From 30755ceecb9aa4cc45cea45cc1cf0acc862dc2cb Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 20 Nov 2023 10:35:26 +0100 Subject: [PATCH 1/9] Always include 'ExcludeApplication' AADConditionalAccessPolicy: ExcludeApplications are not enforced #3885 --- .../MSFT_AADConditionalAccessPolicy.psm1 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 0a0904a285..a3c4b5420f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -941,10 +941,7 @@ function Set-TargetResource { $conditions.Applications.Add('IncludeApplications', $IncludeApplications) } - if ($ExcludeApplications) - { - $conditions.Applications.Add('ExcludeApplications', $ExcludeApplications) - } + $conditions.Applications.Add('ExcludeApplications', $ExcludeApplications) if ($IncludeUserActions) { $conditions.Applications.Add('IncludeUserActions', $IncludeUserActions) From f23e02258c02108a48d4a6a20403a63f4a9e0747 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 20 Nov 2023 10:38:18 +0100 Subject: [PATCH 2/9] Add fix to Changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74bdc00ea9..ffcb1f3dac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ * AADServicePrincipal * Added support to define members. FIXES [#3902](https://github.com/microsoft/Microsoft365DSC/issues/3902) +* AADConditionalAccessPolicy + * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * EXOCASMailboxPlan * Fixes an issue where we are not able to set the settings of a CAS Mailbox Plan by specifying the Identity without the GUID in the name. From aaa6e985d9ef16d0a0617fd9e3390003cc1d7c48 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 22 Nov 2023 15:35:03 +0100 Subject: [PATCH 3/9] Add condition to check attribute presence --- .../MSFT_AADConditionalAccessPolicy.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index a3c4b5420f..9475a7e067 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -941,7 +941,10 @@ function Set-TargetResource { $conditions.Applications.Add('IncludeApplications', $IncludeApplications) } - $conditions.Applications.Add('ExcludeApplications', $ExcludeApplications) + if ($currentParameters.ContainsKey("ExcludeApplications")) + { + $conditions.Applications.Add('ExcludeApplications', $ExcludeApplications) + } if ($IncludeUserActions) { $conditions.Applications.Add('IncludeUserActions', $IncludeUserActions) From 4ad1c3a0ae5174bdf44c1fa965a5f076a8040504 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Tue, 28 Nov 2023 13:02:17 +0100 Subject: [PATCH 4/9] Add Fix to Changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bc5d0e166..2ba9353277 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Change log for Microsoft365DSC # UNRELEASED +* AADConditionalAccessPolicy + * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * AADRoleSetting * Export sorted by DisplayName for better comparison * Enable Filter property to be used on export From 1758b9f7f7ed94ff8e8a121f3a7ee317decc5e03 Mon Sep 17 00:00:00 2001 From: Sandro <104500912+sandrola@users.noreply.github.com> Date: Fri, 8 Dec 2023 08:41:43 +0100 Subject: [PATCH 5/9] remove duplicate entry --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ba9353277..fdf7893da6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,8 +29,6 @@ * AADServicePrincipal * Added support to define members. FIXES [#3902](https://github.com/microsoft/Microsoft365DSC/issues/3902) -* AADConditionalAccessPolicy - * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * EXOCASMailboxPlan * Fixes an issue where we are not able to set the settings of a CAS Mailbox Plan by specifying the Identity without the GUID in the name. From 50d687caa4529f06f5876c1048fd17914a3966d1 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 21 Dec 2023 08:58:11 +0100 Subject: [PATCH 6/9] Update Changelog --- CHANGELOG.md | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 113 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdf7893da6..cc8e66b4a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,15 +1,127 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.1220.1 * AADConditionalAccessPolicy * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] +* AADEntitlementManagementAccessPackage + * Retrieve catalog by name instead of id. +* IntuneDeviceAndAppManagementAssignmentFilter + * Add support for remaining platforms supported by this policy + FIXES [#4065](https://github.com/microsoft/Microsoft365DSC/issues/4065) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Add support to decrypt encrypted OmaSettings and export them in plaintext + FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) +* IntuneDeviceEnrollmentPlatformRestriction + * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly + FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Fix issue when trying to remove policy and Identity is set to a random GUID + or from another tenant + FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) +* IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + * Added Assignments + FIXES [#2932](https://github.com/microsoft/Microsoft365DSC/issues/2932) +* SCAutoSensitivieyLabelPolicy + FIXES [#4036] Don't see any limits on our docs for priority +* M365DSCDRGUtil + * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload + FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.4. + +# 1.23.1213.1 + +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Fix issue with assignments + FIXES [#3904](https://github.com/microsoft/Microsoft365DSC/issues/3904) +* IntuneAntivirusPolicyWindows10SettingCatalog + * Fix issue with Set-TargetResource when retrieving a policy from displayName + FIXES [#4003](https://github.com/microsoft/Microsoft365DSC/issues/4003) +* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + * Fix parameter name in assignment cmdlet + FIXES [#4007](https://github.com/microsoft/Microsoft365DSC/issues/4007) +* DEPENDENCIES + * Updated Microsoft.Graph to version 2.11.1. + * Updated MSCloudLoginAssistant to version 1.1.3. + +# 1.23.1206.1 + +* IntuneAntivirusPolicyWindows10SettingCatalog + * Fix condition in Test-TargetResource to check if resource was removed or not + FIXES [#3958](https://github.com/microsoft/Microsoft365DSC/issues/3958) +* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + * Fix typo in assignment cmdlet + FIXES [#3996](https://github.com/microsoft/Microsoft365DSC/issues/3996) +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.2. +* MISC + * Fix Compare-M365DSCConfigurations to exclude resources correctly + FIXES [#4000](https://github.com/microsoft/Microsoft365DSC/issues/4000) + +# 1.23.1129.1 + * AADRoleSetting * Export sorted by DisplayName for better comparison * Enable Filter property to be used on export FIXES [#3919](https://github.com/microsoft/Microsoft365DSC/issues/3919) +* AADUser + * Added the MemberOf Property. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Skipped settingValueTemplateReference and settingInstanceTemplateReference + for severethreats, highseveritythreats, moderateseveritythreats, + lowseveritythreats as per API requirements observed in the Intune portal. + FIXES [#3818](https://github.com/microsoft/Microsoft365DSC/issues/3818) + FIXES [#3955](https://github.com/microsoft/Microsoft365DSC/issues/3955) +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy, + IntuneAccountProtectionLocalUserGroupMembershipPolicy, + IntuneAccountProtectionPolicy, + * Fixes export if Assignments is set on existing policies + FIXES [3913](https://github.com/microsoft/Microsoft365DSC/issues/3913) + * Add groupDisplayName to Assignments embedded instance +* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10, + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10, + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10, + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10, + IntuneDeviceEnrollmentStatusPageWindows10, + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined, + IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * Removed Id and all authentication parameters from PSBoundParameters in Test-TargetResource + FIXES [#3888](https://github.com/microsoft/Microsoft365DSC/issues/3888) +* IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment + FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921) +* IntuneDeviceEnrollmentStatusPageWindows10 + * Fixed assignments using API call + FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921) +* IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + * Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment + FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892) +* IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment + FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892) +* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + * Modified assigned to use sdk instead of API call and added logic to use groupDisplayName in assignment +* IntuneDeviceConfigurationPolicyWindows10 + FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921) +* IntuneDeviceEnrollmentStatusPageWindows10 + * Fixed assignments using API call + FIXES [#3921](https://github.com/microsoft/Microsoft365DSC/issues/3921) +* TeamsMessagingPolicy + * Added support for properties AllowCommunicationComplianceEndUserReporting, + AllowFluidCollaborate and AllowSecurityEndUserReporting. + FIXES [#3968](https://github.com/microsoft/Microsoft365DSC/issues/3968) +* TeamsTeam + * Fixes incompatible type for ComplianceRecordingApplications, expected string[] but receive object[] + FIXES: [#3890](https://github.com/microsoft/Microsoft365DSC/issues/3890) * DEPENDENCIES + * Updated DSCParser to version 1.4.0.1. * Updated Microsoft.Graph to version 2.10.0. * Updated MSCloudLoginAssistant to version 1.1.0. +* MISC + * M365DSCDRGUtil + * Added ConvertFrom-IntunePolicyAssignment and ConvertTo-IntunePolicyAssignment + FIXES [#3892](https://github.com/microsoft/Microsoft365DSC/issues/3892) + * Support for Multi-Tenancy (Credentials + TenantId). # 1.23.1122.1 From e98e6c6d82c94de128f3dfa5e03390f20b0b29a8 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 3 Jan 2024 17:05:23 +0100 Subject: [PATCH 7/9] Move to unreleased ChangeLog --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0340e050c7..bef0360463 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change log for Microsoft365DSC +# UNRELEASED +* AADConditionalAccessPolicy + * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] + # 1.24.103.1 * AADConditionalAccessPolicy @@ -70,8 +74,6 @@ FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021) # 1.23.1220.1 -* AADConditionalAccessPolicy - * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * AADEntitlementManagementAccessPackage * Retrieve catalog by name instead of id. * IntuneDeviceAndAppManagementAssignmentFilter From d9a64e1493be94f7a72993b25ec5161b080d9d72 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 8 Jan 2024 08:46:16 +0100 Subject: [PATCH 8/9] wip --- CHANGELOG.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bef0360463..bed56fca1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED -* AADConditionalAccessPolicy - * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] +# Unreleased # 1.24.103.1 @@ -74,6 +72,7 @@ FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021) # 1.23.1220.1 + * AADEntitlementManagementAccessPackage * Retrieve catalog by name instead of id. * IntuneDeviceAndAppManagementAssignmentFilter From ca4464887cad94a5227d18348cde45e78e144fea Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 8 Jan 2024 08:49:40 +0100 Subject: [PATCH 9/9] Add to unreased --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bed56fca1a..5f8f1d77b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Change log for Microsoft365DSC -# Unreleased +# UNRELEASED +* AADConditionalAccessPolicy + * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] # 1.24.103.1