From 0bc12921b89a47d2d6258eac8b8ca1bb39ea08d2 Mon Sep 17 00:00:00 2001
From: Kajalp1079 <kajalpatel2014@outlook.com>
Date: Sat, 5 Oct 2024 20:01:31 -0700
Subject: [PATCH] Draft Intune DSC Derived Credential

---
 .../settings.json                             | 64 +++++++++----------
 .../MSFT_IntuneDerivedCredential.psm1         |  6 +-
 .../settings.json                             | 60 +++++++++--------
 3 files changed, 66 insertions(+), 64 deletions(-)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json
index d91fe2f2da..4096c4ae40 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json
@@ -1,40 +1,34 @@
 {
-    "resourceName": "IntuneDerivedCredential",
-    "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement",
-    // "roles": {
-    //   "read": [
-    //     "Global Reader"
-    //   ],
-    //   "update": [
-    //     "Intune Administrator"
-    //   ]
-    // },
-
+    "resourceName": "EXOMessageClassification",
+    "description": "",
+    "roles": {
+        "read": [
+            "Global Reader"
+        ],
+        "update": [
+            "Exchange Administrator"
+        ]
+    },
     "permissions": {
-      "graph": {
-        "delegated": {
-          "read": [
-            "DeviceManagementConfiguration.Read.All"
-          ],
-          "update": [
-            "DeviceManagementConfiguration.ReadWrite.All"
-          ]
+        "graph": {
+            "delegated": {
+                "read": [],
+                "update": []
+            },
+            "application": {
+                "read": [],
+                "update": []
+            }
         },
-        "application": {
-          "read": [
-            "DeviceManagementConfiguration.Read.All"
-          ],
-          "update": [
-            "DeviceManagementConfiguration.ReadWrite.All"
-          ]
+        "exchange": {
+            "requiredroles": [
+                "User Options",
+                "Data Loss Prevention",
+                "Transport Rules",
+                "View-Only Configuration",
+                "Mail Recipients"
+            ],
+            "requiredrolegroups": "Organization Management"
         }
-      }
     }
-  }
-
-// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions
-    // OUTPUT:
-    // Permissions
-    // -----------
-    // {}
-    // {}
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1
index 20481c9360..874df581fe 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1
@@ -31,7 +31,7 @@ function Get-TargetResource
         $ThresholdPercentage,
 
         [Parameter()]
-        [System.String]
+        [System.Collections.IDictionary]
         $Header
     )
 
@@ -139,7 +139,7 @@ function Set-TargetResource
         $ThresholdPercentage,
 
         [Parameter()]
-        [System.String]
+        [System.Collections.IDictionary]
         $Header
     )
 
@@ -209,7 +209,7 @@ function Test-TargetResource
         $ThresholdPercentage,
 
         [Parameter()]
-        [System.String]
+        [System.Collections.IDictionary]
         $Header
     )
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json
index a9201e88c8..f4606a14af 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json
@@ -1,32 +1,40 @@
 {
     "resourceName": "IntuneDerivedCredential",
     "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement",
-    "roles": {
-        "read": [
-            "Role"
-        ],
-        "update": [
-            "Role"
-        ]
-    },
+    // "roles": {
+    //   "read": [
+    //     "Global Reader"
+    //   ],
+    //   "update": [
+    //     "Intune Administrator"
+    //   ]
+    // },
+
     "permissions": {
-        "graph": {
-            "delegated": {
-                "read": [],
-                "update": []
-            },
-            "application": {
-                "read": [
-                    {
-                        "name": "Permission for Monitoring and Export"
-                    }
-                ],
-                "update": [
-                    {
-                        "name": "Permission for deploying"
-                    }
-                ]
-            }
+      "graph": {
+        "delegated": {
+          "read": [
+            "DeviceManagementConfiguration.Read.All"
+          ],
+          "update": [
+            "DeviceManagementConfiguration.ReadWrite.All"
+          ]
+        },
+        "application": {
+          "read": [
+            "DeviceManagementConfiguration.Read.All"
+          ],
+          "update": [
+            "DeviceManagementConfiguration.ReadWrite.All"
+          ]
         }
+      }
     }
-}
+  }
+
+// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions
+    // OUTPUT:
+    // Permissions
+    // -----------
+    // {}
+    // {}