From 81409c5765b4109fa98923ffa3f6427af99106b7 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Thu, 14 Dec 2023 18:39:09 +0000 Subject: [PATCH 01/26] Fixes 4029 --- CHANGELOG.md | 10 + .../MSFT_AADConditionalAccessPolicy.psm1 | 651 +++++++++--------- ...neSettingCatalogCustomPolicyWindows10.psm1 | 18 +- 3 files changed, 349 insertions(+), 330 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..1a8d199e08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneSettingCatalogCustomPolicyWindows10 + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) + +* AADConditionalAccessPolicy + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 0a0904a285..06ce5f794e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -264,415 +264,414 @@ function Get-TargetResource } } - if ($null -eq $Policy) + if ([String]::IsNullOrEmpty($Policy.id)) { Write-Verbose -Message "No existing Policy with name {$DisplayName} were found" $currentValues = $PSBoundParameters $currentValues.Ensure = 'Absent' return $currentValues } - else - { - Write-Verbose -Message 'Get-TargetResource: Found existing Conditional Access policy' - $PolicyDisplayName = $Policy.DisplayName - Write-Verbose -Message 'Get-TargetResource: Process IncludeUsers' - #translate IncludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All - $IncludeUsers = @() - if ($Policy.Conditions.Users.IncludeUsers) - { - foreach ($IncludeUserGUID in $Policy.Conditions.Users.IncludeUsers) - { - if ($IncludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') - { - $IncludeUser = $null - try - { - $IncludeUser = (Get-MgUser -UserId $IncludeUserGUID -ErrorAction Stop).userprincipalname - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - if ($IncludeUser) - { - $IncludeUsers += $IncludeUser - } - } - else - { - $IncludeUsers += $IncludeUserGUID - } - } - } + Write-Verbose -Message 'Get-TargetResource: Found existing Conditional Access policy' + $PolicyDisplayName = $Policy.DisplayName - Write-Verbose -Message 'Get-TargetResource: Process ExcludeUsers' - #translate ExcludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All - $ExcludeUsers = @() - if ($Policy.Conditions.Users.ExcludeUsers) - { - foreach ($ExcludeUserGUID in $Policy.Conditions.Users.ExcludeUsers) - { - if ($ExcludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') - { - $ExcludeUser = $null - try - { - $ExcludeUser = (Get-MgUser -UserId $ExcludeUserGUID -ErrorAction Stop).userprincipalname - } - catch - { - $message = "Couldn't find user $ExcludeUserGUID , that is defined in policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - if ($ExcludeUser) - { - $ExcludeUsers += $ExcludeUser - } - } - else - { - $ExcludeUsers += $ExcludeUserGUID - } - } - } - - Write-Verbose -Message 'Get-TargetResource: Process IncludeGroups' - #translate IncludeGroup GUIDs to DisplayName - $IncludeGroups = @() - if ($Policy.Conditions.Users.IncludeGroups) + Write-Verbose -Message 'Get-TargetResource: Process IncludeUsers' + #translate IncludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All + $IncludeUsers = @() + if ($Policy.Conditions.Users.IncludeUsers) + { + foreach ($IncludeUserGUID in $Policy.Conditions.Users.IncludeUsers) { - foreach ($IncludeGroupGUID in $Policy.Conditions.Users.IncludeGroups) + if ($IncludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') { - $IncludeGroup = $null + $IncludeUser = $null try { - $IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID).displayname + $IncludeUser = (Get-MgUser -UserId $IncludeUserGUID -ErrorAction Stop).userprincipalname } catch { - $message = "Couldn't find Group $IncludeGroupGUID , that is defined in policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential } - if ($IncludeGroup) + if ($IncludeUser) { - $IncludeGroups += $IncludeGroup + $IncludeUsers += $IncludeUser } } + else + { + $IncludeUsers += $IncludeUserGUID + } } + } - Write-Verbose -Message 'Get-TargetResource: Process ExcludeGroups' - #translate ExcludeGroup GUIDs to DisplayName - $ExcludeGroups = @() - if ($Policy.Conditions.Users.ExcludeGroups) + Write-Verbose -Message 'Get-TargetResource: Process ExcludeUsers' + #translate ExcludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All + $ExcludeUsers = @() + if ($Policy.Conditions.Users.ExcludeUsers) + { + foreach ($ExcludeUserGUID in $Policy.Conditions.Users.ExcludeUsers) { - foreach ($ExcludeGroupGUID in $Policy.Conditions.Users.ExcludeGroups) + if ($ExcludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') { - $ExcludeGroup = $null + $ExcludeUser = $null try { - $ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID).displayname + $ExcludeUser = (Get-MgUser -UserId $ExcludeUserGUID -ErrorAction Stop).userprincipalname } catch { - $message = "Couldn't find Group $ExcludeGroupGUID , that is defined in policy $PolicyDisplayName" + $message = "Couldn't find user $ExcludeUserGUID , that is defined in policy $PolicyDisplayName" New-M365DSCLogEntry -Message $message ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential } - if ($ExcludeGroup) + if ($ExcludeUser) { - $ExcludeGroups += $ExcludeGroup + $ExcludeUsers += $ExcludeUser } } + else + { + $ExcludeUsers += $ExcludeUserGUID + } } + } - - $IncludeRoles = @() - $ExcludeRoles = @() - #translate role template guids to role name - if ($Policy.Conditions.Users.IncludeRoles -or $Policy.Conditions.Users.ExcludeRoles) + Write-Verbose -Message 'Get-TargetResource: Process IncludeGroups' + #translate IncludeGroup GUIDs to DisplayName + $IncludeGroups = @() + if ($Policy.Conditions.Users.IncludeGroups) + { + foreach ($IncludeGroupGUID in $Policy.Conditions.Users.IncludeGroups) { - Write-Verbose -Message 'Get-TargetResource: Role condition defined, processing' - #build role translation table - $rolelookup = @{} - foreach ($role in Get-MgBetaDirectoryRoleTemplate) + $IncludeGroup = $null + try { - $rolelookup[$role.Id] = $role.DisplayName + $IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID).displayname } - - Write-Verbose -Message 'Get-TargetResource: Processing IncludeRoles' - if ($Policy.Conditions.Users.IncludeRoles) + catch { - foreach ($IncludeRoleGUID in $Policy.Conditions.Users.IncludeRoles) - { - if ($null -eq $rolelookup[$IncludeRoleGUID]) - { - $message = "Couldn't find role $IncludeRoleGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $IncludeRoles += $rolelookup[$IncludeRoleGUID] - } - } + $message = "Couldn't find Group $IncludeGroupGUID , that is defined in policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } - - Write-Verbose -Message 'Get-TargetResource: Processing ExcludeRoles' - if ($Policy.Conditions.Users.ExcludeRoles) + if ($IncludeGroup) { - foreach ($ExcludeRoleGUID in $Policy.Conditions.Users.ExcludeRoles) - { - if ($null -eq $rolelookup[$ExcludeRoleGUID]) - { - $message = "Couldn't find role $ExcludeRoleGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $ExcludeRoles += $rolelookup[$ExcludeRoleGUID] - } - } + $IncludeGroups += $IncludeGroup } - } + } - $IncludeLocations = @() - $ExcludeLocations = @() - #translate Location template guids to Location name - if ($Policy.Conditions.Locations) + Write-Verbose -Message 'Get-TargetResource: Process ExcludeGroups' + #translate ExcludeGroup GUIDs to DisplayName + $ExcludeGroups = @() + if ($Policy.Conditions.Users.ExcludeGroups) + { + foreach ($ExcludeGroupGUID in $Policy.Conditions.Users.ExcludeGroups) { - Write-Verbose -Message 'Get-TargetResource: Location condition defined, processing' - #build Location translation table - $Locationlookup = @{} - foreach ($Location in Get-MgBetaIdentityConditionalAccessNamedLocation) + $ExcludeGroup = $null + try { - $Locationlookup[$Location.Id] = $Location.DisplayName + $ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID).displayname } - - Write-Verbose -Message 'Get-TargetResource: Processing IncludeLocations' - if ($Policy.Conditions.Locations.IncludeLocations) + catch { - foreach ($IncludeLocationGUID in $Policy.Conditions.Locations.IncludeLocations) - { - if ($IncludeLocationGUID -in 'All', 'AllTrusted') - { - $IncludeLocations += $IncludeLocationGUID - } - elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') - { - $IncludeLocations += 'Multifactor authentication trusted IPs' - } - elseif ($null -eq $Locationlookup[$IncludeLocationGUID]) - { - $message = "Couldn't find Location $IncludeLocationGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $IncludeLocations += $Locationlookup[$IncludeLocationGUID] - } - } + $message = "Couldn't find Group $ExcludeGroupGUID , that is defined in policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } - - Write-Verbose -Message 'Get-TargetResource: Processing ExcludeLocations' - if ($Policy.Conditions.Locations.ExcludeLocations) + if ($ExcludeGroup) { - foreach ($ExcludeLocationGUID in $Policy.Conditions.Locations.ExcludeLocations) - { - if ($ExcludeLocationGUID -in 'All', 'AllTrusted') - { - $ExcludeLocations += $ExcludeLocationGUID - } - elseif ($ExcludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') - { - $ExcludeLocations += 'Multifactor authentication trusted IPs' - } - elseif ($null -eq $Locationlookup[$ExcludeLocationGUID]) - { - $message = "Couldn't find Location $ExcludeLocationGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $ExcludeLocations += $Locationlookup[$ExcludeLocationGUID] - } - } + $ExcludeGroups += $ExcludeGroup } } - if ($Policy.SessionControls.CloudAppSecurity.IsEnabled) - { - $CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType - } - else - { - $CloudAppSecurityType = $null - } - if ($Policy.SessionControls.SignInFrequency.IsEnabled) - { - $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type - $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval - } - else - { - $SignInFrequencyType = $null - $SignInFrequencyIntervalValue = $null - } - if ($Policy.SessionControls.PersistentBrowser.IsEnabled) + } + + + $IncludeRoles = @() + $ExcludeRoles = @() + #translate role template guids to role name + if ($Policy.Conditions.Users.IncludeRoles -or $Policy.Conditions.Users.ExcludeRoles) + { + Write-Verbose -Message 'Get-TargetResource: Role condition defined, processing' + #build role translation table + $rolelookup = @{} + foreach ($role in Get-MgBetaDirectoryRoleTemplate) { - $PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + $rolelookup[$role.Id] = $role.DisplayName } - else + + Write-Verbose -Message 'Get-TargetResource: Processing IncludeRoles' + if ($Policy.Conditions.Users.IncludeRoles) { - $PersistentBrowserMode = $null + foreach ($IncludeRoleGUID in $Policy.Conditions.Users.IncludeRoles) + { + if ($null -eq $rolelookup[$IncludeRoleGUID]) + { + $message = "Couldn't find role $IncludeRoleGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $IncludeRoles += $rolelookup[$IncludeRoleGUID] + } + } } - if ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + + Write-Verbose -Message 'Get-TargetResource: Processing ExcludeRoles' + if ($Policy.Conditions.Users.ExcludeRoles) { - [Array]$IncludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + foreach ($ExcludeRoleGUID in $Policy.Conditions.Users.ExcludeRoles) + { + if ($null -eq $rolelookup[$ExcludeRoleGUID]) + { + $message = "Couldn't find role $ExcludeRoleGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $ExcludeRoles += $rolelookup[$ExcludeRoleGUID] + } + } } - if ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + + } + + $IncludeLocations = @() + $ExcludeLocations = @() + #translate Location template guids to Location name + if ($Policy.Conditions.Locations) + { + Write-Verbose -Message 'Get-TargetResource: Location condition defined, processing' + #build Location translation table + $Locationlookup = @{} + foreach ($Location in Get-MgBetaIdentityConditionalAccessNamedLocation) { - [Array]$ExcludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + $Locationlookup[$Location.Id] = $Location.DisplayName } - $termsOfUseName = $null - if ($Policy.GrantControls.TermsOfUse) + Write-Verbose -Message 'Get-TargetResource: Processing IncludeLocations' + if ($Policy.Conditions.Locations.IncludeLocations) { - $termofUse = Get-MgBetaAgreement | Where-Object -FilterScript { $_.Id -eq $Policy.GrantControls.TermsOfUse } - if ($termOfUse) + foreach ($IncludeLocationGUID in $Policy.Conditions.Locations.IncludeLocations) { - $termOfUseName = $termOfUse.DisplayName + if ($IncludeLocationGUID -in 'All', 'AllTrusted') + { + $IncludeLocations += $IncludeLocationGUID + } + elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') + { + $IncludeLocations += 'Multifactor authentication trusted IPs' + } + elseif ($null -eq $Locationlookup[$IncludeLocationGUID]) + { + $message = "Couldn't find Location $IncludeLocationGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $IncludeLocations += $Locationlookup[$IncludeLocationGUID] + } } } - $AuthenticationStrengthValue = $null - if ($null -ne $Policy.GrantControls -and $null -ne $Policy.GrantControls.AuthenticationStrength -and ` - $null -ne $Policy.GrantControls.AuthenticationStrength.Id) + Write-Verbose -Message 'Get-TargetResource: Processing ExcludeLocations' + if ($Policy.Conditions.Locations.ExcludeLocations) { - $strengthPolicy = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Policy.GrantControls.AuthenticationStrength.Id - if ($null -ne $strengthPolicy) + foreach ($ExcludeLocationGUID in $Policy.Conditions.Locations.ExcludeLocations) { - $AuthenticationStrengthValue = $strengthPolicy.DisplayName + if ($ExcludeLocationGUID -in 'All', 'AllTrusted') + { + $ExcludeLocations += $ExcludeLocationGUID + } + elseif ($ExcludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') + { + $ExcludeLocations += 'Multifactor authentication trusted IPs' + } + elseif ($null -eq $Locationlookup[$ExcludeLocationGUID]) + { + $message = "Couldn't find Location $ExcludeLocationGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $ExcludeLocations += $Locationlookup[$ExcludeLocationGUID] + } } } + } + if ($Policy.SessionControls.CloudAppSecurity.IsEnabled) + { + $CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType + } + else + { + $CloudAppSecurityType = $null + } + if ($Policy.SessionControls.SignInFrequency.IsEnabled) + { + $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type + $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval + } + else + { + $SignInFrequencyType = $null + $SignInFrequencyIntervalValue = $null + } + if ($Policy.SessionControls.PersistentBrowser.IsEnabled) + { + $PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + } + else + { + $PersistentBrowserMode = $null + } + if ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + { + [Array]$IncludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + } + if ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + { + [Array]$ExcludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + } + + $termsOfUseName = $null + if ($Policy.GrantControls.TermsOfUse) + { + $termofUse = Get-MgBetaAgreement | Where-Object -FilterScript { $_.Id -eq $Policy.GrantControls.TermsOfUse } + if ($termOfUse) + { + $termOfUseName = $termOfUse.DisplayName + } + } - $AuthenticationContextsValues = @() - if ($null -ne $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + $AuthenticationStrengthValue = $null + if ($null -ne $Policy.GrantControls -and $null -ne $Policy.GrantControls.AuthenticationStrength -and ` + $null -ne $Policy.GrantControls.AuthenticationStrength.Id) + { + $strengthPolicy = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Policy.GrantControls.AuthenticationStrength.Id + if ($null -ne $strengthPolicy) { - foreach ($class in $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + $AuthenticationStrengthValue = $strengthPolicy.DisplayName + } + } + + $AuthenticationContextsValues = @() + if ($null -ne $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + { + foreach ($class in $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + { + $classReference = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -AuthenticationContextClassReferenceId $class ` + -ErrorAction SilentlyContinue + if ($null -ne $classReference) { - $classReference = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` - -AuthenticationContextClassReferenceId $class ` - -ErrorAction SilentlyContinue - if ($null -ne $classReference) - { - $AuthenticationContextsValues += $classReference.DisplayName - } + $AuthenticationContextsValues += $classReference.DisplayName } } + } - $result = @{ - DisplayName = $Policy.DisplayName - Id = $Policy.Id - State = $Policy.State - IncludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.IncludeApplications) - #no translation of Application GUIDs, return empty string array if undefined - ExcludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.ExcludeApplications) - #no translation of GUIDs, return empty string array if undefined - IncludeUserActions = [System.String[]](@() + $Policy.Conditions.Applications.IncludeUserActions) - #no translation needed, return empty string array if undefined - IncludeUsers = $IncludeUsers - ExcludeUsers = $ExcludeUsers - IncludeGroups = $IncludeGroups - ExcludeGroups = $ExcludeGroups - IncludeRoles = $IncludeRoles - ExcludeRoles = $ExcludeRoles - IncludeGuestOrExternalUserTypes = [System.String[]]$IncludeGuestOrExternalUserTypes - IncludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind - IncludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) - - ExcludeGuestOrExternalUserTypes = [System.String[]]$ExcludeGuestOrExternalUserTypes - ExcludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind - ExcludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) - - IncludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.IncludePlatforms) - #no translation needed, return empty string array if undefined - ExcludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.ExcludePlatforms) - #no translation needed, return empty string array if undefined - IncludeLocations = $IncludeLocations - ExcludeLocations = $ExcludeLocations - - #no translation needed, return empty string array if undefined - DeviceFilterMode = [System.String]$Policy.Conditions.Devices.DeviceFilter.Mode - #no translation or conversion needed - DeviceFilterRule = [System.String]$Policy.Conditions.Devices.DeviceFilter.Rule - #no translation or conversion needed - UserRiskLevels = [System.String[]](@() + $Policy.Conditions.UserRiskLevels) - #no translation needed, return empty string array if undefined - SignInRiskLevels = [System.String[]](@() + $Policy.Conditions.SignInRiskLevels) - #no translation needed, return empty string array if undefined - ClientAppTypes = [System.String[]](@() + $Policy.Conditions.ClientAppTypes) - #no translation needed, return empty string array if undefined - GrantControlOperator = $Policy.GrantControls.Operator - #no translation or conversion needed - BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) - CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) - #no translation needed, return empty string array if undefined - ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled - #make false if undefined, true if true - CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled - #make false if undefined, true if true - CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType - #no translation needed, return empty string array if undefined - SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled - #make false if undefined, true if true - SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value - #no translation or conversion needed, $null returned if undefined - SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type - SignInFrequencyInterval = $SignInFrequencyIntervalValue - #no translation needed - PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled - #make false if undefined, true if true - PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode - #no translation needed - AuthenticationStrength = $AuthenticationStrengthValue - AuthenticationContexts = $AuthenticationContextsValues - #Standard part - TermsOfUse = $termOfUseName - Ensure = 'Present' - Credential = $Credential - ApplicationSecret = $ApplicationSecret - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $result = @{ + DisplayName = $Policy.DisplayName + Id = $Policy.Id + State = $Policy.State + IncludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.IncludeApplications) + #no translation of Application GUIDs, return empty string array if undefined + ExcludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.ExcludeApplications) + #no translation of GUIDs, return empty string array if undefined + IncludeUserActions = [System.String[]](@() + $Policy.Conditions.Applications.IncludeUserActions) + #no translation needed, return empty string array if undefined + IncludeUsers = $IncludeUsers + ExcludeUsers = $ExcludeUsers + IncludeGroups = $IncludeGroups + ExcludeGroups = $ExcludeGroups + IncludeRoles = $IncludeRoles + ExcludeRoles = $ExcludeRoles + IncludeGuestOrExternalUserTypes = [System.String[]]$IncludeGuestOrExternalUserTypes + IncludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind + IncludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) + + ExcludeGuestOrExternalUserTypes = [System.String[]]$ExcludeGuestOrExternalUserTypes + ExcludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind + ExcludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) + + IncludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.IncludePlatforms) + #no translation needed, return empty string array if undefined + ExcludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.ExcludePlatforms) + #no translation needed, return empty string array if undefined + IncludeLocations = $IncludeLocations + ExcludeLocations = $ExcludeLocations + + #no translation needed, return empty string array if undefined + DeviceFilterMode = [System.String]$Policy.Conditions.Devices.DeviceFilter.Mode + #no translation or conversion needed + DeviceFilterRule = [System.String]$Policy.Conditions.Devices.DeviceFilter.Rule + #no translation or conversion needed + UserRiskLevels = [System.String[]](@() + $Policy.Conditions.UserRiskLevels) + #no translation needed, return empty string array if undefined + SignInRiskLevels = [System.String[]](@() + $Policy.Conditions.SignInRiskLevels) + #no translation needed, return empty string array if undefined + ClientAppTypes = [System.String[]](@() + $Policy.Conditions.ClientAppTypes) + #no translation needed, return empty string array if undefined + GrantControlOperator = $Policy.GrantControls.Operator + #no translation or conversion needed + BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) + CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) + #no translation needed, return empty string array if undefined + ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled + #make false if undefined, true if true + CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled + #make false if undefined, true if true + CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType + #no translation needed, return empty string array if undefined + SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled + #make false if undefined, true if true + SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value + #no translation or conversion needed, $null returned if undefined + SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type + SignInFrequencyInterval = $SignInFrequencyIntervalValue + #no translation needed + PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled + #make false if undefined, true if true + PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + #no translation needed + AuthenticationStrength = $AuthenticationStrengthValue + AuthenticationContexts = $AuthenticationContextsValues + #Standard part + TermsOfUse = $termOfUseName + Ensure = 'Present' + Credential = $Credential + ApplicationSecret = $ApplicationSecret + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } function Set-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index af02b7fa1f..43014de36b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -92,8 +92,14 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction SilentlyContinue - + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction Stop + } + catch + { + $getValue = $null + } if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Id {$Id}" @@ -104,14 +110,18 @@ function Get-TargetResource -Filter "Name eq '$Name' and Platforms eq 'windows10'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript {[String]::IsNullOrWhiteSpace($_.TemplateReference.TemplateId)} - if ($null -ne $getValue) + if ($getValue.count -gt 1) + { + throw "Error: The displayName {$Name} is not unique in the tenant`r`nEnsure the display Name is unique for this type of resource." + } + if (-not [string]::IsNullOrEmpty($getValue.id)) { $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $getValue.id -ExpandProperty 'settings' -ErrorAction SilentlyContinue } } } #endregion - if ($null -eq $getValue) + if ([string]::IsNullOrEmpty($getValue.id)) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Name {$Name}" return $nullResult From 59d2b52655ae484cc1fdf3a3fab19d66c180e593 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Thu, 14 Dec 2023 18:56:09 +0000 Subject: [PATCH 02/26] removed duplicated $getValue initialisation --- .../MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index 43014de36b..a9f1efca80 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -90,7 +90,6 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - $getValue = $null #region resource generator code try { From a46f6d4b26b63ce8f6fc66df8f26a568c3a2dc87 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 11:37:16 +0100 Subject: [PATCH 03/26] error handling --- CHANGELOG.md | 6 ++ .../MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 | 59 +++++++++++-------- 2 files changed, 39 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6941317806..bd7da96c34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* TeamsChannel + * Add error handling if GroupId of a team is null + FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) + # 1.23.1227.1 * EXOAntiPhishPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 990cec49d6..99cd1302ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -385,34 +385,41 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline foreach ($team in $Teams) { - $channels = Get-TeamChannel -GroupId $team.GroupId - $i = 1 - Write-Host " |---[$j/$($Teams.Length)] Team {$($team.DisplayName)}" - foreach ($channel in $channels) + if($null -ne $team.GroupId) { - Write-Host " |---[$i/$($channels.Length)] $($channel.DisplayName)" -NoNewline - $params = @{ - TeamName = $team.DisplayName - GroupId = $team.GroupId - DisplayName = $channel.DisplayName - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Credential = $Credential + $channels = Get-TeamChannel -GroupId $team.GroupId + $i = 1 + Write-Host " |---[$j/$($Teams.Length)] Team {$($team.DisplayName)}" + foreach ($channel in $channels) + { + Write-Host " |---[$i/$($channels.Length)] $($channel.DisplayName)" -NoNewline + $params = @{ + TeamName = $team.DisplayName + GroupId = $team.GroupId + DisplayName = $channel.DisplayName + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + } + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark } - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host " |---[$j/$($Teams.Length)] Team has no GroupId and will be skipped" } $j++ } From be93efbbbe8d05ec6bc5fdb43cd1b2e939f24711 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 15:18:52 +0100 Subject: [PATCH 04/26] remove deprecated DLP parameters --- CHANGELOG.md | 6 +++ .../MSFT_EXOTransportRule.psm1 | 51 +++++++++++-------- .../MSFT_EXOTransportRule.schema.mof | 10 ++-- 3 files changed, 42 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6941317806..a3bc2eafb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* EXOTransportRule + * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) + FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) + # 1.23.1227.1 * EXOAntiPhishPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index 1b06918414..f63d1ef672 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -294,7 +294,7 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -327,7 +327,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -463,7 +463,7 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -496,7 +496,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -523,7 +523,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] @@ -861,7 +861,6 @@ function Get-TargetResource ExceptIfFromScope = $TransportRule.ExceptIfFromScope ExceptIfHasClassification = $TransportRule.ExceptIfHasClassification ExceptIfHasNoClassification = $TransportRule.ExceptIfHasNoClassification - ExceptIfHasSenderOverride = $TransportRule.ExceptIfHasSenderOverride ExceptIfHeaderContainsMessageHeader = $TransportRule.ExceptIfHeaderContainsMessageHeader ExceptIfHeaderContainsWords = $TransportRule.ExceptIfHeaderContainsWords ExceptIfHeaderMatchesMessageHeader = $TransportRule.ExceptIfHeaderMatchesMessageHeader @@ -869,7 +868,6 @@ function Get-TargetResource ExceptIfManagerAddresses = $TransportRule.ExceptIfManagerAddresses ExceptIfManagerForEvaluatedUser = $TransportRule.ExceptIfManagerForEvaluatedUser ExceptIfMessageTypeMatches = $TransportRule.ExceptIfMessageTypeMatches - ExceptIfMessageContainsDataClassifications = $TransportRule.ExceptIfMessageContainsDataClassifications ExceptIfMessageSizeOver = $TransportRule.ExceptIfMessageSizeOver ExceptIfRecipientADAttributeContainsWords = $TransportRule.ExceptIfRecipientADAttributeContainsWords ExceptIfRecipientADAttributeMatchesPatterns = $TransportRule.ExceptIfRecipientADAttributeMatchesPatterns @@ -902,7 +900,6 @@ function Get-TargetResource GenerateNotification = $TransportRule.GenerateNotification HasClassification = $TransportRule.HasClassification HasNoClassification = $TransportRule.HasNoClassification - HasSenderOverride = $TransportRule.HasSenderOverride HeaderContainsMessageHeader = $TransportRule.HeaderContainsMessageHeader HeaderContainsWords = $TransportRule.HeaderContainsWords HeaderMatchesMessageHeader = $TransportRule.HeaderMatchesMessageHeader @@ -910,13 +907,11 @@ function Get-TargetResource IncidentReportContent = $TransportRule.IncidentReportContent ManagerAddresses = $TransportRule.ManagerAddresses ManagerForEvaluatedUser = $TransportRule.ManagerForEvaluatedUser - MessageContainsDataClassifications = $MessageContainsDataClassificationsValue MessageSizeOver = $TransportRule.MessageSizeOver MessageTypeMatches = $TransportRule.MessageTypeMatches Mode = $TransportRule.Mode ModerateMessageByManager = $TransportRule.ModerateMessageByManager ModerateMessageByUser = $TransportRule.ModerateMessageByUser - NotifySender = $TransportRule.NotifySender PrependSubject = $TransportRule.PrependSubject Priority = $TransportRule.Priority Quarantine = $TransportRule.Quarantine @@ -1279,7 +1274,7 @@ function Set-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -1312,7 +1307,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -1448,7 +1443,7 @@ function Set-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -1481,7 +1476,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -1508,7 +1503,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] @@ -1749,6 +1744,22 @@ function Set-TargetResource $NewTransportRuleParams.Remove('CertificatePassword') | Out-Null $NewTransportRuleParams.Remove('ManagedIdentity') | Out-Null + # check for deprecated DLP parameters and remove them + if ($NewTransportRuleParams.ContainsKey('MessageContainsDataClassifications') + -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') + -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') + -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') + -or $NewTransportRuleParams.ContainsKey('NotifySender')) + { + $NewTransportRuleParams.Remove('MessageContainsDataClassifications') | Out-Null + $NewTransportRuleParams.Remove('ExceptIfMessageContainsDataClassifications') | Out-Null + $NewTransportRuleParams.Remove('HasSenderOverride') | Out-Null + $NewTransportRuleParams.Remove('ExceptIfHasSenderOverride') | Out-Null + $NewTransportRuleParams.Remove('NotifySender') | Out-Null + + Write-Verbose -Message "DEPRECATED - The DLP parameters (MessageContainsDataClassifications, ExceptIfMessageContainsDataClassifications, ExceptIfHasSenderOverride, HasSenderOverride and NotifySender) are deprecated and will be ignored." + } + $SetTransportRuleParams = $NewTransportRuleParams.Clone() $SetTransportRuleParams.Add('Identity', $Name) $SetTransportRuleParams.Remove('Enabled') | Out-Null @@ -2072,7 +2083,7 @@ function Test-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -2105,7 +2116,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -2241,7 +2252,7 @@ function Test-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -2274,7 +2285,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -2301,7 +2312,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof index 719d45221a..d97a4e60e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof @@ -71,7 +71,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders."), ValueMap{"InOrganization","NotInOrganization"}, Values{"InOrganization","NotInOrganization"}] String ExceptIfFromScope; [Write, Description("The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification.")] String ExceptIfHasClassification; [Write, Description("The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications.")] Boolean ExceptIfHasNoClassification; - [Write, Description("The ExceptIfHasSenderOverride parameter specifies an exception that looks for messages where the sender chose to override a DLP policy.")] Boolean ExceptIfHasSenderOverride; + [Write, Description("DEPRECATED")] Boolean ExceptIfHasSenderOverride; [Write, Description("The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter.")] String ExceptIfHeaderContainsMessageHeader; [Write, Description("The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field.")] String ExceptIfHeaderContainsWords[]; [Write, Description("The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter.")] String ExceptIfHeaderMatchesMessageHeader; @@ -79,7 +79,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ExceptIfManagerAddresses[]; [Write, Description("The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.")] String ExceptIfManagerForEvaluatedUser; [Write, Description("The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String ExceptIfMessageTypeMatches; - [Write, Description("The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments.")] String ExceptIfMessageContainsDataClassifications[]; + [Write, Description("DEPRECATED")] String ExceptIfMessageContainsDataClassifications[]; [Write, Description("The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ")] String ExceptIfMessageSizeOver; [Write, Description("The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.")] String ExceptIfRecipientADAttributeContainsWords[]; [Write, Description("The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.")] String ExceptIfRecipientADAttributeMatchesPatterns[]; @@ -112,7 +112,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The GenerateNotification parameter specifies an action that sends a notification message to recipients.")] String GenerateNotification; [Write, Description("The HasClassification parameter specifies a condition that looks for messages with the specified message classification.")] String HasClassification; [Write, Description("The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications.")] Boolean HasNoClassification; - [Write, Description("The HasSenderOverride parameter specifies a condition that looks for messages where the sender chose to override a DLP policy.")] Boolean HasSenderOverride; + [Write, Description("DEPRECATED")] Boolean HasSenderOverride; [Write, Description("The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter.")] String HeaderContainsMessageHeader; [Write, Description("The HeaderContainsWords parameter specifies a condition that looks for words in a header field.")] String HeaderContainsWords[]; [Write, Description("The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.")] String HeaderMatchesMessageHeader; @@ -120,13 +120,13 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. ")] String IncidentReportContent[]; [Write, Description("The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ManagerAddresses[]; [Write, Description("The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients."), ValueMap{"Recipient","Sender"}, Values{"Recipient","Sender"}] String ManagerForEvaluatedUser; - [Write, Description("The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments.")] String MessageContainsDataClassifications[]; + [Write, Description("DEPRECATED")] String MessageContainsDataClassifications[]; [Write, Description("The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.")] String MessageSizeOver; [Write, Description("The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String MessageTypeMatches; [Write, Description("The Mode parameter specifies how the rule operates."), ValueMap{"Audit","AuditAndNotify","Enforce"}, Values{"Audit","AuditAndNotify","Enforce"}] String Mode; [Write, Description("The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute.")] Boolean ModerateMessageByManager; [Write, Description("The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users.")] String ModerateMessageByUser[]; - [Write, Description("The NotifySender parameter specifies an action that notifies the sender when messages violate DLP policies."), ValueMap{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}, Values{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}] String NotifySender; + [Write, Description("DEPRECATED"), ValueMap{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}, Values{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}] String NotifySender; [Write, Description("The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages.")] String PrependSubject; [Write, Description("The Priority parameter specifies a priority value for the rule that determines the order of rule processing.")] String Priority; [Write, Description("The Quarantine parameter specifies an action that quarantines messages.")] Boolean Quarantine; From bd627122bfc5313dd59570645fe9c106f1d3c76b Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 15:36:08 +0100 Subject: [PATCH 05/26] . --- .../MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index f63d1ef672..726c860b29 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -1745,10 +1745,10 @@ function Set-TargetResource $NewTransportRuleParams.Remove('ManagedIdentity') | Out-Null # check for deprecated DLP parameters and remove them - if ($NewTransportRuleParams.ContainsKey('MessageContainsDataClassifications') - -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') - -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') - -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') + if ($NewTransportRuleParams.ContainsKey('MessageContainsDataClassifications') ` + -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') ` + -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') ` + -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') ` -or $NewTransportRuleParams.ContainsKey('NotifySender')) { $NewTransportRuleParams.Remove('MessageContainsDataClassifications') | Out-Null From 37b0b2a44fe36032673885d5385ef03fcb3df6ed Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 2 Jan 2024 16:08:48 +0100 Subject: [PATCH 06/26] Updated various parameter descriptions to improve documentation --- CHANGELOG.md | 19 +++ .../MSFT_EXOInboundConnector.schema.mof | 4 +- .../MSFT_EXOMailTips.schema.mof | 4 +- .../MSFT_EXOOutboundConnector.schema.mof | 16 +-- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 6 + ...eDeviceConfigurationPolicyMacOS.schema.mof | 122 +++++++++--------- .../MSFT_O365AdminAuditLogConfig.schema.mof | 2 +- .../MSFT_O365Group/MSFT_O365Group.schema.mof | 2 +- ...SFT_O365OrgCustomizationSetting.schema.mof | 2 +- .../MSFT_SPOTenantSettings.schema.mof | 10 +- .../MSFT_TeamsFeedbackPolicy.psm1 | 3 + .../MSFT_TeamsFeedbackPolicy.schema.mof | 14 +- .../MSFT_TeamsMobilityPolicy.schema.mof | 2 +- .../MSFT_TeamsNetworkRoamingPolicy.schema.mof | 2 +- 14 files changed, 118 insertions(+), 90 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6941317806..ae72dacf41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Change log for Microsoft365DSC +# Unreleased + +* EXOInboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. +* EXOMailTips + * Added parameter descriptions for better documentation +* EXOOutboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. +* IntuneDeviceConfigurationPolicyMacOS + * Added parameter descriptions for better documentation +* SPOTenantSettings + * Added parameter descriptions for better documentation +* TeamsFeedbackPolicy + * Added parameter descriptions for better documentation +* TeamsMobilityPolicy + * Added parameter descriptions for better documentation +* TeamsNetworkRoamingPolicy + * Added parameter descriptions for better documentation + # 1.23.1227.1 * EXOAntiPhishPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof index cc46b7a7a3..0f6c1123b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof @@ -4,9 +4,9 @@ class MSFT_EXOInboundConnector : OMI_BaseResource { [Key, Description("The Identity parameter specifies the outbound connector that you want to modify.")] String Identity; [Write, Description("The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com.")] String AssociatedAcceptedDomains[]; - [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false")] Boolean CloudServicesMailEnabled; + [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!")] Boolean CloudServicesMailEnabled; [Write, Description("The Comment parameter specifies an optional comment.")] String Comment; - [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; + [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises"),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; [Write, Description("The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.")] String EFSkipIPs[]; [Write, Description("The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors.")] Boolean EFSkipLastIP; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof index ad76daaf7d..070d9c825d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof @@ -2,13 +2,13 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOMailTips")] class MSFT_EXOMailTips : OMI_BaseResource { - [Key] String Organization; + [Key, Description("Specify the name of your organization.")] String Organization; [Write, Description("Specifies whether MailTips are enabled.")] Boolean MailTipsAllTipsEnabled; [Write, Description("Specifies whether MailTips that rely on group metrics data are enabled.")] Boolean MailTipsGroupMetricsEnabled; [Write, Description("Specifies what a large audience is.")] UInt32 MailTipsLargeAudienceThreshold; [Write, Description("Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.")] Boolean MailTipsMailboxSourcedTipsEnabled; [Write, Description("Specifies whether MailTips for external recipients are enabled.")] Boolean MailTipsExternalRecipientsTipsEnabled; - [Write, ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Specifies if this MailTip should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof index 6af4a83d19..8f6b555c4b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof @@ -6,18 +6,18 @@ class MSFT_EXOOutboundConnector : OMI_BaseResource [Write, Description("Specifies whether connector is enabled.")] Boolean Enabled; [Write, Description("Specifies whether connector should use MXRecords for target resolution.")] Boolean UseMXRecord; [Write, Description("The Comment parameter specifies an optional comment.")] String Comment; - [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard "), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; - [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises"),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; + [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; + [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector."),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; [Write, Description("The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas.")] String RecipientDomains[]; [Write, Description("The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line.")] String SmartHosts[]; [Write, Description("The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com")] String TlsDomain; - [Write, Description("The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. Valid values are:EncryptionOnly | CertificateValidation | DomainValidation"), ValueMap{"EncryptionOnly","CertificateValidation","DomainValidation"}, Values{"EncryptionOnly","CertificateValidation","DomainValidation"}] String TlsSettings; - [Write, Description("The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). Valid values are: $true | $false")] Boolean IsTransportRuleScoped; - [Write, Description("The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). Valid values are: $true | $false")] Boolean RouteAllMessagesViaOnPremises; - [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false")] Boolean CloudServicesMailEnabled; - [Write, Description("The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. Valid values are: $true | $false (default)")] Boolean AllAcceptedDomains; + [Write, Description("The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector."), ValueMap{"EncryptionOnly","CertificateValidation","DomainValidation"}, Values{"EncryptionOnly","CertificateValidation","DomainValidation"}] String TlsSettings; + [Write, Description("The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).")] Boolean IsTransportRuleScoped; + [Write, Description("The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting).")] Boolean RouteAllMessagesViaOnPremises; + [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!")] Boolean CloudServicesMailEnabled; + [Write, Description("The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.")] Boolean AllAcceptedDomains; [Write, Description("The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system.")] Boolean SenderRewritingEnabled; - [Write, Description("The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. Valid values are: $true | $false (default)")] Boolean TestMode; + [Write, Description("The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.")] Boolean TestMode; [Write, Description("The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas.")] String ValidationRecipients[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index fb518d0651..5936b4ac81 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1,3 +1,9 @@ +# More information on the properties can be found here: +# - https://learn.microsoft.com/en-us/graph/api/intune-deviceconfig-macosgeneraldeviceconfiguration-create?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applistitem?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-macosprivacyaccesscontrolitem?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-macosappleeventreceiver?view=graph-rest-beta + function Get-TargetResource { [CmdletBinding()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 496c10318c..02cf9eaed4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -11,59 +11,59 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphapplistitemMacOS { - [Write, Description(""), ValueMap{"#microsoft.graph.appleAppListItem"}, Values{"#microsoft.graph.appleAppListItem"}] String odataType; - [Write, Description("")] String appId; - [Write, Description("")] String appStoreUrl; - [Write, Description("")] String name; - [Write, Description("")] String publisher; + [Write, Description("Specify the odataType"), ValueMap{"#microsoft.graph.appleAppListItem"}, Values{"#microsoft.graph.appleAppListItem"}] String odataType; + [Write, Description("The application or bundle identifier of the application")] String appId; + [Write, Description("The Store URL of the application")] String appStoreUrl; + [Write, Description("The application name")] String name; + [Write, Description("The publisher of the application")] String publisher; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String accessibility; - [Write, Description("Blocks iCloud from syncing contacts."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String addressBook; - [Write, Description(""), EmbeddedInstance("MSFT_MicrosoftGraphmacosappleeventreceiver")] String appleEventsAllowedReceivers[]; - [Write, Description("")] Boolean blockCamera; - [Write, Description("")] Boolean blockListenEvent; - [Write, Description("")] Boolean blockMicrophone; - [Write, Description("")] Boolean blockScreenCapture; - [Write, Description("Blocks iCloud from syncing calendars."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String calendar; - [Write, Description("")] String codeRequirement; - [Write, Description("")] String displayName; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String fileProviderPresence; - [Write, Description("")] String identifier; - [Write, Description(""), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String mediaLibrary; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String photos; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String postEvent; - [Write, Description("Blocks iCloud from syncing reminders."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String reminders; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String speechRecognition; - [Write, Description("")] Boolean staticCodeValidation; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyAllFiles; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDesktopFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDocumentsFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDownloadsFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyNetworkVolumes; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyRemovableVolumes; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicySystemAdminFiles; + [Write, Description("Allow the app or process to control the Mac via the Accessibility subsystem."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String accessibility; + [Write, Description("Allow or block access to contact information managed by Contacts."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String addressBook; + [Write, Description("Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process."), EmbeddedInstance("MSFT_MicrosoftGraphmacosappleeventreceiver")] String appleEventsAllowedReceivers[]; + [Write, Description("Block access to camera app.")] Boolean blockCamera; + [Write, Description("Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.")] Boolean blockListenEvent; + [Write, Description("Block access to microphone.")] Boolean blockMicrophone; + [Write, Description("Block app from capturing contents of system display. Requires macOS 10.15 or later.")] Boolean blockScreenCapture; + [Write, Description("Allow or block access to event information managed by Calendar."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String calendar; + [Write, Description("Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'.")] String codeRequirement; + [Write, Description("The display name of the app, process, or executable.")] String displayName; + [Write, Description("Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String fileProviderPresence; + [Write, Description("The bundle ID or path of the app, process, or executable.")] String identifier; + [Write, Description("A bundle ID is used to identify an app. A path is used to identify a process or executable."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; + [Write, Description("Allow or block access to music and the media library."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String mediaLibrary; + [Write, Description("Allow or block access to images managed by Photos."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String photos; + [Write, Description("Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String postEvent; + [Write, Description("Allow or block access to information managed by Reminders."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String reminders; + [Write, Description("Allow or block access to system speech recognition facility."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String speechRecognition; + [Write, Description("Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.")] Boolean staticCodeValidation; + [Write, Description("Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyAllFiles; + [Write, Description("Allow or block access to Desktop folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDesktopFolder; + [Write, Description("Allow or block access to Documents folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDocumentsFolder; + [Write, Description("Allow or block access to Downloads folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDownloadsFolder; + [Write, Description("Allow or block access to network volumes. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyNetworkVolumes; + [Write, Description("Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyRemovableVolumes; + [Write, Description("Allow app or process to access files used in system administration."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicySystemAdminFiles; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphmacosappleeventreceiver { - [Write, Description("")] Boolean allowed; - [Write, Description("")] String codeRequirement; - [Write, Description("")] String identifier; - [Write, Description(""), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; + [Write, Description("Allow or block this app from receiving Apple events.")] Boolean allowed; + [Write, Description("Code requirement for the app or binary that receives the Apple Event.")] String codeRequirement; + [Write, Description("Bundle ID of the app or file path of the process or executable that receives the Apple Event.")] String identifier; + [Write, Description("Use bundle ID for an app or path for a process or executable that receives the Apple Event."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyMacOS")] class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("")] String Id; - [Key, Description("")] String DisplayName; - [Write, Description("")] String Description; - [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; - [Write, Description("")] Boolean AirDropBlocked; + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.")] Boolean AddingGameCenterFriendsBlocked; + [Write, Description("Configures whether or not to allow AirDrop.")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; [Write, Description("Blocks users from taking photographs and videos.")] Boolean CameraBlocked; [Write, Description("Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots.")] Boolean ClassroomAppBlockRemoteScreenObservation; @@ -72,12 +72,12 @@ class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource [Write, Description("Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.")] Boolean ClassroomForceRequestPermissionToLeaveClasses; [Write, Description("Teachers can lock a student's device or app without the student's approval.")] Boolean ClassroomForceUnpromptedAppAndDeviceLock; [Write, Description("Device compliance can be viewed in the Restricted Apps Compliance report."), ValueMap{"none","appsInListCompliant","appsNotInListCompliant"}, Values{"none","appsInListCompliant","appsNotInListCompliant"}] String CompliantAppListType; - [Write, Description(" "), EmbeddedInstance("MSFT_MicrosoftGraphapplistitemMacOS")] String CompliantAppsList[]; - [Write, Description("")] Boolean ContentCachingBlocked; + [Write, Description("List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType)."), EmbeddedInstance("MSFT_MicrosoftGraphapplistitemMacOS")] String CompliantAppsList[]; + [Write, Description("Configures whether or not to allow content caching.")] Boolean ContentCachingBlocked; [Write, Description("Block look up, a feature that looks up the definition of a highlighted word.")] Boolean DefinitionLookupBlocked; [Write, Description("Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. ")] String EmailInDomainSuffixes[]; - [Write, Description("")] Boolean EraseContentAndSettingsBlocked; - [Write, Description("")] Boolean GameCenterBlocked; + [Write, Description("Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.")] Boolean EraseContentAndSettingsBlocked; + [Write, Description("Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.")] Boolean GameCenterBlocked; [Write, Description("Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.")] Boolean ICloudBlockActivityContinuation; [Write, Description("Blocks iCloud from syncing contacts.")] Boolean ICloudBlockAddressBook; [Write, Description("Blocks iCloud from syncing bookmarks.")] Boolean ICloudBlockBookmarks; @@ -87,40 +87,40 @@ class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource [Write, Description("Blocks iCloud from syncing notes.")] Boolean ICloudBlockNotes; [Write, Description("Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.")] Boolean ICloudBlockPhotoLibrary; [Write, Description("Blocks iCloud from syncing reminders.")] Boolean ICloudBlockReminders; - [Write, Description("")] Boolean ICloudDesktopAndDocumentsBlocked; - [Write, Description("")] Boolean ICloudPrivateRelayBlocked; + [Write, Description("Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.")] Boolean ICloudDesktopAndDocumentsBlocked; + [Write, Description("Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.")] Boolean ICloudPrivateRelayBlocked; [Write, Description("Blocks files from being transferred using iTunes.")] Boolean ITunesBlockFileSharing; - [Write, Description("")] Boolean ITunesBlockMusicService; + [Write, Description("Configures whether or not to block files from being transferred using iTunes.")] Boolean ITunesBlockMusicService; [Write, Description("Block dictation, which is a feature that converts the user's voice to text.")] Boolean KeyboardBlockDictation; [Write, Description("Disables syncing credentials stored in the Keychain to iCloud")] Boolean KeychainBlockCloudSync; - [Write, Description("")] Boolean MultiplayerGamingBlocked; - [Write, Description("")] Boolean PasswordBlockAirDropSharing; - [Write, Description("")] Boolean PasswordBlockAutoFill; + [Write, Description("Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.")] Boolean MultiplayerGamingBlocked; + [Write, Description("Configures whether or not to block sharing passwords with the AirDrop passwords feature.")] Boolean PasswordBlockAirDropSharing; + [Write, Description("Configures whether or not to block the AutoFill Passwords feature.")] Boolean PasswordBlockAutoFill; [Write, Description("Requires user to set a non-biometric passcode or password to unlock the device.")] Boolean PasswordBlockFingerprintUnlock; [Write, Description("Blocks user from changing the set passcode.")] Boolean PasswordBlockModification; - [Write, Description("")] Boolean PasswordBlockProximityRequests; + [Write, Description("Configures whether or not to block requesting passwords from nearby devices.")] Boolean PasswordBlockProximityRequests; [Write, Description("Block simple password sequences, such as 1234 or 1111.")] Boolean PasswordBlockSimple; [Write, Description("Number of days until device password must be changed. (1-65535)")] UInt32 PasswordExpirationDays; - [Write, Description("")] UInt32 PasswordMaximumAttemptCount; + [Write, Description("Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11")] UInt32 PasswordMaximumAttemptCount; [Write, Description("Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.")] UInt32 PasswordMinimumCharacterSetCount; [Write, Description("Minimum number of digits or characters in password (4-16).")] UInt32 PasswordMinimumLength; [Write, Description("Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeLock; [Write, Description("Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeScreenTimeout; - [Write, Description("")] UInt32 PasswordMinutesUntilFailedLoginReset; + [Write, Description("Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.")] UInt32 PasswordMinutesUntilFailedLoginReset; [Write, Description("Number of new passwords that must be used until an old one can be reused. (1-24)")] UInt32 PasswordPreviousPasswordBlockCount; - [Write, Description(" Specify the type of password required.")] Boolean PasswordRequired; + [Write, Description("Specify the type of password required.")] Boolean PasswordRequired; [Write, Description("Specify the type of password required."), ValueMap{"deviceDefault","alphanumeric","numeric"}, Values{"deviceDefault","alphanumeric","numeric"}] String PasswordRequiredType; [Write, Description("Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later."), EmbeddedInstance("MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem")] String PrivacyAccessControls[]; [Write, Description("Blocks Safari from remembering what users enter in web forms.")] Boolean SafariBlockAutofill; - [Write, Description("")] Boolean ScreenCaptureBlocked; - [Write, Description("")] UInt32 SoftwareUpdateMajorOSDeferredInstallDelayInDays; - [Write, Description("")] UInt32 SoftwareUpdateMinorOSDeferredInstallDelayInDays; - [Write, Description("")] UInt32 SoftwareUpdateNonOSDeferredInstallDelayInDays; + [Write, Description("Configures whether or not to block the user from taking Screenshots.")] Boolean ScreenCaptureBlocked; + [Write, Description("Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMajorOSDeferredInstallDelayInDays; + [Write, Description("Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMinorOSDeferredInstallDelayInDays; + [Write, Description("Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateNonOSDeferredInstallDelayInDays; [Write, Description("Delay the user's software update for this many days. The maximum is 90 days. (1-90)")] UInt32 SoftwareUpdatesEnforcedDelayInDays; [Write, Description("Blocks Spotlight from returning any results from an Internet search")] Boolean SpotlightBlockInternetResults; - [Write, Description("")] UInt32 TouchIdTimeoutInHours; - [Write, Description(""), ValueMap{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}, Values{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}] String UpdateDelayPolicy[]; - [Write, Description("")] Boolean WallpaperModificationBlocked; + [Write, Description("Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647")] UInt32 TouchIdTimeoutInHours; + [Write, Description("Configures whether to delay OS and/or app updates for macOS."), ValueMap{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}, Values{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}] String UpdateDelayPolicy[]; + [Write, Description("Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.")] Boolean WallpaperModificationBlocked; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof index d7e5535712..6cba94f8a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof @@ -4,7 +4,7 @@ class MSFT_O365AdminAuditLogConfig : OMI_BaseResource [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write,Description("'Present' is the only value accepted."),ValueMap{"Present"},Values{"Present"}] string Ensure; [Required, Description("Determins if Unified Audit Log Ingestion is enabled"),ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] string UnifiedAuditLogIngestionEnabled; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof index 6b470ca165..0e5417dc50 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof @@ -7,7 +7,7 @@ class MSFT_O365Group : OMI_BaseResource [Write, Description("The group's description.")] string Description; [Write, Description("Members of the group.")] string Members[]; [Write, Description("Present ensures the group exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; [Write, Description("Secret of the Azure Active Directory application used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof index 85239337bc..6b1fa5a53c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof @@ -3,7 +3,7 @@ class MSFT_O365OrgCustomizationSetting : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index f3a3b22494..ef55bc0421 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -12,11 +12,11 @@ class MSFT_SPOTenantSettings : OMI_BaseResource [Write, Description("Allow feedback via UserVoice.")] boolean UserVoiceForFeedbackEnabled; [Write, Description("Configure PublicCDN")] boolean PublicCdnEnabled; [Write, Description("Configure filetypes allowed for PublicCDN")] String PublicCdnAllowedFileTypes; - [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups")] boolean UseFindPeopleInPeoplePicker; - [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups")] boolean NotificationsInSharePointEnabled; - [Write, Description("")] boolean OwnerAnonymousNotification; - [Write, Description("")] boolean ApplyAppEnforcedRestrictionsToAdHocRecipients; - [Write, Description("")] boolean FilePickerExternalImageSearchEnabled; + [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups.")] boolean UseFindPeopleInPeoplePicker; + [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups.")] boolean NotificationsInSharePointEnabled; + [Write, Description("Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed.")] boolean OwnerAnonymousNotification; + [Write, Description("When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.")] boolean ApplyAppEnforcedRestrictionsToAdHocRecipients; + [Write, Description("Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images.")] boolean FilePickerExternalImageSearchEnabled; [Write, Description("Defines if the default themes are visible or hidden")] boolean HideDefaultThemes; [Write, Description("To enable or disable Sync button on Team sites")] boolean HideSyncButtonOnTeamSite; [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 index 20662f46da..9747cf0fba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 @@ -9,6 +9,7 @@ function Get-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, @@ -118,6 +119,7 @@ function Set-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, @@ -245,6 +247,7 @@ function Test-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof index 86829d0d21..cc4896cc6c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof @@ -1,13 +1,13 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsFeedbackPolicy")] class MSFT_TeamsFeedbackPolicy : OMI_BaseResource { - [Write, Description("")] String UserInitiatedMode; - [Write, Description("")] String ReceiveSurveysMode; - [Write, Description("")] Boolean AllowScreenshotCollection; - [Write, Description("")] Boolean AllowEmailCollection; - [Write, Description("")] Boolean AllowLogCollection; - [Write, Description("")] Boolean EnableFeatureSuggestions; - [Key, Description("")] String Identity; + [Key, Description("Specify the name of the Teams Feedback Policy.")] String Identity; + [Write, Description("Specifies if users are allowed to give feedback.")] String UserInitiatedMode; + [Write, Description("Specifies if users are allowed to receive the survey."), ValueMap{"Enabled","Disabled","EnabledUserOverride"}, Values{"Enabled","Disabled","EnabledUserOverride"}] String ReceiveSurveysMode; + [Write, Description("Specifies if Screenshot Collection is enabled or not.")] Boolean AllowScreenshotCollection; + [Write, Description("Specifies if Email Collection is enabled or not.")] Boolean AllowEmailCollection; + [Write, Description("Specifies if Log Collection is enabled or not.")] Boolean AllowLogCollection; + [Write, Description("Specifies if users are allowed to provide feature suggestions")] Boolean EnableFeatureSuggestions; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof index bf6729e732..75a9ae245a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsMobilityPolicy")] class MSFT_TeamsMobilityPolicy : OMI_BaseResource { - [Key, Description("Specify the name of the policy that you are creating.")] String Identity; + [Key, Description("Specify the name of the Teams Mobility Policy.")] String Identity; [Write, Description("Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.")] String Description; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPAudioMobileMode; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPVideoMobileMode; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof index 442bd5aad6..9997e9e405 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsNetworkRoamingPolicy")] class MSFT_TeamsNetworkRoamingPolicy : OMI_BaseResource { - [Key, Description("")] String Identity; + [Key, Description("Specify the name of the Teams Network Roaming Policy.")] String Identity; [Write, Description("Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.")] Boolean AllowIPVideo; [Write, Description("Description of the new policy to be created.")] String Description; [Write, Description("Determines the media bit rate for audio/video/app sharing transmissions in meetings.")] UInt64 MediaBitRateKb; From 5545afc10197a9feadd8ed5d498bd5a891353969 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 2 Jan 2024 16:26:08 +0100 Subject: [PATCH 07/26] Updated unit tests --- ...Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 index 65ef89ac0b..a9ad5088b1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 @@ -60,7 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -93,7 +93,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -106,7 +106,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -135,7 +135,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -148,7 +148,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -167,7 +167,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -180,7 +180,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $False - ReceiveSurveysMode = 'FakeStringValueDrift #Drift' + ReceiveSurveysMode = 'Disabled' AllowEmailCollection = $False UserInitiatedMode = 'FakeStringValueDrift #Drift' Identity = 'FakeStringValue' @@ -215,7 +215,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' From c7043ff9e9854292b8a9a13e4f89f8e5dc797c6a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 2 Jan 2024 15:31:00 +0000 Subject: [PATCH 08/26] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOTransportRule.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/docs/resources/exchange/EXOTransportRule.md b/docs/docs/resources/exchange/EXOTransportRule.md index 84632f4127..9d1aeb353d 100644 --- a/docs/docs/resources/exchange/EXOTransportRule.md +++ b/docs/docs/resources/exchange/EXOTransportRule.md @@ -74,7 +74,7 @@ | **ExceptIfFromScope** | Write | String | The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders. | `InOrganization`, `NotInOrganization` | | **ExceptIfHasClassification** | Write | String | The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification. | | | **ExceptIfHasNoClassification** | Write | Boolean | The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications. | | -| **ExceptIfHasSenderOverride** | Write | Boolean | The ExceptIfHasSenderOverride parameter specifies an exception that looks for messages where the sender chose to override a DLP policy. | | +| **ExceptIfHasSenderOverride** | Write | Boolean | DEPRECATED | | | **ExceptIfHeaderContainsMessageHeader** | Write | String | The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter. | | | **ExceptIfHeaderContainsWords** | Write | StringArray[] | The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field. | | | **ExceptIfHeaderMatchesMessageHeader** | Write | String | The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter. | | @@ -82,7 +82,7 @@ | **ExceptIfManagerAddresses** | Write | StringArray[] | The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ExceptIfManagerForEvaluatedUser** | Write | String | The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients. | | | **ExceptIfMessageTypeMatches** | Write | String | The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | -| **ExceptIfMessageContainsDataClassifications** | Write | StringArray[] | The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments. | | +| **ExceptIfMessageContainsDataClassifications** | Write | StringArray[] | DEPRECATED | | | **ExceptIfMessageSizeOver** | Write | String | The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. | | | **ExceptIfRecipientADAttributeContainsWords** | Write | StringArray[] | The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients. | | | **ExceptIfRecipientADAttributeMatchesPatterns** | Write | StringArray[] | The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions. | | @@ -115,7 +115,7 @@ | **GenerateNotification** | Write | String | The GenerateNotification parameter specifies an action that sends a notification message to recipients. | | | **HasClassification** | Write | String | The HasClassification parameter specifies a condition that looks for messages with the specified message classification. | | | **HasNoClassification** | Write | Boolean | The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications. | | -| **HasSenderOverride** | Write | Boolean | The HasSenderOverride parameter specifies a condition that looks for messages where the sender chose to override a DLP policy. | | +| **HasSenderOverride** | Write | Boolean | DEPRECATED | | | **HeaderContainsMessageHeader** | Write | String | The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter. | | | **HeaderContainsWords** | Write | StringArray[] | The HeaderContainsWords parameter specifies a condition that looks for words in a header field. | | | **HeaderMatchesMessageHeader** | Write | String | The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter. | | @@ -123,13 +123,13 @@ | **IncidentReportContent** | Write | StringArray[] | The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. | | | **ManagerAddresses** | Write | StringArray[] | The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ManagerForEvaluatedUser** | Write | String | The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients. | `Recipient`, `Sender` | -| **MessageContainsDataClassifications** | Write | StringArray[] | The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments. | | +| **MessageContainsDataClassifications** | Write | StringArray[] | DEPRECATED | | | **MessageSizeOver** | Write | String | The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments. | | | **MessageTypeMatches** | Write | String | The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | | **Mode** | Write | String | The Mode parameter specifies how the rule operates. | `Audit`, `AuditAndNotify`, `Enforce` | | **ModerateMessageByManager** | Write | Boolean | The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute. | | | **ModerateMessageByUser** | Write | StringArray[] | The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users. | | -| **NotifySender** | Write | String | The NotifySender parameter specifies an action that notifies the sender when messages violate DLP policies. | `NotifyOnly`, `RejectMessage`, `RejectUnlessFalsePositiveOverride`, `RejectUnlessSilentOverride`, `RejectUnlessExplicitOverride` | +| **NotifySender** | Write | String | DEPRECATED | `NotifyOnly`, `RejectMessage`, `RejectUnlessFalsePositiveOverride`, `RejectUnlessSilentOverride`, `RejectUnlessExplicitOverride` | | **PrependSubject** | Write | String | The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages. | | | **Priority** | Write | String | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. | | | **Quarantine** | Write | Boolean | The Quarantine parameter specifies an action that quarantines messages. | | From 6d5dc19118a8e7567f215835a2fb39f1ad2c596e Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 2 Jan 2024 16:01:06 +0000 Subject: [PATCH 09/26] Updated Resources and Cmdlet documentation pages --- .../resources/exchange/EXOInboundConnector.md | 4 +- docs/docs/resources/exchange/EXOMailTips.md | 4 +- .../exchange/EXOOutboundConnector.md | 16 +-- .../IntuneDeviceConfigurationPolicyMacOS.md | 122 +++++++++--------- .../office365/O365AdminAuditLogConfig.md | 2 +- docs/docs/resources/office365/O365Group.md | 2 +- .../office365/O365OrgCustomizationSetting.md | 2 +- .../resources/sharepoint/SPOTenantSettings.md | 10 +- .../resources/teams/TeamsFeedbackPolicy.md | 14 +- .../resources/teams/TeamsMobilityPolicy.md | 2 +- .../teams/TeamsNetworkRoamingPolicy.md | 2 +- 11 files changed, 90 insertions(+), 90 deletions(-) diff --git a/docs/docs/resources/exchange/EXOInboundConnector.md b/docs/docs/resources/exchange/EXOInboundConnector.md index e78bbd243a..cd9a5b7152 100644 --- a/docs/docs/resources/exchange/EXOInboundConnector.md +++ b/docs/docs/resources/exchange/EXOInboundConnector.md @@ -6,9 +6,9 @@ | --- | --- | --- | --- | --- | | **Identity** | Key | String | The Identity parameter specifies the outbound connector that you want to modify. | | | **AssociatedAcceptedDomains** | Write | StringArray[] | The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com. | | -| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false | | +| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! | | | **Comment** | Write | String | The Comment parameter specifies an optional comment. | | -| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard | `Default`, `Migrated`, `HybridWizard` | +| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | `Default`, `Migrated`, `HybridWizard` | | **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises | `Partner`, `OnPremises` | | **EFSkipIPs** | Write | StringArray[] | The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false. | | | **EFSkipLastIP** | Write | Boolean | The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors. | | diff --git a/docs/docs/resources/exchange/EXOMailTips.md b/docs/docs/resources/exchange/EXOMailTips.md index bca289784c..c567d10c8e 100644 --- a/docs/docs/resources/exchange/EXOMailTips.md +++ b/docs/docs/resources/exchange/EXOMailTips.md @@ -4,13 +4,13 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Organization** | Key | String | | | +| **Organization** | Key | String | Specify the name of your organization. | | | **MailTipsAllTipsEnabled** | Write | Boolean | Specifies whether MailTips are enabled. | | | **MailTipsGroupMetricsEnabled** | Write | Boolean | Specifies whether MailTips that rely on group metrics data are enabled. | | | **MailTipsLargeAudienceThreshold** | Write | UInt32 | Specifies what a large audience is. | | | **MailTipsMailboxSourcedTipsEnabled** | Write | Boolean | Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled. | | | **MailTipsExternalRecipientsTipsEnabled** | Write | Boolean | Specifies whether MailTips for external recipients are enabled. | | -| **Ensure** | Write | String | | `Present`, `Absent` | +| **Ensure** | Write | String | Specifies if this MailTip should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | diff --git a/docs/docs/resources/exchange/EXOOutboundConnector.md b/docs/docs/resources/exchange/EXOOutboundConnector.md index f4e1ef0956..3848275f5d 100644 --- a/docs/docs/resources/exchange/EXOOutboundConnector.md +++ b/docs/docs/resources/exchange/EXOOutboundConnector.md @@ -8,18 +8,18 @@ | **Enabled** | Write | Boolean | Specifies whether connector is enabled. | | | **UseMXRecord** | Write | Boolean | Specifies whether connector should use MXRecords for target resolution. | | | **Comment** | Write | String | The Comment parameter specifies an optional comment. | | -| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard | `Default`, `Migrated`, `HybridWizard` | -| **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises | `Partner`, `OnPremises` | +| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | `Default`, `Migrated`, `HybridWizard` | +| **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. | `Partner`, `OnPremises` | | **RecipientDomains** | Write | StringArray[] | The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas. | | | **SmartHosts** | Write | StringArray[] | The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line. | | | **TlsDomain** | Write | String | The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com | | -| **TlsSettings** | Write | String | The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. Valid values are:EncryptionOnly | CertificateValidation | DomainValidation | `EncryptionOnly`, `CertificateValidation`, `DomainValidation` | -| **IsTransportRuleScoped** | Write | Boolean | The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). Valid values are: $true | $false | | -| **RouteAllMessagesViaOnPremises** | Write | Boolean | The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). Valid values are: $true | $false | | -| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false | | -| **AllAcceptedDomains** | Write | Boolean | The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. Valid values are: $true | $false (default) | | +| **TlsSettings** | Write | String | The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. | `EncryptionOnly`, `CertificateValidation`, `DomainValidation` | +| **IsTransportRuleScoped** | Write | Boolean | The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). | | +| **RouteAllMessagesViaOnPremises** | Write | Boolean | The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). | | +| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! | | +| **AllAcceptedDomains** | Write | Boolean | The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. | | | **SenderRewritingEnabled** | Write | Boolean | The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system. | | -| **TestMode** | Write | Boolean | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. Valid values are: $true | $false (default) | | +| **TestMode** | Write | Boolean | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. | | | **ValidationRecipients** | Write | StringArray[] | The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas. | | | **Ensure** | Write | String | Specifies if this Outbound connector should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md index bd1438f974..1992587186 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md @@ -4,11 +4,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | | | -| **DisplayName** | Key | String | | | -| **Description** | Write | String | | | -| **AddingGameCenterFriendsBlocked** | Write | Boolean | | | -| **AirDropBlocked** | Write | Boolean | | | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **AddingGameCenterFriendsBlocked** | Write | Boolean | Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later. | | +| **AirDropBlocked** | Write | Boolean | Configures whether or not to allow AirDrop. | | | **AppleWatchBlockAutoUnlock** | Write | Boolean | Blocks users from unlocking their Mac with Apple Watch. | | | **CameraBlocked** | Write | Boolean | Blocks users from taking photographs and videos. | | | **ClassroomAppBlockRemoteScreenObservation** | Write | Boolean | Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots. | | @@ -17,12 +17,12 @@ | **ClassroomForceRequestPermissionToLeaveClasses** | Write | Boolean | Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course. | | | **ClassroomForceUnpromptedAppAndDeviceLock** | Write | Boolean | Teachers can lock a student's device or app without the student's approval. | | | **CompliantAppListType** | Write | String | Device compliance can be viewed in the Restricted Apps Compliance report. | `none`, `appsInListCompliant`, `appsNotInListCompliant` | -| **CompliantAppsList** | Write | MSFT_MicrosoftGraphapplistitemMacOS[] | | | -| **ContentCachingBlocked** | Write | Boolean | | | +| **CompliantAppsList** | Write | MSFT_MicrosoftGraphapplistitemMacOS[] | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). | | +| **ContentCachingBlocked** | Write | Boolean | Configures whether or not to allow content caching. | | | **DefinitionLookupBlocked** | Write | Boolean | Block look up, a feature that looks up the definition of a highlighted word. | | | **EmailInDomainSuffixes** | Write | StringArray[] | Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. | | -| **EraseContentAndSettingsBlocked** | Write | Boolean | | | -| **GameCenterBlocked** | Write | Boolean | | | +| **EraseContentAndSettingsBlocked** | Write | Boolean | Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later. | | +| **GameCenterBlocked** | Write | Boolean | Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later. | | | **ICloudBlockActivityContinuation** | Write | Boolean | Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later. | | | **ICloudBlockAddressBook** | Write | Boolean | Blocks iCloud from syncing contacts. | | | **ICloudBlockBookmarks** | Write | Boolean | Blocks iCloud from syncing bookmarks. | | @@ -32,40 +32,40 @@ | **ICloudBlockNotes** | Write | Boolean | Blocks iCloud from syncing notes. | | | **ICloudBlockPhotoLibrary** | Write | Boolean | Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage. | | | **ICloudBlockReminders** | Write | Boolean | Blocks iCloud from syncing reminders. | | -| **ICloudDesktopAndDocumentsBlocked** | Write | Boolean | | | -| **ICloudPrivateRelayBlocked** | Write | Boolean | | | +| **ICloudDesktopAndDocumentsBlocked** | Write | Boolean | Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later. | | +| **ICloudPrivateRelayBlocked** | Write | Boolean | Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later. | | | **ITunesBlockFileSharing** | Write | Boolean | Blocks files from being transferred using iTunes. | | -| **ITunesBlockMusicService** | Write | Boolean | | | +| **ITunesBlockMusicService** | Write | Boolean | Configures whether or not to block files from being transferred using iTunes. | | | **KeyboardBlockDictation** | Write | Boolean | Block dictation, which is a feature that converts the user's voice to text. | | | **KeychainBlockCloudSync** | Write | Boolean | Disables syncing credentials stored in the Keychain to iCloud | | -| **MultiplayerGamingBlocked** | Write | Boolean | | | -| **PasswordBlockAirDropSharing** | Write | Boolean | | | -| **PasswordBlockAutoFill** | Write | Boolean | | | +| **MultiplayerGamingBlocked** | Write | Boolean | Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later. | | +| **PasswordBlockAirDropSharing** | Write | Boolean | Configures whether or not to block sharing passwords with the AirDrop passwords feature. | | +| **PasswordBlockAutoFill** | Write | Boolean | Configures whether or not to block the AutoFill Passwords feature. | | | **PasswordBlockFingerprintUnlock** | Write | Boolean | Requires user to set a non-biometric passcode or password to unlock the device. | | | **PasswordBlockModification** | Write | Boolean | Blocks user from changing the set passcode. | | -| **PasswordBlockProximityRequests** | Write | Boolean | | | +| **PasswordBlockProximityRequests** | Write | Boolean | Configures whether or not to block requesting passwords from nearby devices. | | | **PasswordBlockSimple** | Write | Boolean | Block simple password sequences, such as 1234 or 1111. | | | **PasswordExpirationDays** | Write | UInt32 | Number of days until device password must be changed. (1-65535) | | -| **PasswordMaximumAttemptCount** | Write | UInt32 | | | +| **PasswordMaximumAttemptCount** | Write | UInt32 | Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11 | | | **PasswordMinimumCharacterSetCount** | Write | UInt32 | Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0. | | | **PasswordMinimumLength** | Write | UInt32 | Minimum number of digits or characters in password (4-16). | | | **PasswordMinutesOfInactivityBeforeLock** | Write | UInt32 | Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device. | | | **PasswordMinutesOfInactivityBeforeScreenTimeout** | Write | UInt32 | Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device. | | -| **PasswordMinutesUntilFailedLoginReset** | Write | UInt32 | | | +| **PasswordMinutesUntilFailedLoginReset** | Write | UInt32 | Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached. | | | **PasswordPreviousPasswordBlockCount** | Write | UInt32 | Number of new passwords that must be used until an old one can be reused. (1-24) | | -| **PasswordRequired** | Write | Boolean | Specify the type of password required. | | +| **PasswordRequired** | Write | Boolean | Specify the type of password required. | | | **PasswordRequiredType** | Write | String | Specify the type of password required. | `deviceDefault`, `alphanumeric`, `numeric` | | **PrivacyAccessControls** | Write | MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem[] | Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later. | | | **SafariBlockAutofill** | Write | Boolean | Blocks Safari from remembering what users enter in web forms. | | -| **ScreenCaptureBlocked** | Write | Boolean | | | -| **SoftwareUpdateMajorOSDeferredInstallDelayInDays** | Write | UInt32 | | | -| **SoftwareUpdateMinorOSDeferredInstallDelayInDays** | Write | UInt32 | | | -| **SoftwareUpdateNonOSDeferredInstallDelayInDays** | Write | UInt32 | | | +| **ScreenCaptureBlocked** | Write | Boolean | Configures whether or not to block the user from taking Screenshots. | | +| **SoftwareUpdateMajorOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | +| **SoftwareUpdateMinorOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | +| **SoftwareUpdateNonOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | | **SoftwareUpdatesEnforcedDelayInDays** | Write | UInt32 | Delay the user's software update for this many days. The maximum is 90 days. (1-90) | | | **SpotlightBlockInternetResults** | Write | Boolean | Blocks Spotlight from returning any results from an Internet search | | -| **TouchIdTimeoutInHours** | Write | UInt32 | | | -| **UpdateDelayPolicy** | Write | StringArray[] | | `none`, `delayOSUpdateVisibility`, `delayAppUpdateVisibility`, `unknownFutureValue`, `delayMajorOsUpdateVisibility` | -| **WallpaperModificationBlocked** | Write | Boolean | | | +| **TouchIdTimeoutInHours** | Write | UInt32 | Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647 | | +| **UpdateDelayPolicy** | Write | StringArray[] | Configures whether to delay OS and/or app updates for macOS. | `none`, `delayOSUpdateVisibility`, `delayAppUpdateVisibility`, `unknownFutureValue`, `delayMajorOsUpdateVisibility` | +| **WallpaperModificationBlocked** | Write | Boolean | Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | @@ -94,11 +94,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **odataType** | Write | String | | `#microsoft.graph.appleAppListItem` | -| **appId** | Write | String | | | -| **appStoreUrl** | Write | String | | | -| **name** | Write | String | | | -| **publisher** | Write | String | | | +| **odataType** | Write | String | Specify the odataType | `#microsoft.graph.appleAppListItem` | +| **appId** | Write | String | The application or bundle identifier of the application | | +| **appStoreUrl** | Write | String | The Store URL of the application | | +| **name** | Write | String | The application name | | +| **publisher** | Write | String | The publisher of the application | | ### MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem @@ -106,32 +106,32 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **accessibility** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **addressBook** | Write | String | Blocks iCloud from syncing contacts. | `notConfigured`, `enabled`, `disabled` | -| **appleEventsAllowedReceivers** | Write | MSFT_MicrosoftGraphmacosappleeventreceiver[] | | | -| **blockCamera** | Write | Boolean | | | -| **blockListenEvent** | Write | Boolean | | | -| **blockMicrophone** | Write | Boolean | | | -| **blockScreenCapture** | Write | Boolean | | | -| **calendar** | Write | String | Blocks iCloud from syncing calendars. | `notConfigured`, `enabled`, `disabled` | -| **codeRequirement** | Write | String | | | -| **displayName** | Write | String | | | -| **fileProviderPresence** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **identifier** | Write | String | | | -| **identifierType** | Write | String | | `bundleID`, `path` | -| **mediaLibrary** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **photos** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **postEvent** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **reminders** | Write | String | Blocks iCloud from syncing reminders. | `notConfigured`, `enabled`, `disabled` | -| **speechRecognition** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **staticCodeValidation** | Write | Boolean | | | -| **systemPolicyAllFiles** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDesktopFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDocumentsFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDownloadsFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyNetworkVolumes** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyRemovableVolumes** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicySystemAdminFiles** | Write | String | | `notConfigured`, `enabled`, `disabled` | +| **accessibility** | Write | String | Allow the app or process to control the Mac via the Accessibility subsystem. | `notConfigured`, `enabled`, `disabled` | +| **addressBook** | Write | String | Allow or block access to contact information managed by Contacts. | `notConfigured`, `enabled`, `disabled` | +| **appleEventsAllowedReceivers** | Write | MSFT_MicrosoftGraphmacosappleeventreceiver[] | Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process. | | +| **blockCamera** | Write | Boolean | Block access to camera app. | | +| **blockListenEvent** | Write | Boolean | Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later. | | +| **blockMicrophone** | Write | Boolean | Block access to microphone. | | +| **blockScreenCapture** | Write | Boolean | Block app from capturing contents of system display. Requires macOS 10.15 or later. | | +| **calendar** | Write | String | Allow or block access to event information managed by Calendar. | `notConfigured`, `enabled`, `disabled` | +| **codeRequirement** | Write | String | Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'. | | +| **displayName** | Write | String | The display name of the app, process, or executable. | | +| **fileProviderPresence** | Write | String | Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **identifier** | Write | String | The bundle ID or path of the app, process, or executable. | | +| **identifierType** | Write | String | A bundle ID is used to identify an app. A path is used to identify a process or executable. | `bundleID`, `path` | +| **mediaLibrary** | Write | String | Allow or block access to music and the media library. | `notConfigured`, `enabled`, `disabled` | +| **photos** | Write | String | Allow or block access to images managed by Photos. | `notConfigured`, `enabled`, `disabled` | +| **postEvent** | Write | String | Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream. | `notConfigured`, `enabled`, `disabled` | +| **reminders** | Write | String | Allow or block access to information managed by Reminders. | `notConfigured`, `enabled`, `disabled` | +| **speechRecognition** | Write | String | Allow or block access to system speech recognition facility. | `notConfigured`, `enabled`, `disabled` | +| **staticCodeValidation** | Write | Boolean | Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature. | | +| **systemPolicyAllFiles** | Write | String | Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDesktopFolder** | Write | String | Allow or block access to Desktop folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDocumentsFolder** | Write | String | Allow or block access to Documents folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDownloadsFolder** | Write | String | Allow or block access to Downloads folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyNetworkVolumes** | Write | String | Allow or block access to network volumes. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyRemovableVolumes** | Write | String | Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicySystemAdminFiles** | Write | String | Allow app or process to access files used in system administration. | `notConfigured`, `enabled`, `disabled` | ### MSFT_MicrosoftGraphmacosappleeventreceiver @@ -139,10 +139,10 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **allowed** | Write | Boolean | | | -| **codeRequirement** | Write | String | | | -| **identifier** | Write | String | | | -| **identifierType** | Write | String | | `bundleID`, `path` | +| **allowed** | Write | Boolean | Allow or block this app from receiving Apple events. | | +| **codeRequirement** | Write | String | Code requirement for the app or binary that receives the Apple Event. | | +| **identifier** | Write | String | Bundle ID of the app or file path of the process or executable that receives the Apple Event. | | +| **identifierType** | Write | String | Use bundle ID for an app or path for a process or executable that receives the Apple Event. | `bundleID`, `path` | ## Description diff --git a/docs/docs/resources/office365/O365AdminAuditLogConfig.md b/docs/docs/resources/office365/O365AdminAuditLogConfig.md index 2a92250c59..cac59d71ef 100644 --- a/docs/docs/resources/office365/O365AdminAuditLogConfig.md +++ b/docs/docs/resources/office365/O365AdminAuditLogConfig.md @@ -7,7 +7,7 @@ | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **Ensure** | Write | String | 'Present' is the only value accepted. | `Present` | | **UnifiedAuditLogIngestionEnabled** | Required | String | Determins if Unified Audit Log Ingestion is enabled | `Enabled`, `Disabled` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | diff --git a/docs/docs/resources/office365/O365Group.md b/docs/docs/resources/office365/O365Group.md index 0ab25d109d..91915dbb46 100644 --- a/docs/docs/resources/office365/O365Group.md +++ b/docs/docs/resources/office365/O365Group.md @@ -10,7 +10,7 @@ | **Description** | Write | String | The group's description. | | | **Members** | Write | StringArray[] | Members of the group. | | | **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed. | `Present`, `Absent` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application used for authentication. | | diff --git a/docs/docs/resources/office365/O365OrgCustomizationSetting.md b/docs/docs/resources/office365/O365OrgCustomizationSetting.md index a698e12c58..2db392e80c 100644 --- a/docs/docs/resources/office365/O365OrgCustomizationSetting.md +++ b/docs/docs/resources/office365/O365OrgCustomizationSetting.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **Ensure** | Write | String | Since there is only one setting availble, this must be set to 'Present' | `Present` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | diff --git a/docs/docs/resources/sharepoint/SPOTenantSettings.md b/docs/docs/resources/sharepoint/SPOTenantSettings.md index 1bf16b839b..3673bb83b0 100644 --- a/docs/docs/resources/sharepoint/SPOTenantSettings.md +++ b/docs/docs/resources/sharepoint/SPOTenantSettings.md @@ -15,11 +15,11 @@ | **UserVoiceForFeedbackEnabled** | Write | Boolean | Allow feedback via UserVoice. | | | **PublicCdnEnabled** | Write | Boolean | Configure PublicCDN | | | **PublicCdnAllowedFileTypes** | Write | String | Configure filetypes allowed for PublicCDN | | -| **UseFindPeopleInPeoplePicker** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups | | -| **NotificationsInSharePointEnabled** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups | | -| **OwnerAnonymousNotification** | Write | Boolean | | | -| **ApplyAppEnforcedRestrictionsToAdHocRecipients** | Write | Boolean | | | -| **FilePickerExternalImageSearchEnabled** | Write | Boolean | | | +| **UseFindPeopleInPeoplePicker** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups. | | +| **NotificationsInSharePointEnabled** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups. | | +| **OwnerAnonymousNotification** | Write | Boolean | Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed. | | +| **ApplyAppEnforcedRestrictionsToAdHocRecipients** | Write | Boolean | When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy. | | +| **FilePickerExternalImageSearchEnabled** | Write | Boolean | Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images. | | | **HideDefaultThemes** | Write | Boolean | Defines if the default themes are visible or hidden | | | **HideSyncButtonOnTeamSite** | Write | Boolean | To enable or disable Sync button on Team sites | | | **MarkNewFilesSensitiveByDefault** | Write | String | Allow or block external sharing until at least one Office DLP policy scans the content of the file. | `AllowExternalSharing`, `BlockExternalSharing` | diff --git a/docs/docs/resources/teams/TeamsFeedbackPolicy.md b/docs/docs/resources/teams/TeamsFeedbackPolicy.md index 1dbb8e6b1a..d0c7c3c845 100644 --- a/docs/docs/resources/teams/TeamsFeedbackPolicy.md +++ b/docs/docs/resources/teams/TeamsFeedbackPolicy.md @@ -4,13 +4,13 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **UserInitiatedMode** | Write | String | | | -| **ReceiveSurveysMode** | Write | String | | | -| **AllowScreenshotCollection** | Write | Boolean | | | -| **AllowEmailCollection** | Write | Boolean | | | -| **AllowLogCollection** | Write | Boolean | | | -| **EnableFeatureSuggestions** | Write | Boolean | | | -| **Identity** | Key | String | | | +| **Identity** | Key | String | Specify the name of the Teams Feedback Policy. | | +| **UserInitiatedMode** | Write | String | Specifies if users are allowed to give feedback. | | +| **ReceiveSurveysMode** | Write | String | Specifies if users are allowed to receive the survey. | `Enabled`, `Disabled`, `EnabledUserOverride` | +| **AllowScreenshotCollection** | Write | Boolean | Specifies if Screenshot Collection is enabled or not. | | +| **AllowEmailCollection** | Write | Boolean | Specifies if Email Collection is enabled or not. | | +| **AllowLogCollection** | Write | Boolean | Specifies if Log Collection is enabled or not. | | +| **EnableFeatureSuggestions** | Write | Boolean | Specifies if users are allowed to provide feature suggestions | | | **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the workload's Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/teams/TeamsMobilityPolicy.md b/docs/docs/resources/teams/TeamsMobilityPolicy.md index dbc8781707..ce0f1cfdbf 100644 --- a/docs/docs/resources/teams/TeamsMobilityPolicy.md +++ b/docs/docs/resources/teams/TeamsMobilityPolicy.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Specify the name of the policy that you are creating. | | +| **Identity** | Key | String | Specify the name of the Teams Mobility Policy. | | | **Description** | Write | String | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to. | | | **IPAudioMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | | **IPVideoMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | diff --git a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md index fda32b6d50..7bd09020d3 100644 --- a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md +++ b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | | | +| **Identity** | Key | String | Specify the name of the Teams Network Roaming Policy. | | | **AllowIPVideo** | Write | Boolean | Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video. | | | **Description** | Write | String | Description of the new policy to be created. | | | **MediaBitRateKb** | Write | UInt64 | Determines the media bit rate for audio/video/app sharing transmissions in meetings. | | From f13f85d26473a5215c4d5c663a790cf0840e8aa5 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 18:50:01 +0100 Subject: [PATCH 10/26] new resource --- CHANGELOG.md | 3 + .../MSFT_EXOReportSubmissionPolicy.psm1 | 735 ++++++++++++++++++ .../MSFT_EXOReportSubmissionPolicy.schema.mof | 39 + .../MSFT_EXOReportSubmissionPolicy/readme.md | 5 + .../settings.json | 33 + .../1-ConfigureReportSubmissionPolicy.ps1 | 36 + ...365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 267 +++++++ 7 files changed, 1118 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d49b1cbffe..056c7fe2eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ * TeamsChannel * Add error handling if GroupId of a team is null FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) +* EXOReportSubmissionPolicy + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) # 1.23.1227.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 new file mode 100644 index 0000000000..9f3ade5ba2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -0,0 +1,735 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of ReportSubmissionPolicy for $($Identity)" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $nullReturn.IsSingleInstance = 'Yes' + + try + { + $ReportSubmissionPolicies = Get-ReportSubmissionPolicy -ErrorAction Stop + + $ReportSubmissionPolicy = $ReportSubmissionPolicies | Where-Object -FilterScript { $_.Identity -eq $Identity } + if ($null -eq $ReportSubmissionPolicy) + { + Write-Verbose -Message "ReportSubmissionPolicy $($Identity) does not exist." + return $nullReturn + } + else + { + $result = @{ + IsSingleInstance = 'Yes' + Identity = $Identity + DisableQuarantineReportingOption = $ReportSubmissionPolicy.DisableQuarantineReportingOption + EnableCustomNotificationSender = $ReportSubmissionPolicy.EnableCustomNotificationSender + EnableOrganizationBranding = $ReportSubmissionPolicy.EnableOrganizationBranding + EnableReportToMicrosoft = $ReportSubmissionPolicy.EnableReportToMicrosoft + EnableThirdPartyAddress = $ReportSubmissionPolicy.EnableThirdPartyAddress + EnableUserEmailNotification = $ReportSubmissionPolicy.EnableUserEmailNotification + JunkReviewResultMessage = $ReportSubmissionPolicy.JunkReviewResultMessage + NotJunkReviewResultMessage = $ReportSubmissionPolicy.NotJunkReviewResultMessage + NotificationFooterMessage = $ReportSubmissionPolicy.NotificationFooterMessage + NotificationSenderAddress = $ReportSubmissionPolicy.NotificationSenderAddress + PhishingReviewResultMessage = $ReportSubmissionPolicy.PhishingReviewResultMessage + PostSubmitMessage = $ReportSubmissionPolicy.PostSubmitMessage + PostSubmitMessageEnabled = $ReportSubmissionPolicy.PostSubmitMessageEnabled + PostSubmitMessageTitle = $ReportSubmissionPolicy.PostSubmitMessageTitle + PreSubmitMessage = $ReportSubmissionPolicy.PreSubmitMessage + PreSubmitMessageEnabled = $ReportSubmissionPolicy.PreSubmitMessageEnabled + PreSubmitMessageTitle = $ReportSubmissionPolicy.PreSubmitMessageTitle + ReportJunkAddresses = $ReportSubmissionPolicy.ReportJunkAddresses + ReportJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportJunkToCustomizedAddress + ReportNotJunkAddresses = $ReportSubmissionPolicy.ReportNotJunkAddresses + ReportNotJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress + ReportPhishAddresses = $ReportSubmissionPolicy.ReportPhishAddresses + ReportPhishToCustomizedAddress = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress + ThirdPartyReportAddresses = $ReportSubmissionPolicy.ThirdPartyReportAddresses + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } + + Write-Verbose -Message "Found ReportSubmissionPolicy $($Identity)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message "Setting configuration of ReportSubmissionPolicy for $($Identity)" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentReportSubmissionPolicy = Get-TargetResource @PSBoundParameters + + $ReportSubmissionPolicyParams = [System.Collections.Hashtable]($PSBoundParameters) + $ReportSubmissionPolicyParams.Remove('Ensure') | Out-Null + $ReportSubmissionPolicyParams.Remove('IsSingleInstance') | Out-Null + $ReportSubmissionPolicyParams.Remove('Credential') | Out-Null + $ReportSubmissionPolicyParams.Remove('ApplicationId') | Out-Null + $ReportSubmissionPolicyParams.Remove('TenantId') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificateThumbprint') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificatePath') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificatePassword') | Out-Null + $ReportSubmissionPolicyParams.Remove('ManagedIdentity') | Out-Null + + if ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating ReportSubmissionPolicy $($Identity)." + + New-ReportSubmissionPolicy + Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false + } + elseif ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') + { + Write-Verbose -Message "Setting ReportSubmissionPolicy $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionPolicyParams)" + Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false + } + elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing ReportSubmissionPolicy $($Identity)" + Remove-ReportSubmissionPolicy -Identity $Identity + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of ReportSubmissionPolicy for $($Identity)" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + [array]$ReportSubmissionPolicies = Get-ReportSubmissionPolicy -ErrorAction Stop + if ($ReportSubmissionPolicies.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + $i = 1 + foreach ($ReportSubmissionPolicy in $ReportSubmissionPolicies) + { + Write-Host " |---[$i/$($ReportSubmissionPolicies.length)] $($ReportSubmissionPolicy.Identity)" -NoNewline + + $Params = @{ + Identity = $ReportSubmissionPolicy.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + } + + $Results = Get-TargetResource @Params + + $keysToRemove = @() + foreach ($key in $Results.Keys) + { + if ([System.String]::IsNullOrEmpty($Results.$key)) + { + $keysToRemove += $key + } + } + foreach ($key in $keysToRemove) + { + $Results.Remove($key) | Out-Null + } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + $i++ + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof new file mode 100644 index 0000000000..a315d20b27 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -0,0 +1,39 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("EXOReportSubmissionPolicy")] +class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The Identity parameter specifies the report submission policy you want to modify. There can be only one policy.")] String Identity; + [Write, Description("The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.")] Boolean DisableQuarantineReportingOption; + [Write, Description("The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableCustomNotificationSender; + [Write, Description("The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableOrganizationBranding; + [Write, Description("The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled.")] Boolean EnableReportToMicrosoft; + [Write, Description("The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online.")] Boolean EnableThirdPartyAddress; + [Write, Description("The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableUserEmailNotification; + [Write, Description("The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk.")] String JunkReviewResultMessage; + [Write, Description("The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk.")] String NotJunkReviewResultMessage; + [Write, Description("The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] String NotificationFooterMessage; + [Write, Description("The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] String NotificationSenderAddress; + [Write, Description("The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing.")] String PhishingReviewResultMessage; + [Write, Description("The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages.")] String PostSubmitMessage; + [Write, Description("The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools.")] Boolean PostSubmitMessageEnabled; + [Write, Description("The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages.")] String PostSubmitMessageTitle; + [Write, Description("The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. ")] String PreSubmitMessage; + [Write, Description("The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools.")] Boolean PreSubmitMessageEnabled; + [Write, Description("The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages.")] String PreSubmitMessageTitle; + [Write, Description("The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportJunkAddresses[]; + [Write, Description("The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. ")] Boolean ReportJunkToCustomizedAddress; + [Write, Description("The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportNotJunkAddresses[]; + [Write, Description("The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportNotJunkToCustomizedAddress; + [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[]; + [Write, Description("he ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; + [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[]; + [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md new file mode 100644 index 0000000000..6c01768780 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md @@ -0,0 +1,5 @@ +# EXOReportSubmissionPolicy + +## Description + +Create or modify a EXOReportSubmissionPolicy in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json new file mode 100644 index 0000000000..53824b15a2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOReportSubmissionPolicy", + "description": "", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Transport Hygiene", + "Security Admin", + "View-Only Configuration", + "Security Reader" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 new file mode 100644 index 0000000000..f4ee4bca2e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionPolicy 'ConfigureReportSubmissionPolicy' + { + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 new file mode 100644 index 0000000000..9825f3b746 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -0,0 +1,267 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOReportSubmissionPolicy' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName New-ReportSubmissionPolicy -MockWith { + } + + Mock -CommandName Set-ReportSubmissionPolicy -MockWith { + } + + Mock -CommandName Remove-ReportSubmissionPolicy -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Write-Warning -MockWith { + } + } + + # Test contexts + Context -Name 'ReportSubmissionPolicy creation.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + + } + } + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + } + + } + + Context -Name 'ReportSubmissionPolicy update not required.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReportSubmissionPolicy update needed.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $False; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $False; + PreSubmitMessageEnabled = $False; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + } + + Mock -CommandName Set-ReportSubmissionPolicy -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Successfully call the Set method' { + Set-TargetResource @testParams + } + } + + Context -Name 'ReportSubmissionPolicy removal.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential + Identity = 'DefaultReportSubmissionPolicy' + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + Identity = 'DefaultReportSubmissionPolicy' + } + } + + Mock -CommandName Remove-ReportSubmissionPolicy -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the Policy in the Set method' { + Set-TargetResource @testParams + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + IsSingleInstance = 'Yes'; + Identity = "DefaultReportSubmissionPolicy" + DisableQuarantineReportingOption = $False; + EnableCustomNotificationSender = $False; + EnableOrganizationBranding = $False; + EnableReportToMicrosoft = $True; + EnableThirdPartyAddress = $False; + EnableUserEmailNotification = $False; + PostSubmitMessageEnabled = $True; + PreSubmitMessageEnabled = $True; + ReportJunkToCustomizedAddress = $False; + ReportNotJunkToCustomizedAddress = $False; + ReportPhishToCustomizedAddress = $False; + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From b382d73ab264ffdaac117ff8608d6ae422142381 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 20:05:08 +0100 Subject: [PATCH 11/26] update stubs --- CHANGELOG.md | 3 - Tests/Unit/Stubs/Microsoft365.psm1 | 134 +++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7017ff4bed..dfa162cd1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,18 +18,15 @@ * TeamsChannel * Add error handling if GroupId of a team is null FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) -<<<<<<< HEAD * EXOReportSubmissionPolicy * Initial release FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) -======= * TeamsFeedbackPolicy * Added parameter descriptions for better documentation * TeamsMobilityPolicy * Added parameter descriptions for better documentation * TeamsNetworkRoamingPolicy * Added parameter descriptions for better documentation ->>>>>>> Dev # 1.23.1227.1 diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index a8b6d85644..3484e5c5c5 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1353,6 +1353,15 @@ function Get-RemoteDomain $ResultSize ) } +function Get-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Get-ResourceConfig { [CmdletBinding()] @@ -4331,6 +4340,13 @@ function New-RemoteDomain $DomainName ) } +function New-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + + ) +} function New-RoleAssignmentPolicy { [CmdletBinding()] @@ -6044,6 +6060,15 @@ function Remove-RemoteDomain $Identity ) } +function Remove-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Remove-RoleAssignmentPolicy { [CmdletBinding()] @@ -11356,6 +11381,115 @@ function Set-RemoteDomain $UseSimpleDisplayName ) } +function Set-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} function Set-ResourceConfig { [CmdletBinding()] From cdd35e6ba622f7ca4d3f7e2ea83f0966b26524a8 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 20:19:55 +0100 Subject: [PATCH 12/26] fix tests --- .../Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 index 9825f3b746..7d33ff8f48 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -202,9 +202,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'ReportSubmissionPolicy removal.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Absent' - Credential = $Credential - Identity = 'DefaultReportSubmissionPolicy' + Ensure = 'Absent' + Credential = $Credential + Identity = 'DefaultReportSubmissionPolicy' + IsSingleInstance = 'Yes'; } Mock -CommandName Get-ReportSubmissionPolicy -MockWith { @@ -239,7 +240,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-ReportSubmissionPolicy -MockWith { return @{ - IsSingleInstance = 'Yes'; Identity = "DefaultReportSubmissionPolicy" DisableQuarantineReportingOption = $False; EnableCustomNotificationSender = $False; From edf5a54badfc99c5495f197e924c07c6e3a0d727 Mon Sep 17 00:00:00 2001 From: mario Date: Tue, 2 Jan 2024 20:40:36 +0100 Subject: [PATCH 13/26] fix export --- .../MSFT_EXOReportSubmissionPolicy.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 index 9f3ade5ba2..288722f959 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -688,6 +688,7 @@ function Export-TargetResource CertificatePassword = $CertificatePassword Managedidentity = $ManagedIdentity.IsPresent CertificatePath = $CertificatePath + IsSingleInstance = 'Yes' } $Results = Get-TargetResource @Params From 09d656fe03201c53d4b93d98f72ee88eaed33d1b Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 12:11:33 +0100 Subject: [PATCH 14/26] Adjustments after review --- CHANGELOG.md | 6 +- .../MSFT_EXOReportSubmissionPolicy.psm1 | 101 +++++------- .../MSFT_EXOReportSubmissionPolicy.schema.mof | 1 - .../MSFT_EXOReportSubmissionPolicy/readme.md | 2 +- .../1-ConfigureReportSubmissionPolicy.ps1 | 25 ++- ...365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 153 +++++++++--------- 6 files changed, 133 insertions(+), 155 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dfa162cd1e..ea38c030df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ * Added parameter descriptions for better documentation * EXOOutboundConnector * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. +* EXOReportSubmissionPolicy + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) * EXOTransportRule * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) @@ -18,9 +21,6 @@ * TeamsChannel * Add error handling if GroupId of a team is null FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) -* EXOReportSubmissionPolicy - * Initial release - FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) * TeamsFeedbackPolicy * Added parameter descriptions for better documentation * TeamsMobilityPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 index 288722f959..b6bdad9273 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -9,10 +9,6 @@ function Get-TargetResource [System.String] $IsSingleInstance, - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - [Parameter()] [System.Boolean] $DisableQuarantineReportingOption, @@ -174,19 +170,17 @@ function Get-TargetResource try { - $ReportSubmissionPolicies = Get-ReportSubmissionPolicy -ErrorAction Stop + $ReportSubmissionPolicy = Get-ReportSubmissionPolicy -ErrorAction Stop - $ReportSubmissionPolicy = $ReportSubmissionPolicies | Where-Object -FilterScript { $_.Identity -eq $Identity } if ($null -eq $ReportSubmissionPolicy) { - Write-Verbose -Message "ReportSubmissionPolicy $($Identity) does not exist." + Write-Verbose -Message "ReportSubmissionPolicy does not exist." return $nullReturn } else { $result = @{ IsSingleInstance = 'Yes' - Identity = $Identity DisableQuarantineReportingOption = $ReportSubmissionPolicy.DisableQuarantineReportingOption EnableCustomNotificationSender = $ReportSubmissionPolicy.EnableCustomNotificationSender EnableOrganizationBranding = $ReportSubmissionPolicy.EnableOrganizationBranding @@ -221,7 +215,7 @@ function Get-TargetResource TenantId = $TenantId } - Write-Verbose -Message "Found ReportSubmissionPolicy $($Identity)" + Write-Verbose -Message "Found ReportSubmissionPolicy" Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result } @@ -249,10 +243,6 @@ function Set-TargetResource [System.String] $IsSingleInstance, - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - [Parameter()] [System.Boolean] $DisableQuarantineReportingOption, @@ -410,6 +400,7 @@ function Set-TargetResource $ReportSubmissionPolicyParams.Remove('CertificatePath') | Out-Null $ReportSubmissionPolicyParams.Remove('CertificatePassword') | Out-Null $ReportSubmissionPolicyParams.Remove('ManagedIdentity') | Out-Null + $ReportSubmissionPolicyParams.Add('Identity', 'DefaultReportSubmissionPolicy') | Out-Null if ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Absent') { @@ -426,7 +417,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Removing ReportSubmissionPolicy $($Identity)" - Remove-ReportSubmissionPolicy -Identity $Identity + Remove-ReportSubmissionPolicy -Identity "DefaultReportSubmissionPolicy" } } @@ -441,10 +432,6 @@ function Test-TargetResource [System.String] $IsSingleInstance, - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - [Parameter()] [System.Boolean] $DisableQuarantineReportingOption, @@ -664,8 +651,8 @@ function Export-TargetResource try { - [array]$ReportSubmissionPolicies = Get-ReportSubmissionPolicy -ErrorAction Stop - if ($ReportSubmissionPolicies.Length -eq 0) + $ReportSubmissionPolicy = Get-ReportSubmissionPolicy -ErrorAction Stop + if ($ReportSubmissionPolicy.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -674,50 +661,46 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } $dscContent = '' - $i = 1 - foreach ($ReportSubmissionPolicy in $ReportSubmissionPolicies) - { - Write-Host " |---[$i/$($ReportSubmissionPolicies.length)] $($ReportSubmissionPolicy.Identity)" -NoNewline - - $Params = @{ - Identity = $ReportSubmissionPolicy.Identity - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - CertificatePath = $CertificatePath - IsSingleInstance = 'Yes' - } - $Results = Get-TargetResource @Params + Write-Host " |---Export Default ReportSubmissionPolicy" -NoNewline + + $Params = @{ + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + IsSingleInstance = 'Yes' + } - $keysToRemove = @() - foreach ($key in $Results.Keys) - { - if ([System.String]::IsNullOrEmpty($Results.$key)) - { - $keysToRemove += $key - } - } - foreach ($key in $keysToRemove) + $Results = Get-TargetResource @Params + + $keysToRemove = @() + foreach ($key in $Results.Keys) + { + if ([System.String]::IsNullOrEmpty($Results.$key)) { - $Results.Remove($key) | Out-Null + $keysToRemove += $key } - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - Write-Host $Global:M365DSCEmojiGreenCheckMark - $i++ } + foreach ($key in $keysToRemove) + { + $Results.Remove($key) | Out-Null + } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof index a315d20b27..81d8e3a7d6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -3,7 +3,6 @@ class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; - [Write, Description("The Identity parameter specifies the report submission policy you want to modify. There can be only one policy.")] String Identity; [Write, Description("The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.")] Boolean DisableQuarantineReportingOption; [Write, Description("The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableCustomNotificationSender; [Write, Description("The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableOrganizationBranding; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md index 6c01768780..7541b9ecf4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md @@ -2,4 +2,4 @@ ## Description -Create or modify a EXOReportSubmissionPolicy in your cloud-based organization. +Create or modify an EXOReportSubmissionPolicy in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 index f4ee4bca2e..1698bb7de0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 @@ -16,19 +16,18 @@ Configuration Example { EXOReportSubmissionPolicy 'ConfigureReportSubmissionPolicy' { - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False Ensure = "Present" Credential = $Credscredential } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 index 7d33ff8f48..4514c22524 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -60,19 +60,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } @@ -93,6 +92,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 } } @@ -102,38 +102,36 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } Mock -CommandName Get-ReportSubmissionPolicy -MockWith { return @{ Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } } } @@ -148,38 +146,36 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } Mock -CommandName Get-ReportSubmissionPolicy -MockWith { return @{ Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes'; - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $False; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $False; - PreSubmitMessageEnabled = $False; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $False + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $False + PreSubmitMessageEnabled = $False + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } } @@ -196,6 +192,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Successfully call the Set method' { Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 } } @@ -205,7 +202,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Absent' Credential = $Credential Identity = 'DefaultReportSubmissionPolicy' - IsSingleInstance = 'Yes'; + IsSingleInstance = 'Yes' } Mock -CommandName Get-ReportSubmissionPolicy -MockWith { @@ -227,6 +224,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Remove the Policy in the Set method' { Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 } } @@ -240,18 +238,17 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-ReportSubmissionPolicy -MockWith { return @{ - Identity = "DefaultReportSubmissionPolicy" - DisableQuarantineReportingOption = $False; - EnableCustomNotificationSender = $False; - EnableOrganizationBranding = $False; - EnableReportToMicrosoft = $True; - EnableThirdPartyAddress = $False; - EnableUserEmailNotification = $False; - PostSubmitMessageEnabled = $True; - PreSubmitMessageEnabled = $True; - ReportJunkToCustomizedAddress = $False; - ReportNotJunkToCustomizedAddress = $False; - ReportPhishToCustomizedAddress = $False; + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False } } } From 8fa924335f26600ab2f2c1683b51ce8ec31cc3fd Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 12:27:19 +0100 Subject: [PATCH 15/26] fix tests --- ...osoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 index 4514c22524..fbc8b1287f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -76,9 +76,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-ReportSubmissionPolicy -MockWith { - return @{ - - } + return $null } } @@ -199,15 +197,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'ReportSubmissionPolicy removal.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Absent' - Credential = $Credential - Identity = 'DefaultReportSubmissionPolicy' - IsSingleInstance = 'Yes' + Ensure = 'Absent' + Credential = $Credential + IsSingleInstance = 'Yes' + EnableReportToMicrosoft = $True } Mock -CommandName Get-ReportSubmissionPolicy -MockWith { return @{ - Identity = 'DefaultReportSubmissionPolicy' + EnableReportToMicrosoft = $True } } From c3d8497ea1daf23d8a1f67343f45b382b2dcdfa3 Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 13:12:25 +0100 Subject: [PATCH 16/26] add resource for EXOReportSubmissionRule --- CHANGELOG.md | 3 + .../MSFT_EXOReportSubmissionPolicy.psm1 | 12 +- .../MSFT_EXOReportSubmissionRule.psm1 | 450 ++++++++++++++++++ .../MSFT_EXOReportSubmissionRule.schema.mof | 17 + .../MSFT_EXOReportSubmissionRule/readme.md | 5 + .../settings.json | 33 ++ .../1-ConfigureReportSubmissionRule.ps1 | 27 ++ ...ft365DSC.EXOReportSubmissionRule.Tests.ps1 | 216 +++++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 42 ++ 9 files changed, 799 insertions(+), 6 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index ea38c030df..0d3251262a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ * EXOReportSubmissionPolicy * Initial release FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) +* EXOReportSubmissionRule + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) * EXOTransportRule * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 index b6bdad9273..32003b72a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -139,7 +139,7 @@ function Get-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Getting configuration of ReportSubmissionPolicy for $($Identity)" + Write-Verbose -Message "Getting configuration of ReportSubmissionPolicy" if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` @@ -383,7 +383,7 @@ function Set-TargetResource -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Setting configuration of ReportSubmissionPolicy for $($Identity)" + Write-Verbose -Message "Setting configuration of ReportSubmissionPolicy" $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -404,19 +404,19 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating ReportSubmissionPolicy $($Identity)." + Write-Verbose -Message "Creating ReportSubmissionPolicy" New-ReportSubmissionPolicy Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false } elseif ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') { - Write-Verbose -Message "Setting ReportSubmissionPolicy $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionPolicyParams)" + Write-Verbose -Message "Setting ReportSubmissionPolicy with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionPolicyParams)" Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false } elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') { - Write-Verbose -Message "Removing ReportSubmissionPolicy $($Identity)" + Write-Verbose -Message "Removing ReportSubmissionPolicy" Remove-ReportSubmissionPolicy -Identity "DefaultReportSubmissionPolicy" } } @@ -573,7 +573,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of ReportSubmissionPolicy for $($Identity)" + Write-Verbose -Message "Testing configuration of ReportSubmissionPolicy" $CurrentValues = Get-TargetResource @PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 new file mode 100644 index 0000000000..6bf4f22c9e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -0,0 +1,450 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String] + $SentTo, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of ReportSubmissionRule" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $nullReturn.IsSingleInstance = 'Yes' + + try + { + $ReportSubmissionRule = Get-ReportSubmissionRule -ErrorAction Stop + + if ($null -eq $ReportSubmissionRule) + { + Write-Verbose -Message "ReportSubmissionRule does not exist." + return $nullReturn + } + else + { + $result = @{ + IsSingleInstance = 'Yes' + Identity = $ReportSubmissionRule.Identity + Comments = $ReportSubmissionRule.Comments + SentTo = $ReportSubmissionRule.SentTo + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } + + Write-Verbose -Message "Found ReportSubmissionRule" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String] + $SentTo, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message "Setting configuration of ReportSubmissionRule" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentReportSubmissionRule = Get-TargetResource @PSBoundParameters + + $ReportSubmissionRuleParams = [System.Collections.Hashtable]($PSBoundParameters) + $ReportSubmissionRuleParams.Remove('Ensure') | Out-Null + $ReportSubmissionRuleParams.Remove('IsSingleInstance') | Out-Null + $ReportSubmissionRuleParams.Remove('Credential') | Out-Null + $ReportSubmissionRuleParams.Remove('ApplicationId') | Out-Null + $ReportSubmissionRuleParams.Remove('TenantId') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificateThumbprint') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificatePath') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificatePassword') | Out-Null + $ReportSubmissionRuleParams.Remove('ManagedIdentity') | Out-Null + # There is only one ReportSubmissionPolicy, so we can hardcode the identity. + $ReportSubmissionRuleParams.Add('ReportSubmissionPolicy', 'DefaultReportSubmissionPolicy') | Out-Null + + if ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating ReportSubmissionRule" + + $ReportSubmissionRuleParams.Add('Name', $Identity) | Out-Null + $ReportSubmissionRuleParams.Remove('Identity') | Out-Null + + New-ReportSubmissionRule @ReportSubmissionRuleParams + } + elseif ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Present') + { + Write-Verbose -Message "Setting ReportSubmissionRule with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionRuleParams)" + Set-ReportSubmissionRule @ReportSubmissionRuleParams -Confirm:$false + } + elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionRule.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing ReportSubmissionRule" + Remove-ReportSubmissionRule -Identity $Identity -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String] + $SentTo, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of ReportSubmissionRule" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $ReportSubmissionRule = Get-ReportSubmissionRule -ErrorAction Stop + if ($ReportSubmissionRule.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + + Write-Host " |---Export ReportSubmissionRule" -NoNewline + + $Params = @{ + Identity = $ReportSubmissionRule.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + IsSingleInstance = 'Yes' + } + + $Results = Get-TargetResource @Params + + $keysToRemove = @() + foreach ($key in $Results.Keys) + { + if ([System.String]::IsNullOrEmpty($Results.$key)) + { + $keysToRemove += $key + } + } + foreach ($key in $keysToRemove) + { + $Results.Remove($key) | Out-Null + } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof new file mode 100644 index 0000000000..2e67040a27 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof @@ -0,0 +1,17 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("EXOReportSubmissionRule")] +class MSFT_EXOReportSubmissionRule : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The Identity parameter specifies the report submission rule that you want to modify.")] String Identity; + [Write, Description("The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.")] String Comments; + [Write, Description("The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.")] String SentTo; + [Write, Description("Specifies if this report submission rule should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md new file mode 100644 index 0000000000..c0186b1109 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md @@ -0,0 +1,5 @@ +# EXOReportSubmissionRule + +## Description + +Create or modify an EXOReportSubmissionRule in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json new file mode 100644 index 0000000000..7991aee13b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOReportSubmissionRule", + "description": "", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Transport Hygiene", + "Security Admin", + "View-Only Configuration", + "Security Reader" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 new file mode 100644 index 0000000000..e1af0e2270 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionRule 'ConfigureReportSubmissionRule' + { + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 new file mode 100644 index 0000000000..0638ebd69b --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 @@ -0,0 +1,216 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOReportSubmissionRule' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName New-ReportSubmissionRule -MockWith { + } + + Mock -CommandName Set-ReportSubmissionRule -MockWith { + } + + Mock -CommandName Remove-ReportSubmissionRule -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Write-Warning -MockWith { + } + } + + # Test contexts + Context -Name 'ReportSubmissionRule creation.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return $null + } + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 + } + + } + + Context -Name 'ReportSubmissionRule update not required.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReportSubmissionRule update needed.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "different@contoso.com" + } + } + + Mock -CommandName Set-ReportSubmissionRule -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Successfully call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 + } + } + + Context -Name 'ReportSubmissionRule removal.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Identity = "DefaultReportSubmissionRule" + } + } + + Mock -CommandName Remove-ReportSubmissionRule -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the Policy in the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 3484e5c5c5..39b7f0642c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1362,6 +1362,15 @@ function Get-ReportSubmissionPolicy $Identity ) } +function Get-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Get-ResourceConfig { [CmdletBinding()] @@ -4347,6 +4356,13 @@ function New-ReportSubmissionPolicy ) } +function New-ReportSubmissionRule +{ + [CmdletBinding()] + param( + + ) +} function New-RoleAssignmentPolicy { [CmdletBinding()] @@ -6069,6 +6085,15 @@ function Remove-ReportSubmissionPolicy $Identity ) } +function Remove-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Remove-RoleAssignmentPolicy { [CmdletBinding()] @@ -11490,6 +11515,23 @@ function Set-ReportSubmissionPolicy $Confirm ) } +function Set-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String] + $SentTo + ) +} function Set-ResourceConfig { [CmdletBinding()] From 36dc000f55ed9cdbc2d6bb31c1113fefe0c75020 Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 13:28:52 +0100 Subject: [PATCH 17/26] fix fixes --- .../MSFT_EXOReportSubmissionRule.psm1 | 16 ++++++++-------- .../MSFT_EXOReportSubmissionRule.schema.mof | 2 +- Tests/Unit/Stubs/Microsoft365.psm1 | 12 ++++++++++-- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 index 6bf4f22c9e..775c1e0fc5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -18,8 +18,8 @@ function Get-TargetResource $Comments, [Parameter()] - [System.String] - $SentTo, + [System.String[]] + $SentTo = @(), [Parameter()] [ValidateSet('Present', 'Absent')] @@ -147,8 +147,8 @@ function Set-TargetResource $Comments, [Parameter()] - [System.String] - $SentTo, + [System.String[]] + $SentTo = @(), [Parameter()] [ValidateSet('Present', 'Absent')] @@ -211,8 +211,6 @@ function Set-TargetResource $ReportSubmissionRuleParams.Remove('CertificatePath') | Out-Null $ReportSubmissionRuleParams.Remove('CertificatePassword') | Out-Null $ReportSubmissionRuleParams.Remove('ManagedIdentity') | Out-Null - # There is only one ReportSubmissionPolicy, so we can hardcode the identity. - $ReportSubmissionRuleParams.Add('ReportSubmissionPolicy', 'DefaultReportSubmissionPolicy') | Out-Null if ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Absent') { @@ -220,6 +218,8 @@ function Set-TargetResource $ReportSubmissionRuleParams.Add('Name', $Identity) | Out-Null $ReportSubmissionRuleParams.Remove('Identity') | Out-Null + # There is only one ReportSubmissionPolicy, so we can hardcode the identity. + $ReportSubmissionRuleParams.Add('ReportSubmissionPolicy', 'DefaultReportSubmissionPolicy') | Out-Null New-ReportSubmissionRule @ReportSubmissionRuleParams } @@ -255,8 +255,8 @@ function Test-TargetResource $Comments, [Parameter()] - [System.String] - $SentTo, + [System.String[]] + $SentTo = @(), [Parameter()] [ValidateSet('Present', 'Absent')] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof index 2e67040a27..f5f8d47198 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof @@ -5,7 +5,7 @@ class MSFT_EXOReportSubmissionRule : OMI_BaseResource [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("The Identity parameter specifies the report submission rule that you want to modify.")] String Identity; [Write, Description("The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.")] String Comments; - [Write, Description("The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.")] String SentTo; + [Write, Description("The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.")] String SentTo[]; [Write, Description("Specifies if this report submission rule should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 39b7f0642c..5e66f3f48c 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -6091,7 +6091,11 @@ function Remove-ReportSubmissionRule param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } function Remove-RoleAssignmentPolicy @@ -11529,7 +11533,11 @@ function Set-ReportSubmissionRule [Parameter()] [System.String] - $SentTo + $SentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } function Set-ResourceConfig From 227afce61fb0ad1bd68958cd53a4acea1589164e Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 13:46:21 +0100 Subject: [PATCH 18/26] fix tests again --- ...osoft365DSC.EXOReportSubmissionRule.Tests.ps1 | 14 +++++++------- Tests/Unit/Stubs/Microsoft365.psm1 | 16 +++++++++++++++- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 index 0638ebd69b..6dac6f96ce 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 @@ -63,7 +63,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } @@ -95,7 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } Mock -CommandName Get-ReportSubmissionRule -MockWith { @@ -105,7 +105,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } } } @@ -123,7 +123,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } Mock -CommandName Get-ReportSubmissionRule -MockWith { @@ -133,7 +133,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "different@contoso.com" + SentTo = @("different@contoso.com") } } @@ -162,7 +162,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IsSingleInstance = 'Yes' Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } Mock -CommandName Get-ReportSubmissionRule -MockWith { @@ -200,7 +200,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ Identity = "DefaultReportSubmissionRule" Comments = "This is my default rule" - SentTo = "submission@contoso.com" + SentTo = @("submission@contoso.com") } } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 5e66f3f48c..787981a87f 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -4360,7 +4360,21 @@ function New-ReportSubmissionRule { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Comments, + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String] + $ReportSubmissionRule ) } function New-RoleAssignmentPolicy @@ -11532,7 +11546,7 @@ function Set-ReportSubmissionRule $Comments, [Parameter()] - [System.String] + [System.String[]] $SentTo, [Parameter()] From fb51b1c1cc70ab2d9f152c3f4b7c611e56ca341c Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 14:01:03 +0100 Subject: [PATCH 19/26] fix stub --- Tests/Unit/Stubs/Microsoft365.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 787981a87f..f5544b9f0f 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -4374,7 +4374,7 @@ function New-ReportSubmissionRule [Parameter()] [System.String] - $ReportSubmissionRule + $ReportSubmissionPolicy ) } function New-RoleAssignmentPolicy From 869274e7ee82090152e736777bd2082e61d129b3 Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 14:46:07 +0100 Subject: [PATCH 20/26] adjustments after review --- .../MSFT_EXOReportSubmissionPolicy.schema.mof | 2 +- .../Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 9 +++------ .../Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 | 9 +++------ 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof index 81d8e3a7d6..b23f9eef75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -25,7 +25,7 @@ class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource [Write, Description("The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportNotJunkAddresses[]; [Write, Description("The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportNotJunkToCustomizedAddress; [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[]; - [Write, Description("he ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; + [Write, Description("The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[]; [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 index fbc8b1287f..2f26425189 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -89,8 +89,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 } } @@ -189,8 +188,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Successfully call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 } } @@ -221,8 +219,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Remove the Policy in the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 index 6dac6f96ce..0cc3c5e9c2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 @@ -81,8 +81,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 } } @@ -149,8 +148,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Successfully call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 } } @@ -183,8 +181,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Remove the Policy in the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams | Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 } } From ca9e01d541570fb2190446b1c25cee555985f39d Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 3 Jan 2024 15:09:22 +0100 Subject: [PATCH 21/26] tests --- .../Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 | 9 ++++++--- .../Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 index 2f26425189..fbc8b1287f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -89,7 +89,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should call the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 } } @@ -188,7 +189,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Successfully call the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 } } @@ -219,7 +221,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Remove the Policy in the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 index 0cc3c5e9c2..6dac6f96ce 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 @@ -81,7 +81,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should call the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 } } @@ -148,7 +149,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Successfully call the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 } } @@ -181,7 +183,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Remove the Policy in the Set method' { - Set-TargetResource @testParams | Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 + Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 } } From 4f613f25d6736f467e17d9423d6bb99695aac316 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 3 Jan 2024 14:25:35 +0000 Subject: [PATCH 22/26] Updated Resources and Cmdlet documentation pages --- .../exchange/EXOReportSubmissionPolicy.md | 98 +++++++++++++++++++ .../exchange/EXOReportSubmissionRule.md | 69 +++++++++++++ 2 files changed, 167 insertions(+) create mode 100644 docs/docs/resources/exchange/EXOReportSubmissionPolicy.md create mode 100644 docs/docs/resources/exchange/EXOReportSubmissionRule.md diff --git a/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md new file mode 100644 index 0000000000..c23728a1a4 --- /dev/null +++ b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md @@ -0,0 +1,98 @@ +# EXOReportSubmissionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes'. | `Yes` | +| **DisableQuarantineReportingOption** | Write | Boolean | The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine. | | +| **EnableCustomNotificationSender** | Write | Boolean | The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **EnableOrganizationBranding** | Write | Boolean | The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **EnableReportToMicrosoft** | Write | Boolean | The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled. | | +| **EnableThirdPartyAddress** | Write | Boolean | The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online. | | +| **EnableUserEmailNotification** | Write | Boolean | The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **JunkReviewResultMessage** | Write | String | The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk. | | +| **NotJunkReviewResultMessage** | Write | String | The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk. | | +| **NotificationFooterMessage** | Write | String | The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **NotificationSenderAddress** | Write | String | The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **PhishingReviewResultMessage** | Write | String | The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing. | | +| **PostSubmitMessage** | Write | String | The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages. | | +| **PostSubmitMessageEnabled** | Write | Boolean | The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools. | | +| **PostSubmitMessageTitle** | Write | String | The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages. | | +| **PreSubmitMessage** | Write | String | The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. | | +| **PreSubmitMessageEnabled** | Write | Boolean | The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools. | | +| **PreSubmitMessageTitle** | Write | String | The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages. | | +| **ReportJunkAddresses** | Write | StringArray[] | The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportJunkToCustomizedAddress** | Write | Boolean | The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ReportNotJunkAddresses** | Write | StringArray[] | The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportNotJunkToCustomizedAddress** | Write | Boolean | The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ReportPhishAddresses** | Write | StringArray[] | The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportPhishToCustomizedAddress** | Write | Boolean | The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ThirdPartyReportAddresses** | Write | StringArray[] | Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook. | | +| **Ensure** | Write | String | Specifies if this report submission policy should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +Create or modify an EXOReportSubmissionPolicy in your cloud-based organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Transport Hygiene, Security Admin, View-Only Configuration, Security Reader + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionPolicy 'ConfigureReportSubmissionPolicy' + { + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOReportSubmissionRule.md b/docs/docs/resources/exchange/EXOReportSubmissionRule.md new file mode 100644 index 0000000000..6f30f417c6 --- /dev/null +++ b/docs/docs/resources/exchange/EXOReportSubmissionRule.md @@ -0,0 +1,69 @@ +# EXOReportSubmissionRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes'. | `Yes` | +| **Identity** | Write | String | The Identity parameter specifies the report submission rule that you want to modify. | | +| **Comments** | Write | String | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. | | +| **SentTo** | Write | StringArray[] | The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent. | | +| **Ensure** | Write | String | Specifies if this report submission rule should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +Create or modify an EXOReportSubmissionRule in your cloud-based organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Transport Hygiene, Security Admin, View-Only Configuration, Security Reader + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionRule 'ConfigureReportSubmissionRule' + { + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + From 9bd2b94cb85bae078001a30e74f9a92fcb53d15f Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 3 Jan 2024 15:33:02 +0100 Subject: [PATCH 23/26] Added parameter descriptions --- .../MSFT_M365DSCRuleEvaluation.schema.mof | 6 +++--- .../DSCResources/MSFT_M365DSCRuleEvaluation/readme.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof index 34bf2bb21e..5312d83fa4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof @@ -1,9 +1,9 @@ [ClassVersion("1.0.0.0"), FriendlyName("M365DSCRuleEvaluation")] class MSFT_M365DSCRuleEvaluation : OMI_BaseResource { - [Key, Description("")] String ResourceName; - [Required, Description("")] String RuleDefinition; - [Write, Description("")] String AfterRuleCountQuery; + [Key, Description("Name of the resource to monitor")] String ResourceName; + [Required, Description("Specify the rules to monitor the resource for.")] String RuleDefinition; + [Write, Description("Query to check how many instances exist, using PowerShell format")] String AfterRuleCountQuery; [Write, Description("Credentials of the Azure Active Directory Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md index e09b1d18bb..1ce5ea7a3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md @@ -2,4 +2,4 @@ ## Description -This resource configures the Azure AD Tenant Details +This resource monitors Microsoft365DSC resources based on provided rules. From 5bcf73b5dd824f99539e8a12864140c72d74872e Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 3 Jan 2024 15:33:02 +0100 Subject: [PATCH 24/26] Added parameter descriptions --- .../MSFT_M365DSCRuleEvaluation.schema.mof | 6 +++--- .../DSCResources/MSFT_M365DSCRuleEvaluation/readme.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof index 34bf2bb21e..5312d83fa4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof @@ -1,9 +1,9 @@ [ClassVersion("1.0.0.0"), FriendlyName("M365DSCRuleEvaluation")] class MSFT_M365DSCRuleEvaluation : OMI_BaseResource { - [Key, Description("")] String ResourceName; - [Required, Description("")] String RuleDefinition; - [Write, Description("")] String AfterRuleCountQuery; + [Key, Description("Name of the resource to monitor")] String ResourceName; + [Required, Description("Specify the rules to monitor the resource for.")] String RuleDefinition; + [Write, Description("Query to check how many instances exist, using PowerShell format")] String AfterRuleCountQuery; [Write, Description("Credentials of the Azure Active Directory Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md index e09b1d18bb..1ce5ea7a3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md @@ -2,4 +2,4 @@ ## Description -This resource configures the Azure AD Tenant Details +This resource monitors Microsoft365DSC resources based on provided rules. From 26d4b00a48e995b20a4ebaaa2af268f6a3d8d725 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 3 Jan 2024 15:38:20 +0100 Subject: [PATCH 25/26] Release 1.24.103.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 61 +++++++++++--------- 2 files changed, 34 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4841be91f..e9ed2a94b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# Unreleased +# 1.24.103.1 * AADConditionalAccessPolicy * Fix Get-TargetResource when the parameter Id is not present diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index a386971dce..d243a51528 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-12-29 +# Generated on: 2024-01-03 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.1227.1' + ModuleVersion = '1.24.103.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,35 +140,40 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* EXOAntiPhishPolicy - * Add support for TargetedDomainProtectionAction - FIXES [#3910](https://github.com/microsoft/Microsoft365DSC/issues/3910) - * EXOMailboxCalendarFolder - * Add support for non-English calendar folder names during export - FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056) + ReleaseNotes = '* AADConditionalAccessPolicy + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) + * EXOInboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. + * EXOMailTips + * Added parameter descriptions for better documentation + * EXOOutboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. + * EXOReportSubmissionPolicy + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) + * EXOReportSubmissionRule + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) * EXOTransportRule - * Fix export of enabled state - FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932) - * IntuneDeviceConfigurationCustomPolicyWindows10 - * Fix issue deploying decrypted OmaSettings to another tenant - FIXES [#4083](https://github.com/microsoft/Microsoft365DSC/issues/4083) + * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) + FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) * IntuneDeviceConfigurationPolicyMacOS - * Fix resource deployment - FIXES [#3539](https://github.com/microsoft/Microsoft365DSC/issues/3539) - * Ensure resource can cope with Id being empty since it''s not mandatory - * O365OrgSettings - * Deprecated the MicrosoftVivaBriefingEmail property - FIXES [#4097](https://github.com/microsoft/Microsoft365DSC/issues/4097) - FIXES [#4080](https://github.com/microsoft/Microsoft365DSC/issues/4080) + * Added parameter descriptions for better documentation + * IntuneSettingCatalogCustomPolicyWindows10 + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) * SPOTenantSettings - * Fix bug for DisabledWebPartIds type, should be an array instead of a string - FIXES [#4086](https://github.com/microsoft/Microsoft365DSC/issues/4086) - * TeamsMeetingPolicy - * Allow -1 for NewMeetingRecordingExpirationDays parameter (never expire) - FIXES [#4090](https://github.com/microsoft/Microsoft365DSC/issues/4090) - * TeamsMessagingPolicy - * Added support for property ''AllowVideoMessages'' - FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021)' + * Added parameter descriptions for better documentation + * TeamsChannel + * Add error handling if GroupId of a team is null + FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) + * TeamsFeedbackPolicy + * Added parameter descriptions for better documentation + * TeamsMobilityPolicy + * Added parameter descriptions for better documentation + * TeamsNetworkRoamingPolicy + * Added parameter descriptions for better documentation' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 443b9151aaf584e72b95cefd4168c9450a1654ae Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 3 Jan 2024 14:53:27 +0000 Subject: [PATCH 26/26] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/intune/M365DSCRuleEvaluation.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/docs/resources/intune/M365DSCRuleEvaluation.md b/docs/docs/resources/intune/M365DSCRuleEvaluation.md index 0e6eef9331..16d1597653 100644 --- a/docs/docs/resources/intune/M365DSCRuleEvaluation.md +++ b/docs/docs/resources/intune/M365DSCRuleEvaluation.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **ResourceName** | Key | String | | | -| **RuleDefinition** | Required | String | | | -| **AfterRuleCountQuery** | Write | String | | | +| **ResourceName** | Key | String | Name of the resource to monitor | | +| **RuleDefinition** | Required | String | Specify the rules to monitor the resource for. | | +| **AfterRuleCountQuery** | Write | String | Query to check how many instances exist, using PowerShell format | | | **Credential** | Write | PSCredential | Credentials of the Azure Active Directory Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -18,7 +18,7 @@ ## Description -This resource configures the Azure AD Tenant Details +This resource monitors Microsoft365DSC resources based on provided rules. ## Permissions