Cleaned up, tested and added UTs.

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 # UNRELEASED
 
+* IntuneDerivedCredential
+  * Initial release.
 * AADAdminConsentRequestPolicy
   * Initial release.
 * AADApplication

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1

@@ -2,11 +2,14 @@ function Get-TargetResource {
     [CmdletBinding()]
     [OutputType([System.Collections.Hashtable])]
     param (
+
+        #region resource params
+
         [Parameter()]
         [System.String]
         $Id,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $DisplayName,
 
@@ -24,6 +27,12 @@ function Get-TargetResource {
         [System.String]
         $NotificationType = 'none',
 
+        [Parameter()]
+        [System.Int32]
+        $RenewalThresholdPercentage,
+
+        #endregion resource params
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -58,7 +67,6 @@ function Get-TargetResource {
         $AccessTokens
 
     )
-    Write-Host "Host: start of get."
 
     New-M365DSCConnection -Workload 'MicrosoftGraph' `
         -InboundParameters $PSBoundParameters | Out-Null
@@ -105,27 +113,25 @@ function Get-TargetResource {
                         return $nullResult
                     }
                 }
-
             }
-
         }
-        Write-Host "Values of Instance Id: $($instance.Id), DisplayName: $($instance.DisplayName), HelpUrl: $($instance.HelpUrl), Issuer: $($instance.Issuer), NotificationType: $($instance.NotificationType)"
+
         $results = @{
-            Ensure                = 'Present'
-            Id                    = $instance.Id
-            DisplayName           = $instance.DisplayName
-            HelpUrl               = $instance.HelpUrl
-            Issuer                = $instance.Issuer
-            NotificationType      = $instance.NotificationType
-            Credential            = $Credential
-            ApplicationId         = $ApplicationId
-            TenantId              = $TenantId
-            CertificateThumbprint = $CertificateThumbprint
-            ApplicationSecret     = $ApplicationSecret
-            ManagedIdentity       = $ManagedIdentity.IsPresent
-            AccessTokens          = $AccessTokens
+            Ensure                      = 'Present'
+            Id                          = $instance.Id
+            DisplayName                 = $instance.DisplayName
+            HelpUrl                     = $instance.HelpUrl
+            Issuer                      = $instance.Issuer.ToString()
+            NotificationType            = $instance.NotificationType.ToString()
+            RenewalThresholdPercentage  = $instance.RenewalThresholdPercentage
+            Credential                  = $Credential
+            ApplicationId               = $ApplicationId
+            TenantId                    = $TenantId
+            CertificateThumbprint       = $CertificateThumbprint
+            ApplicationSecret           = $ApplicationSecret
+            ManagedIdentity             = $ManagedIdentity.IsPresent
+            AccessTokens                = $AccessTokens
         }
-        Write-Host "Values of Results:: Id: $($results.Id), DisplayName: $($results.DisplayName), HelpUrl: $($results.HelpUrl), Issuer: $($results.Issuer), NotificationType: $($results.NotificationType)"
 
         return [System.Collections.Hashtable] $results
     }
@@ -145,11 +151,14 @@ function Get-TargetResource {
 function Set-TargetResource {
     [CmdletBinding()]
     param (
+
+        #region resource params
+
         [Parameter()]
         [System.String]
         $Id,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $DisplayName,
 
@@ -162,6 +171,12 @@ function Set-TargetResource {
         [System.String]
         $Issuer,
 
+        [Parameter()]
+        [System.Int32]
+        $RenewalThresholdPercentage,
+
+        #endregion resource params
+
         [Parameter()]
         [ValidateSet('none', 'email', 'companyPortal')]
         [System.String]
@@ -224,11 +239,6 @@ function Set-TargetResource {
     {
         New-MgBetaDeviceManagementDerivedCredential @SetParameters
     }
-    # UPDATE
-    elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
-    {
-        Update-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id @SetParameters
-    }
     # REMOVE
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
@@ -240,11 +250,14 @@ function Test-TargetResource {
     [CmdletBinding()]
     [OutputType([System.Boolean])]
     param (
+
+        #region resource params
+
         [Parameter()]
         [System.String]
         $Id,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $DisplayName,
 
@@ -262,6 +275,12 @@ function Test-TargetResource {
         [System.String]
         $NotificationType = 'none',
 
+        [Parameter()]
+        [System.Int32]
+        $RenewalThresholdPercentage,
+
+        #endregion resource params
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -327,6 +346,9 @@ function Export-TargetResource {
     [CmdletBinding()]
     [OutputType([System.String])]
     param (
+
+        #region resource params
+
         [Parameter()]
         [System.String]
         $Id,
@@ -349,10 +371,17 @@ function Export-TargetResource {
         [System.String]
         $NotificationType = 'none',
 
+        [Parameter()]
+        [System.Int32]
+        $RenewalThresholdPercentage,
+
+        #endregion resource params
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
         $Ensure = 'Present',
+
         [Parameter()]
         [System.Management.Automation.PSCredential]
         $Credential,
@@ -381,7 +410,6 @@ function Export-TargetResource {
         [System.String[]]
         $AccessTokens
     )
-    Write-Host "Host: start of export."
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
     -InboundParameters $PSBoundParameters
@@ -417,20 +445,22 @@ function Export-TargetResource {
         {
             $displayedKey = $config.Id
             Write-Host "    |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline
+
             $params = @{
-                Ensure                = 'Present'
-                Id                    = $config.Id
-                DisplayName           = $config.DisplayName
-                HelpUrl               = $config.HelpUrl
-                Issuer                = $config.Issuer
-                NotificationType      = $config.NotificationType
-                Credential            = $Credential
-                AccessTokens          = $AccessTokens
-                ApplicationId         = $ApplicationId
-                TenantId              = $TenantId
-                ApplicationSecret     = $ApplicationSecret
-                CertificateThumbprint = $CertificateThumbprint
-                ManagedIdentity       = $ManagedIdentity.IsPresent
+                Ensure                      = 'Present'
+                Id                          = $config.Id
+                DisplayName                 = $config.DisplayName
+                HelpUrl                     = $config.HelpUrl
+                Issuer                      = $config.Issuer.ToString()
+                NotificationType            = $config.NotificationType.ToString()
+                RenewalThresholdPercentage  = $config.RenewalThresholdPercentage
+                Credential                  = $Credential
+                AccessTokens                = $AccessTokens
+                ApplicationId               = $ApplicationId
+                TenantId                    = $TenantId
+                ApplicationSecret           = $ApplicationSecret
+                CertificateThumbprint       = $CertificateThumbprint
+                ManagedIdentity             = $ManagedIdentity.IsPresent
             }
 
             $Results = Get-TargetResource @Params
@@ -448,6 +478,7 @@ function Export-TargetResource {
             $i++
             Write-Host $Global:M365DSCEmojiGreenCheckMark
         }
+
         return $dscContent
     }
     catch
@@ -462,7 +493,6 @@ function Export-TargetResource {
 
         return ''
     }
-
 }
 
 Export-ModuleMember -Function *-TargetResource

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema..mof → Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof

@@ -1,29 +1,31 @@
 [ClassVersion("1.0.0.0"), FriendlyName("IntuneDerivedCredential")]
-class MSFT_IntuneDerivedCredential : OMI_BaseResource {
-    [Write, Description("The name of the app category.")]
-    String DisplayName;
+class MSFT_IntuneDerivedCredential : OMI_BaseResource
+{
+    [Key, Description("The name of the app category.")] String DisplayName;
+    [Write, Description("The unique identifier for an entity. Read-only.")] String Id;
 
-    [Write, Description("The unique identifier for an entity. Read-only.")]
-    String Id;
+    [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl;
+    [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] Uint32 RenewalThresholdPercentage;
+    [Write, Description("Supported values for the derived credential issuer."),
+        ValueMap{"intercede", "entrustDatacard", "purebred"},
+        Values{"intercede", "entrustDatacard", "purebred"}]
+        String Issuer;
 
-    [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")]
-    String HelpUrl;
+    [Write, Description("Supported values for the notification type to use."),
+        ValueMap{"none", "email", "companyPortal"},
+        Values{"none", "email", "companyPortal"}]
+        String NotificationType;
 
-    [Write, Description("Supported values for the derived credential issuer."), ValueMap{"intercede", "entrustDatacard", "purebred"}, Values{"intercede", "entrustDatacard", "purebred"}]
-    String Issuer;
+    [Write, Description("Supported values for the notification type to use."),
+        ValueMap{"Present", "Absent"},
+        Values{"Present", "Absent"}]
+        String Ensure;
 
-    [Write, Description("Supported values for the notification type to use."), ValueMap{"none", "email", "companyPortal"}, Values{"none", "email", "companyPortal"}]
-    String NotificationType = "none";  // Default value is set to "none"
-
-    [Write, Description("Supported values for the notification type to use."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}]
-    String Ensure = "Present";  // Default value is set to "none"
-
-    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
+    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] String Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
     [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId;
     [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
     [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
 	[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
     [Write, Description("Access token used for authentication.")] String AccessTokens[];
-
 };

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md

@@ -3,4 +3,4 @@
 
 ## Description
 
-##Create new navigation property to derivedCredentials for deviceManagement
+## Create new navigation property to derivedCredentials for deviceManagement for Intune.

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json

@@ -1,40 +1,25 @@
 {
     "resourceName": "IntuneDerivedCredential",
-    "description": "Use this resource to create new navigation property to derivedCredentials for deviceManagement",
-    // "roles": {
-    //   "read": [
-    //     "Global Reader"
-    //   ],
-    //   "update": [
-    //     "Intune Administrator"
-    //   ]
-    // },
+    "description": "Use this resource to create new navigation property to derivedCredentials for device Management in Intune.",
 
     "permissions": {
       "graph": {
         "delegated": {
           "read": [
-            "DeviceManagementConfiguration.Read.All"
+            ""
           ],
           "update": [
-            "DeviceManagementConfiguration.ReadWrite.All"
+            ""
           ]
         },
         "application": {
           "read": [
-            "DeviceManagementConfiguration.Read.All"
+            ""
           ],
           "update": [
-            "DeviceManagementConfiguration.ReadWrite.All"
+            ""
           ]
         }
       }
     }
   }
-
-// PS C:\Windows\system32> Find-MgGraphCommand -Command “Get-MgBetaDeviceManagementDerivedCredential” | select Permissions
-    // OUTPUT:
-    // Permissions
-    // -----------
-    // {}
-    // {}

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof

@@ -13,11 +13,11 @@ class MSFT_IntuneMobileAppsMacOSLobApp : OMI_BaseResource
     [Write, Description("The privacy statement Url. Inherited from mobileApp.")] String PrivacyInformationUrl;
     [Write, Description("The publisher of the app. Inherited from mobileApp.")] String Publisher;
     [Write, Description("The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp."), ValueMap{"notPublished", "processing","published"}, Values{"notPublished", "processing", "published"}] String PublishingState;
-       [Write, Description("The bundleId of the app.")] String BundleId;
+    [Write, Description("The bundleId of the app.")] String BundleId;
     [Write, Description("The build number of the app.")] String BuildNumber;
     [Write, Description("The version number of the app.")] String VersionNumber;
     [Write, Description("List of Scope Tag IDs for mobile app.")] String RoleScopeTagIds[];
-    [Write, Description("Wether to ignore the version of the app or not.")] Boolean IgnoreVersionDetection;
+    [Write, Description("Whether to ignore the version of the app or not.")] Boolean IgnoreVersionDetection;
     [Write, Description("The icon for this app."), EmbeddedInstance("MSFT_DeviceManagementMimeContent")] String LargeIcon;
     [Write, Description("The list of categories for this app."), EmbeddedInstance("MSFT_DeviceManagementMobileAppCategory")] String Categories[];
     [Write, Description("The list of assignments for this app."), EmbeddedInstance("MSFT_DeviceManagementMobileAppAssignment")] String Assignments[];

Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1

@@ -14,18 +14,14 @@ Configuration Example {
     Import-DscResource -ModuleName Microsoft365DSC
 
     node localhost {
-        IntuneDerivedCredential "IntuneDerivedCredential-DataManagement" {
-            Id                  = "a1fc9fe2-728d-4867-9a72-a61e18f8c606"
-            DisplayName         = "Custom Data Management"
-            Ensure              = "Present"
-            HelpUrl             = "https://www.microsoft.com"
-            Issuer              = "DISA Purebred"
-            NotificationType    = "Email"
-            ThresholdPercentage = 0
-            Header              = @(
-                [PSCustomObject]@{ Key = 'HeaderKey1'; Value = 'HeaderValue1' }
-                [PSCustomObject]@{ Key = 'HeaderKey2'; Value = 'HeaderValue2' }
-            )
+        IntuneDerivedCredential "IntuneDerivedCredential-K5"
+        {
+            DisplayName          = "K5";
+            HelpUrl              = "http://www.ff.com/";
+            Id                   = "a409d85f-2a49-440d-884a-80fb52a557ab";
+            Issuer               = "purebred";
+            NotificationType     = "email";
+            Ensure               = "Present";
         }
     }
 }