diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 new file mode 100644 index 0000000000..d9430a9c0d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -0,0 +1,699 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $AccountId, + + [Parameter()] + [System.Boolean] + $ConfigureWifi, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Int32] + $EnrolledDeviceCount, + + [Parameter()] + [System.String] + [ValidateSet( 'corporateOwnedDedicatedDevice', 'corporateOwnedFullyManaged', 'corporateOwnedWorkProfile', 'corporateOwnedAOSPUserlessDevice', 'corporateOwnedAOSPUserAssociatedDevice')] + $EnrollmentMode, + + [Parameter()] + [ValidateSet( 'default', 'corporateOwnedDedicatedDeviceWithAzureADSharedMode', 'deviceStaging')] + $EnrollmentTokenType, + + [Parameter()] + [System.Int32] + $EnrollmentTokenUsageCount, + + [Parameter()] + [System.Boolean] + $IsTeamsDeviceProfile, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $QrCodeContent, + + [Parameter()] + [Microsoft.Graph.IMicrosoftGraphMimeContent] + $QrCodeImage, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.DateTime] + $TokenCreationDateTime, + + [Parameter()] + [System.DateTime] + $TokenExpirationDateTime, + + [Parameter()] + [System.String] + $TokenValue, + + [Parameter()] + [System.Boolean] + $WifiHidden, + + [Parameter()] + [System.Security.SecureString] + $WifiPassword, + + [Parameter()] + [ValidateSet( 'none', 'wpa', 'wep' )] + $WifiSecurityType, + + [Parameter()] + [System.String] + $WifiSsid, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Checking for the Intune Android Device Owner Enrollment Profile {$DisplayName}" + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + $androidDeviceOwnerEnrollmentProfile = Get-MgAndroidDeviceOwnerEnrollmentProfile + -Filter "displayName eq '$DisplayName')" + -ErrorAction SilentlyContinue | Where-Object + + if ($null -eq $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message "No AndroidDeviceOwnerEnrollmentProfiles with DisplayName {$DisplayName} was found. Search with DisplayName." + $androidDeviceOwnerEnrollmentProfile = Get-MgAndroidDeviceOwnerEnrollmentProfile + -ProfileId $Id + } + + if ($null -eq $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message "No AndroidDeviceOwnerEnrollmentProfiles with {$Id} was found." + return $nullResult + } + + $results = @{ + Id = $androidDeviceOwnerEnrollmentProfile.Id + DisplayName = $androidDeviceOwnerEnrollmentProfile.DisplayName + AccountId = $androidDeviceOwnerEnrollmentProfile.AccountId + ConfigureWifi = $androidDeviceOwnerEnrollmentProfile.ConfigureWifi + CreatedDateTime = $androidDeviceOwnerEnrollmentProfile.CreatedDateTime + Description = $androidDeviceOwnerEnrollmentProfile.Description + EnrolledDeviceCount = $androidDeviceOwnerEnrollmentProfile.EnrolledDeviceCount + EnrollmentMode = $androidDeviceOwnerEnrollmentProfile.EnrollmentMode + EnrollmentTokenType = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenType + EnrollmentTokenUsageCount = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenUsageCount + IsTeamsDeviceProfile = $androidDeviceOwnerEnrollmentProfile.IsTeamsDeviceProfile + LastModifiedDateTime = $androidDeviceOwnerEnrollmentProfile.LastModifiedDateTime + QrCodeContent = $androidDeviceOwnerEnrollmentProfile.QrCodeContent + QrCodeImage = $androidDeviceOwnerEnrollmentProfile.QrCodeImage + RoleScopeTagIds = $androidDeviceOwnerEnrollmentProfile.RoleScopeTagIds + TokenCreationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenCreationDateTime + TokenExpirationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenExpirationDateTime + TokenValue = $androidDeviceOwnerEnrollmentProfile.TokenValue + WifiHidden = $androidDeviceOwnerEnrollmentProfile.WifiHidden + WifiPassword = $androidDeviceOwnerEnrollmentProfile.WifiPassword + WifiSecurityType = $androidDeviceOwnerEnrollmentProfile.WifiSecurityType + WifiSsid = $androidDeviceOwnerEnrollmentProfile.WifiSsid + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $AccountId, + + [Parameter()] + [System.Boolean] + $ConfigureWifi, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Int32] + $EnrolledDeviceCount, + + [Parameter()] + [System.String] + [ValidateSet( 'corporateOwnedDedicatedDevice', 'corporateOwnedFullyManaged', 'corporateOwnedWorkProfile', 'corporateOwnedAOSPUserlessDevice', 'corporateOwnedAOSPUserAssociatedDevice')] + $EnrollmentMode, + + [Parameter()] + [ValidateSet( 'default', 'corporateOwnedDedicatedDeviceWithAzureADSharedMode', 'deviceStaging')] + $EnrollmentTokenType, + + [Parameter()] + [System.Int32] + $EnrollmentTokenUsageCount, + + [Parameter()] + [System.Boolean] + $IsTeamsDeviceProfile, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $QrCodeContent, + + [Parameter()] + [Microsoft.Graph.IMicrosoftGraphMimeContent] + $QrCodeImage, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.DateTime] + $TokenCreationDateTime, + + [Parameter()] + [System.DateTime] + $TokenExpirationDateTime, + + [Parameter()] + [System.String] + $TokenValue, + + [Parameter()] + [System.Boolean] + $WifiHidden, + + [Parameter()] + [System.Security.SecureString] + $WifiPassword, + + [Parameter()] + [ValidateSet( 'none', 'wpa', 'wep' )] + $WifiSecurityType, + + [Parameter()] + [System.String] + $WifiSsid, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('AccessTokens') | Out-Null + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Host "Create AndroidDeviceOwnerEnrollmentProfile: $DisplayName with Enrollment Mode: $EnrollmentMode" + + $CreateParameters.remove('Id') | Out-Null + $CreateParameters.remove('Ensure') | Out-Null + $CreateParameters.Remove('Verbose') | Out-Null + + New-MgAndroidDeviceOwnerEnrollmentProfile @CreateParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Host "Update AndroidDeviceOwnerEnrollmentProfile: $DisplayName" + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null + + Update-MgAndroidDeviceOwnerEnrollmentProfile -ProfileId $currentInstance.Id @UpdateParameters + Write-Host "Updated AndroidDeviceOwnerEnrollmentProfile: $DisplayName" + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Host "Remove AndroidDeviceOwnerEnrollmentProfile: $DisplayName" + + Remove-MgAndroidDeviceOwnerEnrollmentProfile -ProfileId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $AccountId, + + [Parameter()] + [System.Boolean] + $ConfigureWifi, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Int32] + $EnrolledDeviceCount, + + [Parameter()] + [System.String] + [ValidateSet( 'corporateOwnedDedicatedDevice', 'corporateOwnedFullyManaged', 'corporateOwnedWorkProfile', 'corporateOwnedAOSPUserlessDevice', 'corporateOwnedAOSPUserAssociatedDevice')] + $EnrollmentMode, + + [Parameter()] + [ValidateSet( 'default', 'corporateOwnedDedicatedDeviceWithAzureADSharedMode', 'deviceStaging')] + $EnrollmentTokenType, + + [Parameter()] + [System.Int32] + $EnrollmentTokenUsageCount, + + [Parameter()] + [System.Boolean] + $IsTeamsDeviceProfile, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $QrCodeContent, + + [Parameter()] + [Microsoft.Graph.IMicrosoftGraphMimeContent] + $QrCodeImage, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.DateTime] + $TokenCreationDateTime, + + [Parameter()] + [System.DateTime] + $TokenExpirationDateTime, + + [Parameter()] + [System.String] + $TokenValue, + + [Parameter()] + [System.Boolean] + $WifiHidden, + + [Parameter()] + [System.Security.SecureString] + $WifiPassword, + + [Parameter()] + [ValidateSet( 'none', 'wpa', 'wep' )] + $WifiSecurityType, + + [Parameter()] + [System.String] + $WifiSsid, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of AndroidDeviceOwnerEnrollmentProfile: {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $CurrentValues)) + { + Write-Verbose "An error occured in Get-TargetResource, the enrollmentProfile {$displayName} will not be processed" + throw "An error occured in Get-TargetResource, the enrollmentProfile {$displayName} will not be processed. Refer to the event viewer logs for more information." + } + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Id') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues + -Source $($MyInvocation.MyCommand.Source) + -DesiredValues $PSBoundParameters + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $TestResult" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + ##TODO - Replace Get-Cmdlet by the cmdlet to retrieve all instances + [array] $Script:exportedInstances = Get-MgAndroidDeviceOwnerEnrollmentProfile + -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $androidDeviceOwnerEnrollmentProfile.Id + DisplayName = $androidDeviceOwnerEnrollmentProfile.DisplayName + AccountId = $androidDeviceOwnerEnrollmentProfile.AccountId + ConfigureWifi = $androidDeviceOwnerEnrollmentProfile.ConfigureWifi + CreatedDateTime = $androidDeviceOwnerEnrollmentProfile.CreatedDateTime + Description = $androidDeviceOwnerEnrollmentProfile.Description + EnrolledDeviceCount = $androidDeviceOwnerEnrollmentProfile.EnrolledDeviceCount + EnrollmentMode = $androidDeviceOwnerEnrollmentProfile.EnrollmentMode + EnrollmentTokenType = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenType + EnrollmentTokenUsageCount = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenUsageCount + IsTeamsDeviceProfile = $androidDeviceOwnerEnrollmentProfile.IsTeamsDeviceProfile + LastModifiedDateTime = $androidDeviceOwnerEnrollmentProfile.LastModifiedDateTime + QrCodeContent = $androidDeviceOwnerEnrollmentProfile.QrCodeContent + QrCodeImage = $androidDeviceOwnerEnrollmentProfile.QrCodeImage + RoleScopeTagIds = $androidDeviceOwnerEnrollmentProfile.RoleScopeTagIds + TokenCreationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenCreationDateTime + TokenExpirationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenExpirationDateTime + TokenValue = $androidDeviceOwnerEnrollmentProfile.TokenValue + WifiHidden = $androidDeviceOwnerEnrollmentProfile.WifiHidden + WifiPassword = $androidDeviceOwnerEnrollmentProfile.WifiPassword + WifiSecurityType = $androidDeviceOwnerEnrollmentProfile.WifiSecurityType + WifiSsid = $androidDeviceOwnerEnrollmentProfile.WifiSsid + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) + { + Write-Verbose "An error occured in Get-TargetResource, the app {$($params.displayName)} will not be processed." + throw "An error occured in Get-TargetResource, the app {$($params.displayName)} will not be processed. Refer to the event viewer logs for more information." + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof new file mode 100644 index 0000000000..89760012de --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof @@ -0,0 +1,35 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile")] +class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource +{ + [Key, Description("Display name for the enrollment profile.")] String DisplayName; + [Write, Description("Unique GUID for the enrollment profile. Read-Only.)] String Id; + + [Write, Description("Intune AccountId GUID the enrollment profile belongs to.")] String AccountId; + [Write, Description("Description for the enrollment profile.")] String Description; + [Write, Description("The enrollment mode of devices that use this enrollment profile."), ValueMap{"corporateOwnedDedicatedDevice", "corporateOwnedFullyManaged", "corporateOwnedWorkProfile", "corporateOwnedAOSPUserlessDevice", "corporateOwnedAOSPUserAssociatedDevice"}] String EnrollmentMode; + [Write, Description("The enrollment token type for an enrollment profile."), ValueMap{"default", "corporateOwnedDedicatedDeviceWithAzureADSharedMode", "deviceStaging"}] String EnrollmentTokenType; + [Write, Description("Date time the enrollment profile was created.")] DateTime CreatedDateTime; + [Write, Description("Date time the enrollment profile was last modified.")] DateTime LastModifiedDateTime; + [Write, Description("Value of the most recently created token for this enrollment profile.")] String TokenValue; + [Write, Description("Date time the most recently created token was created.")] DateTime TokenCreationDateTime; + [Write, Description("Date time the most recently created token will expire.")] DateTime TokenExpirationDateTime; + [Write, Description("Total number of Android devices that have enrolled using this enrollment profile.")] Int32 EnrolledDeviceCount; + [Write, Description("Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000")] Int32 EnrollmentTokenUsageCount; + [Write, Description("String used to generate a QR code for the token.")] String QrCodeContent; + [Write, Description("String used to generate a QR code for the token.")] String QrCodeImage; + [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; + [Write, Description("Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.")] Boolean ConfigureWifi; + [Write, Description("String that contains the wi-fi login ssid")] String WifiSsid; + [Write, Description("String that contains the wi-fi login password")] String WifiPassword; + [Write, Description("String that contains the wi-fi security type."), ValueMap{"none", "wpa", "wep"}] String WifiSecurityType; + [Write, Description("Boolean that indicates if hidden wifi networks are enabled")] Boolean WifiHidden; + [Write, Description("Boolean indicating if this profile is an Android AOSP for Teams device profile.")] Boolean IsTeamsDeviceProfile; + + [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md new file mode 100644 index 0000000000..148f4ead0d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile + +## Description + +Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json new file mode 100644 index 0000000000..8507274e9b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile", + "description": "Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 new file mode 100644 index 0000000000..24360928fb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'CreateProfile' + { + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 new file mode 100644 index 0000000000..3d59a051cd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'UpdateProfile' + { + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Updated Android Owner Enrollment Profile" + Description = "Updated Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-updated-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-updated-qr-code-content" + WifiSsid = "your-updated-wifi-ssid" + WifiPassword = "your-updated-wifi-password" + WifiSecurityType = "wpa" + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 new file mode 100644 index 0000000000..3d7dcb8240 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 @@ -0,0 +1,31 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'RemoveProfile' + { + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Ensure = "Absent" + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 new file mode 100644 index 0000000000..e05ab66627 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 @@ -0,0 +1,249 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + } + Mock -CommandName New-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + } + Mock -CommandName Update-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -Exactly 1 + } + } + + Context -Name "The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + return @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = 'Present' + } + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the instance from the Set method' { + Should -Invoke -CommandName Remove-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -Exactly 1 + } + } + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + return @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + return @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "INCORRECT Android Owner Enrollment Profile Name" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile -MockWith { + return @{ + Id = "164655f7-1232-4d56-ae8f-b095196a0309"; + DisplayName = "Android Owner Enrollment Profile" + Description = "Profile for enrolling Android devices" + TokenExpirationDateTime = "2024-12-31T23:59:59Z" + TokenValue = "your-token-value" + EnrollmentMode = "corporateOwnedWorkProfile" + QrCodeContent = "your-qr-code-content" + WifiSsid = "your-wifi-ssid" + WifiPassword = "your-wifi-password" + WifiSecurityType = "wpa" + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope