the MemberOf Property.
* IntuneAntivirusPolicyWindows10SettingCatalog
* Skipped settingValueTemplateReference and settingInstanceTemplateReference
for severethreats, highseveritythreats, moderateseveritythreats,
lowseveritythreats as per API requirements observed in the Intune portal.
FIXES [#3818](https://github.com/microsoft/Microsoft365DSC/issues/3818)
FIXES [#3955](https://github.com/microsoft/Microsoft365DSC/issues/3955)
* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy,
IntuneAccountProtectionLocalUserGroupMembershipPolicy,
IntuneAccountProtectionPolicy,
Expand All @@ -24,36 +28,37 @@
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined,
IntuneWindowsAutopilotDeploymentProfileAzureADJoined
* Removed Id and all authentication parameters from PSBoundParameters in Test-TargetResource
FIXES [#3888](https://github.com/microsoft/Microsoft365DSC/issues/3888)
* DEPENDENCIES
* Updated DSCParser to version 1.4.0.1.
* Updated Microsoft.Graph to version 2.10.0.
* Updated MSCloudLoginAssistant to version 1.1.0.
* TeamsTeam
* Fixes incompatible type for ComplianceRecordingApplications, expected string[] but receive object[]
FIXES: [#3890](https://github.com/microsoft/Microsoft365DSC/issues/3890)
* M365DSCDRGUtil
* Added ConvertFrom-IntunePolicyAssignment and ConvertTo-IntunePolicyAssignment
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)
FIXES [#3888](https://github.com/microsoft/Microsoft365DSC/issues/3888)
* IntuneWindowsAutopilotDeploymentProfileAzureADJoined
* Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
* IntuneDeviceEnrollmentStatusPageWindows10
* Fixed assignments using API call
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
* IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined
* Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)
* IntuneWindowsAutopilotDeploymentProfileAzureADJoined
* Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)
* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10
* Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment
* IntuneDeviceConfigurationPolicyWindows10
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
* IntuneDeviceEnrollmentStatusPageWindows10
* Fixed assignments using API call
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921)
* TeamsTeam
* Fixes incompatible type for ComplianceRecordingApplications, expected string[] but receive object[]
FIXES: [#3890](https://github.com/microsoft/Microsoft365DSC/issues/3890)
* DEPENDENCIES
* Updated DSCParser to version 1.4.0.1.
* Updated Microsoft.Graph to version 2.10.0.
* Updated MSCloudLoginAssistant to version 1.1.0.
* MISC
* M365DSCDRGUtil
* Added ConvertFrom-IntunePolicyAssignment and ConvertTo-IntunePolicyAssignment
FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892)

# 1.23.1122.1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -363,13 +363,19 @@ function Export-TargetResource
}
catch
{
Write-Host $Global:M365DSCEmojiRedX

New-M365DSCLogEntry -Message 'Error during Export:' `
if ($_.ErrorDetails.Message -like "*Insufficient privileges*")
{
Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Insufficient permissions or license to export Attribute Sets."
}
else
{
Write-Host $Global:M365DSCEmojiRedX
New-M365DSCLogEntry -Message 'Error during Export:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
}

return ''
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
"description": "Represents a group of related custom security attribute definitions.",
"roles": {
"read": [
"Security Reader"
"Attribute Definition Reader"
],
"update": [
"Authentication Policy Administrator"
"Attribute Definition Administrator"
]
},
"permissions": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,14 @@
}
if ($null -eq $schedule -or $null -eq $request)
{
if ($null -eq $schedule)
{
Write-Verbose -Message "Could not retrieve the schedule for {$($request.PrincipalId)} & RoleDefinitionId {$RoleDefinitionId}"
}
if ($null -eq $request)
{
Write-Verbose -Message "Could not request the schedule for {$RoleDefinition}"
}
return $nullResult
}

Expand All @@ -211,6 +219,7 @@

if ($null -eq $PrincipalInstance)
{
Write-Verbose -Message "Couldn't retrieve Principal {$($request.PrincipalId)}"
return $nullResult
}

Expand Down Expand Up @@ -298,7 +307,7 @@
}
catch
{
Write-Verbose "Verbose: $($_.ErrorDetails.Message)"
Write-Verbose "Error: $($_.ErrorDetails.Message)"
New-M365DSCLogEntry -Message 'Error retrieving data:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
Expand Down Expand Up @@ -814,15 +823,20 @@ function Export-TargetResource
}
catch
{
Write-Verbose -Message "Exception: $($_.Exception.Message)"

Write-Host $Global:M365DSCEmojiRedX

New-M365DSCLogEntry -Message 'Error during Export:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
if ($_.ErrorDetails.Message -like "*The tenant needs an AAD Premium*")
{
Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Tenant does not meet license requirement to extract this component."
}
else
{
Write-Verbose -Message "Exception: $($_.Exception.Message)"
Write-Host $Global:M365DSCEmojiRedX
New-M365DSCLogEntry -Message 'Error during Export:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
}

return ''
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,8 @@ function Export-TargetResource
}
catch
{
if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*")
if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or
$_.Exception -like "* Unauthorized*")
{
Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -656,13 +656,21 @@ function Export-TargetResource
}
catch
{
Write-Host $Global:M365DSCEmojiRedX
if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or
$_.Exception -like "* Unauthorized*")
{
Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
}
else
{
Write-Host $Global:M365DSCEmojiRedX

New-M365DSCLogEntry -Message 'Error during Export:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
New-M365DSCLogEntry -Message 'Error during Export:' `
-Exception $_ `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
}

return ''
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,7 @@ function Export-TargetResource
[Switch]
$ManagedIdentity
)
Write-Host "`r`n" -NoNewline
return $null
}

Expand Down
36 changes: 30 additions & 6 deletions Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,13 @@ function Start-M365DSCConfigurationExtract
Write-Host -Object '- Credentials'
$AuthMethods += 'Credentials'
}
if ($null -ne $Credential -and `
[System.String]::IsNullOrEmpty($ApplicationId) -and `
-not [System.String]::IsNullOrEmpty($TenantId))
{
Write-Host -Object '- Credentials with Tenant Id'
$AuthMethods += 'CredentialsWithTenantId'
}
if ($null -ne $Credential -and `
-not [System.String]::IsNullOrEmpty($ApplicationId))
{
Expand Down Expand Up @@ -232,7 +239,7 @@ function Start-M365DSCConfigurationExtract

Write-Host '[WARNING]' -NoNewline -ForegroundColor Yellow
Write-Host ' Based on the provided Authentication parameters, the following resources cannot be extracted: ' -ForegroundColor Gray
Write-Host "$resourcesNotSupported" -ForegroundColor Gray
Write-Host "$($resourcesNotSupported -join ',')" -ForegroundColor Gray

# If all selected resources are not valid based on the authentication method used, simply return.
if ($ComponentsToSkip.Length -eq $selectedResources.Length)
Expand Down Expand Up @@ -409,7 +416,7 @@ function Start-M365DSCConfigurationExtract
-Value $ApplicationSecret `
-Description 'Azure AD Application Secret for Authentication'
}
{ $_ -in 'Credentials', 'CredentialsWithApplicationId' }
{ $_ -in 'Credentials', 'CredentialsWithApplicationId', 'CredentialsWithTenantId' }
{
if ($newline)
{
Expand Down Expand Up @@ -485,9 +492,15 @@ function Start-M365DSCConfigurationExtract
if ((($Components -and ($Components -contains $resourceName)) -or $AllComponents -or `
(-not $Components -and $null -eq $Workloads)) -and `
($ComponentsSpecified -or ($ComponentsToSkip -notcontains $resourceName)) -and `
$resourcesNotSupported -notcontains $resourceName)
$resourcesNotSupported -notcontains $resourceName -and `
-not $resourceName.StartsWith("M365DSC"))
{
$ResourcesToExport += $ResourceName
$authMethod = $allSupportedResourcesWithMostSecureAuthMethod | Where-Object -FilterScript {$_.Resource -eq $ResourceName}
$resourceInfo = @{
Name = $ResourceName
AuthenticationMethod = $authMethod.AuthMethod
}
$ResourcesToExport += $resourceInfo
$ResourcesPath += $ResourceModule
}
}
Expand All @@ -506,9 +519,9 @@ function Start-M365DSCConfigurationExtract
}
foreach ($Workload in $WorkloadsToConnectTo)
{
Write-Host "Connecting to {$Workload}..." -NoNewline
Write-Host "Connecting to {$($Workload.Name)}..." -NoNewline
$ConnectionParams = @{
Workload = $Workload
Workload = $Workload.Name
ApplicationId = $ApplicationId
ApplicationSecret = $ApplicationSecret
TenantId = $TenantId
Expand All @@ -519,6 +532,12 @@ function Start-M365DSCConfigurationExtract
Identity = $ManagedIdentity.IsPresent
}

if ($workload.AuthenticationMethod -eq 'Credentials')
{
$ConnectionParams.Remove('TenantId') | Out-Null
$ConnectionParams.Remove('ApplicationId') | Out-Null
}

try
{
Connect-M365Tenant @ConnectionParams | Out-Null
Expand Down Expand Up @@ -570,6 +589,11 @@ function Start-M365DSCConfigurationExtract
}
$parameters.Add('Credential', $Credential)
}
'CredentialsWithTenantId'
{
$parameters.Add('Credential', $Credential)
$parameters.Add('TenantId', $TenantId)
}
'ManagedIdentity'
{
$parameters.Add('ManagedIdentity', $ManagedIdentity)
Expand Down
Loading

0 comments on commit 65aa728

Please sign in to comment.