From 1608d00bb2779f538cf8f20a4960c6258e5e17a7 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:24:21 +0100 Subject: [PATCH 01/14] Prepare release --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 239 ++----------------- 1 file changed, 25 insertions(+), 214 deletions(-) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index fa43f229f6..29793f458f 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-08 +# Generated on: 2024-11-13 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1106.3' + ModuleVersion = '1.24.1113.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,220 +147,31 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAccessReviewDefinition - * Initial release. -* AADAccessReviewPolicy - * Initial release. -* AADAuthenticationMethodPolicyExternal - * Initial release. -* AADClaimsMappingPolicy - * Initial release. -* AADConditionalAccessPolicy - * FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282) - * Added support for InsiderRiskLevels. -* AADCustomSecurityAttributeDefinition - * Fixed missing permissions in settings.json -* AADEnrichedAuditLogs - * Initial release. -* AADFederationConfiguration - * Initial release. -* AADFilteringPolicy - * Initial release. -* AADFilteringPolicyRule - * Initial release. -* AADFilteringProfile - * Initial release. -* AADGroup - * Added support for custom roles assignment. - FIXES [#5322](https://github.com/microsoft/Microsoft365DSC/issues/5322) -* AADHomeRealmDiscoveryPolicy - * Initial Release -* AADIdentityAPIConnector - * Initial release. -* AADIdentityB2XUserFlow - * Initial release. -* AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension - * Initial release. -* AADIdentityGovernanceProgram - * Initial release. -* AADIdentityProtectionPolicySettings - * Initial release. -* AADNamedLocationPolicy - * Fixed issue where duplicate names were not detected correctly. -* AADNetworkAccessForwardingPolicy - * Initial release. -* AADNetworkAccessForwardingProfile - * Initial release. -* AADNetworkAccessSettingConditionalAccess - * Initial release. -* AADNetworkAccessSettingCrossTenantAccess - * Initial release. -* AADOnPremisesPublishingProfilesSettings - * Initial release. -* AADOrganizationCertificateBasedAuthConfiguration - * Initial release. -* AADRemoteNetwork - * Initial release. -* AADRoleEligibilityScheduleRequest - * Fixes for Custom roles. - FIXES [#5330](https://github.com/microsoft/Microsoft365DSC/issues/5330) - * Fixes to remove elegibility schedule for custom roles. - FIXES [#5331](https://github.com/microsoft/Microsoft365DSC/issues/5331) -* AADRoleManagementPolicyRule - * Initial release. -* AADServicePrincipal - * Added the notes field. - FIXES [#5312](https://github.com/microsoft/Microsoft365DSC/issues/5312) - * Added support for KeyCredentials and PasswordCredentials. - * Added support for SAML. - * Fixed issue with Owners. -* AADSocialIdentityProvider - * Fixed missing permissions in settings.json -* AADUserFlowAttribute - * Initial Release -* AADVerifiedIdAuthority - * Initial release. -* AADVerifiedIdAuthorityContract - * Initial release. -* AzureBillingAccountsAssociatedTenant - * Initial release. -* AzureBillingAccountsRoleAssignment - * Initial release. -* AzureDiagnosticSettings - * Initial release. -* AzureDiagnosticSettingsCustomSecurityAttribute - * Initial release. -* AzureSubscription - * Renamed parameters and added logic flow to create new subscriptions. -* AzureVerifiedIdFaceCheck - * Initial release. -* DefenderDeviceAuthenticatedScanDefinition - * Initial release. -* EXOActiveSyncMailboxPolicy - * Initial release. -* EXOArcConfig - * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers` - when it has an array -* EXOMailboxAuditBypassAssociation - * Initial release. -* EXOMailboxSettings - * Added support for AddressBookPolicy, RetentionPolicy, RoleAssignmentPolicy - and SharingPolicy. -* EXOServicePrincipal - * Initial release. -* EXOTenantAllowBlockListItems - * Fixed `Test-TargetResource` to correctly mark when this resource is removed -* EXOTenantAllowBlockListSpoofItems - * Initial release. -* IntuneAccountProtectionLocalUserGroupMembershipPolicy - * Updates values in `UserSelectionType`. - FIXES [#5318](https://github.com/microsoft/Microsoft365DSC/issues/5318) -* IntuneAntivirusPolicyLinux - * Initial release. -* IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr - * Initial release. -* IntuneAppCategory - * Fixed retrieval of resource which could then result in multiple categories - being created with same name. -* IntuneAppleMDMPushNotificationCertificate - * Initial release. -* IntuneAppProtectionPolicyiOS - * Fixes an issue that could cause multiple instances to be created when multiple - instances with the same display name exist. -* IntuneDerivedCredential - * Fixed export and deployment when `NotificationType` had more than one option - selected - * Fixed retrieval of resource when it cannot be found by `Id` - * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile - * Initial release. -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fixes an issue with `AutoFromConnector` as the Configuration package type. - FIXES [#5246](https://github.com/microsoft/Microsoft365DSC/issues/5246) -* IntuneMobileThreatDefenseConnector - * Initial release. -* IntuneSecurityBaselineDefenderForEndpoint - * Initial release. -* IntuneSettingCatalogCustomPolicyWindows10 - * Fixes an issue with limited results when more than 25 results are present. -* Intune workload - * Fixed missing permissions in settings.json -* M365DSCRuleEvaluation - * Changed the name of the Key property from ResourceName to ResourceTypeName. - While this is considered a breaking change, the old property name was - breaking the DSCParser process. The impact of this breaking the parsing - process is important enough to justify an out-of-band breaking change of - this resource. -* ODSettings - * Deprecated property NotifyOwnersWhenInvitationsAccepted. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* PPPowerAppsEnvironment - * Add ProvisionDatabase attribute - FIXES [#5207](https://github.com/microsoft/Microsoft365DSC/issues/5207) -* PPTenantSettings - * Updated to support latest settings. -* SCInsiderRiskPolicy - * Added support for property MDATPTriageStatus. - * Added support for GPUUtilizationLimit and CPUUtilizationLimit. -* SCPolicyConfig - * Initial release. -* SCSensitivityLabel - * Fixed issue with setting label priority - FIXES [#5266](https://github.com/microsoft/Microsoft365DSC/issues/5266) -* SentinelAlertRule - * Initial release. -* SentinelThreatIntelligenceIndicator - * Initial release. -* SPOSharingSettings - * Deprecated property RequireAcceptingAccountMatchInvitedAccount. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* SPOTenantSettings - * Added support for AllowSelectSGsInODBListInTenant, - DenySelectSGsInODBListInTenant, DenySelectSecurityGroupsInSPSitesList, - AllowSelectSecurityGroupsInSPSitesList, - ExemptNativeUsersFromTenantLevelRestricedAccessControl properties. - * TenantDefaultTimezone changed to String instead of Array. -* TeamsMeetingPolicy - * Added new parameters: AllowExternalNonTrustedMeetingChat, AttendeeIdentityMasking, - AutomaticallyStartCopilot, AutoRecording, ConnectToMeetingControls, - ContentSharingInExternalMeetings, Copilot, CopyRestriction, - DetectSensitiveContentDuringScreenSharing, ExternalMeetingJoin, ParticipantNameChange, - VoiceIsolation -* TeamsOrgWideAppSettings - * Fixed an issue where ManagedIdentity was not define in the methods signatures. - FIXES [#5188](https://github.com/microsoft/Microsoft365DSC/issues/5188) + ReleaseNotes = '* AADConditionalAccessPolicy + * Fixed bug where an empty value was passed in the request for the + insiderRiskLevels parameter, which throws an error. + FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy + * Update property `PasswordAgeDays_AAD` to be lower-case. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) +* IntuneAntivirusExclusionsPolicyMacOS + * Initial release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Update properties to be upper-case. + Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneSecurityBaselineMicrosoftEdge + * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil - * Fixes an issue where non-unique properties were not combined - properly with their respective parent setting. -* MISC - * Fixed references to graph.microsoft.com with dynamic domain name based on target cloud. - Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup, - AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10, - IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy, - IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10, - IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10, - IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets, - IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil - * Exponential performance improvements by reducing complexity and roundtrips. - * Changed the logic that appends GUID in the resource name when primary key is not found during an - export. We will only append a GUID if the IsSingleInstance property is not found on the resource. - * Add check in AADGroupSettings for NewUnifiedGroupWritebackDefault not existing in Government by default - FIXES [#5213](https://github.com/microsoft/Microsoft365DSC/issues/5213) - * Fix static refrences to graph.microsoft.com - FIXES [#5339](https://github.com/microsoft/Microsoft365DSC/issues/5339) - AADNetworkAccessForwardingPolicy. AADOrganizationCertificateBasedAuthConfiguration, - AADAuthenticationMethodPolicyExternal, AADEnrichedAuditLogs - FIXES [#5340](https://github.com/microsoft/Microsoft365DSC/issues/5340) - IntuneDeviceManagementEnrollmentAndroidGooglePlay, IntuneAppleMDMPushNotificationCertificate - * Fixes static OData refrences to graph.microsoft.com - AADApplication, AADEntitlementManagementAccessPackage, AADEntitlementManagementConnectedOrganization - AADServicePrincipal - FIXES [#5342](https://github.com/microsoft/Microsoft365DSC/issues/5342) + * Restrict CIM instance access to properties that appear multiple times. + * Switch log type for not found Intune assignments to `Warning`. +* M365DSCIntuneSettingsCatalogUtil + * Add ADMX handling for `edge~httpauthentication_`. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) +* TeamsUpgradePolicy + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.24.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.199. - * Updated MSCloudLoginAssistant to version 1.1.27 - * Updated MicrosoftTeams to version 6.6.0.' + * Updated DSCParser to version 2.0.0.12. + * Updated MSCloudLoginAssistant to version 1.1.28.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 3c027959a981330c7724db6dce619102c6206a4c Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:24:21 +0100 Subject: [PATCH 02/14] Prepare release --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 239 ++----------------- 1 file changed, 25 insertions(+), 214 deletions(-) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index fa43f229f6..29793f458f 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-08 +# Generated on: 2024-11-13 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1106.3' + ModuleVersion = '1.24.1113.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,220 +147,31 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAccessReviewDefinition - * Initial release. -* AADAccessReviewPolicy - * Initial release. -* AADAuthenticationMethodPolicyExternal - * Initial release. -* AADClaimsMappingPolicy - * Initial release. -* AADConditionalAccessPolicy - * FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282) - * Added support for InsiderRiskLevels. -* AADCustomSecurityAttributeDefinition - * Fixed missing permissions in settings.json -* AADEnrichedAuditLogs - * Initial release. -* AADFederationConfiguration - * Initial release. -* AADFilteringPolicy - * Initial release. -* AADFilteringPolicyRule - * Initial release. -* AADFilteringProfile - * Initial release. -* AADGroup - * Added support for custom roles assignment. - FIXES [#5322](https://github.com/microsoft/Microsoft365DSC/issues/5322) -* AADHomeRealmDiscoveryPolicy - * Initial Release -* AADIdentityAPIConnector - * Initial release. -* AADIdentityB2XUserFlow - * Initial release. -* AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension - * Initial release. -* AADIdentityGovernanceProgram - * Initial release. -* AADIdentityProtectionPolicySettings - * Initial release. -* AADNamedLocationPolicy - * Fixed issue where duplicate names were not detected correctly. -* AADNetworkAccessForwardingPolicy - * Initial release. -* AADNetworkAccessForwardingProfile - * Initial release. -* AADNetworkAccessSettingConditionalAccess - * Initial release. -* AADNetworkAccessSettingCrossTenantAccess - * Initial release. -* AADOnPremisesPublishingProfilesSettings - * Initial release. -* AADOrganizationCertificateBasedAuthConfiguration - * Initial release. -* AADRemoteNetwork - * Initial release. -* AADRoleEligibilityScheduleRequest - * Fixes for Custom roles. - FIXES [#5330](https://github.com/microsoft/Microsoft365DSC/issues/5330) - * Fixes to remove elegibility schedule for custom roles. - FIXES [#5331](https://github.com/microsoft/Microsoft365DSC/issues/5331) -* AADRoleManagementPolicyRule - * Initial release. -* AADServicePrincipal - * Added the notes field. - FIXES [#5312](https://github.com/microsoft/Microsoft365DSC/issues/5312) - * Added support for KeyCredentials and PasswordCredentials. - * Added support for SAML. - * Fixed issue with Owners. -* AADSocialIdentityProvider - * Fixed missing permissions in settings.json -* AADUserFlowAttribute - * Initial Release -* AADVerifiedIdAuthority - * Initial release. -* AADVerifiedIdAuthorityContract - * Initial release. -* AzureBillingAccountsAssociatedTenant - * Initial release. -* AzureBillingAccountsRoleAssignment - * Initial release. -* AzureDiagnosticSettings - * Initial release. -* AzureDiagnosticSettingsCustomSecurityAttribute - * Initial release. -* AzureSubscription - * Renamed parameters and added logic flow to create new subscriptions. -* AzureVerifiedIdFaceCheck - * Initial release. -* DefenderDeviceAuthenticatedScanDefinition - * Initial release. -* EXOActiveSyncMailboxPolicy - * Initial release. -* EXOArcConfig - * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers` - when it has an array -* EXOMailboxAuditBypassAssociation - * Initial release. -* EXOMailboxSettings - * Added support for AddressBookPolicy, RetentionPolicy, RoleAssignmentPolicy - and SharingPolicy. -* EXOServicePrincipal - * Initial release. -* EXOTenantAllowBlockListItems - * Fixed `Test-TargetResource` to correctly mark when this resource is removed -* EXOTenantAllowBlockListSpoofItems - * Initial release. -* IntuneAccountProtectionLocalUserGroupMembershipPolicy - * Updates values in `UserSelectionType`. - FIXES [#5318](https://github.com/microsoft/Microsoft365DSC/issues/5318) -* IntuneAntivirusPolicyLinux - * Initial release. -* IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr - * Initial release. -* IntuneAppCategory - * Fixed retrieval of resource which could then result in multiple categories - being created with same name. -* IntuneAppleMDMPushNotificationCertificate - * Initial release. -* IntuneAppProtectionPolicyiOS - * Fixes an issue that could cause multiple instances to be created when multiple - instances with the same display name exist. -* IntuneDerivedCredential - * Fixed export and deployment when `NotificationType` had more than one option - selected - * Fixed retrieval of resource when it cannot be found by `Id` - * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile - * Initial release. -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fixes an issue with `AutoFromConnector` as the Configuration package type. - FIXES [#5246](https://github.com/microsoft/Microsoft365DSC/issues/5246) -* IntuneMobileThreatDefenseConnector - * Initial release. -* IntuneSecurityBaselineDefenderForEndpoint - * Initial release. -* IntuneSettingCatalogCustomPolicyWindows10 - * Fixes an issue with limited results when more than 25 results are present. -* Intune workload - * Fixed missing permissions in settings.json -* M365DSCRuleEvaluation - * Changed the name of the Key property from ResourceName to ResourceTypeName. - While this is considered a breaking change, the old property name was - breaking the DSCParser process. The impact of this breaking the parsing - process is important enough to justify an out-of-band breaking change of - this resource. -* ODSettings - * Deprecated property NotifyOwnersWhenInvitationsAccepted. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* PPPowerAppsEnvironment - * Add ProvisionDatabase attribute - FIXES [#5207](https://github.com/microsoft/Microsoft365DSC/issues/5207) -* PPTenantSettings - * Updated to support latest settings. -* SCInsiderRiskPolicy - * Added support for property MDATPTriageStatus. - * Added support for GPUUtilizationLimit and CPUUtilizationLimit. -* SCPolicyConfig - * Initial release. -* SCSensitivityLabel - * Fixed issue with setting label priority - FIXES [#5266](https://github.com/microsoft/Microsoft365DSC/issues/5266) -* SentinelAlertRule - * Initial release. -* SentinelThreatIntelligenceIndicator - * Initial release. -* SPOSharingSettings - * Deprecated property RequireAcceptingAccountMatchInvitedAccount. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* SPOTenantSettings - * Added support for AllowSelectSGsInODBListInTenant, - DenySelectSGsInODBListInTenant, DenySelectSecurityGroupsInSPSitesList, - AllowSelectSecurityGroupsInSPSitesList, - ExemptNativeUsersFromTenantLevelRestricedAccessControl properties. - * TenantDefaultTimezone changed to String instead of Array. -* TeamsMeetingPolicy - * Added new parameters: AllowExternalNonTrustedMeetingChat, AttendeeIdentityMasking, - AutomaticallyStartCopilot, AutoRecording, ConnectToMeetingControls, - ContentSharingInExternalMeetings, Copilot, CopyRestriction, - DetectSensitiveContentDuringScreenSharing, ExternalMeetingJoin, ParticipantNameChange, - VoiceIsolation -* TeamsOrgWideAppSettings - * Fixed an issue where ManagedIdentity was not define in the methods signatures. - FIXES [#5188](https://github.com/microsoft/Microsoft365DSC/issues/5188) + ReleaseNotes = '* AADConditionalAccessPolicy + * Fixed bug where an empty value was passed in the request for the + insiderRiskLevels parameter, which throws an error. + FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy + * Update property `PasswordAgeDays_AAD` to be lower-case. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) +* IntuneAntivirusExclusionsPolicyMacOS + * Initial release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Update properties to be upper-case. + Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneSecurityBaselineMicrosoftEdge + * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil - * Fixes an issue where non-unique properties were not combined - properly with their respective parent setting. -* MISC - * Fixed references to graph.microsoft.com with dynamic domain name based on target cloud. - Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup, - AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10, - IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy, - IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10, - IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10, - IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets, - IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil - * Exponential performance improvements by reducing complexity and roundtrips. - * Changed the logic that appends GUID in the resource name when primary key is not found during an - export. We will only append a GUID if the IsSingleInstance property is not found on the resource. - * Add check in AADGroupSettings for NewUnifiedGroupWritebackDefault not existing in Government by default - FIXES [#5213](https://github.com/microsoft/Microsoft365DSC/issues/5213) - * Fix static refrences to graph.microsoft.com - FIXES [#5339](https://github.com/microsoft/Microsoft365DSC/issues/5339) - AADNetworkAccessForwardingPolicy. AADOrganizationCertificateBasedAuthConfiguration, - AADAuthenticationMethodPolicyExternal, AADEnrichedAuditLogs - FIXES [#5340](https://github.com/microsoft/Microsoft365DSC/issues/5340) - IntuneDeviceManagementEnrollmentAndroidGooglePlay, IntuneAppleMDMPushNotificationCertificate - * Fixes static OData refrences to graph.microsoft.com - AADApplication, AADEntitlementManagementAccessPackage, AADEntitlementManagementConnectedOrganization - AADServicePrincipal - FIXES [#5342](https://github.com/microsoft/Microsoft365DSC/issues/5342) + * Restrict CIM instance access to properties that appear multiple times. + * Switch log type for not found Intune assignments to `Warning`. +* M365DSCIntuneSettingsCatalogUtil + * Add ADMX handling for `edge~httpauthentication_`. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) +* TeamsUpgradePolicy + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.24.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.199. - * Updated MSCloudLoginAssistant to version 1.1.27 - * Updated MicrosoftTeams to version 6.6.0.' + * Updated DSCParser to version 2.0.0.12. + * Updated MSCloudLoginAssistant to version 1.1.28.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 3a3b9c96fc5dfed4ca2138043ffb6b09c73b855d Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:27:32 +0100 Subject: [PATCH 03/14] Rebase with Dev --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd63a44079..4252502ece 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,7 +30,7 @@ * Add ADMX handling for `edge~httpauthentication_`. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) * TeamsUpgradePolicy - * Changes to how we're retrieving the users to improve performance. + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES * Updated DSCParser to version 2.0.0.12. * Updated MSCloudLoginAssistant to version 1.1.28. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 29793f458f..9bcc3e1e22 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -151,6 +151,10 @@ * Fixed bug where an empty value was passed in the request for the insiderRiskLevels parameter, which throws an error. FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* EXOATPBuiltInProtectionRule, EXOEOPProtectionRule + * Fixed issue where empty arrays were being compared incorrectly to null + strings + FIXES [#5394](https://github.com/microsoft/Microsoft365DSC/issues/5394) * IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy * Update property `PasswordAgeDays_AAD` to be lower-case. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) @@ -159,6 +163,9 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Remove changed property name from export. + FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) * IntuneSecurityBaselineMicrosoftEdge * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil From a754643a5bfdc591127ca359c698ee1f42a9d6d8 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:24:21 +0100 Subject: [PATCH 04/14] Prepare release --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 239 ++----------------- 1 file changed, 25 insertions(+), 214 deletions(-) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index fa43f229f6..29793f458f 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-08 +# Generated on: 2024-11-13 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1106.3' + ModuleVersion = '1.24.1113.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,220 +147,31 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAccessReviewDefinition - * Initial release. -* AADAccessReviewPolicy - * Initial release. -* AADAuthenticationMethodPolicyExternal - * Initial release. -* AADClaimsMappingPolicy - * Initial release. -* AADConditionalAccessPolicy - * FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282) - * Added support for InsiderRiskLevels. -* AADCustomSecurityAttributeDefinition - * Fixed missing permissions in settings.json -* AADEnrichedAuditLogs - * Initial release. -* AADFederationConfiguration - * Initial release. -* AADFilteringPolicy - * Initial release. -* AADFilteringPolicyRule - * Initial release. -* AADFilteringProfile - * Initial release. -* AADGroup - * Added support for custom roles assignment. - FIXES [#5322](https://github.com/microsoft/Microsoft365DSC/issues/5322) -* AADHomeRealmDiscoveryPolicy - * Initial Release -* AADIdentityAPIConnector - * Initial release. -* AADIdentityB2XUserFlow - * Initial release. -* AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension - * Initial release. -* AADIdentityGovernanceProgram - * Initial release. -* AADIdentityProtectionPolicySettings - * Initial release. -* AADNamedLocationPolicy - * Fixed issue where duplicate names were not detected correctly. -* AADNetworkAccessForwardingPolicy - * Initial release. -* AADNetworkAccessForwardingProfile - * Initial release. -* AADNetworkAccessSettingConditionalAccess - * Initial release. -* AADNetworkAccessSettingCrossTenantAccess - * Initial release. -* AADOnPremisesPublishingProfilesSettings - * Initial release. -* AADOrganizationCertificateBasedAuthConfiguration - * Initial release. -* AADRemoteNetwork - * Initial release. -* AADRoleEligibilityScheduleRequest - * Fixes for Custom roles. - FIXES [#5330](https://github.com/microsoft/Microsoft365DSC/issues/5330) - * Fixes to remove elegibility schedule for custom roles. - FIXES [#5331](https://github.com/microsoft/Microsoft365DSC/issues/5331) -* AADRoleManagementPolicyRule - * Initial release. -* AADServicePrincipal - * Added the notes field. - FIXES [#5312](https://github.com/microsoft/Microsoft365DSC/issues/5312) - * Added support for KeyCredentials and PasswordCredentials. - * Added support for SAML. - * Fixed issue with Owners. -* AADSocialIdentityProvider - * Fixed missing permissions in settings.json -* AADUserFlowAttribute - * Initial Release -* AADVerifiedIdAuthority - * Initial release. -* AADVerifiedIdAuthorityContract - * Initial release. -* AzureBillingAccountsAssociatedTenant - * Initial release. -* AzureBillingAccountsRoleAssignment - * Initial release. -* AzureDiagnosticSettings - * Initial release. -* AzureDiagnosticSettingsCustomSecurityAttribute - * Initial release. -* AzureSubscription - * Renamed parameters and added logic flow to create new subscriptions. -* AzureVerifiedIdFaceCheck - * Initial release. -* DefenderDeviceAuthenticatedScanDefinition - * Initial release. -* EXOActiveSyncMailboxPolicy - * Initial release. -* EXOArcConfig - * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers` - when it has an array -* EXOMailboxAuditBypassAssociation - * Initial release. -* EXOMailboxSettings - * Added support for AddressBookPolicy, RetentionPolicy, RoleAssignmentPolicy - and SharingPolicy. -* EXOServicePrincipal - * Initial release. -* EXOTenantAllowBlockListItems - * Fixed `Test-TargetResource` to correctly mark when this resource is removed -* EXOTenantAllowBlockListSpoofItems - * Initial release. -* IntuneAccountProtectionLocalUserGroupMembershipPolicy - * Updates values in `UserSelectionType`. - FIXES [#5318](https://github.com/microsoft/Microsoft365DSC/issues/5318) -* IntuneAntivirusPolicyLinux - * Initial release. -* IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr - * Initial release. -* IntuneAppCategory - * Fixed retrieval of resource which could then result in multiple categories - being created with same name. -* IntuneAppleMDMPushNotificationCertificate - * Initial release. -* IntuneAppProtectionPolicyiOS - * Fixes an issue that could cause multiple instances to be created when multiple - instances with the same display name exist. -* IntuneDerivedCredential - * Fixed export and deployment when `NotificationType` had more than one option - selected - * Fixed retrieval of resource when it cannot be found by `Id` - * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile - * Initial release. -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fixes an issue with `AutoFromConnector` as the Configuration package type. - FIXES [#5246](https://github.com/microsoft/Microsoft365DSC/issues/5246) -* IntuneMobileThreatDefenseConnector - * Initial release. -* IntuneSecurityBaselineDefenderForEndpoint - * Initial release. -* IntuneSettingCatalogCustomPolicyWindows10 - * Fixes an issue with limited results when more than 25 results are present. -* Intune workload - * Fixed missing permissions in settings.json -* M365DSCRuleEvaluation - * Changed the name of the Key property from ResourceName to ResourceTypeName. - While this is considered a breaking change, the old property name was - breaking the DSCParser process. The impact of this breaking the parsing - process is important enough to justify an out-of-band breaking change of - this resource. -* ODSettings - * Deprecated property NotifyOwnersWhenInvitationsAccepted. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* PPPowerAppsEnvironment - * Add ProvisionDatabase attribute - FIXES [#5207](https://github.com/microsoft/Microsoft365DSC/issues/5207) -* PPTenantSettings - * Updated to support latest settings. -* SCInsiderRiskPolicy - * Added support for property MDATPTriageStatus. - * Added support for GPUUtilizationLimit and CPUUtilizationLimit. -* SCPolicyConfig - * Initial release. -* SCSensitivityLabel - * Fixed issue with setting label priority - FIXES [#5266](https://github.com/microsoft/Microsoft365DSC/issues/5266) -* SentinelAlertRule - * Initial release. -* SentinelThreatIntelligenceIndicator - * Initial release. -* SPOSharingSettings - * Deprecated property RequireAcceptingAccountMatchInvitedAccount. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* SPOTenantSettings - * Added support for AllowSelectSGsInODBListInTenant, - DenySelectSGsInODBListInTenant, DenySelectSecurityGroupsInSPSitesList, - AllowSelectSecurityGroupsInSPSitesList, - ExemptNativeUsersFromTenantLevelRestricedAccessControl properties. - * TenantDefaultTimezone changed to String instead of Array. -* TeamsMeetingPolicy - * Added new parameters: AllowExternalNonTrustedMeetingChat, AttendeeIdentityMasking, - AutomaticallyStartCopilot, AutoRecording, ConnectToMeetingControls, - ContentSharingInExternalMeetings, Copilot, CopyRestriction, - DetectSensitiveContentDuringScreenSharing, ExternalMeetingJoin, ParticipantNameChange, - VoiceIsolation -* TeamsOrgWideAppSettings - * Fixed an issue where ManagedIdentity was not define in the methods signatures. - FIXES [#5188](https://github.com/microsoft/Microsoft365DSC/issues/5188) + ReleaseNotes = '* AADConditionalAccessPolicy + * Fixed bug where an empty value was passed in the request for the + insiderRiskLevels parameter, which throws an error. + FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy + * Update property `PasswordAgeDays_AAD` to be lower-case. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) +* IntuneAntivirusExclusionsPolicyMacOS + * Initial release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Update properties to be upper-case. + Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneSecurityBaselineMicrosoftEdge + * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil - * Fixes an issue where non-unique properties were not combined - properly with their respective parent setting. -* MISC - * Fixed references to graph.microsoft.com with dynamic domain name based on target cloud. - Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup, - AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10, - IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy, - IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10, - IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10, - IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets, - IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil - * Exponential performance improvements by reducing complexity and roundtrips. - * Changed the logic that appends GUID in the resource name when primary key is not found during an - export. We will only append a GUID if the IsSingleInstance property is not found on the resource. - * Add check in AADGroupSettings for NewUnifiedGroupWritebackDefault not existing in Government by default - FIXES [#5213](https://github.com/microsoft/Microsoft365DSC/issues/5213) - * Fix static refrences to graph.microsoft.com - FIXES [#5339](https://github.com/microsoft/Microsoft365DSC/issues/5339) - AADNetworkAccessForwardingPolicy. AADOrganizationCertificateBasedAuthConfiguration, - AADAuthenticationMethodPolicyExternal, AADEnrichedAuditLogs - FIXES [#5340](https://github.com/microsoft/Microsoft365DSC/issues/5340) - IntuneDeviceManagementEnrollmentAndroidGooglePlay, IntuneAppleMDMPushNotificationCertificate - * Fixes static OData refrences to graph.microsoft.com - AADApplication, AADEntitlementManagementAccessPackage, AADEntitlementManagementConnectedOrganization - AADServicePrincipal - FIXES [#5342](https://github.com/microsoft/Microsoft365DSC/issues/5342) + * Restrict CIM instance access to properties that appear multiple times. + * Switch log type for not found Intune assignments to `Warning`. +* M365DSCIntuneSettingsCatalogUtil + * Add ADMX handling for `edge~httpauthentication_`. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) +* TeamsUpgradePolicy + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.24.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.199. - * Updated MSCloudLoginAssistant to version 1.1.27 - * Updated MicrosoftTeams to version 6.6.0.' + * Updated DSCParser to version 2.0.0.12. + * Updated MSCloudLoginAssistant to version 1.1.28.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 6c8254e0037c310b233363d597c12174e93f467a Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:27:32 +0100 Subject: [PATCH 05/14] Rebase with Dev --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b18436989d..7eb177c751 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ * Add ADMX handling for `edge~httpauthentication_`. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) * TeamsUpgradePolicy - * Changes to how we're retrieving the users to improve performance. + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES * Updated DSCParser to version 2.0.0.12. * Updated MSCloudLoginAssistant to version 1.1.28. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 29793f458f..9bcc3e1e22 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -151,6 +151,10 @@ * Fixed bug where an empty value was passed in the request for the insiderRiskLevels parameter, which throws an error. FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* EXOATPBuiltInProtectionRule, EXOEOPProtectionRule + * Fixed issue where empty arrays were being compared incorrectly to null + strings + FIXES [#5394](https://github.com/microsoft/Microsoft365DSC/issues/5394) * IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy * Update property `PasswordAgeDays_AAD` to be lower-case. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) @@ -159,6 +163,9 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Remove changed property name from export. + FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) * IntuneSecurityBaselineMicrosoftEdge * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil From 059f74aae308b6628ebd8b6ea0926f3b4f783eb5 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:00:24 +0100 Subject: [PATCH 06/14] Updated changelog with PR --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 9bcc3e1e22..e5db2eb6cb 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -151,6 +151,9 @@ * Fixed bug where an empty value was passed in the request for the insiderRiskLevels parameter, which throws an error. FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) + * Fixes a bug where 3P apps could not be assigned by DisplayName for both + IncludeApplications and ExcludeApplications + FIXES [#5390](https://github.com/microsoft/Microsoft365DSC/issues/5390) * EXOATPBuiltInProtectionRule, EXOEOPProtectionRule * Fixed issue where empty arrays were being compared incorrectly to null strings From c743de9fc33834bf75c80ba2ab5fb97ab0c4671e Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:03:41 +0100 Subject: [PATCH 07/14] Corrected PR #5385 --- CHANGELOG.md | 4 ++++ .../MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7eb177c751..8f64cdfba6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,10 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed issue where `Value`, from `OmaSettings`, could not be compared + correctly if it was boolean and set to `$False` + FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Remove changed property name from export. FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 3585277caf..daa9bb00c1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -125,7 +125,6 @@ function Get-TargetResource if ($currentomaSettings.isEncrypted -eq $true) { - write-verbose ("IsEncrypted = true -- $($currentomaSettings.displayName)") $SecretReferenceValueId = $currentomaSettings.secretReferenceValueId $OmaSettingPlainTextValue = Get-OmaSettingPlainTextValue -SecretReferenceValueId $SecretReferenceValueId if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue)) @@ -144,7 +143,7 @@ function Get-TargetResource $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) $myomaSettings.Add('OmaUri', $currentomaSettings.omaUri) $myomaSettings.Add('FileName', $currentomaSettings.fileName) - $myomaSettings.Add('Value', $currentomaSettings.value) + $myomaSettings.Add('Value', [System.String]$currentomaSettings.value) if ($currentomaSettings.'@odata.type' -eq '#microsoft.graph.omaSettingInteger') { $myomaSettings.Add('IsReadOnly', $currentomaSettings.isReadOnly) From 94dedfa0adeca0f3fed0eb1a5aae4d4a3e3334db Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:04:12 +0100 Subject: [PATCH 08/14] Updated manifest --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index e5db2eb6cb..49a6588ef7 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -166,6 +166,10 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed issue where `Value`, from `OmaSettings`, could not be compared + correctly if it was boolean and set to `$False` + FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Remove changed property name from export. FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) From ea2c78eb58b01525d1dc5c02552342984826ea97 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:24:21 +0100 Subject: [PATCH 09/14] Prepare release --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 239 ++----------------- 1 file changed, 25 insertions(+), 214 deletions(-) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index fa43f229f6..29793f458f 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-08 +# Generated on: 2024-11-13 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1106.3' + ModuleVersion = '1.24.1113.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,220 +147,31 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAccessReviewDefinition - * Initial release. -* AADAccessReviewPolicy - * Initial release. -* AADAuthenticationMethodPolicyExternal - * Initial release. -* AADClaimsMappingPolicy - * Initial release. -* AADConditionalAccessPolicy - * FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282) - * Added support for InsiderRiskLevels. -* AADCustomSecurityAttributeDefinition - * Fixed missing permissions in settings.json -* AADEnrichedAuditLogs - * Initial release. -* AADFederationConfiguration - * Initial release. -* AADFilteringPolicy - * Initial release. -* AADFilteringPolicyRule - * Initial release. -* AADFilteringProfile - * Initial release. -* AADGroup - * Added support for custom roles assignment. - FIXES [#5322](https://github.com/microsoft/Microsoft365DSC/issues/5322) -* AADHomeRealmDiscoveryPolicy - * Initial Release -* AADIdentityAPIConnector - * Initial release. -* AADIdentityB2XUserFlow - * Initial release. -* AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension - * Initial release. -* AADIdentityGovernanceProgram - * Initial release. -* AADIdentityProtectionPolicySettings - * Initial release. -* AADNamedLocationPolicy - * Fixed issue where duplicate names were not detected correctly. -* AADNetworkAccessForwardingPolicy - * Initial release. -* AADNetworkAccessForwardingProfile - * Initial release. -* AADNetworkAccessSettingConditionalAccess - * Initial release. -* AADNetworkAccessSettingCrossTenantAccess - * Initial release. -* AADOnPremisesPublishingProfilesSettings - * Initial release. -* AADOrganizationCertificateBasedAuthConfiguration - * Initial release. -* AADRemoteNetwork - * Initial release. -* AADRoleEligibilityScheduleRequest - * Fixes for Custom roles. - FIXES [#5330](https://github.com/microsoft/Microsoft365DSC/issues/5330) - * Fixes to remove elegibility schedule for custom roles. - FIXES [#5331](https://github.com/microsoft/Microsoft365DSC/issues/5331) -* AADRoleManagementPolicyRule - * Initial release. -* AADServicePrincipal - * Added the notes field. - FIXES [#5312](https://github.com/microsoft/Microsoft365DSC/issues/5312) - * Added support for KeyCredentials and PasswordCredentials. - * Added support for SAML. - * Fixed issue with Owners. -* AADSocialIdentityProvider - * Fixed missing permissions in settings.json -* AADUserFlowAttribute - * Initial Release -* AADVerifiedIdAuthority - * Initial release. -* AADVerifiedIdAuthorityContract - * Initial release. -* AzureBillingAccountsAssociatedTenant - * Initial release. -* AzureBillingAccountsRoleAssignment - * Initial release. -* AzureDiagnosticSettings - * Initial release. -* AzureDiagnosticSettingsCustomSecurityAttribute - * Initial release. -* AzureSubscription - * Renamed parameters and added logic flow to create new subscriptions. -* AzureVerifiedIdFaceCheck - * Initial release. -* DefenderDeviceAuthenticatedScanDefinition - * Initial release. -* EXOActiveSyncMailboxPolicy - * Initial release. -* EXOArcConfig - * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers` - when it has an array -* EXOMailboxAuditBypassAssociation - * Initial release. -* EXOMailboxSettings - * Added support for AddressBookPolicy, RetentionPolicy, RoleAssignmentPolicy - and SharingPolicy. -* EXOServicePrincipal - * Initial release. -* EXOTenantAllowBlockListItems - * Fixed `Test-TargetResource` to correctly mark when this resource is removed -* EXOTenantAllowBlockListSpoofItems - * Initial release. -* IntuneAccountProtectionLocalUserGroupMembershipPolicy - * Updates values in `UserSelectionType`. - FIXES [#5318](https://github.com/microsoft/Microsoft365DSC/issues/5318) -* IntuneAntivirusPolicyLinux - * Initial release. -* IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr - * Initial release. -* IntuneAppCategory - * Fixed retrieval of resource which could then result in multiple categories - being created with same name. -* IntuneAppleMDMPushNotificationCertificate - * Initial release. -* IntuneAppProtectionPolicyiOS - * Fixes an issue that could cause multiple instances to be created when multiple - instances with the same display name exist. -* IntuneDerivedCredential - * Fixed export and deployment when `NotificationType` had more than one option - selected - * Fixed retrieval of resource when it cannot be found by `Id` - * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile - * Initial release. -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fixes an issue with `AutoFromConnector` as the Configuration package type. - FIXES [#5246](https://github.com/microsoft/Microsoft365DSC/issues/5246) -* IntuneMobileThreatDefenseConnector - * Initial release. -* IntuneSecurityBaselineDefenderForEndpoint - * Initial release. -* IntuneSettingCatalogCustomPolicyWindows10 - * Fixes an issue with limited results when more than 25 results are present. -* Intune workload - * Fixed missing permissions in settings.json -* M365DSCRuleEvaluation - * Changed the name of the Key property from ResourceName to ResourceTypeName. - While this is considered a breaking change, the old property name was - breaking the DSCParser process. The impact of this breaking the parsing - process is important enough to justify an out-of-band breaking change of - this resource. -* ODSettings - * Deprecated property NotifyOwnersWhenInvitationsAccepted. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* PPPowerAppsEnvironment - * Add ProvisionDatabase attribute - FIXES [#5207](https://github.com/microsoft/Microsoft365DSC/issues/5207) -* PPTenantSettings - * Updated to support latest settings. -* SCInsiderRiskPolicy - * Added support for property MDATPTriageStatus. - * Added support for GPUUtilizationLimit and CPUUtilizationLimit. -* SCPolicyConfig - * Initial release. -* SCSensitivityLabel - * Fixed issue with setting label priority - FIXES [#5266](https://github.com/microsoft/Microsoft365DSC/issues/5266) -* SentinelAlertRule - * Initial release. -* SentinelThreatIntelligenceIndicator - * Initial release. -* SPOSharingSettings - * Deprecated property RequireAcceptingAccountMatchInvitedAccount. - FIXES [#4979](https://github.com/microsoft/Microsoft365DSC/issues/4979) -* SPOTenantSettings - * Added support for AllowSelectSGsInODBListInTenant, - DenySelectSGsInODBListInTenant, DenySelectSecurityGroupsInSPSitesList, - AllowSelectSecurityGroupsInSPSitesList, - ExemptNativeUsersFromTenantLevelRestricedAccessControl properties. - * TenantDefaultTimezone changed to String instead of Array. -* TeamsMeetingPolicy - * Added new parameters: AllowExternalNonTrustedMeetingChat, AttendeeIdentityMasking, - AutomaticallyStartCopilot, AutoRecording, ConnectToMeetingControls, - ContentSharingInExternalMeetings, Copilot, CopyRestriction, - DetectSensitiveContentDuringScreenSharing, ExternalMeetingJoin, ParticipantNameChange, - VoiceIsolation -* TeamsOrgWideAppSettings - * Fixed an issue where ManagedIdentity was not define in the methods signatures. - FIXES [#5188](https://github.com/microsoft/Microsoft365DSC/issues/5188) + ReleaseNotes = '* AADConditionalAccessPolicy + * Fixed bug where an empty value was passed in the request for the + insiderRiskLevels parameter, which throws an error. + FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy + * Update property `PasswordAgeDays_AAD` to be lower-case. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) +* IntuneAntivirusExclusionsPolicyMacOS + * Initial release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Update properties to be upper-case. + Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneSecurityBaselineMicrosoftEdge + * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil - * Fixes an issue where non-unique properties were not combined - properly with their respective parent setting. -* MISC - * Fixed references to graph.microsoft.com with dynamic domain name based on target cloud. - Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup, - AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10, - IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy, - IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10, - IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10, - IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets, - IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil - * Exponential performance improvements by reducing complexity and roundtrips. - * Changed the logic that appends GUID in the resource name when primary key is not found during an - export. We will only append a GUID if the IsSingleInstance property is not found on the resource. - * Add check in AADGroupSettings for NewUnifiedGroupWritebackDefault not existing in Government by default - FIXES [#5213](https://github.com/microsoft/Microsoft365DSC/issues/5213) - * Fix static refrences to graph.microsoft.com - FIXES [#5339](https://github.com/microsoft/Microsoft365DSC/issues/5339) - AADNetworkAccessForwardingPolicy. AADOrganizationCertificateBasedAuthConfiguration, - AADAuthenticationMethodPolicyExternal, AADEnrichedAuditLogs - FIXES [#5340](https://github.com/microsoft/Microsoft365DSC/issues/5340) - IntuneDeviceManagementEnrollmentAndroidGooglePlay, IntuneAppleMDMPushNotificationCertificate - * Fixes static OData refrences to graph.microsoft.com - AADApplication, AADEntitlementManagementAccessPackage, AADEntitlementManagementConnectedOrganization - AADServicePrincipal - FIXES [#5342](https://github.com/microsoft/Microsoft365DSC/issues/5342) + * Restrict CIM instance access to properties that appear multiple times. + * Switch log type for not found Intune assignments to `Warning`. +* M365DSCIntuneSettingsCatalogUtil + * Add ADMX handling for `edge~httpauthentication_`. + FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) +* TeamsUpgradePolicy + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.24.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.199. - * Updated MSCloudLoginAssistant to version 1.1.27 - * Updated MicrosoftTeams to version 6.6.0.' + * Updated DSCParser to version 2.0.0.12. + * Updated MSCloudLoginAssistant to version 1.1.28.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 3a5cd7b29ad018f27b971891adf556ac595cf835 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 16:27:32 +0100 Subject: [PATCH 10/14] Rebase with Dev --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 860c9333fb..0dd600392c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,7 +36,7 @@ * Add ADMX handling for `edge~httpauthentication_`. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) * TeamsUpgradePolicy - * Changes to how we're retrieving the users to improve performance. + * Changes to how we are retrieving the users to improve performance. * DEPENDENCIES * Updated DSCParser to version 2.0.0.12. * Updated MSCloudLoginAssistant to version 1.1.28. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 29793f458f..9bcc3e1e22 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -151,6 +151,10 @@ * Fixed bug where an empty value was passed in the request for the insiderRiskLevels parameter, which throws an error. FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) +* EXOATPBuiltInProtectionRule, EXOEOPProtectionRule + * Fixed issue where empty arrays were being compared incorrectly to null + strings + FIXES [#5394](https://github.com/microsoft/Microsoft365DSC/issues/5394) * IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy * Update property `PasswordAgeDays_AAD` to be lower-case. FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) @@ -159,6 +163,9 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Remove changed property name from export. + FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) * IntuneSecurityBaselineMicrosoftEdge * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil From 3e796bcfe673a2957c16055851d7c4863ff038bd Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:00:24 +0100 Subject: [PATCH 11/14] Updated changelog with PR --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 9bcc3e1e22..e5db2eb6cb 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -151,6 +151,9 @@ * Fixed bug where an empty value was passed in the request for the insiderRiskLevels parameter, which throws an error. FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) + * Fixes a bug where 3P apps could not be assigned by DisplayName for both + IncludeApplications and ExcludeApplications + FIXES [#5390](https://github.com/microsoft/Microsoft365DSC/issues/5390) * EXOATPBuiltInProtectionRule, EXOEOPProtectionRule * Fixed issue where empty arrays were being compared incorrectly to null strings From b782989aa62e5983ac171dbecccaf49b22cd72cb Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:03:41 +0100 Subject: [PATCH 12/14] Corrected PR #5385 --- CHANGELOG.md | 4 ++++ .../MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0dd600392c..5576768136 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,10 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed issue where `Value`, from `OmaSettings`, could not be compared + correctly if it was boolean and set to `$False` + FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Remove changed property name from export. FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 3585277caf..daa9bb00c1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -125,7 +125,6 @@ function Get-TargetResource if ($currentomaSettings.isEncrypted -eq $true) { - write-verbose ("IsEncrypted = true -- $($currentomaSettings.displayName)") $SecretReferenceValueId = $currentomaSettings.secretReferenceValueId $OmaSettingPlainTextValue = Get-OmaSettingPlainTextValue -SecretReferenceValueId $SecretReferenceValueId if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue)) @@ -144,7 +143,7 @@ function Get-TargetResource $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) $myomaSettings.Add('OmaUri', $currentomaSettings.omaUri) $myomaSettings.Add('FileName', $currentomaSettings.fileName) - $myomaSettings.Add('Value', $currentomaSettings.value) + $myomaSettings.Add('Value', [System.String]$currentomaSettings.value) if ($currentomaSettings.'@odata.type' -eq '#microsoft.graph.omaSettingInteger') { $myomaSettings.Add('IsReadOnly', $currentomaSettings.isReadOnly) From 03925f9d39f19ced6a1598ea7b5a5b6e153a4557 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:04:12 +0100 Subject: [PATCH 13/14] Updated manifest --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index e5db2eb6cb..49a6588ef7 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -166,6 +166,10 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed issue where `Value`, from `OmaSettings`, could not be compared + correctly if it was boolean and set to `$False` + FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Remove changed property name from export. FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) From ec6d36c20bbd33016d74a15b5eb644c3c77e067b Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 13 Nov 2024 19:08:05 +0100 Subject: [PATCH 14/14] Last update of manifest --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 49a6588ef7..1c924e4bb9 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -154,6 +154,9 @@ * Fixes a bug where 3P apps could not be assigned by DisplayName for both IncludeApplications and ExcludeApplications FIXES [#5390](https://github.com/microsoft/Microsoft365DSC/issues/5390) +* AADRoleEligibilityScheduleRequest + * FIXES [#3787](https://github.com/microsoft/Microsoft365DSC/issues/3787) + * FIXES [#5089](https://github.com/microsoft/Microsoft365DSC/issues/5089) * EXOATPBuiltInProtectionRule, EXOEOPProtectionRule * Fixed issue where empty arrays were being compared incorrectly to null strings