Merge pull request #5630 from microsoft/Dev

Release 1.25.115.1
microsoft · Jan 15, 2025 · 10a71c9 · 10a71c9
2 parents 0c42a36 + f4912cf
commit 10a71c9
Show file tree

Hide file tree

Showing 77 changed files with 7,265 additions and 85 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,16 +1,77 @@
 # Change log for Microsoft365DSC
 
+# 1.25.115.1
+
+* AADAuthenticationRequirement
+  * Filtered guests from the export, to prevent errors during export
+    FIXES [#5625](https://github.com/microsoft/Microsoft365DSC/issues/5625)
+* AADCustomAuthenticationExtension
+  * Fixes an issue extracting instances due to the OrganizationName being null.
+* AADGroup
+  * Only get Members & GroupAsMembers when a static group is defined.
+* AADGroupEligibilitySchedule
+  * New resource for Privileged Identity Management (PIM) for Groups
+* AADNamingLocationPolicy
+  * Improved logging and fixed issue that caused creation of duplicate
+    locations with same name.
+* EXOSmtpDaneInbound
+  * Initial release
+* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneAccountProtectionPolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneAntivirusPolicyLinux
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneAntivirusPolicyMacOS
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneAntivirusPolicyWindows10SettingCatalog
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneAppAndBrowserIsolationPolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneDeviceControlPolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneDiskEncryptionMacOS
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneDiskEncryptionWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneEndpointDetectionAndResponsePolicyLinux
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneEndpointDetectionAndResponsePolicyMacOS
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneEndpointDetectionAndResponsePolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneFirewallPolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneSettingCatalogASRRulesPolicyWindows10
+  * Fixed creation of policy while it was found by name, now it updates existing policies correctly.
+* IntuneVPNConfigurationPolicyAndroidWork
+  * Initial release
+* M365DSCRuleEvaluation
+  * Making RuleDefinition a key of the resource to allow multiple
+    rules for the same resource type to be provided in the same config.
+  * Adding a new RuleName parameter to make it easier to understand
+    the results in the event logs.
+* TeamsGroupPolicyAssignment
+  * FIXES [[#5527](https://github.com/microsoft/Microsoft365DSC/issues/5527)]
+* DEPENDENCIES
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.203.
+  * Updated MSCloudLoginAssistant to version 1.1.34.
+
 # 1.25.108.1
 
 * AADAuthenticationRequirement
   * Changed Export logic to extract instances from all users.
+* AADConditionalAccessPolicy
+  * Add disableResilienceDefaults
 * AADOrganizationCertificateBasedAuthConfiguration
   * Fixed the primary key of the resource.
     FIXES [#5523](https://github.com/microsoft/Microsoft365DSC/issues/5523)
 * AADRoleEligibilityScheduleRequest
   * Fixed error when extracting an entry with a deleted principal.
 * DefenderDeviceAuthenticatedScanDefinition
   * Fixed the Data Type export.
+* IntuneTrustedRootCertificateAndroidWork
+  * Initial Release
 * MISC
   * Added check to `New-M365DSCReportFromConfiguration` to make sure Windows
     Remoting is enabled, which is required to convert the DSC config.
@@ -24,11 +85,11 @@
   * Fixes comparison issue for permissions.
 * EXOTransportRule
   * Fixes issue extracting arrays in Get-TargetResource.
-    * FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575)
+    FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575)
 * TeamsMeetingPolicy
   * Adds support for additional Copilot setting value.
-    * FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573)
-  * FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550)
+    FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573)
+    FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550)
 * MISC
   * Fixed the Fabric web request to use basic parsing.
   * Reset only necessary authentication context.

diff --git a/...DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/...DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1
@@ -310,7 +310,9 @@ function Export-TargetResource
 
     try
     {
-        [array]$getValue = Get-MgUser -ErrorAction Stop -All | Where-Object -FilterScript { $null -ne $_.Id }
+        [array]$getValue = Get-MgUser -Filter "userType eq 'member'" -All -ErrorAction Stop | Where-Object -FilterScript {
+            $null -ne $_.Id -and $_.UserPrincipalName -notlike "*#EXT#*"
+        }
 
         $i = 1
         $dscContent = ''

diff --git a/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
@@ -199,6 +199,10 @@ function Get-TargetResource
         [System.Boolean]
         $PersistentBrowserIsEnabled,
 
+        [Parameter()]
+        [System.Boolean]
+        $DisableResilienceDefaultsIsEnabled,
+
         [Parameter()]
         [System.String]
         $TermsOfUse,
@@ -706,6 +710,8 @@ function Get-TargetResource
         SignInFrequencyInterval                  = $SignInFrequencyIntervalValue
         #no translation needed
         PersistentBrowserIsEnabled               = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
+        #no translation needed
+        DisableResilienceDefaultsIsEnabled       = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled
         #make false if undefined, true if true
         PersistentBrowserMode                    = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
         #no translation needed
@@ -929,6 +935,10 @@ function Set-TargetResource
         [System.Boolean]
         $PersistentBrowserIsEnabled,
 
+        [Parameter()]
+        [System.Boolean]
+        $DisableResilienceDefaultsIsEnabled,
+
         [Parameter()]
         [System.String]
         $TermsOfUse,
@@ -1735,7 +1745,7 @@ function Set-TargetResource
             $NewParameters.Add('grantControls', $GrantControls)
         }
 
-        if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled)
+        if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled)
         {
             Write-Verbose -Message 'Set-Targetresource: process session controls'
             $sessioncontrols = $null
@@ -1802,6 +1812,10 @@ function Set-TargetResource
                 $sessioncontrols.persistentBrowser.isEnabled = $true
                 $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
             }
+            if ($DisableResilienceDefaultsIsEnabled)
+            {
+                $sessioncontrols.Add('disableResilienceDefaults', $true)
+            }
             $NewParameters.Add('sessionControls', $sessioncontrols)
             #add SessionControls to the parameter list
         }
@@ -2087,6 +2101,10 @@ function Test-TargetResource
         [System.Boolean]
         $PersistentBrowserIsEnabled,
 
+        [Parameter()]
+        [System.Boolean]
+        $DisableResilienceDefaultsIsEnabled,
+
         [Parameter()]
         [System.String]
         $TermsOfUse,

diff --git a/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
@@ -47,6 +47,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}] String SignInFrequencyInterval;
     [Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
     [Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
+    [Write, Description("Specifies, if DisableResilienceDefaults is enabled.")] Boolean DisableResilienceDefaultsIsEnabled;
     [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
     [Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
     [Write, Description("Authentication context class references.")] String AuthenticationContexts[];
@@ -60,4 +61,3 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
     [Write, Description("Access token used for authentication.")] String AccessTokens[];
 };
-
diff --git a/...esources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1 b/...esources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1
@@ -143,10 +143,17 @@ function Get-TargetResource
         Write-Verbose 'Instance found for the resource. Calculating result....'
 
         $results = @{
-            DisplayName = $instance.DisplayName
-            Id          = $instance.Id
-            Description = $instance.Description
-            Ensure      = 'Present'
+            DisplayName           = $instance.DisplayName
+            Id                    = $instance.Id
+            Description           = $instance.Description
+            Ensure                = 'Present'            
+            Credential            = $Credential
+            ApplicationId         = $ApplicationId
+            TenantId              = $TenantId
+            ApplicationSecret     = $ApplicationSecret
+            CertificateThumbprint = $CertificateThumbprint
+            ManagedIdentity       = $ManagedIdentity.IsPresent
+            AccessTokens          = $AccessTokens
         }
 
         if ($instance.AdditionalProperties -ne $null)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1
@@ -216,6 +216,7 @@ function Get-TargetResource
             }
 
             $MembersValues = $null
+            $result = @{}
             if ($Group.MembershipRuleProcessingState -ne 'On')
             {
                 # Members
@@ -237,6 +238,8 @@ function Get-TargetResource
                         $GroupAsMembersValues += $member.AdditionalProperties.displayName
                     }
                 }
+                $result.Add('Members', $MembersValues)
+                $result.Add('GroupAsMembers', $GroupAsMembersValues)
             }
 
             # MemberOf
@@ -276,12 +279,10 @@ function Get-TargetResource
 
             }
 
-            $result = @{
+            $policySettings = @{
                 DisplayName                   = $Group.DisplayName
                 Id                            = $Group.Id
                 Owners                        = $OwnersValues
-                Members                       = $MembersValues
-                GroupAsMembers                = $GroupAsMembersValues
                 MemberOf                      = $MemberOfValues
                 Description                   = $Group.Description
                 GroupTypes                    = [System.String[]]$Group.GroupTypes
@@ -303,6 +304,7 @@ function Get-TargetResource
                 Managedidentity               = $ManagedIdentity.IsPresent
                 AccessTokens                  = $AccessTokens
             }
+            $result += $policySettings
 
             return $result
         }