Add param EnableMIPLabels to AADGroupSettings

CHANGELOG.md

@@ -1,7 +1,7 @@
 # Change log for Microsoft365DSC
 
-# UNRELEASED
-
+* AADGroupsSettings
+  * Add support for enabling sensitivity labels in M365-groups
 * O365OrgSettings
   * Updated logic of the Get to return null if permissions are not granted for
     a given API.

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1

@@ -13,6 +13,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,
@@ -95,7 +99,7 @@ function Get-TargetResource
         }
         else
         {
-            Write-Verbose -Message 'Found existing AzureAD Groups Settings'
+            Write-Verbose -Message 'Found existing AzureAD DirectorySetting for Group.Unified'
             $AllowedGroupName = $null
             $GroupCreationValue = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GroupCreationAllowedGroupId' }
             if (-not [System.String]::IsNullOrEmpty($GroupCreationValue.Value))
@@ -109,6 +113,7 @@ function Get-TargetResource
             }
 
             $valueEnableGroupCreation = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' }
+            $valueEnableMIPLabels = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' }
             $valueAllowGuestsToBeGroupOwner = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' }
             $valueAllowGuestsToAccessGroups = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToAccessGroups' }
             $valueGuestUsageGuidelinesUrl = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GuestUsageGuidelinesUrl' }
@@ -118,6 +123,7 @@ function Get-TargetResource
             $result = @{
                 IsSingleInstance          = 'Yes'
                 EnableGroupCreation       = [Boolean]::Parse($valueEnableGroupCreation.Value)
+                EnableMIPLabels           = [Boolean]::Parse($valueEnableMIPLabels.Value)
                 AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value)
                 AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value)
                 GuestUsageGuidelinesUrl   = $valueGuestUsageGuidelinesUrl.Value
@@ -167,6 +173,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,
@@ -267,6 +277,11 @@ function Set-TargetResource
                 $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' }
                 $entry.Value = [System.Boolean]$EnableGroupCreation
             }
+            elseif ($property.Name -eq 'EnableMIPLabels')
+            {
+                $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' }
+                $entry.Value = [System.Boolean]$EnableMIPLabels
+            }
             elseif ($property.Name -eq 'AllowGuestsToBeGroupOwner')
             {
                 $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' }
@@ -325,6 +340,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof

@@ -3,6 +3,7 @@ class MSFT_AADGroupsSettings : OMI_BaseResource
 {
     [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
     [Write, Description("The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean EnableGroupCreation;
+    [Write, Description("Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.")] Boolean EnableMIPLabels;
     [Write, Description("Boolean indicating whether or not a guest user can be an owner of groups.")] Boolean AllowGuestsToBeGroupOwner;
     [Write, Description("Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean AllowGuestsToAccessGroups;
     [Write, Description("The url of a link to the guest usage guidelines.")] String GuestUsageGuidelinesUrl;

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroupsSettings.Tests.ps1

@@ -155,6 +155,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 Name  = 'EnableGroupCreation'
                                 Value = $true
                             },
+                            @{
+                                Name  = 'EnableMIPLabels'
+                                Value = $false
+                            },
                             @{
                                 Name  = 'AllowGuestsToBeGroupOwner'
                                 Value = $false
@@ -185,7 +189,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 Should -Invoke -CommandName 'Get-MgBetaDirectorySetting' -Exactly 1
             }
 
-            It 'Should return true from the Test method' {
+            It 'Should return false from the Test method' {
                 Test-TargetResource @testParams | Should -Be $false
             }
 
@@ -200,6 +204,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     AllowGuestsToBeGroupOwner     = $True
                     AllowToAddGuests              = $True
                     EnableGroupCreation           = $True
+                    EnableMIPLabels               = $True
                     Ensure                        = 'Present'
                     Credential                    = $Credential
                     GroupCreationAllowedGroupName = 'All Company'
@@ -224,6 +229,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 Name  = 'EnableGroupCreation'
                                 Value = $true
                             },
+                            @{
+                                Name  = 'EnableMIPLabels'
+                                Value = $true
+                            },
                             @{
                                 Name  = 'AllowGuestsToBeGroupOwner'
                                 Value = $true
@@ -273,6 +282,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     AllowGuestsToBeGroupOwner     = $True
                     AllowToAddGuests              = $True
                     EnableGroupCreation           = $False #Drift
+                    EnableMIPLabels               = $True #Drift
                     Ensure                        = 'Present'
                     Credential                    = $Credential
                     GroupCreationAllowedGroupName = 'All Company'