Merge branch 'Dev' into Fix-3942

CHANGELOG.md

@@ -1,9 +1,31 @@
 # Change log for Microsoft365DSC
 
 # UNRELEASED
+
+* EXOAntiPhishPolicy
+  * Add support for TargetedDomainProtectionAction
+    FIXES [#3910](https://github.com/microsoft/Microsoft365DSC/issues/3910)
+* EXOMailboxCalendarFolder
+  * Add support for non-English calendar folder names during export
+    FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056)
 * EXOMailboxPermission
   * Ignore SendAs permissions during export
     FIXES [#3942](https://github.com/microsoft/Microsoft365DSC/issues/3942)
+* EXOTransportRule
+  * Fix export of enabled state
+    FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932)
+* IntuneDeviceConfigurationCustomPolicyWindows10
+  * Fix issue deploying decrypted OmaSettings to another tenant
+    FIXES [#4083](https://github.com/microsoft/Microsoft365DSC/issues/4083)
+* SPOTenantSettings
+  * Fix bug for DisabledWebPartIds type, should be an array instead of a string
+    FIXES [#4086](https://github.com/microsoft/Microsoft365DSC/issues/4086)
+* TeamsMeetingPolicy
+  * Allow -1 for NewMeetingRecordingExpirationDays parameter (never expire)
+    FIXES [#4090](https://github.com/microsoft/Microsoft365DSC/issues/4090)
+* TeamsMessagingPolicy
+  * Added support for property 'AllowVideoMessages'
+    FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021)
 
 # 1.23.1220.1
 

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1

@@ -117,6 +117,11 @@ function Get-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),
@@ -223,6 +228,12 @@ function Get-TargetResource
                 $TargetedUserProtectionActionValue = 'NoAction'
             }
 
+            $TargetedDomainProtectionActionValue = $AntiPhishPolicy.TargetedDomainProtectionAction
+            if ([System.String]::IsNullOrEmpty($TargetedDomainProtectionActionValue))
+            {
+                $TargetedDomainProtectionActionValue = 'NoAction'
+            }
+
             $result = @{
                 Identity                                      = $Identity
                 AdminDisplayName                              = $AntiPhishPolicy.AdminDisplayName
@@ -250,6 +261,7 @@ function Get-TargetResource
                 MakeDefault                                   = $AntiPhishPolicy.IsDefault
                 PhishThresholdLevel                           = $PhishThresholdLevelValue
                 TargetedDomainActionRecipients                = $AntiPhishPolicy.TargetedDomainActionRecipients
+                TargetedDomainProtectionAction                = $TargetedDomainProtectionActionValue
                 TargetedDomainsToProtect                      = $AntiPhishPolicy.TargetedDomainsToProtect
                 TargetedDomainQuarantineTag                   = $AntiPhishPolicy.TargetedDomainQuarantineTag
                 TargetedUserActionRecipients                  = $AntiPhishPolicy.TargetedUserActionRecipients
@@ -401,6 +413,11 @@ function Set-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),
@@ -624,6 +641,11 @@ function Test-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof

@@ -29,6 +29,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence.")] String MailboxIntelligenceQuarantineTag;
     [Write, Description("The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence.")] String SpoofQuarantineTag;
     [Write, Description("The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedDomainActionRecipients[];
+    [Write, Description("The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedDomainProtectionAction;
     [Write, Description("The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.")] String TargetedDomainsToProtect[];
     [Write, Description("The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection.")] String TargetedDomainQuarantineTag;
     [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[];

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1

@@ -419,7 +419,9 @@ function Export-TargetResource
         $i = 1
         foreach ($mailbox in $mailboxes)
         {
-            $folderPath = $mailbox.UserPrincipalName + ':\Calendar'
+            # Name of calendar folder depends on the language of the mailbox
+            $calendarFolderName = (Get-MailboxFolderStatistics -Identity $($mailbox.UserPrincipalName) -FolderScope Calendar | Where-Object {$_.FolderType -eq 'Calendar'}).Name
+            $folderPath = $mailbox.UserPrincipalName + ':\' + $calendarFolderName
             Write-Host "    |---[$i/$($mailboxes.Count)] $($folderPath)" -NoNewline
             $Params = @{
                 Identity              = $folderPath
@@ -452,7 +454,6 @@ function Export-TargetResource
             $i++
         }
 
-
         return $dscContent
     }
     catch

Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1

@@ -780,6 +780,16 @@ function Get-TargetResource
         {
             $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'")
         }
+
+        if ($TransportRule.State -eq "Enabled")
+        {
+            $enabled = $true
+        }
+        else
+        {
+            $enabled = $false
+        }
+
         $result = @{
             Name                                         = $TransportRule.Name
             ADComparisonAttribute                        = $TransportRule.ADComparisonAttribute
@@ -820,7 +830,7 @@ function Get-TargetResource
             CopyTo                                       = $TransportRule.CopyTo
             DeleteMessage                                = $TransportRule.DeleteMessage
             DlpPolicy                                    = $TransportRule.DlpPolicy
-            Enabled                                      = $TransportRule.Enabled
+            Enabled                                      = $enabled
             ExceptIfADComparisonAttribute                = $TransportRule.ExceptIfADComparisonAttribute
             ExceptIfADComparisonOperator                 = $TransportRule.ExceptIfADComparisonOperator
             ExceptIfAnyOfCcHeader                        = $TransportRule.ExceptIfAnyOfCcHeader

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1

@@ -120,6 +120,7 @@ function Get-TargetResource
                 if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue))
                 {
                     $currentomaSettings.value = $OmaSettingPlainTextValue
+                    $currentomaSettings.isEncrypted = $false
                 }
                 else
                 {

Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof

@@ -21,7 +21,7 @@ class MSFT_SPOTenantSettings : OMI_BaseResource
     [Write, Description("To enable or disable Sync button on Team sites")] boolean HideSyncButtonOnTeamSite;
     [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault;
     [Write, Description("Allow or Block Conditional Access Policy on the SharePoint Tenant"), ValueMap{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}, Values{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}] string ConditionalAccessPolicy;
-    [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds;
+    [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds[];
     [Write, Description("Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.")] boolean CommentsOnSitePagesDisabled;
     [Write, Description("Only accepted value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential;

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1

@@ -224,7 +224,7 @@ function Get-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 
@@ -635,7 +635,7 @@ function Set-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 
@@ -1003,7 +1003,7 @@ function Test-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1

@@ -80,6 +80,10 @@ function Get-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]
@@ -188,6 +192,7 @@ function Get-TargetResource
                 AllowRemoveUser                              = $policy.AllowRemoveUser
                 AllowPriorityMessages                        = $policy.AllowPriorityMessages
                 AllowUserDeleteChat                          = $policy.AllowUserDeleteChat
+                AllowVideoMessages                           = $policy.AllowVideoMessages
                 ChannelsInChatListEnabledType                = $policy.ChannelsInChatListEnabledType
                 AudioMessageEnabledType                      = $policy.AudioMessageEnabledType
                 Description                                  = $policy.Description
@@ -293,6 +298,10 @@ function Set-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]
@@ -465,6 +474,10 @@ function Test-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof

@@ -20,6 +20,7 @@ class MSFT_TeamsMessagingPolicy : OMI_BaseResource
     [Write, Description("Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowRemoveUser;
     [Write, Description("Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowPriorityMessages;
     [Write, Description("Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).")] boolean AllowUserDeleteChat;
+    [Write, Description("Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.")] boolean AllowVideoMessages;
     [Write, Description("Provide a description of your policy to identify purpose of creating it.")] string Description;
     [Write, Description("Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION."),ValueMap{"STRICT","MODERATE","NORESTRICTION"}, Values{"STRICT","MODERATE","NORESTRICTION"}] string GiphyRatingType;
     [Write, Description("Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None."),ValueMap{"UserPreference","Everyone","None"}, Values{"UserPreference","Everyone","None"}] string ReadReceiptsEnabledType;

Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1

@@ -159,6 +159,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Credential = $Credential
                 }
 
+                Mock -CommandName Get-MailboxFolderStatistics -MockWith {
+                    return @{
+                        FolderType  = "Calendar";
+                        Name        = "Calendar";
+                    }
+                }
+
                 Mock -CommandName Get-MailboxCalendarFolder -MockWith {
                     return @{
                         DetailLevel          = "AvailabilityOnly";
@@ -171,7 +178,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 }
             }
 
-
             It 'Should Reverse Engineer resource from the Export method' {
                 $result = Export-TargetResource @testParams
                 $result | Should -Not -BeNullOrEmpty

Tests/Unit/Stubs/Microsoft365.psm1

@@ -842,6 +842,19 @@ function Get-MailboxCalendarFolder
         $Identity
     )
 }
+function Get-MailboxFolderStatistics
+{
+    [CmdletBinding()]
+    param(
+        [Parameter()]
+        [System.Object]
+        $Identity,
+
+        [Parameter()]
+        [System.String]
+        $FolderScope
+    )
+}
 function Get-MailboxPermission
 {
     [CmdletBinding()]

docs/docs/resources/exchange/EXOAntiPhishPolicy.md

@@ -32,6 +32,7 @@
 | **MailboxIntelligenceQuarantineTag** | Write | String | The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence. | |
 | **SpoofQuarantineTag** | Write | String | The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence. | |
 | **TargetedDomainActionRecipients** | Write | StringArray[] | The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. | |
+| **TargetedDomainProtectionAction** | Write | String | The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages. | `BccMessage`, `Delete`, `MoveToJmf`, `NoAction`, `Quarantine`, `Redirect` |
 | **TargetedDomainsToProtect** | Write | StringArray[] | The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true. | |
 | **TargetedDomainQuarantineTag** | Write | String | The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection. | |
 | **TargetedUserActionRecipients** | Write | StringArray[] | The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. | |

docs/docs/resources/sharepoint/SPOTenantSettings.md

@@ -24,7 +24,7 @@
 | **HideSyncButtonOnTeamSite** | Write | Boolean | To enable or disable Sync button on Team sites | |
 | **MarkNewFilesSensitiveByDefault** | Write | String | Allow or block external sharing until at least one Office DLP policy scans the content of the file. | `AllowExternalSharing`, `BlockExternalSharing` |
 | **ConditionalAccessPolicy** | Write | String | Allow or Block Conditional Access Policy on the SharePoint Tenant | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess` |
-| **DisabledWebPartIds** | Write | String | Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site | |
+| **DisabledWebPartIds** | Write | StringArray[] | Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site | |
 | **CommentsOnSitePagesDisabled** | Write | Boolean | Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature. | |
 | **Ensure** | Write | String | Only accepted value is 'Present'. | `Present`, `Absent` |
 | **Credential** | Write | PSCredential | Credentials of the account to authenticate with. | |

docs/docs/resources/teams/TeamsMeetingPolicy.md

@@ -52,7 +52,7 @@
 | **AllowNetworkConfigurationSettingsLookup** | Write | Boolean | Determines whether network configuration setting lookups can be made by users who are not Enterprise Voice enabled. It is used to enable Network Roaming policies. | |
 | **AllowWatermarkForCameraVideo** | Write | Boolean | N/A | |
 | **AllowWatermarkForScreenSharing** | Write | Boolean | N/A | |
-| **NewMeetingRecordingExpirationDays** | Write | UInt32 | Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1. | |
+| **NewMeetingRecordingExpirationDays** | Write | SInt32 | Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1. | |
 | **AllowCartCaptionsScheduling** | Write | String | Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real-time captions in meetings. | `EnabledUserOverride`, `DisabledUserOverride`, `Disabled` |
 | **AllowDocumentCollaboration** | Write | String | N/A | |
 | **AllowedStreamingMediaInput** | Write | String | N/A | |