From 0941aa9a07bb8328630f2b58e8f6b53e809b3db4 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 22 Feb 2023 16:19:04 -0500 Subject: [PATCH 01/39] Initial --- .../MSFT_O365OrgSettings.psm1 | 66 +++++++++++++++++-- .../MSFT_O365OrgSettings.schema.mof | 1 + .../Dependencies/Manifest.psd1 | 28 ++++---- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 +- 4 files changed, 76 insertions(+), 21 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index a330c7dfa5..b99e541413 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -13,6 +13,10 @@ function Get-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $PlannerAllowCalendarSharing, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -52,6 +56,9 @@ function Get-TargetResource -InboundParameters $PSBoundParameters ` -ProfileName 'v1.0' + $ConnectionMode = New-M365DSCConnection -Workload 'Tasks' ` + -InboundParameters $PSBoundParameters + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -74,9 +81,11 @@ function Get-TargetResource $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled' + $PlannerSettings = Get-M365DSCO365OrgSettingsPlannerConfig return @{ IsSingleInstance = 'Yes' M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled + PlannerAllowCalendarSharing = $PlannerSettings.allowCalendarSharing Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -112,6 +121,10 @@ function Set-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $PlannerAllowCalendarSharing, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -160,18 +173,21 @@ function Set-TargetResource #endregion Write-Verbose -Message "Setting configuration of Office 365 Settings" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + $currentValues = Get-TargetResource @PSBoundParameters - $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' - $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' - if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) + if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $currentValues.M365WebEnableUsersToOpenFilesFrom3PStorage) { Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" + $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' + $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } + if ($PlannerAllowCalendarSharing -ne $currentValues.PlannerAllowCalendarSharing) + { + Write-Verbose -Message "Setting the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}" + Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing + } } function Test-TargetResource @@ -189,6 +205,10 @@ function Test-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $PlannerAllowCalendarSharing, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -341,4 +361,38 @@ function Export-TargetResource } } +function Get-M365DSCO365OrgSettingsPlannerConfig +{ + [CmdletBinding()] + param() + $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; + $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` + -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` + -Method GET ` + $Uri + return $results +} + +function Set-M365DSCO365OrgSettingsPlannerConfig +{ + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [System.Boolean] + $AllowCalendarSharing + ) + + $flags = @{ + allowCalendarSharing = $AllowCalendarSharing + } + + $requestBody = $flags | ConvertTo-Json + $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; + $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` + -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` + -Method PATCH ` + -Body $requestBody ` + $Uri +} + Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index 491aef84e7..5326479d6a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -3,6 +3,7 @@ class MSFT_O365OrgSettings : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; + [Write, Description("Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds.")] Boolean PlannerAllowCalendarSharing; [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 66551cd3bb..d39640866e 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -10,59 +10,59 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Enrolment' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Devices.CorporateManagement' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.DirectoryManagement' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.Governance' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.SignIns' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Teams' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '1.21.0' + RequiredVersion = '1.22.0' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 1a7af7065c..1c640d63bc 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1470,7 +1470,7 @@ function New-M365DSCConnection [Parameter(Mandatory = $true)] [ValidateSet('ExchangeOnline', 'Intune', ` 'SecurityComplianceCenter', 'PnP', 'PowerPlatforms', ` - 'MicrosoftTeams', 'MicrosoftGraph')] + 'MicrosoftTeams', 'MicrosoftGraph', 'Tasks')] [System.String] $Workload, From ed4c604f8969298eb02f0274ccbe3449153083ed Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 11:38:02 -0400 Subject: [PATCH 02/39] O365OrgSettings: Added support for the Viva Insights and Briefing email settings --- CHANGELOG.md | 5 + .../MSFT_O365OrgSettings.psm1 | 115 ++++++++++++++++-- .../MSFT_O365OrgSettings.schema.mof | 5 + .../Dependencies/Manifest.psd1 | 2 +- 4 files changed, 116 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2496762611..b0119a69ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* O365OrgSettings + * Added support for the Viva Insights and Briefing email settings. + # 1.23.322.1 * AADRoleSetting diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index e41de4fc71..84520b4445 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -17,6 +17,26 @@ function Get-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $MicrosoftVivaBriefingEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsWebExperience, + + [Parameter()] + [System.Boolean] + $VivaInsightsDigestEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsOutlookAddInAndInlineSuggestions, + + [Parameter()] + [System.Boolean] + $VivaInsightsScheduleSendSuggestions, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -56,6 +76,9 @@ function Get-TargetResource -InboundParameters $PSBoundParameters ` -ProfileName 'v1.0' + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -81,17 +104,33 @@ function Get-TargetResource $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled' + # Microsoft Viva Briefing Email + $vivaBriefingEmailValue = $false + $currentBriefingConfig = Get-DefaultTenantBriefingConfig + if ($currentBriefingConfig.PrivacyMode -eq 'opt-in') + { + $vivaBriefingEmailValue = $true + } + + # Viva Insightss settings + $currentVivaInsightsSettings = Get-DefaultTenantMyAnalyticsFeatureConfig + return @{ - IsSingleInstance = 'Yes' - CortanaEnabled = $CortanaEnabledValue.AccountEnabled - M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + IsSingleInstance = 'Yes' + CortanaEnabled = $CortanaEnabledValue.AccountEnabled + M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled + MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue + VivaInsightsWebExperience = $currentVivaInsightsSettings.IsDashboardEnabled + VivaInsightsDigestEmail = $currentVivaInsightsSettings.IsDigestEmailEnabled + VivaInsightsOutlookAddInAndInlineSuggestions = $currentVivaInsightsSettings.IsAddInEnabled + VivaInsightsScheduleSendSuggestions = $currentVivaInsightsSettings.IsScheduleSendEnabled + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent } } catch @@ -124,6 +163,26 @@ function Set-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $MicrosoftVivaBriefingEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsWebExperience, + + [Parameter()] + [System.Boolean] + $VivaInsightsDigestEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsOutlookAddInAndInlineSuggestions, + + [Parameter()] + [System.Boolean] + $VivaInsightsScheduleSendSuggestions, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -193,6 +252,22 @@ function Set-TargetResource Update-MgservicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` -AccountEnabled:$CortanaEnabled } + + # Microsoft Viva Briefing Email + Write-Verbose -Message "Updating Microsoft Viva Briefing Email settings." + $briefingValue = 'opt-out' + if ($MicrosoftVivaBriefingEmail) + { + $briefingValue = 'opt-in' + } + Set-DefaultTenantBriefingConfig -PrivacyMode $briefingValue | Out-Null + + # Viva Insights + Write-Verbose -Message "Updating Viva Insights settings." + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Dashboard" -IsEnabled $VivaInsightsWebExperience | Out-Null + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Digest-email" -IsEnabled $VivaInsightsDigestEmail | Out-Null + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Add-In" -IsEnabled $VivaInsightsOutlookAddInAndInlineSuggestions | Out-Null + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Scheduled-send" -IsEnabled $VivaInsightsScheduleSendSuggestions | Out-Null } function Test-TargetResource @@ -214,6 +289,26 @@ function Test-TargetResource [System.Boolean] $M365WebEnableUsersToOpenFilesFrom3PStorage, + [Parameter()] + [System.Boolean] + $MicrosoftVivaBriefingEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsWebExperience, + + [Parameter()] + [System.Boolean] + $VivaInsightsDigestEmail, + + [Parameter()] + [System.Boolean] + $VivaInsightsOutlookAddInAndInlineSuggestions, + + [Parameter()] + [System.Boolean] + $VivaInsightsScheduleSendSuggestions, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index ebec69934e..e50c01e0c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -4,6 +4,11 @@ class MSFT_O365OrgSettings : OMI_BaseResource [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled; [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; + [Write, Description("Specifies whether or not to let people in your organization receive Briefing email from Microsoft Viva.")] Boolean MicrosoftVivaBriefingEmail; + [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights web experience.")] Boolean VivaInsightsWebExperience; + [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights digest email feature.")] Boolean VivaInsightsDigestEmail; + [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions.")] Boolean VivaInsightsOutlookAddInAndInlineSuggestions; + [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature.")] Boolean VivaInsightsScheduleSendSuggestions; [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 599ee0d958..1a5d3caaae 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -6,7 +6,7 @@ }, @{ ModuleName = 'ExchangeOnlineManagement' - RequiredVersion = '3.1.0' + RequiredVersion = '3.2.0' }, @{ ModuleName = 'Microsoft.Graph.Applications' From 5a94092f5fde8a5e2614c11c958bfdcf845b309b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 12:38:35 -0400 Subject: [PATCH 03/39] Fixes Unit Tests --- .../Microsoft365DSC.O365OrgSettings.Tests.ps1 | 78 +++++++++++++++++-- 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index f51be24747..27b1e7f1fd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -38,16 +38,27 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgServicePrincipal -MockWith { } + + Mock -CommandName Set-DefaultTenantBriefingConfig -MockWith { + } + + Mock -CommandName Set-DefaultTenantMyAnalyticsFeatureConfig -MockWith { + } } # Test contexts Context -Name 'When Org Settings are already in the Desired State' -Fixture { BeforeAll { $testParams = @{ - IsSingleInstance = 'Yes' - M365WebEnableUsersToOpenFilesFrom3PStorage = $False; - Ensure = 'Present' - Credential = $Credential + IsSingleInstance = 'Yes' + M365WebEnableUsersToOpenFilesFrom3PStorage = $False + MicrosoftVivaBriefingEmail = $True + VivaInsightsWebExperience = $true + VivaInsightsDigestEmail = $true + VivaInsightsOutlookAddInAndInlineSuggestions = $true + VivaInsightsScheduleSendSuggestions = $true + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgServicePrincipal -MockWith { @@ -55,6 +66,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AccountEnabled = $False } } + + Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { + return @{ + PrivacyMode = 'opt-in' + } + } + + Mock -CommandName Get-DefaultTenantMyAnalyticsFeatureConfig -MockWith { + return @{ + IsDashboardEnabled = $true + IsDigestEmailEnabled = $true + IsAddInEnabled = $true + IsScheduleSendEnabled = $true + } + } } It 'Should return Present from the Get method' { @@ -71,10 +97,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When Org Settings NOT in the Desired State' -Fixture { BeforeAll { $testParams = @{ - IsSingleInstance = 'Yes' - M365WebEnableUsersToOpenFilesFrom3PStorage = $True; - Ensure = 'Present' - Credential = $Credential + IsSingleInstance = 'Yes' + M365WebEnableUsersToOpenFilesFrom3PStorage = $True + MicrosoftVivaBriefingEmail = $True + VivaInsightsWebExperience = $true + VivaInsightsDigestEmail = $true + VivaInsightsOutlookAddInAndInlineSuggestions = $true + VivaInsightsScheduleSendSuggestions = $true + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgServicePrincipal -MockWith { @@ -82,6 +113,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AccountEnabled = $False } } + + Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { + return @{ + PrivacyMode = 'opt-in' + } + } + + Mock -CommandName Get-DefaultTenantMyAnalyticsFeatureConfig -MockWith { + return @{ + IsDashboardEnabled = $true + IsDigestEmailEnabled = $true + IsAddInEnabled = $true + IsScheduleSendEnabled = $true + } + } } It 'Should return Present from the Get method' { @@ -113,6 +159,22 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AccountEnabled = $False } } + + Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { + return @{ + PrivacyMode = 'opt-in' + } + } + + Mock -CommandName Get-DefaultTenantMyAnalyticsFeatureConfig -MockWith { + return @{ + IsDashboardEnabled = $true + IsDigestEmailEnabled = $true + IsAddInEnabled = $true + IsScheduleSendEnabled = $true + } + } + $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 866eff172104048536b8764e18fcd97edc021ef9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 09:48:52 -0400 Subject: [PATCH 04/39] Initial --- .../MSFT_O365OrgSettings.psm1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index c0ca56f0e8..0db7305510 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -81,6 +81,21 @@ function Get-TargetResource $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled' + $MRODeviceManagerService = 'ebe0c285-db95-403f-a1a3-a793bd6d7767' + try + { + $servicePrincipal = Get-MgServicePrincipal -Filter "appid eq 'ebe0c285-db95-403f-a1a3-a793bd6d7767'" + if ($null -eq $servicePrincipal) + { + Write-Verbose -Message "Registering the MRO Device Manager Service Principal" + New-MgServicePrincipal -AppId 'ebe0c285-db95-403f-a1a3-a793bd6d7767' -ErrorAction Stop | Out-Null + } + } + catch + { + Write-Verbose -Message $_ + } + return @{ IsSingleInstance = 'Yes' CortanaEnabled = $CortanaEnabledValue.AccountEnabled From eaa8ea6950af1a8f41b3ef8c0449c552076bdc2e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 19 Apr 2023 15:57:04 -0400 Subject: [PATCH 05/39] Fix Example --- .../Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 index 2dc5aa8956..e96b1ac798 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 @@ -18,7 +18,6 @@ Configuration Example O365OrgSettings 'O365OrgSettings' { Credential = $Credscredential; - Ensure = "Present"; IsSingleInstance = "Yes"; M365WebEnableUsersToOpenFilesFrom3PStorage = $False; } From 9d43ecb661e2e7eb1d363d42fd7e3e3247e4ad52 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 19 Apr 2023 16:21:14 -0400 Subject: [PATCH 06/39] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 1055 ++-------------------------- 1 file changed, 57 insertions(+), 998 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index bbb8c82229..a16e55c022 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -143,31 +143,10 @@ function Get-AdminAuditLogConfig ) } -function Get-AdministrativeUnit -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} function Get-AntiPhishPolicy { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Impersonation, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Advanced, - [Parameter()] [System.Object] $Identity, @@ -220,15 +199,6 @@ function Get-ApplicationAccessPolicy $Identity ) } -function Get-AtpPolicyForO365 -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity - ) -} function Get-AuditConfig { [CmdletBinding()] @@ -1154,50 +1124,6 @@ function Get-RoleGroupMember $ResultSize ) } -function Get-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity - ) -} -function Get-SafeAttachmentRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $State - ) -} -function Get-SafeLinksPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity - ) -} -function Get-SafeLinksRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $State - ) -} function Get-ServicePrincipal { [CmdletBinding()] @@ -1515,21 +1441,9 @@ function New-AntiPhishPolicy [System.Management.Automation.SwitchParameter] $MakeDefault, - [Parameter()] - [System.Object] - $DmarcRejectAction, - - [Parameter()] - [System.Int32] - $PhishThresholdLevel, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Boolean] - $EnableTargetedDomainsProtection, + $EnableUnauthenticatedSender, [Parameter()] [System.Boolean] @@ -1547,129 +1461,37 @@ function New-AntiPhishPolicy [System.String] $Name, - [Parameter()] - [System.Object] - $TargetedDomainsToProtect, - [Parameter()] [System.Boolean] $EnableSpoofIntelligence, - [Parameter()] - [System.Boolean] - $EnableSimilarUsersSafetyTips, - - [Parameter()] - [System.Object] - $ExcludedDomains, - - [Parameter()] - [System.Object] - $MailboxIntelligenceProtectionAction, - - [Parameter()] - [System.Object] - $TargetedDomainActionRecipients, - [Parameter()] [System.Object] $DmarcQuarantineAction, - [Parameter()] - [System.Boolean] - $EnableMailboxIntelligence, - - [Parameter()] - [System.String] - $TargetedDomainQuarantineTag, - - [Parameter()] - [System.String] - $SimilarUsersSafetyTipsCustomText, - - [Parameter()] - [System.Object] - $ImpersonationProtectionState, - - [Parameter()] - [System.Object] - $TargetedDomainProtectionAction, - - [Parameter()] - [System.String] - $AdminDisplayName, - [Parameter()] [System.Object] - $TargetedUsersToProtect, - - [Parameter()] - [System.Object] - $TargetedUserProtectionAction, + $AuthenticationFailAction, [Parameter()] [System.Object] $RecommendedPolicyType, [Parameter()] - [System.Object] - $MailboxIntelligenceProtectionActionRecipients, - - [Parameter()] - [System.String] - $MailboxIntelligenceQuarantineTag, - - [Parameter()] - [System.String] - $UnusualCharactersSafetyTipsCustomText, - - [Parameter()] - [System.Boolean] - $EnableSimilarDomainsSafetyTips, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] $SpoofQuarantineTag, - [Parameter()] - [System.Boolean] - $EnableUnauthenticatedSender, - - [Parameter()] - [System.String] - $PolicyTag, - - [Parameter()] - [System.String] - $TargetedUserQuarantineTag, - - [Parameter()] - [System.Boolean] - $EnableOrganizationDomainsProtection, - - [Parameter()] - [System.Boolean] - $EnableMailboxIntelligenceProtection, - - [Parameter()] - [System.Boolean] - $EnableUnusualCharactersSafetyTips, - - [Parameter()] - [System.Boolean] - $EnableTargetedUserProtection, - - [Parameter()] - [System.Object] - $AuthenticationFailAction, - [Parameter()] [System.Object] - $TargetedUserActionRecipients, + $DmarcRejectAction, [Parameter()] - [System.Object] - $ExcludedSenders + [System.String] + $AdminDisplayName ) } function New-AntiPhishRule @@ -1999,35 +1821,6 @@ function New-DataClassification $ClassificationRuleCollectionIdentity ) } -function New-DataEncryptionPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object] - $DomainController, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $AzureKeyIDs, - - [Parameter()] - [System.Boolean] - $Enabled - ) -} function New-DistributionGroup { [CmdletBinding()] @@ -3621,63 +3414,6 @@ function New-OfflineAddressBook $AddressLists ) } -function New-OMEConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Double] - $ExternalMailExpiryInDays, - - [Parameter()] - [System.String] - $ReadButtonText, - - [Parameter()] - [System.String] - $PortalText, - - [Parameter()] - [System.Byte[]] - $Image, - - [Parameter()] - [System.String] - $IntroductionText, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.String] - $BackgroundColor, - - [Parameter()] - [System.String] - $DisclaimerText, - - [Parameter()] - [System.String] - $PrivacyStatementUrl, - - [Parameter()] - [System.Boolean] - $SocialIdSignIn, - - [Parameter()] - [System.String] - $EmailText, - - [Parameter()] - [System.Boolean] - $OTPEnabled, - - [Parameter()] - [System.Object] - $Identity - ) -} function New-OnPremisesOrganization { [CmdletBinding()] @@ -4136,257 +3872,25 @@ function New-RoleGroup $Force ) } -function New-SafeAttachmentPolicy +function New-SharingPolicy { [CmdletBinding()] param( [Parameter()] - [System.Object] - $Action, + [System.String] + $Name, [Parameter()] - [System.Object] - $RecommendedPolicyType, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $Redirect, + [System.Object] + $Domains, [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeBuiltInProtection, - - [Parameter()] - [System.Boolean] - $Enable, - - [Parameter()] - [System.Object] - $RedirectAddress, - - [Parameter()] - [System.String] - $QuarantineTag, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Boolean] - $ActionOnError - ) -} -function New-SafeAttachmentRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - - [Parameter()] - [System.Object[]] - $SentTo, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, - - [Parameter()] - [System.Object] - $SafeAttachmentPolicy, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, - - [Parameter()] - [System.Boolean] - $Enabled - ) -} -function New-SafeLinksPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Boolean] - $EnableOrganizationBranding, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Boolean] - $UseTranslatedNotificationText, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeBuiltInProtection, - - [Parameter()] - [System.Object] - $DoNotRewriteUrls, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForTeams, - - [Parameter()] - [System.Boolean] - $DisableUrlRewrite, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForOffice, - - [Parameter()] - [System.Boolean] - $TrackClicks, - - [Parameter()] - [System.Boolean] - $AllowClickThrough, - - [Parameter()] - [System.Object] - $RecommendedPolicyType, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.String] - $CustomNotificationText, - - [Parameter()] - [System.Boolean] - $DeliverMessageAfterScan, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForEmail, - - [Parameter()] - [System.Boolean] - $ScanUrls, - - [Parameter()] - [System.Boolean] - $EnableForInternalSenders - ) -} -function New-SafeLinksRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - - [Parameter()] - [System.Object[]] - $SentTo, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object] - $SafeLinksPolicy, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf, - - [Parameter()] - [System.Boolean] - $Enabled - ) -} -function New-SharingPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Domains, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Default, + [System.Management.Automation.SwitchParameter] + $Default, [Parameter()] [System.Boolean] @@ -5609,19 +5113,6 @@ function Remove-OfflineAddressBook $Identity ) } -function Remove-OMEConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} function Remove-OnPremisesOrganization { [CmdletBinding()] @@ -5764,66 +5255,6 @@ function Remove-RoleGroup $BypassSecurityGroupManagerCheck ) } -function Remove-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-SafeAttachmentRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-SafeLinksPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} -function Remove-SafeLinksRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity - ) -} function Remove-SharingPolicy { [CmdletBinding()] @@ -6059,53 +5490,13 @@ function Set-AntiPhishPolicy { [CmdletBinding()] param( - [Parameter()] - [System.Boolean] - $EnableFirstContactSafetyTips, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault, - - [Parameter()] - [System.Object] - $DmarcRejectAction, - - [Parameter()] - [System.Int32] - $PhishThresholdLevel, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Boolean] - $EnableTargetedDomainsProtection, - - [Parameter()] - [System.Object] - $Identity, - [Parameter()] [System.Boolean] $HonorDmarcPolicy, [Parameter()] [System.Boolean] - $Enabled, - - [Parameter()] - [System.Boolean] - $EnableViaTag, - - [Parameter()] - [System.Object] - $MailboxIntelligenceProtectionAction, - - [Parameter()] - [System.Object] - $TargetedDomainsToProtect, + $EnableUnauthenticatedSender, [Parameter()] [System.Boolean] @@ -6113,91 +5504,31 @@ function Set-AntiPhishPolicy [Parameter()] [System.Boolean] - $EnableSimilarUsersSafetyTips, - - [Parameter()] - [System.Object] - $ExcludedDomains, - - [Parameter()] - [System.String] - $PolicyTag, - - [Parameter()] - [System.Object] - $TargetedDomainActionRecipients, - - [Parameter()] - [System.Object] - $DmarcQuarantineAction, - - [Parameter()] - [System.Boolean] - $EnableMailboxIntelligence, - - [Parameter()] - [System.String] - $TargetedDomainQuarantineTag, - - [Parameter()] - [System.Object] - $ImpersonationProtectionState, - - [Parameter()] - [System.Object] - $TargetedDomainProtectionAction, + $EnableFirstContactSafetyTips, [Parameter()] [System.String] $AdminDisplayName, - [Parameter()] - [System.Object] - $TargetedUsersToProtect, - - [Parameter()] - [System.Object] - $TargetedUserProtectionAction, - - [Parameter()] - [System.Object] - $MailboxIntelligenceProtectionActionRecipients, - - [Parameter()] - [System.String] - $MailboxIntelligenceQuarantineTag, - - [Parameter()] - [System.Boolean] - $EnableSimilarDomainsSafetyTips, - [Parameter()] [System.String] $SpoofQuarantineTag, [Parameter()] - [System.Boolean] - $EnableUnauthenticatedSender, - - [Parameter()] - [System.String] - $TargetedUserQuarantineTag, - - [Parameter()] - [System.Boolean] - $EnableOrganizationDomainsProtection, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $EnableMailboxIntelligenceProtection, + $EnableViaTag, [Parameter()] - [System.Boolean] - $EnableUnusualCharactersSafetyTips, + [System.Object] + $Identity, [Parameter()] [System.Boolean] - $EnableTargetedUserProtection, + $Enabled, [Parameter()] [System.Object] @@ -6205,11 +5536,15 @@ function Set-AntiPhishPolicy [Parameter()] [System.Object] - $TargetedUserActionRecipients, + $DmarcQuarantineAction, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault, [Parameter()] [System.Object] - $ExcludedSenders + $DmarcRejectAction ) } function Set-AntiPhishRule @@ -6319,35 +5654,6 @@ function Set-ApplicationAccessPolicy $Identity ) } -function Set-AtpPolicyForO365 -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Boolean] - $AllowSafeDocsOpen, - - [Parameter()] - [System.Object] - $BlockUrls, - - [Parameter()] - [System.Boolean] - $EnableATPForSPOTeamsODB, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Boolean] - $EnableSafeDocs, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} function Set-AuthenticationPolicy { [CmdletBinding()] @@ -6710,18 +6016,6 @@ function Set-DataEncryptionPolicy { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, - - [Parameter()] - [System.String] - $Name, - [Parameter()] [System.Object] $DomainController, @@ -6734,10 +6028,6 @@ function Set-DataEncryptionPolicy [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Object] - $Identity, - [Parameter()] [System.String] $PermanentDataPurgeReason, @@ -6752,7 +6042,7 @@ function Set-DataEncryptionPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $Refresh + $Force ) } function Set-DistributionGroup @@ -7714,6 +7004,10 @@ function Set-IRMConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.Uri] + $RMSOnlineKeySharingLocation, + [Parameter()] [System.Object] $Identity, @@ -7722,10 +7016,6 @@ function Set-IRMConfiguration [System.Object] $TransportDecryptionSetting, - [Parameter()] - [System.Uri] - $RMSOnlineKeySharingLocation, - [Parameter()] [System.Management.Automation.SwitchParameter] $Force, @@ -7736,7 +7026,7 @@ function Set-IRMConfiguration [Parameter()] [System.Boolean] - $EnablePortalTrackingLogs, + $EnablePdfEncryption, [Parameter()] [System.Boolean] @@ -7762,10 +7052,6 @@ function Set-IRMConfiguration [System.Boolean] $JournalReportDecryptionEnabled, - [Parameter()] - [System.Boolean] - $EnablePdfEncryption, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -8112,10 +7398,6 @@ function Set-Mailbox [System.String] $CustomAttribute6, - [Parameter()] - [System.Object] - $DataEncryptionPolicy, - [Parameter()] [System.Object] $ExtensionCustomAttribute4, @@ -9159,8 +8441,8 @@ function Set-OMEConfiguration [CmdletBinding()] param( [Parameter()] - [System.Double] - $ExternalMailExpiryInDays, + [System.String] + $IntroductionText, [Parameter()] [System.String] @@ -9175,8 +8457,8 @@ function Set-OMEConfiguration $Image, [Parameter()] - [System.String] - $IntroductionText, + [System.Boolean] + $OTPEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -9202,10 +8484,6 @@ function Set-OMEConfiguration [System.String] $EmailText, - [Parameter()] - [System.Boolean] - $OTPEnabled, - [Parameter()] [System.Object] $Identity @@ -9333,6 +8611,10 @@ function Set-OrganizationConfig [System.Boolean] $ElcProcessingDisabled, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Boolean] $UnblockUnsafeSenderPromptEnabled, @@ -9422,8 +8704,8 @@ function Set-OrganizationConfig $OutlookMobileGCCRestrictionsEnabled, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Uri] + $SiteMailboxCreationURL, [Parameter()] [System.Boolean] @@ -9433,10 +8715,6 @@ function Set-OrganizationConfig [System.Boolean] $BookingsSmsMicrosoftEnabled, - [Parameter()] - [System.Object] - $DefaultAuthenticationPolicy, - [Parameter()] [System.Boolean] $WebPushNotificationsDisabled, @@ -9497,10 +8775,6 @@ function Set-OrganizationConfig [System.Object] $DistributionGroupNameBlockedWordsList, - [Parameter()] - [System.Int32] - $RequiredCharsetCoverage, - [Parameter()] [System.Boolean] $AsyncSendEnabled, @@ -9517,6 +8791,10 @@ function Set-OrganizationConfig [System.Boolean] $ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled, + [Parameter()] + [System.Boolean] + $BookingsPaymentsEnabled, + [Parameter()] [System.Boolean] $WorkspaceTenantEnabled, @@ -9550,8 +8828,8 @@ function Set-OrganizationConfig $CalendarVersionStoreEnabled, [Parameter()] - [System.Boolean] - $BookingsPaymentsEnabled, + [System.Int32] + $RequiredCharsetCoverage, [Parameter()] [System.Object] @@ -9617,6 +8895,10 @@ function Set-OrganizationConfig [System.Boolean] $ConnectorsActionableMessagesEnabled, + [Parameter()] + [System.Object] + $DefaultAuthenticationPolicy, + [Parameter()] [System.Boolean] $MailTipsMailboxSourcedTipsEnabled, @@ -9725,14 +9007,6 @@ function Set-OrganizationConfig [System.Object] $EwsBlockList, - [Parameter()] - [System.Boolean] - $CustomerLockboxEnabled, - - [Parameter()] - [System.Uri] - $SiteMailboxCreationURL, - [Parameter()] [System.Int32] $ByteEncoderTypeFor7BitCharsets, @@ -10705,222 +9979,6 @@ function Set-RoleGroup $ManagedBy ) } -function Set-SafeAttachmentPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Action, - - [Parameter()] - [System.Boolean] - $Redirect, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Boolean] - $Enable, - - [Parameter()] - [System.Object] - $RedirectAddress, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.String] - $QuarantineTag, - - [Parameter()] - [System.Boolean] - $ActionOnError - ) -} -function Set-SafeAttachmentRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - - [Parameter()] - [System.Object[]] - $SentTo, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $SafeAttachmentPolicy, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf - ) -} -function Set-SafeLinksPolicy -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Boolean] - $EnableOrganizationBranding, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.String] - $AdminDisplayName, - - [Parameter()] - [System.Boolean] - $UseTranslatedNotificationText, - - [Parameter()] - [System.Boolean] - $DisableUrlRewrite, - - [Parameter()] - [System.Object] - $DoNotRewriteUrls, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForTeams, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForOffice, - - [Parameter()] - [System.Boolean] - $TrackClicks, - - [Parameter()] - [System.Boolean] - $AllowClickThrough, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.String] - $CustomNotificationText, - - [Parameter()] - [System.Boolean] - $DeliverMessageAfterScan, - - [Parameter()] - [System.Boolean] - $EnableSafeLinksForEmail, - - [Parameter()] - [System.Boolean] - $ScanUrls, - - [Parameter()] - [System.Boolean] - $EnableForInternalSenders - ) -} -function Set-SafeLinksRule -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $Priority, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object[]] - $SentToMemberOf, - - [Parameter()] - [System.Object[]] - $SentTo, - - [Parameter()] - [System.String] - $Comments, - - [Parameter()] - [System.Object[]] - $RecipientDomainIs, - - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object[]] - $ExceptIfRecipientDomainIs, - - [Parameter()] - [System.Object] - $SafeLinksPolicy, - - [Parameter()] - [System.Object[]] - $ExceptIfSentTo, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object[]] - $ExceptIfSentToMemberOf - ) -} function Set-SharingPolicy { [CmdletBinding()] @@ -12221,6 +11279,7 @@ function Update-RoleGroupMember } #endregion + #region MicrosoftGraph function Get-MgApplication { From a0718234d28fc64eb14e48847515163212942ce8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 19 Apr 2023 16:39:18 -0400 Subject: [PATCH 07/39] Updates --- .../Modules/M365DSCStubsUtility.psm1 | 3 +- Tests/Unit/Stubs/Microsoft365.psm1 | 59 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index 238b81d440..31ee0a0775 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -48,7 +48,8 @@ function New-M365DSCStubFiles if ($null -eq $Workloads) { $workloads = @( - @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Mailbox' }, + @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement';}, # This is the main EXO module with new cmdlets. + @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Mailbox' }, # This is the EXO Proxy @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Applications'; }, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Authentication'; }, @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement'; }, diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index a16e55c022..99d7200103 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,3 +1,62 @@ +#region ExchangeOnline +function Get-DefaultTenantBriefingConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + $ResultSize + ) +} +function Get-DefaultTenantMyAnalyticsFeatureConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + $ResultSize + ) +} +function Set-DefaultTenantBriefingConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $PrivacyMode, + + [Parameter()] + [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + $ResultSize + ) +} +function Set-DefaultTenantMyAnalyticsFeatureConfig +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Nullable`1[System.Double]] + $SamplingRate, + + [Parameter()] + [System.String] + $PrivacyMode, + + [Parameter()] + [System.String] + $Feature, + + [Parameter()] + [System.Boolean] + $IsEnabled, + + [Parameter()] + [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + $ResultSize + ) +} +#endregion + #region ExchangeOnline function Add-AvailabilityAddressSpace { From 2b4c574bda134a4880e7856e8c910eb520644a57 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 20 Apr 2023 07:53:22 -0400 Subject: [PATCH 08/39] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 1038 ++++++++++++++++++++++++++-- 1 file changed, 983 insertions(+), 55 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 99d7200103..76ec250472 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -206,6 +206,14 @@ function Get-AntiPhishPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Impersonation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Advanced, + [Parameter()] [System.Object] $Identity, @@ -258,6 +266,15 @@ function Get-ApplicationAccessPolicy $Identity ) } +function Get-AtpPolicyForO365 +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Get-AuditConfig { [CmdletBinding()] @@ -1183,6 +1200,50 @@ function Get-RoleGroupMember $ResultSize ) } +function Get-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $State + ) +} +function Get-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $State + ) +} function Get-ServicePrincipal { [CmdletBinding()] @@ -1500,9 +1561,21 @@ function New-AntiPhishPolicy [System.Management.Automation.SwitchParameter] $MakeDefault, + [Parameter()] + [System.Object] + $DmarcRejectAction, + + [Parameter()] + [System.Int32] + $PhishThresholdLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + [Parameter()] [System.Boolean] - $EnableUnauthenticatedSender, + $EnableTargetedDomainsProtection, [Parameter()] [System.Boolean] @@ -1520,37 +1593,129 @@ function New-AntiPhishPolicy [System.String] $Name, + [Parameter()] + [System.Object] + $TargetedDomainsToProtect, + [Parameter()] [System.Boolean] $EnableSpoofIntelligence, + [Parameter()] + [System.Boolean] + $EnableSimilarUsersSafetyTips, + + [Parameter()] + [System.Object] + $ExcludedDomains, + + [Parameter()] + [System.Object] + $MailboxIntelligenceProtectionAction, + + [Parameter()] + [System.Object] + $TargetedDomainActionRecipients, + [Parameter()] [System.Object] $DmarcQuarantineAction, + [Parameter()] + [System.Boolean] + $EnableMailboxIntelligence, + + [Parameter()] + [System.String] + $TargetedDomainQuarantineTag, + + [Parameter()] + [System.String] + $SimilarUsersSafetyTipsCustomText, + [Parameter()] [System.Object] - $AuthenticationFailAction, + $ImpersonationProtectionState, + + [Parameter()] + [System.Object] + $TargetedDomainProtectionAction, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Object] + $TargetedUsersToProtect, + + [Parameter()] + [System.Object] + $TargetedUserProtectionAction, [Parameter()] [System.Object] $RecommendedPolicyType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Object] + $MailboxIntelligenceProtectionActionRecipients, + + [Parameter()] + [System.String] + $MailboxIntelligenceQuarantineTag, + + [Parameter()] + [System.String] + $UnusualCharactersSafetyTipsCustomText, + + [Parameter()] + [System.Boolean] + $EnableSimilarDomainsSafetyTips, [Parameter()] [System.String] $SpoofQuarantineTag, [Parameter()] - [System.Object] - $DmarcRejectAction, + [System.Boolean] + $EnableUnauthenticatedSender, [Parameter()] [System.String] - $AdminDisplayName + $PolicyTag, + + [Parameter()] + [System.String] + $TargetedUserQuarantineTag, + + [Parameter()] + [System.Boolean] + $EnableOrganizationDomainsProtection, + + [Parameter()] + [System.Boolean] + $EnableMailboxIntelligenceProtection, + + [Parameter()] + [System.Boolean] + $EnableUnusualCharactersSafetyTips, + + [Parameter()] + [System.Boolean] + $EnableTargetedUserProtection, + + [Parameter()] + [System.Object] + $AuthenticationFailAction, + + [Parameter()] + [System.Object] + $TargetedUserActionRecipients, + + [Parameter()] + [System.Object] + $ExcludedSenders ) } function New-AntiPhishRule @@ -1880,6 +2045,35 @@ function New-DataClassification $ClassificationRuleCollectionIdentity ) } +function New-DataEncryptionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $DomainController, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $AzureKeyIDs, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} function New-DistributionGroup { [CmdletBinding()] @@ -3473,6 +3667,63 @@ function New-OfflineAddressBook $AddressLists ) } +function New-OMEConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Double] + $ExternalMailExpiryInDays, + + [Parameter()] + [System.String] + $ReadButtonText, + + [Parameter()] + [System.String] + $PortalText, + + [Parameter()] + [System.Byte[]] + $Image, + + [Parameter()] + [System.String] + $IntroductionText, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $BackgroundColor, + + [Parameter()] + [System.String] + $DisclaimerText, + + [Parameter()] + [System.String] + $PrivacyStatementUrl, + + [Parameter()] + [System.Boolean] + $SocialIdSignIn, + + [Parameter()] + [System.String] + $EmailText, + + [Parameter()] + [System.Boolean] + $OTPEnabled, + + [Parameter()] + [System.Object] + $Identity + ) +} function New-OnPremisesOrganization { [CmdletBinding()] @@ -3931,29 +4182,261 @@ function New-RoleGroup $Force ) } -function New-SharingPolicy +function New-SafeAttachmentPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Object] + $Action, + + [Parameter()] + [System.Object] + $RecommendedPolicyType, + + [Parameter()] + [System.Boolean] + $Redirect, + [Parameter()] [System.String] $Name, + [Parameter()] + [System.String] + $AdminDisplayName, + [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $MakeBuiltInProtection, + + [Parameter()] + [System.Boolean] + $Enable, [Parameter()] [System.Object] - $Domains, + $RedirectAddress, + + [Parameter()] + [System.String] + $QuarantineTag, [Parameter()] [System.Management.Automation.SwitchParameter] - $Default, + $Confirm, [Parameter()] [System.Boolean] - $Enabled + $ActionOnError + ) +} +function New-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $SafeAttachmentPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Boolean] + $UseTranslatedNotificationText, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeBuiltInProtection, + + [Parameter()] + [System.Object] + $DoNotRewriteUrls, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForTeams, + + [Parameter()] + [System.Boolean] + $DisableUrlRewrite, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForOffice, + + [Parameter()] + [System.Boolean] + $TrackClicks, + + [Parameter()] + [System.Boolean] + $AllowClickThrough, + + [Parameter()] + [System.Object] + $RecommendedPolicyType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $CustomNotificationText, + + [Parameter()] + [System.Boolean] + $DeliverMessageAfterScan, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForEmail, + + [Parameter()] + [System.Boolean] + $ScanUrls, + + [Parameter()] + [System.Boolean] + $EnableForInternalSenders + ) +} +function New-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object] + $SafeLinksPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf, + + [Parameter()] + [System.Boolean] + $Enabled + ) +} +function New-SharingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Domains, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Default, + + [Parameter()] + [System.Boolean] + $Enabled ) } function New-TransportRule @@ -5172,6 +5655,19 @@ function Remove-OfflineAddressBook $Identity ) } +function Remove-OMEConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} function Remove-OnPremisesOrganization { [CmdletBinding()] @@ -5314,6 +5810,66 @@ function Remove-RoleGroup $BypassSecurityGroupManagerCheck ) } +function Remove-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity + ) +} function Remove-SharingPolicy { [CmdletBinding()] @@ -5549,13 +6105,53 @@ function Set-AntiPhishPolicy { [CmdletBinding()] param( + [Parameter()] + [System.Boolean] + $EnableFirstContactSafetyTips, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MakeDefault, + + [Parameter()] + [System.Object] + $DmarcRejectAction, + + [Parameter()] + [System.Int32] + $PhishThresholdLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $EnableTargetedDomainsProtection, + + [Parameter()] + [System.Object] + $Identity, + [Parameter()] [System.Boolean] $HonorDmarcPolicy, [Parameter()] [System.Boolean] - $EnableUnauthenticatedSender, + $Enabled, + + [Parameter()] + [System.Boolean] + $EnableViaTag, + + [Parameter()] + [System.Object] + $MailboxIntelligenceProtectionAction, + + [Parameter()] + [System.Object] + $TargetedDomainsToProtect, [Parameter()] [System.Boolean] @@ -5563,47 +6159,103 @@ function Set-AntiPhishPolicy [Parameter()] [System.Boolean] - $EnableFirstContactSafetyTips, + $EnableSimilarUsersSafetyTips, + + [Parameter()] + [System.Object] + $ExcludedDomains, + + [Parameter()] + [System.String] + $PolicyTag, + + [Parameter()] + [System.Object] + $TargetedDomainActionRecipients, + + [Parameter()] + [System.Object] + $DmarcQuarantineAction, + + [Parameter()] + [System.Boolean] + $EnableMailboxIntelligence, + + [Parameter()] + [System.String] + $TargetedDomainQuarantineTag, + + [Parameter()] + [System.Object] + $ImpersonationProtectionState, + + [Parameter()] + [System.Object] + $TargetedDomainProtectionAction, [Parameter()] [System.String] $AdminDisplayName, + [Parameter()] + [System.Object] + $TargetedUsersToProtect, + + [Parameter()] + [System.Object] + $TargetedUserProtectionAction, + + [Parameter()] + [System.Object] + $MailboxIntelligenceProtectionActionRecipients, + + [Parameter()] + [System.String] + $MailboxIntelligenceQuarantineTag, + + [Parameter()] + [System.Boolean] + $EnableSimilarDomainsSafetyTips, + [Parameter()] [System.String] $SpoofQuarantineTag, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $EnableUnauthenticatedSender, + + [Parameter()] + [System.String] + $TargetedUserQuarantineTag, [Parameter()] [System.Boolean] - $EnableViaTag, + $EnableOrganizationDomainsProtection, [Parameter()] - [System.Object] - $Identity, + [System.Boolean] + $EnableMailboxIntelligenceProtection, [Parameter()] [System.Boolean] - $Enabled, + $EnableUnusualCharactersSafetyTips, [Parameter()] - [System.Object] - $AuthenticationFailAction, + [System.Boolean] + $EnableTargetedUserProtection, [Parameter()] [System.Object] - $DmarcQuarantineAction, + $AuthenticationFailAction, [Parameter()] - [System.Management.Automation.SwitchParameter] - $MakeDefault, + [System.Object] + $TargetedUserActionRecipients, [Parameter()] [System.Object] - $DmarcRejectAction + $ExcludedSenders ) } function Set-AntiPhishRule @@ -5713,6 +6365,35 @@ function Set-ApplicationAccessPolicy $Identity ) } +function Set-AtpPolicyForO365 +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $AllowSafeDocsOpen, + + [Parameter()] + [System.Object] + $BlockUrls, + + [Parameter()] + [System.Boolean] + $EnableATPForSPOTeamsODB, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $EnableSafeDocs, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} function Set-AuthenticationPolicy { [CmdletBinding()] @@ -6075,6 +6756,18 @@ function Set-DataEncryptionPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.String] + $Name, + [Parameter()] [System.Object] $DomainController, @@ -6087,6 +6780,10 @@ function Set-DataEncryptionPolicy [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Object] + $Identity, + [Parameter()] [System.String] $PermanentDataPurgeReason, @@ -6101,7 +6798,7 @@ function Set-DataEncryptionPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $Force + $Refresh ) } function Set-DistributionGroup @@ -7061,12 +7758,8 @@ function Set-IntraOrganizationConnector } function Set-IRMConfiguration { - [CmdletBinding()] - param( - [Parameter()] - [System.Uri] - $RMSOnlineKeySharingLocation, - + [CmdletBinding()] + param( [Parameter()] [System.Object] $Identity, @@ -7075,6 +7768,10 @@ function Set-IRMConfiguration [System.Object] $TransportDecryptionSetting, + [Parameter()] + [System.Uri] + $RMSOnlineKeySharingLocation, + [Parameter()] [System.Management.Automation.SwitchParameter] $Force, @@ -7085,7 +7782,7 @@ function Set-IRMConfiguration [Parameter()] [System.Boolean] - $EnablePdfEncryption, + $EnablePortalTrackingLogs, [Parameter()] [System.Boolean] @@ -7111,6 +7808,10 @@ function Set-IRMConfiguration [System.Boolean] $JournalReportDecryptionEnabled, + [Parameter()] + [System.Boolean] + $EnablePdfEncryption, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -7457,6 +8158,10 @@ function Set-Mailbox [System.String] $CustomAttribute6, + [Parameter()] + [System.Object] + $DataEncryptionPolicy, + [Parameter()] [System.Object] $ExtensionCustomAttribute4, @@ -8500,8 +9205,8 @@ function Set-OMEConfiguration [CmdletBinding()] param( [Parameter()] - [System.String] - $IntroductionText, + [System.Double] + $ExternalMailExpiryInDays, [Parameter()] [System.String] @@ -8516,8 +9221,8 @@ function Set-OMEConfiguration $Image, [Parameter()] - [System.Boolean] - $OTPEnabled, + [System.String] + $IntroductionText, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -8543,6 +9248,10 @@ function Set-OMEConfiguration [System.String] $EmailText, + [Parameter()] + [System.Boolean] + $OTPEnabled, + [Parameter()] [System.Object] $Identity @@ -8670,10 +9379,6 @@ function Set-OrganizationConfig [System.Boolean] $ElcProcessingDisabled, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Boolean] $UnblockUnsafeSenderPromptEnabled, @@ -8763,8 +9468,8 @@ function Set-OrganizationConfig $OutlookMobileGCCRestrictionsEnabled, [Parameter()] - [System.Uri] - $SiteMailboxCreationURL, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] @@ -8774,6 +9479,10 @@ function Set-OrganizationConfig [System.Boolean] $BookingsSmsMicrosoftEnabled, + [Parameter()] + [System.Object] + $DefaultAuthenticationPolicy, + [Parameter()] [System.Boolean] $WebPushNotificationsDisabled, @@ -8834,6 +9543,10 @@ function Set-OrganizationConfig [System.Object] $DistributionGroupNameBlockedWordsList, + [Parameter()] + [System.Int32] + $RequiredCharsetCoverage, + [Parameter()] [System.Boolean] $AsyncSendEnabled, @@ -8850,10 +9563,6 @@ function Set-OrganizationConfig [System.Boolean] $ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled, - [Parameter()] - [System.Boolean] - $BookingsPaymentsEnabled, - [Parameter()] [System.Boolean] $WorkspaceTenantEnabled, @@ -8887,8 +9596,8 @@ function Set-OrganizationConfig $CalendarVersionStoreEnabled, [Parameter()] - [System.Int32] - $RequiredCharsetCoverage, + [System.Boolean] + $BookingsPaymentsEnabled, [Parameter()] [System.Object] @@ -8954,10 +9663,6 @@ function Set-OrganizationConfig [System.Boolean] $ConnectorsActionableMessagesEnabled, - [Parameter()] - [System.Object] - $DefaultAuthenticationPolicy, - [Parameter()] [System.Boolean] $MailTipsMailboxSourcedTipsEnabled, @@ -9066,6 +9771,14 @@ function Set-OrganizationConfig [System.Object] $EwsBlockList, + [Parameter()] + [System.Boolean] + $CustomerLockboxEnabled, + + [Parameter()] + [System.Uri] + $SiteMailboxCreationURL, + [Parameter()] [System.Int32] $ByteEncoderTypeFor7BitCharsets, @@ -10038,6 +10751,222 @@ function Set-RoleGroup $ManagedBy ) } +function Set-SafeAttachmentPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Action, + + [Parameter()] + [System.Boolean] + $Redirect, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Boolean] + $Enable, + + [Parameter()] + [System.Object] + $RedirectAddress, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $QuarantineTag, + + [Parameter()] + [System.Boolean] + $ActionOnError + ) +} +function Set-SafeAttachmentRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $SafeAttachmentPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf + ) +} +function Set-SafeLinksPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.Boolean] + $UseTranslatedNotificationText, + + [Parameter()] + [System.Boolean] + $DisableUrlRewrite, + + [Parameter()] + [System.Object] + $DoNotRewriteUrls, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForTeams, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForOffice, + + [Parameter()] + [System.Boolean] + $TrackClicks, + + [Parameter()] + [System.Boolean] + $AllowClickThrough, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $CustomNotificationText, + + [Parameter()] + [System.Boolean] + $DeliverMessageAfterScan, + + [Parameter()] + [System.Boolean] + $EnableSafeLinksForEmail, + + [Parameter()] + [System.Boolean] + $ScanUrls, + + [Parameter()] + [System.Boolean] + $EnableForInternalSenders + ) +} +function Set-SafeLinksRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object[]] + $SentToMemberOf, + + [Parameter()] + [System.Object[]] + $SentTo, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.Object[]] + $RecipientDomainIs, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.Object] + $SafeLinksPolicy, + + [Parameter()] + [System.Object[]] + $ExceptIfSentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object[]] + $ExceptIfSentToMemberOf + ) +} function Set-SharingPolicy { [CmdletBinding()] @@ -11338,7 +12267,6 @@ function Update-RoleGroupMember } #endregion - #region MicrosoftGraph function Get-MgApplication { From 88be6741b3b3e2772798b9e65271a9538b0d512e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 20 Apr 2023 08:15:21 -0400 Subject: [PATCH 09/39] Update M365DSCStubsUtility.psm1 --- .../Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index 31ee0a0775..308588d182 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -208,20 +208,15 @@ function New-M365DSCStubFiles { $ParamType = 'PSObject' } - elseif ($ParamType.StartsWith('Microsoft.Teams.') -or ` - $ParamType.StartsWith("System.Management.Automation.PSListModifier``1[Microsoft.")) - { - $ParamType = 'PSObject' - } elseif ($ParamType.StartsWith('Microsoft.Rtc.')) { $ParamType = 'PSObject' } - elseif ($ParamType.StartsWith('Microsoft.SharePoint.') -or ` - $ParamType.StartsWith('Microsoft.Online') -or ` + elseif ($ParamType.StartsWith('Microsoft..') -or ` $ParamType.StartsWith('PnP.') -or ` $ParamType.StartsWith("System.Nullable``1[Microsoft.") -or ` - $ParamType.StartsWith("System.Nullable``1[PnP.")) + $ParamType.StartsWith("System.Nullable``1[PnP.") -or ` + $ParamType.StartsWith("System.Management.Automation.PSListModifier``1[Microsoft.")) { $ParamType = 'PSObject' } From da05e85207e77d58883ba607a3504e403e3242e8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 20 Apr 2023 08:33:58 -0400 Subject: [PATCH 10/39] Updates --- Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 | 2 +- Tests/Unit/Stubs/Microsoft365.psm1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index 308588d182..0f130945e3 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -212,7 +212,7 @@ function New-M365DSCStubFiles { $ParamType = 'PSObject' } - elseif ($ParamType.StartsWith('Microsoft..') -or ` + elseif ($ParamType.StartsWith('Microsoft.') -or ` $ParamType.StartsWith('PnP.') -or ` $ParamType.StartsWith("System.Nullable``1[Microsoft.") -or ` $ParamType.StartsWith("System.Nullable``1[PnP.") -or ` diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 76ec250472..6afc5fc237 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -4,7 +4,7 @@ function Get-DefaultTenantBriefingConfig [CmdletBinding()] param( [Parameter()] - [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + [PSObject] $ResultSize ) } @@ -13,7 +13,7 @@ function Get-DefaultTenantMyAnalyticsFeatureConfig [CmdletBinding()] param( [Parameter()] - [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + [PSObject] $ResultSize ) } @@ -26,7 +26,7 @@ function Set-DefaultTenantBriefingConfig $PrivacyMode, [Parameter()] - [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + [PSObject] $ResultSize ) } @@ -51,7 +51,7 @@ function Set-DefaultTenantMyAnalyticsFeatureConfig $IsEnabled, [Parameter()] - [Microsoft.Exchange.Management.RestApiClient.Unlimited`1[System.UInt32]] + [PSObject] $ResultSize ) } From 61028658aa712964d7cbd87d1fac6eb710fd32f8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 5 Jun 2023 07:51:45 -0400 Subject: [PATCH 11/39] Update Manifest.psd1 --- Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index d39640866e..24ceffe7c9 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -6,7 +6,7 @@ }, @{ ModuleName = 'ExchangeOnlineManagement' - RequiredVersion = '3.1.0' + RequiredVersion = '3.2.0' }, @{ ModuleName = 'Microsoft.Graph.Applications' From b3a28b7a19ad996ddc4d6412baec4f024937d240 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 5 Jun 2023 07:52:52 -0400 Subject: [PATCH 12/39] Create 1-ConfigureRoleGroup.ps1 --- .../EXORoleGroup/1-ConfigureRoleGroup.ps1 | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXORoleGroup/1-ConfigureRoleGroup.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORoleGroup/1-ConfigureRoleGroup.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORoleGroup/1-ConfigureRoleGroup.ps1 new file mode 100644 index 0000000000..b0bdc43549 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORoleGroup/1-ConfigureRoleGroup.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXORoleGroup 'ConfigureRoleGroup' + { + Name = "Contoso Role Group" + Description = "Address Lists Role for Exchange Administrators" + Members = @("Exchange Administrator") + Roles = @("Address Lists") + Ensure = "Present" + Credential = $credsGlobalAdmin + } + } +} From df6ff27b8bbc63df81b56280c08a56fbdcce6473 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 5 Jun 2023 11:59:59 -0400 Subject: [PATCH 13/39] Update Manifest.psd1 --- Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 9c5b3c01ec..c6f03d49a4 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -6,7 +6,7 @@ }, @{ ModuleName = 'ExchangeOnlineManagement' - RequiredVersion = '3.2.0' + RequiredVersion = '3.1.0' }, @{ ModuleName = 'Microsoft.Graph.Applications' From 4b2800633ef45e92b7f4268498fad7d181a17c13 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Jun 2023 17:13:06 -0400 Subject: [PATCH 14/39] Updates --- CHANGELOG.md | 2 + .../MSFT_O365OrgSettings.psm1 | 160 +++++++++++++++++- .../MSFT_O365OrgSettings.schema.mof | 3 + .../MSFT_O365OrgSettings/settings.json | 12 ++ .../Microsoft365DSC.O365OrgSettings.Tests.ps1 | 20 +++ 5 files changed, 192 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 774aded2f4..41dcccac67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* O365OrgSettings + * Added support for the Microsoft 365 installation options. * IntuneAntivirusPolicyWindows10SettingCatalog * Fixes an issue for policies with template endpointSecurityAntivirus that had a templateId not expected by the code FIXES [#3360](https://github.com/microsoft/Microsoft365DSC/issues/3360) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 6f0bb84a52..6a2e64f774 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -21,6 +21,21 @@ function Get-TargetResource [System.Boolean] $AdminCenterReportDisplayConcealedNames, + [Parameter()] + [System.String] + [ValidateSet('current', 'monthlyEnterprise', 'semiAnnual')] + $InstallationOptionsUpdateChannel, + + [Parameter()] + [System.String[]] + [ValidateSet('isVisioEnabled', 'isSkypeForBusinessEnabled', 'isProjectEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForWindows, + + [Parameter()] + [System.String[]] + [ValidateSet('isSkypeForBusinessEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForMac, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -58,7 +73,7 @@ function Get-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -102,11 +117,32 @@ function Get-TargetResource $AdminCenterReportDisplayConcealedNamesValue = Get-M365DSCOrgSettingsAdminCenterReport + $installationOptions = Get-M365DSCOrgSettingsInstallationOptions + $appsForWindowsValue = @() + foreach ($key in $installationOptions.appsForWindows.Keys) + { + if ($installationOptions.appsForWindows.$key) + { + $appsForWindowsValue += $key + } + } + $appsForMacValue = @() + foreach ($key in $installationOptions.appsForMac.Keys) + { + if ($installationOptions.appsForMac.$key) + { + $appsForMacValue += $key + } + } + return @{ IsSingleInstance = 'Yes' CortanaEnabled = $CortanaEnabledValue.AccountEnabled M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled AdminCenterReportDisplayConcealedNames = $AdminCenterReportDisplayConcealedNamesValue.displayConcealedNames + InstallationOptionsUpdateChannel = $installationOptions.updateChannel + InstallationOptionsAppsForWindows = $appsForWindowsValue + InstallationOptionsAppsForMac = $appsForMacValue Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -150,6 +186,21 @@ function Set-TargetResource [System.Boolean] $AdminCenterReportDisplayConcealedNames, + [Parameter()] + [System.String] + [ValidateSet('current', 'monthlyEnterprise', 'semiAnnual')] + $InstallationOptionsUpdateChannel, + + [Parameter()] + [System.String[]] + [ValidateSet('isVisioEnabled', 'isSkypeForBusinessEnabled', 'isProjectEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForWindows, + + [Parameter()] + [System.String[]] + [ValidateSet('isSkypeForBusinessEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForMac, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -200,11 +251,12 @@ function Set-TargetResource Write-Verbose -Message 'Setting configuration of Office 365 Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' - if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) + if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled -and ` + $M365WebEnableUsersToOpenFilesFrom3PStorage.Id -ne $null) { Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` @@ -213,7 +265,8 @@ function Set-TargetResource $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled, Id' - if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled) + if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled -and ` + $CortanaEnabledValue.Id -ne $null) { Write-Verbose -Message "Updating the Cortana setting to {$CortanaEnabled}" Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` @@ -227,6 +280,64 @@ function Set-TargetResource Write-Verbose -Message "Updating the Admin Center Report Display Concealed Names setting to {$AdminCenterReportDisplayConcealedNames}" Update-M365DSCOrgSettingsAdminCenterReport -DisplayConcealedNames $AdminCenterReportDisplayConcealedNames } + + if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForWindows") -or $PSBoundParameters.ContainsKey("InstallationOptionsAppsForMac")) + { + $InstallationOptions = Get-M365DSCOrgSettingsInstallationOptions + $InstallationOptionsToUpdate = @{ + updateChannel = "" + appsForWindows = @{ + isMicrosoft365AppsEnabled = $false + isProjectEnabled = $false + isSkypeForBusinessEnabled = $false + isVisioEnabled = $false + } + appsForMac = @{ + isMicrosoft365AppsEnabled = $false + isSkypeForBusinessEnabled = $false + } + } + + if ($PSBoundParameters.ContainsKey("InstallationOptionsUpdateChannel") -and ` + ($InstallationOptionsUpdateChannel -ne $InstallationOptions.updateChannel)) + { + $InstallationOptionsToUpdate.updateChannel = $InstallationOptionsUpdateChannel + } + else + { + $InstallationOptionsToUpdate.Remove('updateChannel') | Out-Null + } + + if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForWindows")) + { + foreach ($key in $InstallationOptionsAppsForWindows) + { + $InstallationOptionsToUpdate.appsForWindows.$key = $true + } + } + else + { + $InstallationOptionsToUpdate.Remove('appsForWindows') | Out-Null + } + + if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForMac")) + { + foreach ($key in $InstallationOptionsAppsForMac) + { + $InstallationOptionsToUpdate.appsForMac.$key = $true + } + } + else + { + $InstallationOptionsToUpdate.Remove('appsForMac') | Out-Null + } + + if ($InstallationOptionsToUpdate.Keys.Count -gt 0) + { + Write-Verbose -Message "Updating O365 Installation Options with $(Convert-M365DscHashtableToString -Hashtable $InstallationOptionsToUpdate)" + Update-M365DSCOrgSettingsInstallationOptions -Options $InstallationOptionsToUpdate + } + } } function Test-TargetResource @@ -252,6 +363,21 @@ function Test-TargetResource [System.Boolean] $AdminCenterReportDisplayConcealedNames, + [Parameter()] + [System.String] + [ValidateSet('current', 'monthlyEnterprise', 'semiAnnual')] + $InstallationOptionsUpdateChannel, + + [Parameter()] + [System.String[]] + [ValidateSet('isVisioEnabled', 'isSkypeForBusinessEnabled', 'isProjectEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForWindows, + + [Parameter()] + [System.String[]] + [ValidateSet('isSkypeForBusinessEnabled', 'isMicrosoft365AppsEnabled')] + $InstallationOptionsAppsForMac, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -343,7 +469,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -432,4 +558,28 @@ function Update-M365DSCOrgSettingsAdminCenterReport Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null } +function Get-M365DSCOrgSettingsInstallationOptions +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param() + + $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' + $results = Invoke-MgGraphRequest -Method GET -Uri $url + return $results +} + +function Update-M365DSCOrgSettingsInstallationOptions +{ + [CmdletBinding()] + [OutputType([Void])] + param( + [Parameter(Mandatory = $true)] + [System.Collections.Hashtable] + $Options + ) + $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' + Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null +} + Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index 6f24d5b015..ce774c8356 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -5,6 +5,9 @@ class MSFT_O365OrgSettings : OMI_BaseResource [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled; [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; [Write, Description("Controls whether or not the Admin Center reports will conceale user, group and site names.")] Boolean AdminCenterReportDisplayConcealedNames; + [Write, Description("Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows"), ValueMap{"current","monthlyEnterprise","semiAnnual"}, Values{"current","monthlyEnterprise","semiAnnual"}] String InstallationOptionsUpdateChannel; + [Write, Description("Defines the apps users can install on Windows and mobile devices."), ValueMap{"isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"}, Values{"isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"}] String InstallationOptionsAppsForWindows[]; + [Write, Description("Defines the apps users can install on Mac devices."), ValueMap{"isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"}, Values{"isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"}] String InstallationOptionsAppsForMac[]; [Write, Description("Since there is only one setting available, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json index 085a1cdbd0..9a8dc2930e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json @@ -7,11 +7,17 @@ "read": [ { "name": "Application.Read.All" + }, + { + "name": "OrgSettings-Microsoft365Install.Read.All" } ], "update": [ { "name": "Application.ReadWrite.All" + }, + { + "name": "OrgSettings-Microsoft365Install.ReadWrite.All" } ] }, @@ -19,11 +25,17 @@ "read": [ { "name": "Application.Read.All" + }, + { + "name": "OrgSettings-Microsoft365Install.Read.All" } ], "update": [ { "name": "Application.ReadWrite.All" + }, + { + "name": "OrgSettings-Microsoft365Install.ReadWrite.All" } ] } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index ab96ba639f..0c091cc562 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -45,6 +45,23 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayConcealedNames = $true } } + + Mock -CommandName Get-M365DSCOrgSettingsInstallationOptions -MockWith { + return @{ + '@odata.context' = 'https://graph.microsoft.com/beta/$metadata#admin/microsoft365Apps/installationOptions/$entity' + updateChannel = 'current' + appsForMac = @{ + isSkypeForBusinessEnabled = $True + isMicrosoft365AppsEnabled = $true + } + appsForWindows = @{ + isVisioEnabled = $True + isSkypeForBusinessEnabled = $False + isMicrosoft365AppsEnabled = $true + isProjectEnabled = $true + } + } + } } # Test contexts @@ -54,6 +71,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AdminCenterReportDisplayConcealedNames = $True; IsSingleInstance = 'Yes' M365WebEnableUsersToOpenFilesFrom3PStorage = $False; + InstallationOptionsAppsForMac = @('isSkypeForBusinessEnabled', 'isMicrosoft365AppsEnabled') + InstallationOptionsAppsForWindows = @('isVisioEnabled', 'isMicrosoft365AppsEnabled', 'isProjectEnabled') + InstallationOptionsUpdateChannel = 'current' Ensure = 'Present' Credential = $Credential } From 31e8c0a2d02c634a4c2ae5e30bc19bb1a59ebdf7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Jun 2023 07:56:31 -0400 Subject: [PATCH 15/39] Update MSFT_SCLabelPolicy.psm1 --- .../MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index 56d428c0cb..d994b4f7f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -985,7 +985,14 @@ function Convert-CIMToAdvancedSettings if ($obj.Value -ne 'None') { $label = Get-Label | Where-Object -FilterScript { $_.DisplayName -eq $obj.Value } - $settingsValues = $label.ImmutableId.ToString() + if ($null -eq $label) + { + Write-Error -Message "Label {$($obj.value)} doesn't exist. Please define the Sensitivy label first before trying to assign it to a policy." + } + else + { + $settingsValues = $label.ImmutableId.ToString() + } } else { From 053ecf09dda979de4d3e2951505a71b98b8aab90 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Jun 2023 13:47:32 -0400 Subject: [PATCH 16/39] Fixes #3224 --- CHANGELOG.md | 6 ++++++ .../MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e11ff6a006..933fb4e71e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* SCProtectionAlert + * Prevents extracting system rules. + FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) + # 1.23.614.1 * AADApplication diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index 583d151ea1..c2728a4451 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -640,7 +640,7 @@ function Export-TargetResource try { - [array]$Alerts = Get-ProtectionAlert -ErrorAction Stop + [array]$Alerts = Get-ProtectionAlert -ErrorAction Stop | Where-Object -FilterScript {-not $_.IsSystemRule} $totalAlerts = $Alerts.Length if ($null -eq $totalAlerts) From 369f8d1eb45dd826a9148d07fe4b3671cbbcbeeb Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Jun 2023 15:07:57 -0400 Subject: [PATCH 17/39] Fixes #3217 --- CHANGELOG.md | 3 +++ .../DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 933fb4e71e..581a9dfc61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* EXORoleGroup + * Fixes an issue where the role group wasn't getting created when members were null. + FIXES [#3217](https://github.com/microsoft/Microsoft365DSC/issues/3217) * SCProtectionAlert * Prevents extracting system rules. FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 index b79ab1123a..37ef4451c2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 @@ -208,7 +208,6 @@ function Set-TargetResource $NewRoleGroupParams = @{ Name = $Name Description = $Description - Members = $Members Roles = $Roles Confirm = $false } @@ -222,6 +221,10 @@ function Set-TargetResource { Write-Verbose -Message "Role Group '$($Name)' does not exist but it should. Create and configure it." # Create Role Group + if ($Members.Length -gt 0) + { + $NewRoleGroupParams.Add("Members", $Members) + } New-RoleGroup @NewRoleGroupParams } # CASE: Role Group exists but it shouldn't; From 290d8004d5cf35eef0b60ad5941374fd4efcc9e1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 16 Jun 2023 15:31:50 -0400 Subject: [PATCH 18/39] Fixes #3173 --- CHANGELOG.md | 3 +++ Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 933fb4e71e..6222af4b2c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ * SCProtectionAlert * Prevents extracting system rules. FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) +* MISC + * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. + FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) # 1.23.614.1 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 60d08a221a..0685ac32cc 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -412,7 +412,7 @@ function New-M365DSCConfigurationToExcel { if ($resource.$property.GetType().Name -eq 'Object[]') { - $value = $resource.$property -join ',' + $value = $resource.$property | Out-String $report.Cells.Item($row, 3) = $value } else From bd04401004d65d070985294015f069bb09ee0332 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 12:06:51 -0400 Subject: [PATCH 19/39] Add planner support to O365OrgSettings --- CHANGELOG.md | 4 ++ .../MSFT_O365OrgSettings.psm1 | 35 ++++++----------- .../MSFT_O365OrgSettings/settings.json | 38 +++++++++++++++++++ .../Dependencies/Manifest.psd1 | 2 +- .../Microsoft365DSC.O365OrgSettings.Tests.ps1 | 11 ++++-- Tests/Unit/Stubs/Generic.psm1 | 2 +- 6 files changed, 62 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13fee43878..87663892f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,12 +5,16 @@ * EXORoleGroup * Fixes an issue where the role group wasn't getting created when members were null. FIXES [#3217](https://github.com/microsoft/Microsoft365DSC/issues/3217) +* O365OrgSettings + * Added support for the PlannerAllowCalendarSharing property for Planner. * SCProtectionAlert * Prevents extracting system rules. FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) * MISC * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.0.114. # 1.23.614.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 1da59357bd..e76be72b68 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -55,11 +55,6 @@ function Get-TargetResource $ManagedIdentity ) - if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') - { - throw 'This resource is not able to remove Org Settings settings and therefore only accepts Ensure=Present.' - } - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'v1.0' @@ -102,7 +97,6 @@ function Get-TargetResource M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled PlannerAllowCalendarSharing = $PlannerSettings.allowCalendarSharing AdminCenterReportDisplayConcealedNames = $AdminCenterReportDisplayConcealedNamesValue.displayConcealedNames - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -212,10 +206,6 @@ function Set-TargetResource { Write-Verbose -Message "Setting the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}" Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing - - Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" - Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` - -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' @@ -383,20 +373,17 @@ function Export-TargetResource $Results = Get-TargetResource @Params $dscContent = '' - if ($Results.Ensure -eq 'Present') - { - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark return $dscContent diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json index 085a1cdbd0..b1b3e1f286 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json @@ -7,11 +7,17 @@ "read": [ { "name": "Application.Read.All" + }, + { + "name": "ReportSettings.Read.All" } ], "update": [ { "name": "Application.ReadWrite.All" + }, + { + "name": "ReportSettings.ReadWrite.All" } ] }, @@ -19,11 +25,17 @@ "read": [ { "name": "Application.Read.All" + }, + { + "name": "ReportSettings.Read.All" } ], "update": [ { "name": "Application.ReadWrite.All" + }, + { + "name": "ReportSettings.ReadWrite.All" } ] } @@ -31,6 +43,32 @@ "exchange": { "requiredroles": [], "requiredrolegroups": [] + }, + "ProjectWorkManagement": { + "delegated": { + "read": [ + { + "name": "OrgSettings-Planner.Read.All" + } + ], + "update": [ + { + "name": "OrgSettings-Planner.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "OrgSettings-Planner.Read.All" + } + ], + "update": [ + { + "name": "OrgSettings-Planner.ReadWrite.All" + } + ] + } } } } diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 5fae646e33..17bf3ca136 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -74,7 +74,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.0.112" + RequiredVersion = "1.0.114" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index ab96ba639f..4f6b533c54 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -45,6 +45,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayConcealedNames = $true } } + + Mock -CommandName Get-M365DSCO365OrgSettingsPlannerConfig -MockWith { + return @{ + allowCalendarSharing = $false + } + } } # Test contexts @@ -54,7 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AdminCenterReportDisplayConcealedNames = $True; IsSingleInstance = 'Yes' M365WebEnableUsersToOpenFilesFrom3PStorage = $False; - Ensure = 'Present' + PlannerAllowCalendarSharing = $False Credential = $Credential } @@ -66,7 +72,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False } @@ -82,7 +87,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AdminCenterReportDisplayConcealedNames = $True; IsSingleInstance = 'Yes' M365WebEnableUsersToOpenFilesFrom3PStorage = $True; - Ensure = 'Present' Credential = $Credential } @@ -94,7 +98,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False } diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1 index e13e17ea69..d54f8c37e4 100644 --- a/Tests/Unit/Stubs/Generic.psm1 +++ b/Tests/Unit/Stubs/Generic.psm1 @@ -358,7 +358,7 @@ function New-M365DSCConnection [Parameter(Mandatory = $true)] [ValidateSet('ExchangeOnline', 'Intune', ` 'SecurityComplianceCenter', 'MSOnline', 'PnP', 'PowerPlatforms', ` - 'MicrosoftTeams', 'MicrosoftGraph')] + 'MicrosoftTeams', 'MicrosoftGraph', 'Tasks')] [System.String] $Workload, From 39ac3a49f9c670087abb1e47dfb1c53ff6486232 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 12:07:28 -0400 Subject: [PATCH 20/39] Update 1-ConfigureOrgSettings.ps1 --- .../Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 index bef6c133de..9f32ea9c9f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 @@ -19,9 +19,9 @@ Configuration Example { AdminCenterReportDisplayConcealedNames = $True; Credential = $Credscredential; - Ensure = "Present"; IsSingleInstance = "Yes"; M365WebEnableUsersToOpenFilesFrom3PStorage = $False; + PlannerAllowCalendarSharing = $False } } } From cd728ef4d1c6dc42f0bcfbaf5eb982cc7c2c8f90 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 18:29:16 +0000 Subject: [PATCH 21/39] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/office365/O365OrgSettings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index 5033e462de..6d569cb015 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -7,8 +7,8 @@ | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **CortanaEnabled** | Write | Boolean | Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization. | | | **M365WebEnableUsersToOpenFilesFrom3PStorage** | Write | Boolean | Let users open files stored in third-party storage services in Microsoft 365 on the Web. | | +| **PlannerAllowCalendarSharing** | Write | Boolean | Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds. | | | **AdminCenterReportDisplayConcealedNames** | Write | Boolean | Controls whether or not the Admin Center reports will conceale user, group and site names. | | -| **Ensure** | Write | String | Since there is only one setting available, this must be set to 'Present' | `Present` | | **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -58,9 +58,9 @@ Configuration Example { AdminCenterReportDisplayConcealedNames = $True; Credential = $Credscredential; - Ensure = "Present"; IsSingleInstance = "Yes"; M365WebEnableUsersToOpenFilesFrom3PStorage = $False; + PlannerAllowCalendarSharing = $False } } } From 299b5c58bd8b3bbcefb83d84a713eb6421cec41d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 14:35:42 -0400 Subject: [PATCH 22/39] Updated MicrosoftTeams to 5.3.0 --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87663892f4..25f09329a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) * DEPENDENCIES + * Updated MicrosoftTeams to version 5.3.0. * Updated MSCloudLoginAssistant to version 1.0.114. # 1.23.614.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 17bf3ca136..5a78145f1d 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -70,7 +70,7 @@ }, @{ ModuleName = 'MicrosoftTeams' - RequiredVersion = '5.2.0' + RequiredVersion = '5.3.0' }, @{ ModuleName = "MSCloudLoginAssistant" From e2d90b5536d485d0e91b7aaf9c568808a3d585f3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 16:28:31 -0400 Subject: [PATCH 23/39] Updates for Hidden Permissions --- .../MSFT_O365OrgSettings/settings.json | 3 +++ .../Modules/M365DSCPermissions.psm1 | 20 ++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json index b1b3e1f286..8265f292ef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json @@ -36,6 +36,9 @@ }, { "name": "ReportSettings.ReadWrite.All" + }, + { + "name": "83f7232f-763c-47b2-a097-e35d2cbe1da5" } ] } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 index a08df67f2e..7eb90b79ab 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 @@ -1436,9 +1436,23 @@ function Update-M365DSCAzureAdApplication ResourceAccess = @() } $role = $svcPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.PermissionName } - $appPermission = @{ - Id = $role.Id - Type = 'Role' + if ($null -eq $role) + { + $ObjectGuid = [System.Guid]::empty + if ([System.Guid]::TryParse($permission.PermissionName ,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $appPermission = @{ + Id = $permission.PermissionName + Type = 'Role' + } + } + } + else + { + $appPermission = @{ + Id = $role.Id + Type = 'Role' + } } $currentAPIAccess.ResourceAccess += $appPermission $permissionsSet = $true From dbd00a27757fad8c1a9b804c02bad25194bb0ed9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 19 Jun 2023 18:46:52 -0400 Subject: [PATCH 24/39] Update Microsoft365DSC.SettingsJson.Tests.ps1 --- Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 b/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 index c7c128022b..e2b702ec71 100644 --- a/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 +++ b/Tests/QA/Microsoft365DSC.SettingsJson.Tests.ps1 @@ -28,7 +28,12 @@ Describe -Name 'Successfully validate all used permissions in Settings.json file $settings = ConvertFrom-Json -InputObject $json foreach ($permission in $settings.permissions.graph.delegated.read) { - $permission.Name | Should -BeIn $allPermissions + # Only validate non-GUID (hidden) permissions. + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($permission.Name ,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $permission.Name | Should -BeIn $allPermissions + } } } } From cad0e03d6f02e714468bf21e1f7c54a3cbd870b6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 20 Jun 2023 15:18:51 -0400 Subject: [PATCH 25/39] Add error validation --- .../MSFT_O365OrgSettings.psm1 | 64 ++++++++++++++++--- 1 file changed, 54 insertions(+), 10 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 24c4fb7836..0fe090c59b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -74,7 +74,7 @@ function Get-TargetResource -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - $ConnectionMode = New-M365DSCConnection -Workload 'Tasks' ` + $ConnectionModeTasks = New-M365DSCConnection -Workload 'Tasks' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -121,7 +121,7 @@ function Get-TargetResource $AdminCenterReportDisplayConcealedNamesValue = Get-M365DSCOrgSettingsAdminCenterReport - $installationOptions = Get-M365DSCOrgSettingsInstallationOptions + $installationOptions = Get-M365DSCOrgSettingsInstallationOptions -AuthenticationOption $ConnectionModeTasks $appsForWindowsValue = @() foreach ($key in $installationOptions.appsForWindows.Keys) { @@ -293,7 +293,9 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForWindows") -or $PSBoundParameters.ContainsKey("InstallationOptionsAppsForMac")) { - $InstallationOptions = Get-M365DSCOrgSettingsInstallationOptions + $ConnectionModeTasks = New-M365DSCConnection -Workload 'Tasks' ` + -InboundParameters $PSBoundParameters + $InstallationOptions = Get-M365DSCOrgSettingsInstallationOptions -AuthenticationOption $ConnectionModeTasks $InstallationOptionsToUpdate = @{ updateChannel = "" appsForWindows = @{ @@ -345,7 +347,8 @@ function Set-TargetResource if ($InstallationOptionsToUpdate.Keys.Count -gt 0) { Write-Verbose -Message "Updating O365 Installation Options with $(Convert-M365DscHashtableToString -Hashtable $InstallationOptionsToUpdate)" - Update-M365DSCOrgSettingsInstallationOptions -Options $InstallationOptionsToUpdate + Update-M365DSCOrgSettingsInstallationOptions -Options $InstallationOptionsToUpdate ` + -AuthenticationOption $ConnectionModeTasks } } } @@ -607,10 +610,30 @@ function Get-M365DSCOrgSettingsInstallationOptions { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] - param() + param( + [Parameter(Mandatory = $true)] + [System.String] + $AuthenticationOption + ) - $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' - $results = Invoke-MgGraphRequest -Method GET -Uri $url + try + { + $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' + $results = Invoke-MgGraphRequest -Method GET -Uri $url + } + catch + { + if ($_.Exception.ToString().Contains('Forbidden (Forbidden)')) + { + if ($AuthenticationOption -eq 'Credentials') + { + $errorMessage = "You don't have the proper permissions to retrieve the Office 365 Apps Installation Options." ` + + " When using Credentials to authenticate, you need to grant permissions to the Microsoft Graph PowerShell SDK by running" ` + + " Connect-MgGraph -Scopes OrgSettings-Microsoft365Install.Read.All" + Write-Error -Message $errorMessage + } + } + } return $results } @@ -621,10 +644,31 @@ function Update-M365DSCOrgSettingsInstallationOptions param( [Parameter(Mandatory = $true)] [System.Collections.Hashtable] - $Options + $Options, + + [Parameter(Mandatory = $true)] + [System.String] + $AuthenticationOption ) - $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' - Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null + + try + { + $url = 'https://graph.microsoft.com/beta/admin/microsoft365Apps/installationOptions' + Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null + } + catch + { + if ($_.Exception.ToString().Contains('Forbidden (Forbidden)')) + { + if ($AuthenticationOption -eq 'Credentials') + { + $errorMessage = "You don't have the proper permissions to retrieve the Office 365 Apps Installation Options." ` + + " When using Credentials to authenticate, you need to grant permissions to the Microsoft Graph PowerShell SDK by running" ` + + " Connect-MgGraph -Scopes OrgSettings-Microsoft365Install.ReadWrite.All" + Write-Error -Message $errorMessage + } + } + } } Export-ModuleMember -Function *-TargetResource From 70cb1f03a071c8d2bc9fa31bd88fdf573e944e9d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 20 Jun 2023 19:48:44 +0000 Subject: [PATCH 26/39] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/office365/O365OrgSettings.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index 6d569cb015..bbc44da120 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -9,6 +9,9 @@ | **M365WebEnableUsersToOpenFilesFrom3PStorage** | Write | Boolean | Let users open files stored in third-party storage services in Microsoft 365 on the Web. | | | **PlannerAllowCalendarSharing** | Write | Boolean | Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds. | | | **AdminCenterReportDisplayConcealedNames** | Write | Boolean | Controls whether or not the Admin Center reports will conceale user, group and site names. | | +| **InstallationOptionsUpdateChannel** | Write | String | Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows | `current`, `monthlyEnterprise`, `semiAnnual` | +| **InstallationOptionsAppsForWindows** | Write | StringArray[] | Defines the apps users can install on Windows and mobile devices. | `isVisioEnabled`, `isSkypeForBusinessEnabled`, `isProjectEnabled`, `isMicrosoft365AppsEnabled` | +| **InstallationOptionsAppsForMac** | Write | StringArray[] | Defines the apps users can install on Mac devices. | `isSkypeForBusinessEnabled`, `isMicrosoft365AppsEnabled` | | **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | From 6b595f069c39df9bd4278f2309c2de67f5398a42 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 20 Jun 2023 16:25:05 -0400 Subject: [PATCH 27/39] AADAdministrativeUnit Fixes --- CHANGELOG.md | 2 ++ .../MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 | 1 + 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 98d714118d..471ee31c64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADAdministrativeUnit + * Fixes an issue where the domain part of the user name was handled as a string when using credentials to authenticate. * EXORoleGroup * Fixes an issue where the role group wasn't getting created when members were null. FIXES [#3217](https://github.com/microsoft/Microsoft365DSC/issues/3217) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 6568806012..ba710634fe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -1030,6 +1030,7 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n") + $currentDSCBlock = $currentDSCBlock.Replace("`$OrganizationName'", "' + `$OrganizationName") } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` From 882a76dcb6564f0ae4edbf1174858d989553214a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 21 Jun 2023 07:34:04 -0400 Subject: [PATCH 28/39] Update Microsoft365DSC.O365OrgSettings.Tests.ps1 --- .../Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index 6bcbd5279f..74a6248f13 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -139,9 +139,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { VivaInsightsScheduleSendSuggestions = $true Ensure = 'Present' Credential = $Credential - IsSingleInstance = 'Yes' - M365WebEnableUsersToOpenFilesFrom3PStorage = $True; - Credential = $Credential } Mock -CommandName Get-MgServicePrincipal -MockWith { From 851acefc8627ba2f53ebd1c8ec006c2d5f6fe990 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 21 Jun 2023 07:40:14 -0400 Subject: [PATCH 29/39] Update MSFT_O365OrgSettings.psm1 --- .../DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index fd221c0401..b81eaed5c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -192,6 +192,7 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent } } + catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` From da607be929363c42cecb7023dbea53353e9aaa33 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 21 Jun 2023 09:44:16 -0400 Subject: [PATCH 30/39] Fixes --- .../MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 | 4 +++- .../Microsoft365DSC.O365OrgSettings.Tests.ps1 | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index b81eaed5c9..4e158ab843 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -130,7 +130,7 @@ function Get-TargetResource # Microsoft Viva Briefing Email $vivaBriefingEmailValue = $false $currentBriefingConfig = Get-DefaultTenantBriefingConfig - if ($currentBriefingConfig.PrivacyMode -eq 'opt-in') + if ($currentBriefingConfig.IsEnabledByDefault -eq 'opt-in') { $vivaBriefingEmailValue = $true } @@ -180,6 +180,8 @@ function Get-TargetResource InstallationOptionsUpdateChannel = $installationOptions.updateChannel InstallationOptionsAppsForWindows = $appsForWindowsValue InstallationOptionsAppsForMac = $appsForMacValue + MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue + M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue VivaInsightsWebExperience = $currentVivaInsightsSettings.IsDashboardEnabled VivaInsightsDigestEmail = $currentVivaInsightsSettings.IsDigestEmailEnabled VivaInsightsOutlookAddInAndInlineSuggestions = $currentVivaInsightsSettings.IsAddInEnabled diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index 74a6248f13..f64f1caad3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -102,7 +102,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { return @{ - PrivacyMode = 'opt-in' + IsEnabledByDefault = 'opt-in' } } @@ -149,7 +149,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { return @{ - PrivacyMode = 'opt-in' + IsEnabledByDefault = 'opt-in' } } @@ -194,7 +194,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-DefaultTenantBriefingConfig -MockWith { return @{ - PrivacyMode = 'opt-in' + IsEnabledByDefault = 'opt-in' } } From 5ab29e3cacbba563ab4c8e6aa12efb1f3823086a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 21 Jun 2023 10:23:23 -0400 Subject: [PATCH 31/39] Update MSFT_O365OrgSettings.psm1 --- .../DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 4e158ab843..a1599c4ae3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -181,7 +181,7 @@ function Get-TargetResource InstallationOptionsAppsForWindows = $appsForWindowsValue InstallationOptionsAppsForMac = $appsForMacValue MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue - M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue + M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled VivaInsightsWebExperience = $currentVivaInsightsSettings.IsDashboardEnabled VivaInsightsDigestEmail = $currentVivaInsightsSettings.IsDigestEmailEnabled VivaInsightsOutlookAddInAndInlineSuggestions = $currentVivaInsightsSettings.IsAddInEnabled From 091d2170dbae2fd8b94f4e0374b518e19842d827 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 12:02:12 +0000 Subject: [PATCH 32/39] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/office365/O365OrgSettings.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index bbc44da120..cb559e570b 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -7,6 +7,11 @@ | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **CortanaEnabled** | Write | Boolean | Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization. | | | **M365WebEnableUsersToOpenFilesFrom3PStorage** | Write | Boolean | Let users open files stored in third-party storage services in Microsoft 365 on the Web. | | +| **MicrosoftVivaBriefingEmail** | Write | Boolean | Specifies whether or not to let people in your organization receive Briefing email from Microsoft Viva. | | +| **VivaInsightsWebExperience** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights web experience. | | +| **VivaInsightsDigestEmail** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights digest email feature. | | +| **VivaInsightsOutlookAddInAndInlineSuggestions** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions. | | +| **VivaInsightsScheduleSendSuggestions** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature. | | | **PlannerAllowCalendarSharing** | Write | Boolean | Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds. | | | **AdminCenterReportDisplayConcealedNames** | Write | Boolean | Controls whether or not the Admin Center reports will conceale user, group and site names. | | | **InstallationOptionsUpdateChannel** | Write | String | Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows | `current`, `monthlyEnterprise`, `semiAnnual` | From 37f24f9c8bcc8afbb526f580bee5828e77abe910 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 09:32:43 -0400 Subject: [PATCH 33/39] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 713693878f..038a236734 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) * DEPENDENCIES + * Updated ExchangeOnlineManagement to version 3.2.0. * Updated MicrosoftTeams to version 5.3.0. * Updated MSCloudLoginAssistant to version 1.0.114. From e67b79c516d7bec8720d7837ec547b774b5bc11d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 10:01:42 -0400 Subject: [PATCH 34/39] Updates --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 038a236734..f57c66cc1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.621.1 * AADAdministrativeUnit * Fixes an issue where the domain part of the user name was handled as a string when using credentials to authenticate. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 26865d03ec..e5bb9678bb 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-06-15 +# Generated on: 2023-06-22 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.614.1' + ModuleVersion = '1.23.621.1' # Supported PSEditions # CompatiblePSEditions = @() From 72a05c63a5521e6c3658a539290f5aedc32c2e7a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 10:11:35 -0400 Subject: [PATCH 35/39] Fixes #3179 --- CHANGELOG.md | 3 +++ .../MSFT_PPTenantIsolationSettings.psm1 | 4 ++++ .../MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 | 5 +++++ 3 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 713693878f..ddcaa03a5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ * Added support for the PlannerAllowCalendarSharing property for Planner. * Added support for the Microsoft 365 installation options. * Added support for the Viva Insights and Briefing email settings. +* PPTenantIsolationSettings & PPTenantSettings + * Handles the case where required permissions are not provided when using SPN authentication. + FIXES [#3179](https://github.com/microsoft/Microsoft365DSC/issues/3179) * SCProtectionAlert * Prevents extracting system rules. FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 index a5f5ddd16e..ba6a925eb6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 @@ -85,6 +85,10 @@ function Get-TargetResource try { $tenantIsolationPolicy = Get-PowerAppTenantIsolationPolicy -TenantId $tenantid + if ($tenantIsolationPolicy.StatusCode -eq 403) + { + throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application." + } [Array]$allowedTenants = $tenantIsolationPolicy.properties.allowedTenants | ForEach-Object { $directions = $_.direction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 index 4dcfc31d2e..716e9eeaf0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 @@ -427,6 +427,11 @@ function Export-TargetResource try { $settings = Get-TenantSettings -ErrorAction Stop + + if ($settings.StatusCode -eq 403) + { + throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application." + } $dscContent = '' $Params = @{ From dacb6ef57e24b611a1990ed60275420a48d9c9d1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 10:40:23 -0400 Subject: [PATCH 36/39] Added link --- .../MSFT_PPTenantIsolationSettings.psm1 | 2 +- .../MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 index ba6a925eb6..a6a82545b1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource $tenantIsolationPolicy = Get-PowerAppTenantIsolationPolicy -TenantId $tenantid if ($tenantIsolationPolicy.StatusCode -eq 403) { - throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application." + throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application" } [Array]$allowedTenants = $tenantIsolationPolicy.properties.allowedTenants | ForEach-Object { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 index 716e9eeaf0..cf5b52f761 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 @@ -430,7 +430,7 @@ function Export-TargetResource if ($settings.StatusCode -eq 403) { - throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application." + throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application" } $dscContent = '' From 96d1f185b6475ebba916a92926010e233f1f986d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 11:19:21 -0400 Subject: [PATCH 37/39] FIXES #3292 --- CHANGELOG.md | 2 ++ .../settings.json | 4 ++-- .../Modules/M365DSCPermissions.psm1 | 18 ++++++++++++++++-- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ddcaa03a5f..36e41b045f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,8 @@ * MISC * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) + * Added the Organization.Read.All permission by default in the Get-M365DSCCompiledPermisisonList cmdlet return values. + FIXES [#3292](https://github.com/microsoft/Microsoft365DSC/issues/3292) * DEPENDENCIES * Updated MicrosoftTeams to version 5.3.0. * Updated MSCloudLoginAssistant to version 1.0.114. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json index 4fa3506780..3366e6fef3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json @@ -45,12 +45,12 @@ "application": { "read": [ { - "name": "NotSupported" + "name": "Policy.Read.All" } ], "update": [ { - "name": "NotSupported" + "name": "Policy.ReadWrite.ConditionalAccess" } ] } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 index 7eb90b79ab..285cc661e8 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 @@ -63,8 +63,22 @@ function Get-M365DSCCompiledPermissionList } $results = @{ - Read = @() - Update = @() + Read = @( + @{ + Permission = @{ + Name = "Organization.Read.All" + Type = "Application" + } + } + ) + Update = @( + @{ + Permission = @{ + Name = "Organization.Read.All" + Type = "Application" + } + } + ) RequiredRoles = @() RequiredRoleGroups = @() } From 42b4c3a6aad742e2b7fc33b45416e71fe8d2af7a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 15:35:00 +0000 Subject: [PATCH 38/39] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 3e8f15d854..8bfbb4b2d9 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -76,11 +76,11 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - NotSupported + - Policy.Read.All - **Update** - - NotSupported + - Policy.ReadWrite.ConditionalAccess ## Examples From 1bae3dde10598699e0b97fca103394b1cc88e55c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 22 Jun 2023 11:56:48 -0400 Subject: [PATCH 39/39] Update Microsoft365DSC.psd1 --- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 34 +++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index e5bb9678bb..5253f07eb5 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -139,20 +139,30 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADApplication - * Adds support for specifying permissions by names or GUID. - * AADNamedLocationPolicy - * Added support forthe CountryLookupMethod property - FIXES [#3345](https://github.com/microsoft/Microsoft365DSC/issues/3345) - * TeamsAppPermissionPolicy - * Fixes an issue where the wrong app types were trying to get assigned. - FIXES [#3373](https://github.com/microsoft/Microsoft365DSC/issues/3373) + ReleaseNotes = '* AADAdministrativeUnit + * Fixes an issue where the domain part of the user name was handled as a string when using credentials to authenticate. + * EXORoleGroup + * Fixes an issue where the role group wasnt getting created when members were null. + FIXES [#3217](https://github.com/microsoft/Microsoft365DSC/issues/3217) + * O365OrgSettings + * Added support for the PlannerAllowCalendarSharing property for Planner. + * Added support for the Microsoft 365 installation options. + * Added support for the Viva Insights and Briefing email settings. + * PPTenantIsolationSettings & PPTenantSettings + * Handles the case where required permissions are not provided when using SPN authentication. + FIXES [#3179](https://github.com/microsoft/Microsoft365DSC/issues/3179) + * SCProtectionAlert + * Prevents extracting system rules. + FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224) * MISC - * Removed dependency on the Az.Accounts module from the Update-M365DSCAzureAdApplication function. + * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration. + FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173) + * Added the Organization.Read.All permission by default in the Get-M365DSCCompiledPermisisonList cmdlet return values. + FIXES [#3292](https://github.com/microsoft/Microsoft365DSC/issues/3292) * DEPENDENCIES - * Updated DSCParser to version 1.3.0.10. - * Updated Microsoft.Graph dependencies to version 1.28.0. - * Updated MSCloudLoginAssistant to version 1.0.112.' + * Updated ExchangeOnlineManagement to version 3.2.0. + * Updated MicrosoftTeams to version 5.3.0. + * Updated MSCloudLoginAssistant to version 1.0.114.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false