Merge pull request #4102 from microsoft/Dev

Release 1.23.1227.1

CHANGELOG.md

@@ -1,5 +1,37 @@
 # Change log for Microsoft365DSC
 
+# 1.23.1227.1
+
+* EXOAntiPhishPolicy
+  * Add support for TargetedDomainProtectionAction
+    FIXES [#3910](https://github.com/microsoft/Microsoft365DSC/issues/3910)
+* EXOMailboxCalendarFolder
+  * Add support for non-English calendar folder names during export
+    FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056)
+* EXOTransportRule
+  * Fix export of enabled state
+    FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932)
+* IntuneDeviceConfigurationCustomPolicyWindows10
+  * Fix issue deploying decrypted OmaSettings to another tenant
+    FIXES [#4083](https://github.com/microsoft/Microsoft365DSC/issues/4083)
+* IntuneDeviceConfigurationPolicyMacOS
+  * Fix resource deployment
+    FIXES [#3539](https://github.com/microsoft/Microsoft365DSC/issues/3539)
+  * Ensure resource can cope with Id being empty since it's not mandatory
+* O365OrgSettings
+  * Deprecated the MicrosoftVivaBriefingEmail property
+    FIXES [#4097](https://github.com/microsoft/Microsoft365DSC/issues/4097)
+    FIXES [#4080](https://github.com/microsoft/Microsoft365DSC/issues/4080)
+* SPOTenantSettings
+  * Fix bug for DisabledWebPartIds type, should be an array instead of a string
+    FIXES [#4086](https://github.com/microsoft/Microsoft365DSC/issues/4086)
+* TeamsMeetingPolicy
+  * Allow -1 for NewMeetingRecordingExpirationDays parameter (never expire)
+    FIXES [#4090](https://github.com/microsoft/Microsoft365DSC/issues/4090)
+* TeamsMessagingPolicy
+  * Added support for property 'AllowVideoMessages'
+    FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021)
+
 # 1.23.1220.1
 
 * AADEntitlementManagementAccessPackage

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1

@@ -117,6 +117,11 @@ function Get-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),
@@ -223,6 +228,12 @@ function Get-TargetResource
                 $TargetedUserProtectionActionValue = 'NoAction'
             }
 
+            $TargetedDomainProtectionActionValue = $AntiPhishPolicy.TargetedDomainProtectionAction
+            if ([System.String]::IsNullOrEmpty($TargetedDomainProtectionActionValue))
+            {
+                $TargetedDomainProtectionActionValue = 'NoAction'
+            }
+
             $result = @{
                 Identity                                      = $Identity
                 AdminDisplayName                              = $AntiPhishPolicy.AdminDisplayName
@@ -250,6 +261,7 @@ function Get-TargetResource
                 MakeDefault                                   = $AntiPhishPolicy.IsDefault
                 PhishThresholdLevel                           = $PhishThresholdLevelValue
                 TargetedDomainActionRecipients                = $AntiPhishPolicy.TargetedDomainActionRecipients
+                TargetedDomainProtectionAction                = $TargetedDomainProtectionActionValue
                 TargetedDomainsToProtect                      = $AntiPhishPolicy.TargetedDomainsToProtect
                 TargetedDomainQuarantineTag                   = $AntiPhishPolicy.TargetedDomainQuarantineTag
                 TargetedUserActionRecipients                  = $AntiPhishPolicy.TargetedUserActionRecipients
@@ -401,6 +413,11 @@ function Set-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),
@@ -624,6 +641,11 @@ function Test-TargetResource
         [System.String[]]
         $TargetedDomainActionRecipients = @(),
 
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $TargetedDomainProtectionAction = 'NoAction',
+
         [Parameter()]
         [System.String[]]
         $TargetedDomainsToProtect = @(),

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof

@@ -29,6 +29,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence.")] String MailboxIntelligenceQuarantineTag;
     [Write, Description("The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence.")] String SpoofQuarantineTag;
     [Write, Description("The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedDomainActionRecipients[];
+    [Write, Description("The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedDomainProtectionAction;
     [Write, Description("The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.")] String TargetedDomainsToProtect[];
     [Write, Description("The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection.")] String TargetedDomainQuarantineTag;
     [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[];

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1

@@ -419,7 +419,9 @@ function Export-TargetResource
         $i = 1
         foreach ($mailbox in $mailboxes)
         {
-            $folderPath = $mailbox.UserPrincipalName + ':\Calendar'
+            # Name of calendar folder depends on the language of the mailbox
+            $calendarFolderName = (Get-MailboxFolderStatistics -Identity $($mailbox.UserPrincipalName) -FolderScope Calendar | Where-Object {$_.FolderType -eq 'Calendar'}).Name
+            $folderPath = $mailbox.UserPrincipalName + ':\' + $calendarFolderName
             Write-Host "    |---[$i/$($mailboxes.Count)] $($folderPath)" -NoNewline
             $Params = @{
                 Identity              = $folderPath
@@ -452,7 +454,6 @@ function Export-TargetResource
             $i++
         }
 
-
         return $dscContent
     }
     catch

Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1

@@ -780,6 +780,16 @@ function Get-TargetResource
         {
             $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'")
         }
+
+        if ($TransportRule.State -eq "Enabled")
+        {
+            $enabled = $true
+        }
+        else
+        {
+            $enabled = $false
+        }
+
         $result = @{
             Name                                         = $TransportRule.Name
             ADComparisonAttribute                        = $TransportRule.ADComparisonAttribute
@@ -820,7 +830,7 @@ function Get-TargetResource
             CopyTo                                       = $TransportRule.CopyTo
             DeleteMessage                                = $TransportRule.DeleteMessage
             DlpPolicy                                    = $TransportRule.DlpPolicy
-            Enabled                                      = $TransportRule.Enabled
+            Enabled                                      = $enabled
             ExceptIfADComparisonAttribute                = $TransportRule.ExceptIfADComparisonAttribute
             ExceptIfADComparisonOperator                 = $TransportRule.ExceptIfADComparisonOperator
             ExceptIfAnyOfCcHeader                        = $TransportRule.ExceptIfAnyOfCcHeader

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1

@@ -120,6 +120,7 @@ function Get-TargetResource
                 if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue))
                 {
                     $currentomaSettings.value = $OmaSettingPlainTextValue
+                    $currentomaSettings.isEncrypted = $false
                 }
                 else
                 {

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1

@@ -317,7 +317,14 @@ function Get-TargetResource
     $nullResult.Ensure = 'Absent'
     try
     {
-        $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue
+        try
+        {
+            $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction Stop
+        }
+        catch
+        {
+            $getValue = $null
+        }
 
         #region resource generator code
         if ($null -eq $getValue)
@@ -336,7 +343,7 @@ function Get-TargetResource
             return $nullResult
         }
 
-        Write-Verbose -Message "Found something with id {$id}"
+        Write-Verbose -Message "Found something with id {$($getValue.id)}"
         $results = @{
 
             #region resource generator code
@@ -417,7 +424,7 @@ function Get-TargetResource
             $results.Add('PrivacyAccessControls', $getValue.additionalProperties.privacyAccessControls)
         }
 
-        $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id
+        $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id
         $assignmentResult = @()
         foreach ($assignmentEntry in $AssignmentsValues)
         {
@@ -762,14 +769,10 @@ function Set-TargetResource
 
     $currentInstance = Get-TargetResource @PSBoundParameters
 
-    $PSBoundParameters.Remove('Ensure') | Out-Null
-    $PSBoundParameters.Remove('Credential') | Out-Null
-    $PSBoundParameters.Remove('ApplicationId') | Out-Null
-    $PSBoundParameters.Remove('ApplicationSecret') | Out-Null
-    $PSBoundParameters.Remove('TenantId') | Out-Null
-    $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null
-    $PSBoundParameters.Remove('ManagedIdentity') | Out-Null
-
+    if ($UpdateDelayPolicy.Count -gt 0)
+    {
+        $UpdateDelayPolicy = $UpdateDelayPolicy -join ','
+    }
 
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
@@ -791,7 +794,6 @@ function Set-TargetResource
         }#>
 
         $CreateParameters.Remove('Id') | Out-Null
-        $CreateParameters.Remove('Verbose') | Out-Null
 
         foreach ($key in ($CreateParameters.clone()).Keys)
         {
@@ -842,7 +844,6 @@ function Set-TargetResource
         }#>
 
         $UpdateParameters.Remove('Id') | Out-Null
-        $UpdateParameters.Remove('Verbose') | Out-Null
 
         foreach ($key in ($UpdateParameters.clone()).Keys)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1

@@ -230,7 +230,8 @@ function Get-TargetResource
             }
         }
 
-        # Microsoft Viva Briefing Email
+        # DEPRECATED - Microsoft Viva Briefing Email
+        <#
         $vivaBriefingEmailValue = $false
         try
         {
@@ -282,7 +283,7 @@ function Get-TargetResource
         }
         $results += @{
             MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue
-        }
+        }#>
 
         # Viva Insights settings
         $currentVivaInsightsSettings = Get-DefaultTenantMyAnalyticsFeatureConfig -Verbose:$false
@@ -609,16 +610,18 @@ function Set-TargetResource
     }
 
     # Microsoft Viva Briefing Email
-    $briefingValue = 'opt-out'
-    if ($MicrosoftVivaBriefingEmail)
+    if ($null -ne $MicrosoftVivaBriefingEmail)
     {
-        $briefingValue = 'opt-in'
+        Write-Verbose -Message "DEPRECATED - The MicrosoftVivaBriefingEmail parameter is deprecated and will be ignored."
     }
+    #$briefingValue = 'opt-out'
+
+    <# DEPRECATED
     if ($currentValues.MicrosoftVivaBriefingEmail -and $MicrosoftVivaBriefingEmail -ne $currentValues.MicrosoftVivaBriefingEmail)
     {
         Write-Verbose -Message "Updating Microsoft Viva Briefing Email settings."
         Set-DefaultTenantBriefingConfig -IsEnabledByDefault $briefingValue -Verbose:$false | Out-Null
-    }
+    }#>
 
     # Viva Insights
     if ($currentValues.VivaInsightsWebExperience -ne $VivaInsightsWebExperience)
@@ -978,6 +981,7 @@ function Test-TargetResource
 
     $CurrentValues = Get-TargetResource @PSBoundParameters
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
+    $ValuesToCheck.Remove("MicrosoftVivaBriefingEmail") | Out-Null
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"

Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof

@@ -21,7 +21,7 @@ class MSFT_SPOTenantSettings : OMI_BaseResource
     [Write, Description("To enable or disable Sync button on Team sites")] boolean HideSyncButtonOnTeamSite;
     [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault;
     [Write, Description("Allow or Block Conditional Access Policy on the SharePoint Tenant"), ValueMap{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}, Values{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}] string ConditionalAccessPolicy;
-    [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds;
+    [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds[];
     [Write, Description("Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.")] boolean CommentsOnSitePagesDisabled;
     [Write, Description("Only accepted value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential;

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1

@@ -224,7 +224,7 @@ function Get-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 
@@ -635,7 +635,7 @@ function Set-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 
@@ -1003,7 +1003,7 @@ function Test-TargetResource
         $MeetingInviteLanguages,
 
         [Parameter()]
-        [System.UInt32]
+        [System.Int32]
         [ValidateRange(-1, 99999)]
         $NewMeetingRecordingExpirationDays,
 

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1

@@ -80,6 +80,10 @@ function Get-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]
@@ -188,6 +192,7 @@ function Get-TargetResource
                 AllowRemoveUser                              = $policy.AllowRemoveUser
                 AllowPriorityMessages                        = $policy.AllowPriorityMessages
                 AllowUserDeleteChat                          = $policy.AllowUserDeleteChat
+                AllowVideoMessages                           = $policy.AllowVideoMessages
                 ChannelsInChatListEnabledType                = $policy.ChannelsInChatListEnabledType
                 AudioMessageEnabledType                      = $policy.AudioMessageEnabledType
                 Description                                  = $policy.Description
@@ -293,6 +298,10 @@ function Set-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]
@@ -465,6 +474,10 @@ function Test-TargetResource
         [System.Boolean]
         $AllowUserDeleteChat,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowVideoMessages,
+
         [Parameter()]
         [System.String]
         [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')]

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof

@@ -20,6 +20,7 @@ class MSFT_TeamsMessagingPolicy : OMI_BaseResource
     [Write, Description("Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowRemoveUser;
     [Write, Description("Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowPriorityMessages;
     [Write, Description("Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).")] boolean AllowUserDeleteChat;
+    [Write, Description("Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.")] boolean AllowVideoMessages;
     [Write, Description("Provide a description of your policy to identify purpose of creating it.")] string Description;
     [Write, Description("Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION."),ValueMap{"STRICT","MODERATE","NORESTRICTION"}, Values{"STRICT","MODERATE","NORESTRICTION"}] string GiphyRatingType;
     [Write, Description("Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None."),ValueMap{"UserPreference","Everyone","None"}, Values{"UserPreference","Everyone","None"}] string ReadReceiptsEnabledType;