From c6653c92de418c8db7415dbac6c7243eb0f0b40a Mon Sep 17 00:00:00 2001 From: Alfred Schreuder Date: Thu, 14 Nov 2024 09:01:28 +0100 Subject: [PATCH 1/2] Prevent null objects, allow IncludePlatforms without Exclusions --- .../MSFT_AADConditionalAccessPolicy.psm1 | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index efa3b783bb..af09ab623d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1485,13 +1485,11 @@ function Set-TargetResource if (-not $conditions.Contains('platforms')) { $conditions.Add('platforms', @{ - excludePlatforms = @() includePlatforms = @() }) } else { - $conditions.platforms.Add('excludePlatforms', @()) $conditions.platforms.Add('includePlatforms', @()) } Write-Verbose -Message "Set-Targetresource: IncludePlatforms: $IncludePlatforms" @@ -1504,8 +1502,11 @@ function Set-TargetResource $conditions.platforms.includePlatforms = @() + $IncludePlatforms } #no translation or conversion needed - Write-Verbose -Message "Set-Targetresource: ExcludePlatforms: $ExcludePlatforms" - $conditions.platforms.excludePlatforms = @() + $ExcludePlatforms + if (([Array]$ExcludePlatforms).Length -ne 0) + { + $conditions.platforms.Add('excludePlatforms', @()) + $conditions.platforms.excludePlatforms = @() + $ExcludePlatforms + } #no translation or conversion needed } else @@ -1729,18 +1730,16 @@ function Set-TargetResource $NewParameters.Add('grantControls', $GrantControls) } - Write-Verbose -Message 'Set-Targetresource: process session controls' - - $sessioncontrols = $null if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled) { + Write-Verbose -Message 'Set-Targetresource: process session controls' + $sessioncontrols = $null Write-Verbose -Message 'Set-Targetresource: create provision Session Control object' - $sessioncontrols = @{ - applicationEnforcedRestrictions = @{} - } + $sessioncontrols = @{} if ($ApplicationEnforcedRestrictionsIsEnabled -eq $true) { + $sessioncontrols.Add('applicationEnforcedRestrictions', @{}) #create and provision ApplicationEnforcedRestrictions object if used $sessioncontrols.applicationEnforcedRestrictions.Add('IsEnabled', $true) } @@ -1798,9 +1797,9 @@ function Set-TargetResource $sessioncontrols.persistentBrowser.isEnabled = $true $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode } + $NewParameters.Add('sessionControls', $sessioncontrols) + #add SessionControls to the parameter list } - $NewParameters.Add('sessionControls', $sessioncontrols) - #add SessionControls to the parameter list } Write-Host "newparameters: $($NewParameters | ConvertTo-Json -Depth 5)" From afe61b9dc3898677c9d2a19c7293050a190c067f Mon Sep 17 00:00:00 2001 From: Alfred Schreuder Date: Thu, 14 Nov 2024 13:38:49 +0100 Subject: [PATCH 2/2] Added fixed to CHANGELOG --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2602b09c6..a1c80dec73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ # UNRELEASED +* AADConditionalAccessPolicy + * Fixed bug where a null value was passed in the request for the + excludePlatforms parameter when just values were assigned to includePlatforms, which throws an error. + * Fixed bug where a null value was passed in the request for the + sessionControl parameter when there are no session controls, which throws an error. + * Fixed bug where a null value was passed in the request for the + applicationEnforcedRestrictions parameter when value was set to false, which throws an error. * AADRoleEligibilityScheduleRequest * Adds support for custom role assignments at app scope.