Skip to content

Commit

Permalink
Merge pull request #5404 from AlfredSchreuder/fix-MSFT_AADConditional…
Browse files Browse the repository at this point in the history 
…AccessPolicy

MSFT_AADConditionalAccessPolicy [BUG] Prevent null objects, allow IncludePlatforms without Exclusions
  • Loading branch information
@ykuijs
ykuijs authored Nov 15, 2024
2 parents 29e66b6 + afe61b9 commit a0f2ae5
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

# UNRELEASED

* AADConditionalAccessPolicy
* Fixed bug where a null value was passed in the request for the
excludePlatforms parameter when just values were assigned to includePlatforms, which throws an error.
* Fixed bug where a null value was passed in the request for the
sessionControl parameter when there are no session controls, which throws an error.
* Fixed bug where a null value was passed in the request for the
applicationEnforcedRestrictions parameter when value was set to false, which throws an error.
* AADRoleEligibilityScheduleRequest
* Adds support for custom role assignments at app scope.
* IntuneFirewallRulesHyperVPolicyWindows10
Expand Down
23 changes: 11 additions & 12 deletions ...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1485,13 +1485,11 @@ function Set-TargetResource
if (-not $conditions.Contains('platforms'))
{
$conditions.Add('platforms', @{
excludePlatforms = @()
includePlatforms = @()
})
}
else
{
$conditions.platforms.Add('excludePlatforms', @())
$conditions.platforms.Add('includePlatforms', @())
}
Write-Verbose -Message "Set-Targetresource: IncludePlatforms: $IncludePlatforms"
Expand All @@ -1504,8 +1502,11 @@ function Set-TargetResource
$conditions.platforms.includePlatforms = @() + $IncludePlatforms
}
#no translation or conversion needed
Write-Verbose -Message "Set-Targetresource: ExcludePlatforms: $ExcludePlatforms"
$conditions.platforms.excludePlatforms = @() + $ExcludePlatforms
if (([Array]$ExcludePlatforms).Length -ne 0)
{
$conditions.platforms.Add('excludePlatforms', @())
$conditions.platforms.excludePlatforms = @() + $ExcludePlatforms
}
#no translation or conversion needed
}
else
Expand Down Expand Up @@ -1729,18 +1730,16 @@ function Set-TargetResource
$NewParameters.Add('grantControls', $GrantControls)
}

Write-Verbose -Message 'Set-Targetresource: process session controls'

$sessioncontrols = $null
if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled)
{
Write-Verbose -Message 'Set-Targetresource: process session controls'
$sessioncontrols = $null
Write-Verbose -Message 'Set-Targetresource: create provision Session Control object'
$sessioncontrols = @{
applicationEnforcedRestrictions = @{}
}
$sessioncontrols = @{}

if ($ApplicationEnforcedRestrictionsIsEnabled -eq $true)
{
$sessioncontrols.Add('applicationEnforcedRestrictions', @{})
#create and provision ApplicationEnforcedRestrictions object if used
$sessioncontrols.applicationEnforcedRestrictions.Add('IsEnabled', $true)
}
Expand Down Expand Up @@ -1798,9 +1797,9 @@ function Set-TargetResource
$sessioncontrols.persistentBrowser.isEnabled = $true
$sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
}
$NewParameters.Add('sessionControls', $sessioncontrols)
#add SessionControls to the parameter list
}
$NewParameters.Add('sessionControls', $sessioncontrols)
#add SessionControls to the parameter list
}

Write-Host "newparameters: $($NewParameters | ConvertTo-Json -Depth 5)"
Expand Down

0 comments on commit a0f2ae5

Please sign in to comment.