Merge pull request #4449 from microsoft/Dev

Release 1.23.313.1

.github/workflows/PublishGitHubPages.yml

@@ -38,6 +38,10 @@ jobs:
     needs: GenerateResource
     runs-on: ubuntu-latest
 
+    permissions:    
+      contents: write
+      pages: write
+
     # Only when run from the main repo
     if: github.repository == 'microsoft/Microsoft365DSC'
 

CHANGELOG.md

@@ -1,5 +1,118 @@
 # Change log for Microsoft365DSC
 
+# 1.24.313.1
+
+* AADGroup
+  * Fixed issue when filtering groups by display name
+    FIXES [#4394](https://github.com/microsoft/Microsoft365DSC/issues/4394)
+  * Fixed issue where group owners were removed from existing groups when unspecified in the config
+    FIXES [#4390](https://github.com/microsoft/Microsoft365DSC/issues/4390)
+* EXOAcceptedDomain
+  * Update regular expression to support domains with digits
+    FIXES [#4446](https://github.com/microsoft/Microsoft365DSC/issues/4446)
+* EXOHostedContentFilterPolicy
+  * Add support for IntraOrgFilterState parameter
+  FIXES [#4424](https://github.com/microsoft/Microsoft365DSC/issues/4424)
+* EXOHostedContentFilterRule
+  * Fixed issue in case of different names of filter rule and filter policy
+  FIXES [#4401](https://github.com/microsoft/Microsoft365DSC/issues/4401)
+* EXOIntraOrganizationConnector
+  * Fixed issue with TargetSharingEpr
+    FIXES [#4381](https://github.com/microsoft/Microsoft365DSC/issues/4381)
+* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneAccountProtectionLocalUserGroupMembershipPolicy
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneAccountProtectionPolicy
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneAntivirusPolicyWindows10SettingCatalog
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneAppConfigurationPolicy
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneApplicationControlPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneASRRulesPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyAndroid
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyAndroidDeviceOwner
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyAndroidWorkProfile
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyiOs
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyMacOS
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceCompliancePolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationCustomPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationDomainJoinPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationEmailProfilePolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+* IntuneDeviceConfigurationEndpointProtectionPolicyWindows10
+  * Added support for assignment GroupDisplayName and improve error handling from
+    Get-TargetResource
+  * Fixed an issue with the parameter InterfaceTypes from firewallrules defined
+    as a string instead of string[]
+* IntuneDeviceConfigurationPKCSCertificatePolicyWindows10
+  * Add property RootCertificateDisplayName in order to support assigning root
+    certificates by display name since their Ids in a blueprint might be from a
+    different source tenant
+    FIXES [#3965](https://github.com/microsoft/Microsoft365DSC/issues/3965)
+* IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator
+  * Fixed policy assignment retrieval when Id is from other tenant, bogus or
+    null
+    FIXES [#3970](https://github.com/microsoft/Microsoft365DSC/issues/3970)
+* IntuneDeviceConfigurationPolicyAndroidOpenSourceProject
+  * Fixed policy assignment retrieval when Id is from other tenant, bogus or
+    null
+    FIXES [#3971](https://github.com/microsoft/Microsoft365DSC/issues/3971)
+  * Fixed compare logic for CIM instances in Test-TargetResource
+* M365DSCRuleEvaluation
+  * Fix issue when it didn't find any matching resources and it tried to make a
+    comparison
+* O365OrgSettings
+  * Add read permission for extracting M365 apps installation settings instead
+    of extracting them only with read/write permissions
+    FIXES [#4418](https://github.com/microsoft/Microsoft365DSC/issues/4418)
+* TeamsVoiceRoute
+  * Fix policy removal and also comparison in Test-TargetResource
+* DEPENDENCIES
+  * Updated DSCParser to version 1.4.0.4.
+  * Updated Microsoft.Graph to version 2.15.0.
+  * Updated MicrosoftTeams to version 6.0.0.
+* MISC
+  * Enhancement to obfuscate password from verbose logging and avoid empty lines
+    FIXES [#4392](https://github.com/microsoft/Microsoft365DSC/issues/4392)
+  * Fix example in documentation for Update-M365DSCAzureAdApplication
+  * Added support for groupDisplayName to all devices and all users groups
 
 # 1.24.228.1
 
@@ -133,7 +246,6 @@
   * Updated Microsoft.Graph to version 2.14.1.
 
 # 1.24.214.2
-
 * AADConditionalAccessPolicy
   * Removed invalid empty string value that was added to the validate set
     of two parameters.

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1

@@ -105,7 +105,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexExcludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexExcludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexExcludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.targetType)
         {
@@ -124,7 +131,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexIncludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexIncludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexIncludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.targetType)
         {
@@ -154,7 +168,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexExcludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexExcludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexExcludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.targetType)
         {
@@ -173,7 +194,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexIncludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexIncludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexIncludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.targetType)
         {
@@ -202,7 +230,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexExcludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexExcludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexExcludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.targetType)
         {
@@ -221,7 +256,14 @@ function Get-TargetResource
         }
         else
         {
-            $complexIncludeTarget.Add('Id', 'all_users')
+            if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id -eq '00000000-0000-0000-0000-000000000000')
+            {
+                $complexIncludeTarget.Add('Id', '00000000-0000-0000-0000-000000000000')
+            }
+            else
+            {
+                $complexIncludeTarget.Add('Id', 'all_users')
+            }
         }
         if ($null -ne $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.targetType)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1

@@ -75,7 +75,7 @@ function Get-TargetResource
 
         if (-not [System.String]::IsNullOrEmpty($Id))
         {
-            $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Id
+            $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Id -ErrorAction 'SilentlyContinue'
         }
 
         if ($null -eq $getValue)
@@ -279,7 +279,7 @@ function Test-TargetResource
 
     $CurrentValues = Get-TargetResource @PSBoundParameters
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
-
+    $ValuesToCheck.Remove('Id') | Out-Null
     if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure)
     {
         Write-Verbose -Message "Test-TargetResource returned $false"

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1

@@ -166,7 +166,11 @@ function Get-TargetResource
             }
             else
             {
-                $filter = "DisplayName eq '$DisplayName'" -replace "'", "''"
+                if ($DisplayName.Contains("'"))
+                {
+                    $DisplayName = $DisplayName -replace "'", "''"
+                }
+                $filter = "DisplayName eq '$DisplayName'"
                 $Group = Get-MgGroup -Filter $filter -ErrorAction Stop
             }
             if ($Group.Length -gt 1)
@@ -273,7 +277,7 @@ function Get-TargetResource
                 Credential                    = $Credential
                 Managedidentity               = $ManagedIdentity.IsPresent
             }
-            Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)"
+
             return $result
         }
     }
@@ -618,48 +622,52 @@ function Set-TargetResource
     if ($Ensure -ne 'Absent')
     {
         #Owners
-        $currentOwnersValue = @()
-        if ($currentParameters.Owners.Length -gt 0)
-        {
-            $currentOwnersValue = $backCurrentOwners
-        }
-        $desiredOwnersValue = @()
-        if ($Owners.Length -gt 0)
-        {
-            $desiredOwnersValue = $Owners
-        }
-        if ($backCurrentOwners -eq $null)
-        {
-            $backCurrentOwners = @()
-        }
-        $ownersDiff = Compare-Object -ReferenceObject $backCurrentOwners -DifferenceObject $desiredOwnersValue
-        foreach ($diff in $ownersDiff)
+        if ($PSBoundParameters.ContainsKey('Owners'))
         {
-            $user = Get-MgUser -UserId $diff.InputObject
-
-            if ($diff.SideIndicator -eq '=>')
+            $currentOwnersValue = @()
+            if ($currentParameters.Owners.Length -gt 0)
             {
-                Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
-                $ownerObject = @{
-                    '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
-                }
-                try
-                {
-                    New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject -ErrorAction Stop | Out-Null
-                }
-                catch
+                $currentOwnersValue = $backCurrentOwners
+            }
+            $desiredOwnersValue = @()
+            if ($Owners.Length -gt 0)
+            {
+                $desiredOwnersValue = $Owners
+            }
+            if ($backCurrentOwners -eq $null)
+            {
+                $backCurrentOwners = @()
+            }
+            $ownersDiff = Compare-Object -ReferenceObject $backCurrentOwners -DifferenceObject $desiredOwnersValue
+            foreach ($diff in $ownersDiff)
+            {
+                $user = Get-MgUser -UserId $diff.InputObject
+
+                if ($diff.SideIndicator -eq '=>')
                 {
-                    if ($_.Exception.Message -notlike '*One or more added object references already exist for the following modified properties*')
+                    Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                    $ownerObject = @{
+                        '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}"
+                    }
+                    try
+                    {
+                        New-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -BodyParameter $ownerObject -ErrorAction Stop | Out-Null
+                    }
+                    catch
                     {
-                        throw $_
+                        if ($_.Exception.Message -notlike '*One or more added object references already exist for the following modified properties*')
+                        {
+                            throw $_
+                        }
                     }
                 }
+                elseif ($diff.SideIndicator -eq '<=')
+                {
+                    Write-Verbose -Message "Removing new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
+                    Remove-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null
+                }
             }
-            elseif ($diff.SideIndicator -eq '<=')
-            {
-                Write-Verbose -Message "Removing new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
-                Remove-MgGroupOwnerByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null
-            }
+
         }
 
         #Members

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1

@@ -154,16 +154,15 @@
             else
             {
                 Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId"
+                Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}"
                 if ($PrincipalType -eq 'User')
                 {
-                    Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}"
                     $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue
                     $PrincipalTypeValue = 'User'
                 }
 
                 if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group')
                 {
-                    Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}"
                     $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue
                     $PrincipalTypeValue = 'Group'
                 }
@@ -817,10 +816,10 @@ function Export-TargetResource
         }
         foreach ($request in $Script:exportedInstances)
         {
-            $displayedKey = $request.Id
+            $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
+            $displayedKey = $RoleDefinitionId.DisplayName + " - " + $request.PrincipalId
             Write-Host "    |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline
 
-            $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
             $params = @{
                 Id                    = $request.Id
                 Principal             = $request.PrincipalId