Merge pull request #4339 from microsoft/Dev

Release 1.24.214.1
microsoft · Feb 15, 2024 · 4fac2e3 · 4fac2e3
2 parents 203fda9 + b81daed
commit 4fac2e3
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 54 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Change log for Microsoft365DSC
 
-# 1.24.214.1
+# 1.24.214.2
 
 * AADConditionalAccessPolicy
   * Removed invalid empty string value that was added to the validate set

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
@@ -806,12 +806,6 @@ function Test-TargetResource
     $ValuesToCheck.Remove('ObjectId') | Out-Null
     $ValuesToCheck.Remove('AppId') | Out-Null
     $ValuesToCheck.Remove('Permissions') | Out-Null
-    $ValuesToCheck.Remove('ApplicationId') | Out-Null
-    $ValuesToCheck.Remove('Credential') | Out-Null
-    $ValuesToCheck.Remove('TenantId') | Out-Null
-    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
-    $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null
-    $ValuesToCheck.Remove('ManagedIdentity') | Out-Null
 
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `

diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1
@@ -11,7 +11,7 @@
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.24.214.1'
+  ModuleVersion     = '1.24.214.2'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
@@ -514,7 +514,6 @@ function Get-M365DSCTenantNameFromParameterSet
         [System.Collections.HashTable]
         $ParameterSet
     )
-
     if ($ParameterSet.TenantId)
     {
         return $ParameterSet.TenantId
@@ -898,47 +897,35 @@ function Test-M365DSCParameterState
         $EventMessage = [System.Text.StringBuilder]::New()
         $EventMessage.Append("<M365DSCEvent>`r`n") | Out-Null
         $TenantName = Get-M365DSCTenantNameFromParameterSet -ParameterSet $DesiredValues
+        Write-Verbose -Message "Found Tenant Name: $TenantName"
         $EventMessage.Append("    <ConfigurationDrift Source=`"$Source`" TenantId=`"$TenantName`">`r`n") | Out-Null
-
         $EventMessage.Append("        <ParametersNotInDesiredState>`r`n") | Out-Null
-        foreach ($key in $DriftedParameters.Keys)
-        {
-            Write-Verbose -Message "Detected Drifted Parameter [$Source]$key"
 
-            #region Telemetry
-            $driftedData = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
-            $driftedData.Add('Event', 'DriftedParameter')
-            $driftedData.Add('Parameter', "[$Source]$key")
+        $driftedData = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
+        $driftedData.Add('Tenant', $TenantName)
+        $driftedData.Add('Resource', $source.Split('_')[1])
+        $driftedData.Add('Event', 'DriftedParameter')
 
-            # If custom App Insights is specified, allow for the current and desired values to be captured;
-            # ISSUE #1222
-            if ($null -ne $env:M365DSCTelemetryInstrumentationKey -and `
-                    $env:M365DSCTelemetryInstrumentationKey -ne 'bc5aa204-0b1e-4499-a955-d6a639bdb4fa' -and `
-                    $env:M365DSCTelemetryInstrumentationKey -ne 'e670af5d-fd30-4407-a796-8ad30491ea7a')
-            {
-                $driftedData.Add('CurrentValue', [string]($CurrentValues[$key]))
-                $driftedData.Add('DesiredValue', [string]($DesiredValues[$key]))
-            }
-            if (-not $Data.ContainsKey('Tenant'))
-            {
-                $driftedData.Add('Tenant', $TenantName)
-            }
-            $driftedData.Add('Resource', $source.Split('_')[1])
-            Add-M365DSCTelemetryEvent -Type 'DriftInfo' -Data $driftedData
-            #endregion
-            $EventMessage.Append("            <Param Name=`"$key`">" + $DriftedParameters.$key + "</Param>`r`n") | Out-Null
-        }
-
-        #region Telemetry
-        $TenantName = Get-M365DSCTenantNameFromParameterSet -ParameterSet $DesiredValues
-        $data.Add('Event', 'ConfigurationDrift')
-
-        if (-not $Data.ContainsKey('Tenant'))
+        # If custom App Insights is specified, allow for the current and desired values to be captured;
+        # ISSUE #1222
+        if ($null -ne $env:M365DSCTelemetryInstrumentationKey -and `
+                $env:M365DSCTelemetryInstrumentationKey -ne 'bc5aa204-0b1e-4499-a955-d6a639bdb4fa' -and `
+                $env:M365DSCTelemetryInstrumentationKey -ne 'e670af5d-fd30-4407-a796-8ad30491ea7a')
         {
-            $data.Add('Tenant', $TenantName)
+            $driftedData.Add('CurrentValues', $CurrentValues)
+            $driftedData.Add('DesiredValues', $DesiredValues)
         }
         #endregion
+        $telemetryDriftedParameters = ''
+        foreach ($key in $DriftedParameters.Keys)
+        {
+            Write-Verbose -Message "Detected Drifted Parameter [$Source]$key"
+            $telemetryDriftedParameters += $key + "`r`n"
+            $EventMessage.Append("            <Param Name=`"$key`">" + $DriftedParameters.$key + "</Param>`r`n") | Out-Null
+        }
 
+        $driftedData.Add('Parameters', $telemetryDriftedParameters)
+        Add-M365DSCTelemetryEvent -Type 'DriftInfo' -Data $driftedData
         $EventMessage.Append("        </ParametersNotInDesiredState>`r`n") | Out-Null
         $EventMessage.Append("    </ConfigurationDrift>`r`n") | Out-Null
         $EventMessage.Append("    <DesiredValues>`r`n") | Out-Null

diff --git a/docs/docs/user-guide/get-started/authentication-and-permissions.md b/docs/docs/user-guide/get-started/authentication-and-permissions.md
@@ -54,7 +54,7 @@ In order to authenticate to Power Apps using a Service Principal (Certificate Th
 
 Additionally, to be able to authenticate using a Certificate Thumbprint, the underlying Power Apps PowerShell module used by Microsoft365DSC requires the certificate's private key (.pfx) to be registered under the current user's certificate store at <strong>Cert:\CurrentUser\My\</strong>. Omitting to register the private key will result in Microsoft365DSC throwing the following error when trying to authenticate to the Power Platform:
 
-```
+```powershell
 Get-Item: Cannot find path 'Cert:\CurrentUser\My\****************************************' because it does not exist.
 ```
 
@@ -174,14 +174,16 @@ SharePoint Online uses the legacy ACS model to authenticate using an Application
 3. In the App domain box, type in www.<yourtenant>.com.
 4. Leave the **Redirect URL** box empty.
 5. In the **Permission request XML** box, put in the following XML:
-```
+
+```powershell
   <AppPermissionRequests AllowAppOnlyPolicy="true">
     <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
   </AppPermissionRequests>
 ```
+
 6. Click on the **Create** button.
 <a href="/Images/Step1-SPOACS.png"><img src="/Images/Step1-SPOACS.png" alt="Register a new app for SharePoint Online." /></a>
-7. On the next screen, click on the ** Trust It** button to complete the registration process.
+7. On the next screen, click on the **Trust It** button to complete the registration process.
 <a href="/Images/Step2-SPOACS.png"><img src="/Images/Step2-SPOACS.png" alt="Register a new app for SharePoint Online." /></a>
 
 You should now be able to connect to SharePoint Online using an Application Secret.
@@ -217,10 +219,11 @@ If you want to leverage Service Principal Authentication (using an App Registrat
 
 <a href="/Images/CreatingNewSPForSC.png"><img src="/Images/CreatingNewSPForSC.png" alt="PowerShell Script to create a service principal" /></a>
 
-``` powershell
+```powershell
 $App = Get-MgApplication -Filter "DisplayName eq 'MySCApp'"
 New-ServicePrincipal -AppId $App.AppId -ServiceId $App.Id -DisplayName "SC-SPN"
 ```
+
 </li>
 
 <li><p><strong>Grant the eDiscovery Manager role to your new Service Principal:</strong></p>
@@ -232,6 +235,7 @@ New-ServicePrincipal -AppId $App.AppId -ServiceId $App.Id -DisplayName "SC-SPN"
 $SPN = Get-ServicePrincipal -Identity "SC-SPN"
 Add-RoleGroupMember -Identity eDiscoveryManager -Member $SPN.ObjectId
 ```
+
 </li>
 
 <li>
@@ -245,6 +249,7 @@ Add-RoleGroupMember -Identity eDiscoveryManager -Member $SPN.ObjectId
 $SPN = Get-ServicePrincipal -Identity "SC-SPN"
 Add-eDiscoveryCaseAdmin -User $SPN.Name
 ```
+
 </p>
 </li>
 <li><p><strong>Grant your app registration the Compliance Administrator role:</strong></p>

diff --git a/docs/docs/user-guide/get-started/monitoring-drifts.md b/docs/docs/user-guide/get-started/monitoring-drifts.md
@@ -1,6 +1,7 @@
 Once a configuration has been applied to a Microsoft 365 tenant using Microsoft365DSC, the local system will perform regular checks to analyze the configuration of the remote tenant against what its desired state should be and detect any configuration drifts. This feature comes from PowerShell DSC out-of-the-box and is not something specific to Microsoft365DSC. By default the DSC engine on the system where the configuration was applied from will check for configuration drifts every 15 minutes.
 
 ## Microsoft365DSC Event log
+
 If a drift in configuration is detected, Microsoft365DSC will log it in Event Viewer on the machine. Detected drifts will get logged under the **M365DSC** log journal in Event Viewer. Microsoft365DSC provide very detailed entries in event viewer that help you identify exactly in what component a drift was detected as well as what property was detected to have drifted.
 
 <figure markdown>

diff --git a/docs/docs/user-guide/get-started/powershell7-support.md b/docs/docs/user-guide/get-started/powershell7-support.md
@@ -4,36 +4,36 @@ While Microsoft365DSC supports running PowerShell 7+, there are a few things tha
 
 Microsoft365DSC currently requires dependencies to be installed under the C:\Program Files\WindowsPowerShell\Modules folders. Having the dependencies installed anywhere else can cause issues loading modules. The recommendation here is to use PowerShell 5.1 to install the Module using:
 
-```
+```powershell
 Install-Module Microsoft365DSC -Force
 Update-M365DSCModule
 ```
 
-Then flip to PowerShell 7+ once the prerequesite modules are properly installed under C:\Program Files\WindowsPowerShell\Modules.
+Then flip to PowerShell 7+ once the prerequisite modules are properly installed under C:\Program Files\WindowsPowerShell\Modules.
 
 ## Common Issues When the Modules are Not in the Right Folder
 
 **Export is Throwing Multiple Warnings**
 
 The module that is ensuring the proper encoding of the exported DSC content relies on the Get-DscResource cmdlet to cache information about the resources' properties and is a way to improve performance. If the Microsoft365DSC module is not located under the Windows PowerShell folder, every instance extracted by the Export process will throw the following error:
 
-```
+```powershell
 WARNING: There are no modules present in the system with the given module specification.
 ```
 
 To solve this, make sure the Microsoft365DSC is properly installed under C:\Program Files\WindowsPowerShell\Modules and that you do not have multiple versions of it installed in different locations.
 
 **Issues loading the PnP.PowerShell Module**
 
-The PnP.PowerShell module, which is currently being used by the SharePoint Online and OndeDrive for Business workloads needs to be loaded using Windows PowerShell. In PowerShell 7+, this is done by running the **Import-Module** cmdlet using the **-UseWindowsPowerShell** switch, and requires the modules to be located under C:\Program Files\WindowsPowerShell. In order for Microsoft365DSC to work for SharePoint Online and OneDrive for Business with PowerShell 7, you need to make sure that the PnP.PowerShell module is located under C:\Program Files\WindowsPowerShell\Modules\PnP.PowerShell. This can be achieved by either manually moving the module to that location, or by using PowerShell 5.1 to install it using the following line:
+The PnP.PowerShell module, which is currently being used by the SharePoint Online and OneDrive for Business workloads needs to be loaded using Windows PowerShell. In PowerShell 7+, this is done by running the **Import-Module** cmdlet using the **-UseWindowsPowerShell** switch, and requires the modules to be located under C:\Program Files\WindowsPowerShell. In order for Microsoft365DSC to work for SharePoint Online and OneDrive for Business with PowerShell 7, you need to make sure that the PnP.PowerShell module is located under C:\Program Files\WindowsPowerShell\Modules\PnP.PowerShell. This can be achieved by either manually moving the module to that location, or by using PowerShell 5.1 to install it using the following line:
 
-```
+```powershell
 Install-Module PnP.PowerShell -Force -Scope AllUsers
 ```
 
 The reason why this module needs to be loaded using WindowsPowerShell is because it tries to load its own version of the System.IdentityModel.Tokens assembly, which conflicts with the one used by the Microsoft.Graph.Authentication module. Microsoft365DSC often requires both modules to be loaded at the same time, which causes a conflict. By using the -UseWindowsPowerShell switch, we load the PnP.PowerShell module into its own separate runspace, which avoids the assembly conflicts. Having the PnP module installed under any path other than the Windows PowerShell one can result in one of the issues listed below:
 
-```
+```powershell
 Exception: Powershell 7+ was detected. We need to load the PnP.PowerShell module using the -UseWindowsPowerShell switch which
 requires the module to be installed under C:\Program Files\WindowsPowerShell\Modules. You can either move the module to
 that location or use PowerShell 5.1 to install the modules using 'Install-Module Pnp.PowerShell -Force -Scope AllUsers'.
@@ -45,6 +45,6 @@ Connect-PnPOnline: Could not load file or assembly 'System.IdentityModel.Tokens.
 
 Starting with PowerShell 7.2, the core Desired State Configuration module (PSdesiredStateConfiguration) has been decoupled from the core PowerShell build and now need to be installed separately. In a PowerShell 7+ console, you can install the module by running the command:
 
-```
+```powershell
 Install-Module PSDesiredStateConfiguration -Force
 ```
diff --git a/docs/docs/user-guide/get-started/prerequisites.md b/docs/docs/user-guide/get-started/prerequisites.md
@@ -1,18 +1,23 @@
 ## Technical requirements
+
 For Microsoft365DSC to function, you need to arrange the following components:
 
 ### PowerShell version
+
 Microsoft365DSC is supported for PowerShell version 5.1 and 7.3+. For additional details on how to leverage it with PowerShell 7, please refer to our [PowerShell 7+ Guide for Microsoft365DSC](https://microsoft365dsc.com/user-guide/get-started/powershell7-support/).
 
 ### Tooling
+
 To get the best experience running Microsoft365DSC cmdlets, it is recommended that you use the <a href="https://www.microsoft.com/en-ca/p/windows-terminal/9n0dx20hk701" target="_blank">Windows Terminal</a>. All screenshots provided in this article are using the Windows Terminal. This tool allows you to quickly switch between PowerShell versions and provide better support for icons and symbols that are used throughout Microsoft365DSC’s experience.
 
 ### Permissions
+
 In order to connect to Microsoft 365, you need to make sure you have valid credentials (user **or** application credentials) with the correct permissions to the Microsoft 365 service. Microsoft365DSC offers several methods of authentication, depending on the used resources. Unfortunately, we are depending on the supported authentication methods used by the various PowerShell modules that are used.
 
 Make sure you review the [Authentication and Permissions](../authentication-and-permissions) article for more information on the available authentication methods and how to configure all required permissions.
 
 ## Experience and skills
+
 Before you start using Microsoft365DSC, it is important that you also have the proper experience and skills on administering Microsoft 365. Microsoft365DSC is a powerful solution that can greatly streamline Microsoft 365 administration. But with great power comes great responsibility:
 
 **If you don't know what exactly you are doing, using Microsoft365DSC you can also cause some serious damage.**
@@ -34,16 +39,19 @@ Additionally it can be helpful, depending on the planned use of Microsoft365DSC,
 You can review the following training resources and certifications, for learning more about the above topics:
 
 #### PowerShell Desired State Configuration
+
 - <a href="https://docs.microsoft.com/en-us/powershell/dsc/getting-started/wingettingstarted" target="_blank">Get started with Desired State Configuration for Windows</a>
 - <a href="https://docs.microsoft.com/en-us/powershell/dsc/configurations/separatingenvdata" target="_blank">Separating configuration and environment data</a>
 - <a href="https://docs.microsoft.com/en-us/shows/getting-started-with-powershell-dsc/" target="_blank">Video series: "Getting Started with PowerShell Desired State Configuration"</a>
 
 #### Microsoft 365 Administration
+
 - <a href="https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/about-the-admin-center" target="_blank">About the Microsoft 365 admin center</a>
 - <a href="https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/admin-center-overview" target="_blank">Overview of the Microsoft 365 admin center</a>
 - <a href="https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles" target="_blank">About admin roles</a>
 - <a href="https://www.youtube.com/watch?v=aTkgF33C9hA" target="_blank">Video: Get an overview of the Microsoft 365 admin center</a>
 
 #### Recommended Certification
+
 - <a href="https://docs.microsoft.com/en-us/learn/certifications/microsoft-365-fundamentals/" target="_blank">Microsoft 365 Certified: Fundamentals (MS-900)</a>
 - <a href="https://docs.microsoft.com/en-us/learn/certifications/m365-enterprise-administrator/" target="_blank">Microsoft 365 Certified: Enterprise Administrator Expert (MS-100 & MS-101)</a>