Draft Intune DSC Derived Credential

Kajalp1079 · Oct 6, 2024 · 169384c · 169384c
1 parent 1184dcd
commit 169384c
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 113 deletions.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/settings.json
@@ -1,34 +1,40 @@
 {
-    "resourceName": "EXOMessageClassification",
-    "description": "",
-    "roles": {
-        "read": [
-            "Global Reader"
-        ],
-        "update": [
-            "Exchange Administrator"
-        ]
-    },
+    "resourceName": "IntuneDerivedCredential",
+    "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement",
+    // "roles": {
+    //   "read": [
+    //     "Global Reader"
+    //   ],
+    //   "update": [
+    //     "Intune Administrator"
+    //   ]
+    // },
+
     "permissions": {
-        "graph": {
-            "delegated": {
-                "read": [],
-                "update": []
-            },
-            "application": {
-                "read": [],
-                "update": []
-            }
+      "graph": {
+        "delegated": {
+          "read": [
+            "DeviceManagementConfiguration.Read.All"
+          ],
+          "update": [
+            "DeviceManagementConfiguration.ReadWrite.All"
+          ]
         },
-        "exchange": {
-            "requiredroles": [
-                "User Options",
-                "Data Loss Prevention",
-                "Transport Rules",
-                "View-Only Configuration",
-                "Mail Recipients"
-            ],
-            "requiredrolegroups": "Organization Management"
+        "application": {
+          "read": [
+            "DeviceManagementConfiguration.Read.All"
+          ],
+          "update": [
+            "DeviceManagementConfiguration.ReadWrite.All"
+          ]
         }
+      }
     }
-}
+  }
+
+// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions
+    // OUTPUT:
+    // Permissions
+    // -----------
+    // {}
+    // {}
diff --git a/...ft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof b/...ft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDeviceCredential.schema.mof
@@ -1,11 +1,32 @@
+[ClassVersion("1.0.0.0"), Description("Represents a key-value pair.")]
+class KeyValuePair {
+    [Key, Description("The key of the dictionary entry.")]
+    string Key;
+
+    [Description("The value of the dictionary entry.")]
+    string Value;
+};
+
 [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCredential")]
-class MSFT_IntuneDeviceCredential : OMI_BaseResource
-{
-    [Key, Description("The name of the app category.")] String DisplayName;
-    [Write, Description("The unique identifier for an entity. Read-only.")] String Id;
-    [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl;
-    [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}] String Issuer;
-    [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}] String NotificationType;
-    [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] uint32 ThresholdPercentage;
-    [Write, Description("Optional headers that will be added to the request.")] KeyValuePair[] Header;
+class MSFT_IntuneDeviceCredential : OMI_BaseResource {
+    [Key, Description("The name of the app category.")]
+    string DisplayName;
+
+    [Write, Description("The unique identifier for an entity. Read-only.")]
+    string Id;
+
+    [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")]
+    string HelpUrl;
+
+    [Write, Description("Supported values for the derived credential issuer."), ValueMap{"Intercede", "Entrust", "DISA Purebred"}, Values{"Intercede", "Entrust", "DISA Purebred"}]
+    string Issuer;
+
+    [Write, Description("Supported values for the notification type to use."), ValueMap{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}, Values{"Email", "Company Portal (iOS) Microsoft Intune (Android) app"}]
+    string NotificationType;
+
+    [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")]
+    uint32 ThresholdPercentage;
+
+    [Write, Description("Optional headers that will be added to the request.")]
+    KeyValuePair[] Header;
 };
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1
@@ -1,36 +1,31 @@
-<#
-This example is used to test new resources and showcase the usage of new resources being worked on.
-It is not meant to use as a production baseline.
-#>
-
-Configuration Example
-{
+<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #>
+Configuration Example {
     param(
         [Parameter()]
-        [System.String]
-        $ApplicationId,
+        [System.String] $ApplicationId,
 
         [Parameter()]
-        [System.String]
-        $TenantId,
+        [System.String] $TenantId,
 
         [Parameter()]
-        [System.String]
-        $CertificateThumbprint
+        [System.String] $CertificateThumbprint
     )
+
     Import-DscResource -ModuleName Microsoft365DSC
-    node localhost
-    {
-        IntuneDerivedCredential "IntuneDerivedCredential-Data Management"
-        {
-            Id                   = "a1fc9fe2-728d-4867-9a72-a61e18f8c606";
-            DisplayName          = "Custom Data Management";
-            Ensure               = "Present";
-            HelpUrl              = "https://www.microsoft.com";
-            Issuer               = "DISA Purebred";
-            NotificationType     = "Email";
-            ThresholdPercentage  = 0;
-        }
 
+    node localhost {
+        IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" {
+            Id                  = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"
+            DisplayName         = "Custom Data Management"
+            Ensure              = "Present"
+            HelpUrl             = "https://www.microsoft.com"
+            Issuer              = "DISA Purebred"
+            NotificationType    = "Email"
+            ThresholdPercentage = 0
+            Header              = @(
+                [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' }
+                [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' }
+            )
+        }
     }
 }
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1
@@ -1,36 +1,31 @@
-<#
-This example is used to test new resources and showcase the usage of new resources being worked on.
-It is not meant to use as a production baseline.
-#>
-
-Configuration Example
-{
+<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #>
+Configuration Example {
     param(
         [Parameter()]
-        [System.String]
-        $ApplicationId,
+        [System.String] $ApplicationId,
 
         [Parameter()]
-        [System.String]
-        $TenantId,
+        [System.String] $TenantId,
 
         [Parameter()]
-        [System.String]
-        $CertificateThumbprint
+        [System.String] $CertificateThumbprint
     )
+
     Import-DscResource -ModuleName Microsoft365DSC
-    node localhost
-    {
-        IntuneDerivedCredential "IntuneDerivedCredential-Data Management"
-        {
-            Id                   = "a1fc9fe2-728d-4867-9a72-a61e18f8c606";
-            DisplayName          = "Custom Data Management";
-            Ensure               = "Present";
-            HelpUrl              = "https://www.microsoft.com";
-            Issuer               = "DISA Purebred";
-            NotificationType     = "Email";
-            ThresholdPercentage  = 0;
-        }
 
+    node localhost {
+        IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" {
+            Id                  = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"
+            DisplayName         = "Custom Data Management"
+            Ensure              = "Present"
+            HelpUrl             = "https://www.microsoft.com"
+            Issuer              = "DISA Purebred"
+            NotificationType    = "Email"
+            ThresholdPercentage = 0
+            Header              = @(
+                [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' }
+                [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' }
+            )
+        }
     }
 }
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1
@@ -1,36 +1,32 @@
-<#
-This example is used to test new resources and showcase the usage of new resources being worked on.
-It is not meant to use as a production baseline.
-#>
-
-Configuration Example
-{
+<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #>
+Configuration Example {
     param(
         [Parameter()]
-        [System.String]
-        $ApplicationId,
+        [System.String] $ApplicationId,
 
         [Parameter()]
-        [System.String]
-        $TenantId,
+        [System.String] $TenantId,
 
         [Parameter()]
-        [System.String]
-        $CertificateThumbprint
+        [System.String] $CertificateThumbprint
     )
+
     Import-DscResource -ModuleName Microsoft365DSC
-    node localhost
-    {
-        IntuneDerivedCredential "IntuneDerivedCredential-Data Management"
-        {
-            Id                   = "a1fc9fe2-728d-4867-9a72-a61e18f8c606";
-            DisplayName          = "Custom Data Management";
-            Ensure               = "Present";
-            HelpUrl              = "https://www.microsoft.com";
-            Issuer               = "DISA Purebred";
-            NotificationType     = "Email";
-            ThresholdPercentage  = 0;
-        }
 
+    node localhost {
+        IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" {
+            Id                  = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"
+            DisplayName         = "Custom Data Management"
+            Ensure              = "Present"
+            HelpUrl             = "https://www.microsoft.com"
+            Issuer              = "DISA Purebred"
+            NotificationType    = "Email"
+            ThresholdPercentage = 0
+            Header              = @(
+                [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' }
+                [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' }
+            )
+        }
     }
 }
+