From 3e4ec1e7ce99b64d373a444235b76d1d5718c08d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Wed, 9 Aug 2023 10:50:57 +0200 Subject: [PATCH 1/4] Add param EnableMIPLabels to AADGroupSettings --- .../MSFT_AADGroupsSettings.psm1 | 19 +++++++++++++++++++ .../MSFT_AADGroupsSettings.schema.mof | 1 + ...icrosoft365DSC.AADGroupsSettings.Tests.ps1 | 6 ++++++ 3 files changed, 26 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 index cf643a1ccd..0937c03f96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 @@ -13,6 +13,10 @@ function Get-TargetResource [System.Boolean] $EnableGroupCreation, + [Parameter()] + [System.Boolean] + $EnableMIPLabels, + [Parameter()] [System.Boolean] $AllowGuestsToBeGroupOwner, @@ -109,6 +113,7 @@ function Get-TargetResource } $valueEnableGroupCreation = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' } + $valueEnableMIPLabels = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' } $valueAllowGuestsToBeGroupOwner = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' } $valueAllowGuestsToAccessGroups = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToAccessGroups' } $valueGuestUsageGuidelinesUrl = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GuestUsageGuidelinesUrl' } @@ -118,6 +123,7 @@ function Get-TargetResource $result = @{ IsSingleInstance = 'Yes' EnableGroupCreation = [Boolean]::Parse($valueEnableGroupCreation.Value) + EnableMIPLabels = [Boolean]::Parse($valueEnableMIPLabels.Value) AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value) AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value) GuestUsageGuidelinesUrl = $valueGuestUsageGuidelinesUrl.Value @@ -167,6 +173,10 @@ function Set-TargetResource [System.Boolean] $EnableGroupCreation, + [Parameter()] + [System.Boolean] + $EnableMIPLabels, + [Parameter()] [System.Boolean] $AllowGuestsToBeGroupOwner, @@ -267,6 +277,11 @@ function Set-TargetResource $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' } $entry.Value = [System.Boolean]$EnableGroupCreation } + elseif ($property.Name -eq 'EnableMIPLabels') + { + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' } + $entry.Value = [System.Boolean]$EnableMIPLabels + } elseif ($property.Name -eq 'AllowGuestsToBeGroupOwner') { $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' } @@ -325,6 +340,10 @@ function Test-TargetResource [System.Boolean] $EnableGroupCreation, + [Parameter()] + [System.Boolean] + $EnableMIPLabels, + [Parameter()] [System.Boolean] $AllowGuestsToBeGroupOwner, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof index 9118ab3856..48c93f1f7d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof @@ -3,6 +3,7 @@ class MSFT_AADGroupsSettings : OMI_BaseResource { [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean EnableGroupCreation; + [Write, Description("Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.")] Boolean EnableMIPLabels; [Write, Description("Boolean indicating whether or not a guest user can be an owner of groups.")] Boolean AllowGuestsToBeGroupOwner; [Write, Description("Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean AllowGuestsToAccessGroups; [Write, Description("The url of a link to the guest usage guidelines.")] String GuestUsageGuidelinesUrl; diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 index 8333997582..a8289cc928 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 @@ -200,6 +200,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AllowGuestsToBeGroupOwner = $True AllowToAddGuests = $True EnableGroupCreation = $True + EnableMIPLabels = $True Ensure = 'Present' Credential = $Credential GroupCreationAllowedGroupName = 'All Company' @@ -224,6 +225,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Name = 'EnableGroupCreation' Value = $true }, + @{ + Name = 'EnableMIPLabels' + Value = $true + }, @{ Name = 'AllowGuestsToBeGroupOwner' Value = $true @@ -273,6 +278,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AllowGuestsToBeGroupOwner = $True AllowToAddGuests = $True EnableGroupCreation = $False #Drift + EnableMIPLabels = $True #Drift Ensure = 'Present' Credential = $Credential GroupCreationAllowedGroupName = 'All Company' From 6367d66433e6e91182f33725d495777d3b22ddc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Wed, 9 Aug 2023 10:53:27 +0200 Subject: [PATCH 2/4] updated changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 512c46efa9..ddf5487db7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADGroupSettings + * Add support for enabling sensitivity labels in M365-groups * AADAuthorizationPolicy * Added support for the AllowedToCreateTenants & AllowedToReadBitlockerKeysForOwnedDevice properties. From 9f0d2e9168d0fe1cd9292b6fdd639b72bc03a806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Thu, 10 Aug 2023 08:30:51 +0200 Subject: [PATCH 3/4] updated unit-tests --- .../MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 | 2 +- .../Microsoft365DSC.AADGroupsSettings.Tests.ps1 | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 index 0937c03f96..aa1d47adf6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 @@ -99,7 +99,7 @@ function Get-TargetResource } else { - Write-Verbose -Message 'Found existing AzureAD Groups Settings' + Write-Verbose -Message 'Found existing AzureAD DirectorySetting for Group.Unified' $AllowedGroupName = $null $GroupCreationValue = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GroupCreationAllowedGroupId' } if (-not [System.String]::IsNullOrEmpty($GroupCreationValue.Value)) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 index a8289cc928..b1ee71d732 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1 @@ -155,6 +155,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Name = 'EnableGroupCreation' Value = $true }, + @{ + Name = 'EnableMIPLabels' + Value = $false + }, @{ Name = 'AllowGuestsToBeGroupOwner' Value = $false @@ -185,7 +189,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1 } - It 'Should return true from the Test method' { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } From 92de03e42f0534421e0f1236638a7b018c50b1bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Fri, 11 Aug 2023 08:28:26 +0200 Subject: [PATCH 4/4] updated changelog --- CHANGELOG.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fa7fb0028..6563dd39f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,12 @@ # Change log for Microsoft365DSC -# 1.23.809.1 +# Unreleased -* AADGroupSettings +* AADGroupsSettings * Add support for enabling sensitivity labels in M365-groups + +# 1.23.809.1 + * AADAuthorizationPolicy * Added support for the AllowedToCreateTenants & AllowedToReadBitlockerKeysForOwnedDevice properties.