Release 1.23.726.1

.github/ISSUE_TEMPLATE/ProblemWithResource.yml

@@ -35,21 +35,23 @@ body:
     validations:
       required: true
 
-  - type: checkboxes
+  - type: dropdown
+    id: Workload
     attributes:
-      label: "Workload"
+      label: "Which workloads are affected"
       description: The workload of the resource you are having an issue with.
       options:
-        - label: "Azure Active Directory"
-        - label: "Exchange Online"
-        - label: "Office 365 Admin"
-        - label: "OneDrive for Business"
-        - label: "Planner"
-        - label: "Power Platform"
-        - label: "Security & Compliance Center"
-        - label: "SharePoint Online"
-        - label: "Teams"
-        - label: "other"
+        - "Azure Active Directory"
+        - "Exchange Online"
+        - "Office 365 Admin"
+        - "OneDrive for Business"
+        - "Planner"
+        - "Power Platform"
+        - "Security & Compliance Center"
+        - "SharePoint Online"
+        - "Teams"
+        - "other"
+      multiple: true
     validations:
       required: true
 

.github/workflows/CodeCoverage.yml

@@ -25,15 +25,15 @@ jobs:
         shell: pwsh
         run: |
           Import-Module './Tests/TestHarness.psm1' -Force;
-          $MaximumFunctionCount = 9999
+          $MaximumFunctionCount = 32767
 
           try
           {
               $results = Invoke-QualityChecksHarness
           }
           catch
           {
-              $MaximumFunctionCount = 9999
+              $MaximumFunctionCount = 32767
               Import-Module './Tests/TestHarness.psm1' -Force;
               $results = Invoke-QualityChecksHarness
           }
@@ -45,15 +45,15 @@ jobs:
         shell: pwsh
         run: |
           Import-Module './Tests/TestHarness.psm1' -Force;
-          $MaximumFunctionCount = 9999
+          $MaximumFunctionCount = 32767
 
           try
           {
               $results = Invoke-TestHarness
           }
           catch
           {
-              $MaximumFunctionCount = 9999
+              $MaximumFunctionCount = 32767
               Import-Module './Tests/TestHarness.psm1' -Force;
               $results = Invoke-TestHarness
           }

.github/workflows/Unit Tests.yml

@@ -27,15 +27,15 @@ jobs:
         shell: pwsh
         run: |
           Import-Module './Tests/TestHarness.psm1' -Force;
-          $MaximumFunctionCount = 9999
+          $MaximumFunctionCount = 32767
 
           try
           {
               $results = Invoke-QualityChecksHarness
           }
           catch
           {
-              $MaximumFunctionCount = 9999
+              $MaximumFunctionCount = 32767
               Import-Module './Tests/TestHarness.psm1' -Force;
               $results = Invoke-QualityChecksHarness
           }
@@ -47,15 +47,15 @@ jobs:
         shell: pwsh
         run: |
           Import-Module './Tests/TestHarness.psm1' -Force;
-          $MaximumFunctionCount = 9999
+          $MaximumFunctionCount = 32767
 
           try
           {
               $results = Invoke-TestHarness -IgnoreCodeCoverage
           }
           catch
           {
-              $MaximumFunctionCount = 9999
+              $MaximumFunctionCount = 32767
               Import-Module './Tests/TestHarness.psm1' -Force;
               $results = Invoke-TestHarness -IgnoreCodeCoverage
           }

CHANGELOG.md

@@ -1,7 +1,22 @@
 # Change log for Microsoft365DSC
 
-# 1.23.719.1
+# 1.23.726.1
 
+* AADGroup
+  * Fix issue setting MemberOf property.
+    FIXES [#3496](https://github.com/microsoft/Microsoft365DSC/issues/3496)
+* TeamsOrgWideAppSettings
+  * Removed support for app authentication since the underlying cmdlets aren't
+    supporting it yet.
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.0.118.
+* MISC
+  * Improved Update-M365DSCDependencies function to properly install all Microsoft.Graph.* modules.
+    FIXES [#3454](https://github.com/microsoft/Microsoft365DSC/issues/3454)
+
+# 1.23.719.1
+* AADCrossTenant
+  * Added Automatic Consent for inbound and Outbound trust settings
 * EXOSharedMailbox
   * Added capability to change the PrimarySMTPAddress of a Shared Mailbox
 * SPOExternalUserExpireInDays
@@ -110,7 +125,7 @@
     FIXES #3417
   * Update-M365DSCModule now forces a reload of the latest version of the Microsoft365DSC module.
     FIXES [#3326](https://github.com/microsoft/Microsoft365DSC/issues/3326)
-  * Update-M365DSCAyureADApplication
+  * Update-M365DSCAzureADApplication
     Added retry logic to catch the "Key credential end date is invalid" error when updating the application certificate.
     FIXES [#3426](https://github.com/microsoft/Microsoft365DSC/issues/3426)
 * DEPENDENCIES

Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1

@@ -28,6 +28,10 @@ function Get-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -79,7 +83,7 @@ function Get-TargetResource
         $nullResult.Ensure = 'Absent'
 
         $getValue = Get-MgBetaPolicyCrossTenantAccessPolicyPartner -CrossTenantAccessPolicyConfigurationPartnerTenantId $PartnerTenantId `
-                        -ErrorAction SilentlyContinue
+            -ErrorAction SilentlyContinue
 
         if ($null -eq $getValue)
         {
@@ -104,24 +108,29 @@ function Get-TargetResource
         {
             $B2BDirectConnectOutboundValue = $getValue.B2BDirectConnectOutbound
         }
+        if ($null -ne $getValue.AutomaticUserConsentSettings)
+        {
+            $AutomaticUserConsentSettingsValue = $getValue.AutomaticUserConsentSettings
+        }
         if ($null -ne $getValue.InboundTrust)
         {
             $InboundTrustValue = $getValue.InboundTrust
         }
         $results = @{
-            PartnerTenantId          = $getValue.TenantId
-            B2BCollaborationInbound  = $B2BCollaborationInboundValue
-            B2BCollaborationOutbound = $B2BCollaborationOutboundValue
-            B2BDirectConnectInbound  = $B2BDirectConnectInboundValue
-            B2BDirectConnectOutbound = $B2BDirectConnectOutboundValue
-            InboundTrust             = $InboundTrustValue
-            Ensure                   = 'Present'
-            Credential               = $Credential
-            ApplicationId            = $ApplicationId
-            TenantId                 = $TenantId
-            ApplicationSecret        = $ApplicationSecret
-            CertificateThumbprint    = $CertificateThumbprint
-            ManagedIdentity          = $ManagedIdentity.IsPresent
+            PartnerTenantId              = $getValue.TenantId
+            B2BCollaborationInbound      = $B2BCollaborationInboundValue
+            B2BCollaborationOutbound     = $B2BCollaborationOutboundValue
+            B2BDirectConnectInbound      = $B2BDirectConnectInboundValue
+            B2BDirectConnectOutbound     = $B2BDirectConnectOutboundValue
+            AutomaticUserConsentSettings = $AutomaticUserConsentSettingsValue
+            InboundTrust                 = $InboundTrustValue
+            Ensure                       = 'Present'
+            Credential                   = $Credential
+            ApplicationId                = $ApplicationId
+            TenantId                     = $TenantId
+            ApplicationSecret            = $ApplicationSecret
+            CertificateThumbprint        = $CertificateThumbprint
+            ManagedIdentity              = $ManagedIdentity.IsPresent
         }
 
         return [System.Collections.Hashtable] $results
@@ -163,6 +172,9 @@ function Set-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $B2BDirectConnectOutbound,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
         [Parameter()]
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
@@ -212,13 +224,13 @@ function Set-TargetResource
     $currentInstance = Get-TargetResource @PSBoundParameters
 
     $OperationParams = ([Hashtable]$PSBoundParameters).Clone()
-    $OperationParams.Remove("Credential") | Out-Null
-    $OperationParams.Remove("ManagedIdentity") | Out-Null
-    $OperationParams.Remove("ApplicationId") | Out-Null
-    $OperationParams.Remove("TenantId") | Out-Null
-    $OperationParams.Remove("CertificateThumbprint") | Out-Null
-    $OperationParams.Remove("ApplicationSecret") | Out-Null
-    $OperationParams.Remove("Ensure") | Out-Null
+    $OperationParams.Remove('Credential') | Out-Null
+    $OperationParams.Remove('ManagedIdentity') | Out-Null
+    $OperationParams.Remove('ApplicationId') | Out-Null
+    $OperationParams.Remove('TenantId') | Out-Null
+    $OperationParams.Remove('CertificateThumbprint') | Out-Null
+    $OperationParams.Remove('ApplicationSecret') | Out-Null
+    $OperationParams.Remove('Ensure') | Out-Null
 
     if ($null -ne $OperationParams.B2BCollaborationInbound)
     {
@@ -240,6 +252,10 @@ function Set-TargetResource
         $OperationParams.B2BDirectConnectOutbound = (Get-M365DSCAADCrossTenantAccessPolicyB2BSetting -Setting $OperationParams.B2BDirectConnectOutbound)
         $OperationParams.B2BDirectConnectOutbound = (Update-M365DSCSettingUserIdFromUPN -Setting $OperationParams.B2BDirectConnectOutbound)
     }
+    if ($null -ne $OperationParams.AutomaticUserConsentSettings)
+    {
+        $OperationParams.AutomaticUserConsentSettings = (Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings -Setting $OperationParams.AutomaticUserConsentSettings)
+    }
     if ($null -ne $OperationParams.InboundTrust)
     {
         $OperationParams.InboundTrust = (Get-M365DSCAADCrossTenantAccessPolicyInboundTrust -Setting $OperationParams.InboundTrust)
@@ -297,6 +313,10 @@ function Test-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -477,6 +497,10 @@ function Export-TargetResource
             {
                 $Results.B2BDirectConnectOutbound = Get-M365DSCAADCrossTenantAccessPolicyB2BSettingAsString -Setting $Results.B2BDirectConnectOutbound
             }
+            if ($null -ne $Results.AutomaticUserConsentSettings)
+            {
+                $Results.AutomaticUserConsentSettings = Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString -Setting $Results.AutomaticUserConsentSettings
+            }
             if ($null -ne $Results.InboundTrust)
             {
                 $Results.InboundTrust = Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString -Setting $Results.InboundTrust
@@ -508,6 +532,11 @@ function Export-TargetResource
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
                     -ParameterName 'B2BDirectConnectOutbound'
             }
+            if ($null -ne $Results.AutomaticUserConsentSettings)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
+                    -ParameterName 'AutomaticUserConsentSettings'
+            }
             if ($null -ne $Results.InboundTrust)
             {
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
@@ -702,13 +731,58 @@ function Get-M365DSCAADCrossTenantAccessPolicyB2BSetting
     }
     #endregion
     $results = @{
-        Applications = $applications
+        Applications   = $applications
         UsersAndGroups = $usersAndGroups
     }
 
     return $results
 }
 
+function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param(
+        [Parameter(Mandatory = $true)]
+        [System.Object]
+        $Setting
+    )
+
+    $result = @{
+        InboundAllowed  = $Setting.InboundAllowed
+        OutboundAllowed = $Setting.OutboundAllowed
+    }
+
+    return $result
+}
+
+function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString
+{
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param(
+        [Parameter(Mandatory = $true)]
+        $Setting
+    )
+
+    $StringContent = $null
+    if ($null -ne $Setting.InboundAllowed -or $null -ne $Setting.OutboundAllowed)
+    {
+        $StringContent = "MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings {`r`n"
+        if ($null -ne $Setting.InboundAllowed)
+        {
+            $StringContent += "                InboundAllowed           = `$" + $Setting.InboundAllowed.ToString() + "`r`n"
+        }
+       if ($null -ne $Setting.OutboundAllowed)
+        {
+            $StringContent += "                OutboundAllowed          = `$" + $Setting.OutboundAllowed.ToString() + "`r`n"
+        }
+        $StringContent += "            }`r`n"
+    }
+
+    return $StringContent
+}
+
 function Get-M365DSCAADCrossTenantAccessPolicyInboundTrust
 {
     [CmdletBinding()]
@@ -739,7 +813,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString
 
     $StringContent = $null
     if ($null -ne $Setting.IsCompliantDeviceAccepted -or $null -ne $Setting.IsHybridAzureADJoinedDeviceAccepted -or `
-        $null -ne $Setting.IsMfaAccepted)
+            $null -ne $Setting.IsMfaAccepted)
     {
         $StringContent = "MSFT_AADCrossTenantAccessPolicyInboundTrust {`r`n"
         if ($null -ne $Setting.IsCompliantDeviceAccepted)

Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.schema.mof

@@ -19,6 +19,13 @@ class MSFT_AADCrossTenantAccessPolicyB2BSetting
     [Write, Description("The list of users and groups targeted with your cross-tenant access policy."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyTargetConfiguration")] String UsersAndGroups;
 };
 
+[ClassVersion("1.0.0")]
+class MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings
+{
+    [Write, Description("Specifies whether you want to automatically trust Inbound invitations.")] Boolean InboundAllowed;
+    [Write, Description("Specifies whether you want to automatically trust Outbound invitations.")] Boolean OutboundAllowed;
+};
+
 [ClassVersion("1.0.0")]
 class MSFT_AADCrossTenantAccessPolicyInboundTrust
 {
@@ -35,6 +42,7 @@ class MSFT_AADCrossTenantAccessPolicyConfigurationPartner : OMI_BaseResource
     [Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BCollaborationOutbound;
     [Write, Description("Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectInbound;
     [Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectOutbound;
+    [Write, Description("Determines the partner-specific configuration for accepting trust claims from other tenant invitations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings")] String AutomaticUserConsentSettings;
     [Write, Description("Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyInboundTrust")] String InboundTrust;
     [Write, Description("Specify if the policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1

@@ -398,7 +398,7 @@ function Set-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
-    $currentParameters = $PSBoundParameters
+    $currentParameters = [hashtable]$PSBoundParameters
     $currentGroup = Get-TargetResource @PSBoundParameters
     $currentParameters.Remove('ApplicationId') | Out-Null
     $currentParameters.Remove('TenantId') | Out-Null

Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof

@@ -61,7 +61,7 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource
     [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword;
     [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath;
     [Write, Description("The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses.")] String AnyOfRecipientAddressContainsWords[];
-    [Write, Description("The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions..")] String AnyOfRecipientAddressMatchesPatterns[];
+    [Write, Description("The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.")] String AnyOfRecipientAddressMatchesPatterns[];
     [Write, Description("The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments.")] Boolean RemoveRMSTemplate;
     [Write, Description("The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules.")] Boolean StopPolicyProcessing;
     [Write, Description("The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can't be scanned.")] Boolean DocumentIsUnsupported;

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/settings.json

@@ -1,6 +1,6 @@
 {
     "resourceName": "TeamsCallParkPolicy",
-    "description": "The TeamsCallParkPolicy controls whether or not users are able to leverage the call park feature in Microsoft Teams.  Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone.  The New-CsTeamsCallParkPolicy resource lets you create a new custom policy that can then be assigned to one or more specific users..",
+    "description": "The TeamsCallParkPolicy controls whether or not users are able to leverage the call park feature in Microsoft Teams.  Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone.  The New-CsTeamsCallParkPolicy resource lets you create a new custom policy that can then be assigned to one or more specific users.",
     "roles": {
         "read": [
             "Global Reader"