Skip to content

Commit

Permalink
Merge pull request #5540 from FabienTschanz/feat/migrate-mscloudlogin…
Browse files Browse the repository at this point in the history
…-auth-context

PRIORITY / URGENT - Migrate MSCloudLoginAssistant authentication context access to cmdlets
  • Loading branch information
ykuijs authored Dec 11, 2024
2 parents 0bb9b50 + e5c195b commit 936ec1a
Show file tree
Hide file tree
Showing 105 changed files with 333 additions and 163 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Change log for Microsoft365DSC

# UNRELEASED

# 1.24.1211.1

* AADApplication
Expand All @@ -16,6 +18,8 @@
* Improve settings catalog handling for nested objects.
* M365DSCResourceGenerator
* Fixes an issue with nested object creation.
* MISC
* Migrate `MSCloudLoginAssistant` authentication context access to cmdlets.
* DEPENDENCIES
* Updated MSCloudLoginAssistant to version 1.1.29.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ function Set-TargetResource

$updateJSON = ConvertTo-Json $updateParameters
Write-Verbose -Message "Updating the Entra Id Admin Consent Request Policy with values: $updateJSON"
$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/adminConsentRequestPolicy'
$Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/adminConsentRequestPolicy'
Invoke-MgGraphRequest -Method 'PUT' `
-Uri $Uri `
-Body $updateJSON | Out-Null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ function Get-TargetResource
foreach ($auMember in $auMembers)
{
$member = @{}
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
if ($memberObject.'@odata.type' -match 'user')
{
Expand Down Expand Up @@ -233,7 +233,7 @@ function Get-TargetResource
}
}
Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}"
if (($memberObject.'@odata.type') -match 'user')
Expand Down Expand Up @@ -563,7 +563,7 @@ function Set-TargetResource
foreach ($member in $memberSpecification)
{
Write-Verbose -Message "Adding new dynamic member {$($member.Id)}"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($member.Type)/$($member.Id)"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($member.Type)/$($member.Id)"
$memberBodyParam = @{
'@odata.id' = $url
}
Expand Down Expand Up @@ -657,7 +657,7 @@ function Set-TargetResource
{
Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}"

$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$memberType/$($memberObject.Id)"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$memberType/$($memberObject.Id)"
$memberBodyParam = @{
'@odata.id' = $url
}
Expand Down Expand Up @@ -789,7 +789,7 @@ function Set-TargetResource
Write-Verbose -Message "Removing AU {$DisplayName}"
# Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1
# https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
#Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ function Get-TargetResource

try
{
$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing"
$Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing"
$oppInfo = Invoke-MgGraphRequest -Method GET `
-Uri $Uri `
-ErrorAction SilentlyContinue
Expand Down Expand Up @@ -931,7 +931,7 @@ function Set-TargetResource
{
$Type = 'directoryObjects'
}
$ObjectUri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject
$ObjectUri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject
$ownerObject = @{
'@odata.id' = $ObjectUri
}
Expand Down Expand Up @@ -1152,7 +1152,7 @@ function Set-TargetResource
$onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress
Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload"

$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing"
$Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing"
Invoke-MgGraphRequest -Method 'PATCH' `
-Uri $Uri `
-Body $onPremisesPayload
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ function Get-TargetResource
}
else
{
$response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName }
}
}
Expand Down Expand Up @@ -334,7 +334,7 @@ function Set-TargetResource
{
Write-Verbose -Message "Updating the Azure AD Authentication Method Policy External with name {$($currentInstance.displayName)}"

$response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName }

$params.Remove('displayName') | Out-Null
Expand All @@ -347,7 +347,7 @@ function Set-TargetResource
{
Write-Verbose -Message "Removing the Azure AD Authentication Method Policy External with Id {$($currentInstance.displayName)}"

$response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName }

Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $getValue.Id
Expand Down Expand Up @@ -539,7 +539,7 @@ function Export-TargetResource
{
#region resource generator code
$desiredType = '#microsoft.graph.externalAuthenticationMethodConfiguration'
$getPolicy = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$getPolicy = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
$getValue = $getPolicy.AuthenticationMethodConfigurations | Where-Object -FilterScript { $_.'@odata.type' -eq $desiredType }
#endregion

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ function Get-TargetResource
$nullResult = $PSBoundParameters

$getValue = $null
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
$getValue = Invoke-MgGraphRequest -Method Get -Uri $url

if ($null -eq $getValue)
Expand Down Expand Up @@ -155,7 +155,7 @@ function Set-TargetResource
#endregion

$currentInstance = Get-TargetResource @PSBoundParameters
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"

$params = @{}
if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1457,7 +1457,7 @@ function Set-TargetResource
if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule'))
{
#check if the custom attribute exist.
$customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions')
$customattribute = Invoke-MgGraphRequest -Method GET -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions')
$ServicePrincipalFilterRule -match 'CustomSecurityAttribute.(?<attribute>.*) -.*'
$attrinrule = $matches.attribute
if ($customattribute.value.id -contains $attrinrule)
Expand Down Expand Up @@ -1817,7 +1817,7 @@ function Set-TargetResource
{
Write-Verbose -Message "Updating existing policy with values: $(Convert-M365DscHashtableToString -Hashtable $NewParameters)"

$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)"
$Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)"
Invoke-MgGraphRequest -Method PATCH -Uri $Uri -Body $NewParameters
}
catch
Expand All @@ -1841,7 +1841,7 @@ function Set-TargetResource
{
try
{
$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identity/conditionalAccess/policies'
$Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identity/conditionalAccess/policies'
Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $NewParameters
}
catch
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,7 @@ function Set-TargetResource
}
}
}
$uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/deviceRegistrationPolicy'
$uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/deviceRegistrationPolicy'
Write-Verbose -Message "Updating Device Registration Policy with payload:`r`n$(ConvertTo-Json $updateParameters -Depth 10)"
Invoke-MgGraphRequest -Method PUT -Uri $uri -Body $updateParameters
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ function Set-TargetResource
}
}
$body = ConvertTo-Json $values -Depth 10 -Compress
Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body
Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body
}

function Test-TargetResource
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -355,7 +355,7 @@ function Set-TargetResource
foreach ($incompatibleAccessPackage in $IncompatibleAccessPackages)
{
$ref = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
}

New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
Expand All @@ -368,7 +368,7 @@ function Set-TargetResource
foreach ($IncompatibleGroup in $IncompatibleGroups)
{
$ref = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$IncompatibleGroup"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$IncompatibleGroup"
}

New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `
Expand Down Expand Up @@ -485,7 +485,7 @@ function Set-TargetResource
foreach ($incompatibleAccessPackage in $toBeAdded.InputObject)
{
$ref = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
}

New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
Expand Down Expand Up @@ -522,7 +522,7 @@ function Set-TargetResource
{

$ref = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$incompatibleGroup"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$incompatibleGroup"
}

New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -436,7 +436,7 @@ function Set-TargetResource
}
Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)"
$TenantIdValue = $CreateParameters.IdentitySources.TenantId
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')"
$url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')"
$DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName
$newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName

Expand All @@ -446,7 +446,7 @@ function Set-TargetResource
$directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
$directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
$directoryObjectRef = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
}

New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
Expand All @@ -459,7 +459,7 @@ function Set-TargetResource
$directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor
$directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
$directoryObjectRef = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
}

New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `
Expand Down Expand Up @@ -515,7 +515,7 @@ function Set-TargetResource
$directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
$directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
$directoryObjectRef = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
}

New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
Expand Down Expand Up @@ -553,7 +553,7 @@ function Set-TargetResource
$directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
$directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
$directoryObjectRef = @{
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
'@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
}

New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `
Expand Down
Loading

0 comments on commit 936ec1a

Please sign in to comment.