diff --git a/CHANGELOG.md b/CHANGELOG.md index cc8e66b4a9..0340e050c7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,74 @@ # Change log for Microsoft365DSC +# 1.24.103.1 + +* AADConditionalAccessPolicy + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) +* EXOInboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. +* EXOMailTips + * Added parameter descriptions for better documentation +* EXOOutboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. +* EXOReportSubmissionPolicy + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) +* EXOReportSubmissionRule + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) +* EXOTransportRule + * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) + FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) +* IntuneDeviceConfigurationPolicyMacOS + * Added parameter descriptions for better documentation +* IntuneSettingCatalogCustomPolicyWindows10 + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) +* SPOTenantSettings + * Added parameter descriptions for better documentation +* TeamsChannel + * Add error handling if GroupId of a team is null + FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) +* TeamsFeedbackPolicy + * Added parameter descriptions for better documentation +* TeamsMobilityPolicy + * Added parameter descriptions for better documentation +* TeamsNetworkRoamingPolicy + * Added parameter descriptions for better documentation + +# 1.23.1227.1 + +* EXOAntiPhishPolicy + * Add support for TargetedDomainProtectionAction + FIXES [#3910](https://github.com/microsoft/Microsoft365DSC/issues/3910) +* EXOMailboxCalendarFolder + * Add support for non-English calendar folder names during export + FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056) +* EXOTransportRule + * Fix export of enabled state + FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932) +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fix issue deploying decrypted OmaSettings to another tenant + FIXES [#4083](https://github.com/microsoft/Microsoft365DSC/issues/4083) +* IntuneDeviceConfigurationPolicyMacOS + * Fix resource deployment + FIXES [#3539](https://github.com/microsoft/Microsoft365DSC/issues/3539) + * Ensure resource can cope with Id being empty since it's not mandatory +* O365OrgSettings + * Deprecated the MicrosoftVivaBriefingEmail property + FIXES [#4097](https://github.com/microsoft/Microsoft365DSC/issues/4097) + FIXES [#4080](https://github.com/microsoft/Microsoft365DSC/issues/4080) +* SPOTenantSettings + * Fix bug for DisabledWebPartIds type, should be an array instead of a string + FIXES [#4086](https://github.com/microsoft/Microsoft365DSC/issues/4086) +* TeamsMeetingPolicy + * Allow -1 for NewMeetingRecordingExpirationDays parameter (never expire) + FIXES [#4090](https://github.com/microsoft/Microsoft365DSC/issues/4090) +* TeamsMessagingPolicy + * Added support for property 'AllowVideoMessages' + FIXES [#4021](https://github.com/microsoft/Microsoft365DSC/issues/4021) + # 1.23.1220.1 * AADConditionalAccessPolicy * FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 9475a7e067..5e69138231 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -264,415 +264,414 @@ function Get-TargetResource } } - if ($null -eq $Policy) + if ([String]::IsNullOrEmpty($Policy.id)) { Write-Verbose -Message "No existing Policy with name {$DisplayName} were found" $currentValues = $PSBoundParameters $currentValues.Ensure = 'Absent' return $currentValues } - else - { - Write-Verbose -Message 'Get-TargetResource: Found existing Conditional Access policy' - $PolicyDisplayName = $Policy.DisplayName - Write-Verbose -Message 'Get-TargetResource: Process IncludeUsers' - #translate IncludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All - $IncludeUsers = @() - if ($Policy.Conditions.Users.IncludeUsers) - { - foreach ($IncludeUserGUID in $Policy.Conditions.Users.IncludeUsers) - { - if ($IncludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') - { - $IncludeUser = $null - try - { - $IncludeUser = (Get-MgUser -UserId $IncludeUserGUID -ErrorAction Stop).userprincipalname - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - if ($IncludeUser) - { - $IncludeUsers += $IncludeUser - } - } - else - { - $IncludeUsers += $IncludeUserGUID - } - } - } + Write-Verbose -Message 'Get-TargetResource: Found existing Conditional Access policy' + $PolicyDisplayName = $Policy.DisplayName - Write-Verbose -Message 'Get-TargetResource: Process ExcludeUsers' - #translate ExcludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All - $ExcludeUsers = @() - if ($Policy.Conditions.Users.ExcludeUsers) - { - foreach ($ExcludeUserGUID in $Policy.Conditions.Users.ExcludeUsers) - { - if ($ExcludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') - { - $ExcludeUser = $null - try - { - $ExcludeUser = (Get-MgUser -UserId $ExcludeUserGUID -ErrorAction Stop).userprincipalname - } - catch - { - $message = "Couldn't find user $ExcludeUserGUID , that is defined in policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - if ($ExcludeUser) - { - $ExcludeUsers += $ExcludeUser - } - } - else - { - $ExcludeUsers += $ExcludeUserGUID - } - } - } - - Write-Verbose -Message 'Get-TargetResource: Process IncludeGroups' - #translate IncludeGroup GUIDs to DisplayName - $IncludeGroups = @() - if ($Policy.Conditions.Users.IncludeGroups) + Write-Verbose -Message 'Get-TargetResource: Process IncludeUsers' + #translate IncludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All + $IncludeUsers = @() + if ($Policy.Conditions.Users.IncludeUsers) + { + foreach ($IncludeUserGUID in $Policy.Conditions.Users.IncludeUsers) { - foreach ($IncludeGroupGUID in $Policy.Conditions.Users.IncludeGroups) + if ($IncludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') { - $IncludeGroup = $null + $IncludeUser = $null try { - $IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID).displayname + $IncludeUser = (Get-MgUser -UserId $IncludeUserGUID -ErrorAction Stop).userprincipalname } catch { - $message = "Couldn't find Group $IncludeGroupGUID , that is defined in policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential } - if ($IncludeGroup) + if ($IncludeUser) { - $IncludeGroups += $IncludeGroup + $IncludeUsers += $IncludeUser } } + else + { + $IncludeUsers += $IncludeUserGUID + } } + } - Write-Verbose -Message 'Get-TargetResource: Process ExcludeGroups' - #translate ExcludeGroup GUIDs to DisplayName - $ExcludeGroups = @() - if ($Policy.Conditions.Users.ExcludeGroups) + Write-Verbose -Message 'Get-TargetResource: Process ExcludeUsers' + #translate ExcludeUser GUIDs to UPN, except id value is GuestsOrExternalUsers, None or All + $ExcludeUsers = @() + if ($Policy.Conditions.Users.ExcludeUsers) + { + foreach ($ExcludeUserGUID in $Policy.Conditions.Users.ExcludeUsers) { - foreach ($ExcludeGroupGUID in $Policy.Conditions.Users.ExcludeGroups) + if ($ExcludeUserGUID -notin 'GuestsOrExternalUsers', 'All', 'None') { - $ExcludeGroup = $null + $ExcludeUser = $null try { - $ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID).displayname + $ExcludeUser = (Get-MgUser -UserId $ExcludeUserGUID -ErrorAction Stop).userprincipalname } catch { - $message = "Couldn't find Group $ExcludeGroupGUID , that is defined in policy $PolicyDisplayName" + $message = "Couldn't find user $ExcludeUserGUID , that is defined in policy $PolicyDisplayName" New-M365DSCLogEntry -Message $message ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential } - if ($ExcludeGroup) + if ($ExcludeUser) { - $ExcludeGroups += $ExcludeGroup + $ExcludeUsers += $ExcludeUser } } + else + { + $ExcludeUsers += $ExcludeUserGUID + } } + } - - $IncludeRoles = @() - $ExcludeRoles = @() - #translate role template guids to role name - if ($Policy.Conditions.Users.IncludeRoles -or $Policy.Conditions.Users.ExcludeRoles) + Write-Verbose -Message 'Get-TargetResource: Process IncludeGroups' + #translate IncludeGroup GUIDs to DisplayName + $IncludeGroups = @() + if ($Policy.Conditions.Users.IncludeGroups) + { + foreach ($IncludeGroupGUID in $Policy.Conditions.Users.IncludeGroups) { - Write-Verbose -Message 'Get-TargetResource: Role condition defined, processing' - #build role translation table - $rolelookup = @{} - foreach ($role in Get-MgBetaDirectoryRoleTemplate) + $IncludeGroup = $null + try { - $rolelookup[$role.Id] = $role.DisplayName + $IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID).displayname } - - Write-Verbose -Message 'Get-TargetResource: Processing IncludeRoles' - if ($Policy.Conditions.Users.IncludeRoles) + catch { - foreach ($IncludeRoleGUID in $Policy.Conditions.Users.IncludeRoles) - { - if ($null -eq $rolelookup[$IncludeRoleGUID]) - { - $message = "Couldn't find role $IncludeRoleGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $IncludeRoles += $rolelookup[$IncludeRoleGUID] - } - } + $message = "Couldn't find Group $IncludeGroupGUID , that is defined in policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } - - Write-Verbose -Message 'Get-TargetResource: Processing ExcludeRoles' - if ($Policy.Conditions.Users.ExcludeRoles) + if ($IncludeGroup) { - foreach ($ExcludeRoleGUID in $Policy.Conditions.Users.ExcludeRoles) - { - if ($null -eq $rolelookup[$ExcludeRoleGUID]) - { - $message = "Couldn't find role $ExcludeRoleGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $ExcludeRoles += $rolelookup[$ExcludeRoleGUID] - } - } + $IncludeGroups += $IncludeGroup } - } + } - $IncludeLocations = @() - $ExcludeLocations = @() - #translate Location template guids to Location name - if ($Policy.Conditions.Locations) + Write-Verbose -Message 'Get-TargetResource: Process ExcludeGroups' + #translate ExcludeGroup GUIDs to DisplayName + $ExcludeGroups = @() + if ($Policy.Conditions.Users.ExcludeGroups) + { + foreach ($ExcludeGroupGUID in $Policy.Conditions.Users.ExcludeGroups) { - Write-Verbose -Message 'Get-TargetResource: Location condition defined, processing' - #build Location translation table - $Locationlookup = @{} - foreach ($Location in Get-MgBetaIdentityConditionalAccessNamedLocation) + $ExcludeGroup = $null + try { - $Locationlookup[$Location.Id] = $Location.DisplayName + $ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID).displayname } - - Write-Verbose -Message 'Get-TargetResource: Processing IncludeLocations' - if ($Policy.Conditions.Locations.IncludeLocations) + catch { - foreach ($IncludeLocationGUID in $Policy.Conditions.Locations.IncludeLocations) - { - if ($IncludeLocationGUID -in 'All', 'AllTrusted') - { - $IncludeLocations += $IncludeLocationGUID - } - elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') - { - $IncludeLocations += 'Multifactor authentication trusted IPs' - } - elseif ($null -eq $Locationlookup[$IncludeLocationGUID]) - { - $message = "Couldn't find Location $IncludeLocationGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $IncludeLocations += $Locationlookup[$IncludeLocationGUID] - } - } + $message = "Couldn't find Group $ExcludeGroupGUID , that is defined in policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } - - Write-Verbose -Message 'Get-TargetResource: Processing ExcludeLocations' - if ($Policy.Conditions.Locations.ExcludeLocations) + if ($ExcludeGroup) { - foreach ($ExcludeLocationGUID in $Policy.Conditions.Locations.ExcludeLocations) - { - if ($ExcludeLocationGUID -in 'All', 'AllTrusted') - { - $ExcludeLocations += $ExcludeLocationGUID - } - elseif ($ExcludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') - { - $ExcludeLocations += 'Multifactor authentication trusted IPs' - } - elseif ($null -eq $Locationlookup[$ExcludeLocationGUID]) - { - $message = "Couldn't find Location $ExcludeLocationGUID , couldn't add to policy $PolicyDisplayName" - New-M365DSCLogEntry -Message $message ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - else - { - $ExcludeLocations += $Locationlookup[$ExcludeLocationGUID] - } - } + $ExcludeGroups += $ExcludeGroup } } - if ($Policy.SessionControls.CloudAppSecurity.IsEnabled) - { - $CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType - } - else - { - $CloudAppSecurityType = $null - } - if ($Policy.SessionControls.SignInFrequency.IsEnabled) - { - $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type - $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval - } - else - { - $SignInFrequencyType = $null - $SignInFrequencyIntervalValue = $null - } - if ($Policy.SessionControls.PersistentBrowser.IsEnabled) + } + + + $IncludeRoles = @() + $ExcludeRoles = @() + #translate role template guids to role name + if ($Policy.Conditions.Users.IncludeRoles -or $Policy.Conditions.Users.ExcludeRoles) + { + Write-Verbose -Message 'Get-TargetResource: Role condition defined, processing' + #build role translation table + $rolelookup = @{} + foreach ($role in Get-MgBetaDirectoryRoleTemplate) { - $PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + $rolelookup[$role.Id] = $role.DisplayName } - else + + Write-Verbose -Message 'Get-TargetResource: Processing IncludeRoles' + if ($Policy.Conditions.Users.IncludeRoles) { - $PersistentBrowserMode = $null + foreach ($IncludeRoleGUID in $Policy.Conditions.Users.IncludeRoles) + { + if ($null -eq $rolelookup[$IncludeRoleGUID]) + { + $message = "Couldn't find role $IncludeRoleGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $IncludeRoles += $rolelookup[$IncludeRoleGUID] + } + } } - if ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + + Write-Verbose -Message 'Get-TargetResource: Processing ExcludeRoles' + if ($Policy.Conditions.Users.ExcludeRoles) { - [Array]$IncludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + foreach ($ExcludeRoleGUID in $Policy.Conditions.Users.ExcludeRoles) + { + if ($null -eq $rolelookup[$ExcludeRoleGUID]) + { + $message = "Couldn't find role $ExcludeRoleGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $ExcludeRoles += $rolelookup[$ExcludeRoleGUID] + } + } } - if ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + + } + + $IncludeLocations = @() + $ExcludeLocations = @() + #translate Location template guids to Location name + if ($Policy.Conditions.Locations) + { + Write-Verbose -Message 'Get-TargetResource: Location condition defined, processing' + #build Location translation table + $Locationlookup = @{} + foreach ($Location in Get-MgBetaIdentityConditionalAccessNamedLocation) { - [Array]$ExcludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + $Locationlookup[$Location.Id] = $Location.DisplayName } - $termsOfUseName = $null - if ($Policy.GrantControls.TermsOfUse) + Write-Verbose -Message 'Get-TargetResource: Processing IncludeLocations' + if ($Policy.Conditions.Locations.IncludeLocations) { - $termofUse = Get-MgBetaAgreement | Where-Object -FilterScript { $_.Id -eq $Policy.GrantControls.TermsOfUse } - if ($termOfUse) + foreach ($IncludeLocationGUID in $Policy.Conditions.Locations.IncludeLocations) { - $termOfUseName = $termOfUse.DisplayName + if ($IncludeLocationGUID -in 'All', 'AllTrusted') + { + $IncludeLocations += $IncludeLocationGUID + } + elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') + { + $IncludeLocations += 'Multifactor authentication trusted IPs' + } + elseif ($null -eq $Locationlookup[$IncludeLocationGUID]) + { + $message = "Couldn't find Location $IncludeLocationGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $IncludeLocations += $Locationlookup[$IncludeLocationGUID] + } } } - $AuthenticationStrengthValue = $null - if ($null -ne $Policy.GrantControls -and $null -ne $Policy.GrantControls.AuthenticationStrength -and ` - $null -ne $Policy.GrantControls.AuthenticationStrength.Id) + Write-Verbose -Message 'Get-TargetResource: Processing ExcludeLocations' + if ($Policy.Conditions.Locations.ExcludeLocations) { - $strengthPolicy = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Policy.GrantControls.AuthenticationStrength.Id - if ($null -ne $strengthPolicy) + foreach ($ExcludeLocationGUID in $Policy.Conditions.Locations.ExcludeLocations) { - $AuthenticationStrengthValue = $strengthPolicy.DisplayName + if ($ExcludeLocationGUID -in 'All', 'AllTrusted') + { + $ExcludeLocations += $ExcludeLocationGUID + } + elseif ($ExcludeLocationGUID -eq '00000000-0000-0000-0000-000000000000') + { + $ExcludeLocations += 'Multifactor authentication trusted IPs' + } + elseif ($null -eq $Locationlookup[$ExcludeLocationGUID]) + { + $message = "Couldn't find Location $ExcludeLocationGUID , couldn't add to policy $PolicyDisplayName" + New-M365DSCLogEntry -Message $message ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + else + { + $ExcludeLocations += $Locationlookup[$ExcludeLocationGUID] + } } } + } + if ($Policy.SessionControls.CloudAppSecurity.IsEnabled) + { + $CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType + } + else + { + $CloudAppSecurityType = $null + } + if ($Policy.SessionControls.SignInFrequency.IsEnabled) + { + $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type + $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval + } + else + { + $SignInFrequencyType = $null + $SignInFrequencyIntervalValue = $null + } + if ($Policy.SessionControls.PersistentBrowser.IsEnabled) + { + $PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + } + else + { + $PersistentBrowserMode = $null + } + if ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + { + [Array]$IncludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + } + if ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes) + { + [Array]$ExcludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',') + } + + $termsOfUseName = $null + if ($Policy.GrantControls.TermsOfUse) + { + $termofUse = Get-MgBetaAgreement | Where-Object -FilterScript { $_.Id -eq $Policy.GrantControls.TermsOfUse } + if ($termOfUse) + { + $termOfUseName = $termOfUse.DisplayName + } + } - $AuthenticationContextsValues = @() - if ($null -ne $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + $AuthenticationStrengthValue = $null + if ($null -ne $Policy.GrantControls -and $null -ne $Policy.GrantControls.AuthenticationStrength -and ` + $null -ne $Policy.GrantControls.AuthenticationStrength.Id) + { + $strengthPolicy = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Policy.GrantControls.AuthenticationStrength.Id + if ($null -ne $strengthPolicy) { - foreach ($class in $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + $AuthenticationStrengthValue = $strengthPolicy.DisplayName + } + } + + $AuthenticationContextsValues = @() + if ($null -ne $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + { + foreach ($class in $Policy.Conditions.Applications.IncludeAuthenticationContextClassReferences) + { + $classReference = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` + -AuthenticationContextClassReferenceId $class ` + -ErrorAction SilentlyContinue + if ($null -ne $classReference) { - $classReference = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` - -AuthenticationContextClassReferenceId $class ` - -ErrorAction SilentlyContinue - if ($null -ne $classReference) - { - $AuthenticationContextsValues += $classReference.DisplayName - } + $AuthenticationContextsValues += $classReference.DisplayName } } + } - $result = @{ - DisplayName = $Policy.DisplayName - Id = $Policy.Id - State = $Policy.State - IncludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.IncludeApplications) - #no translation of Application GUIDs, return empty string array if undefined - ExcludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.ExcludeApplications) - #no translation of GUIDs, return empty string array if undefined - IncludeUserActions = [System.String[]](@() + $Policy.Conditions.Applications.IncludeUserActions) - #no translation needed, return empty string array if undefined - IncludeUsers = $IncludeUsers - ExcludeUsers = $ExcludeUsers - IncludeGroups = $IncludeGroups - ExcludeGroups = $ExcludeGroups - IncludeRoles = $IncludeRoles - ExcludeRoles = $ExcludeRoles - IncludeGuestOrExternalUserTypes = [System.String[]]$IncludeGuestOrExternalUserTypes - IncludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind - IncludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) - - ExcludeGuestOrExternalUserTypes = [System.String[]]$ExcludeGuestOrExternalUserTypes - ExcludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind - ExcludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) - - IncludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.IncludePlatforms) - #no translation needed, return empty string array if undefined - ExcludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.ExcludePlatforms) - #no translation needed, return empty string array if undefined - IncludeLocations = $IncludeLocations - ExcludeLocations = $ExcludeLocations - - #no translation needed, return empty string array if undefined - DeviceFilterMode = [System.String]$Policy.Conditions.Devices.DeviceFilter.Mode - #no translation or conversion needed - DeviceFilterRule = [System.String]$Policy.Conditions.Devices.DeviceFilter.Rule - #no translation or conversion needed - UserRiskLevels = [System.String[]](@() + $Policy.Conditions.UserRiskLevels) - #no translation needed, return empty string array if undefined - SignInRiskLevels = [System.String[]](@() + $Policy.Conditions.SignInRiskLevels) - #no translation needed, return empty string array if undefined - ClientAppTypes = [System.String[]](@() + $Policy.Conditions.ClientAppTypes) - #no translation needed, return empty string array if undefined - GrantControlOperator = $Policy.GrantControls.Operator - #no translation or conversion needed - BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) - CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) - #no translation needed, return empty string array if undefined - ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled - #make false if undefined, true if true - CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled - #make false if undefined, true if true - CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType - #no translation needed, return empty string array if undefined - SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled - #make false if undefined, true if true - SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value - #no translation or conversion needed, $null returned if undefined - SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type - SignInFrequencyInterval = $SignInFrequencyIntervalValue - #no translation needed - PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled - #make false if undefined, true if true - PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode - #no translation needed - AuthenticationStrength = $AuthenticationStrengthValue - AuthenticationContexts = $AuthenticationContextsValues - #Standard part - TermsOfUse = $termOfUseName - Ensure = 'Present' - Credential = $Credential - ApplicationSecret = $ApplicationSecret - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $result = @{ + DisplayName = $Policy.DisplayName + Id = $Policy.Id + State = $Policy.State + IncludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.IncludeApplications) + #no translation of Application GUIDs, return empty string array if undefined + ExcludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.ExcludeApplications) + #no translation of GUIDs, return empty string array if undefined + IncludeUserActions = [System.String[]](@() + $Policy.Conditions.Applications.IncludeUserActions) + #no translation needed, return empty string array if undefined + IncludeUsers = $IncludeUsers + ExcludeUsers = $ExcludeUsers + IncludeGroups = $IncludeGroups + ExcludeGroups = $ExcludeGroups + IncludeRoles = $IncludeRoles + ExcludeRoles = $ExcludeRoles + IncludeGuestOrExternalUserTypes = [System.String[]]$IncludeGuestOrExternalUserTypes + IncludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind + IncludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) + + ExcludeGuestOrExternalUserTypes = [System.String[]]$ExcludeGuestOrExternalUserTypes + ExcludeExternalTenantsMembershipKind = [System.String]$Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind + ExcludeExternalTenantsMembers = [System.String[]](@() + $Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members) + + IncludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.IncludePlatforms) + #no translation needed, return empty string array if undefined + ExcludePlatforms = [System.String[]](@() + $Policy.Conditions.Platforms.ExcludePlatforms) + #no translation needed, return empty string array if undefined + IncludeLocations = $IncludeLocations + ExcludeLocations = $ExcludeLocations + + #no translation needed, return empty string array if undefined + DeviceFilterMode = [System.String]$Policy.Conditions.Devices.DeviceFilter.Mode + #no translation or conversion needed + DeviceFilterRule = [System.String]$Policy.Conditions.Devices.DeviceFilter.Rule + #no translation or conversion needed + UserRiskLevels = [System.String[]](@() + $Policy.Conditions.UserRiskLevels) + #no translation needed, return empty string array if undefined + SignInRiskLevels = [System.String[]](@() + $Policy.Conditions.SignInRiskLevels) + #no translation needed, return empty string array if undefined + ClientAppTypes = [System.String[]](@() + $Policy.Conditions.ClientAppTypes) + #no translation needed, return empty string array if undefined + GrantControlOperator = $Policy.GrantControls.Operator + #no translation or conversion needed + BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) + CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) + #no translation needed, return empty string array if undefined + ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled + #make false if undefined, true if true + CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled + #make false if undefined, true if true + CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType + #no translation needed, return empty string array if undefined + SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled + #make false if undefined, true if true + SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value + #no translation or conversion needed, $null returned if undefined + SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type + SignInFrequencyInterval = $SignInFrequencyIntervalValue + #no translation needed + PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled + #make false if undefined, true if true + PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode + #no translation needed + AuthenticationStrength = $AuthenticationStrengthValue + AuthenticationContexts = $AuthenticationContextsValues + #Standard part + TermsOfUse = $termOfUseName + Ensure = 'Present' + Credential = $Credential + ApplicationSecret = $ApplicationSecret + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } function Set-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 index 301eddb73f..44c5a697ae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 @@ -117,6 +117,11 @@ function Get-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), + [Parameter()] + [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] + [System.String] + $TargetedDomainProtectionAction = 'NoAction', + [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), @@ -223,6 +228,12 @@ function Get-TargetResource $TargetedUserProtectionActionValue = 'NoAction' } + $TargetedDomainProtectionActionValue = $AntiPhishPolicy.TargetedDomainProtectionAction + if ([System.String]::IsNullOrEmpty($TargetedDomainProtectionActionValue)) + { + $TargetedDomainProtectionActionValue = 'NoAction' + } + $result = @{ Identity = $Identity AdminDisplayName = $AntiPhishPolicy.AdminDisplayName @@ -250,6 +261,7 @@ function Get-TargetResource MakeDefault = $AntiPhishPolicy.IsDefault PhishThresholdLevel = $PhishThresholdLevelValue TargetedDomainActionRecipients = $AntiPhishPolicy.TargetedDomainActionRecipients + TargetedDomainProtectionAction = $TargetedDomainProtectionActionValue TargetedDomainsToProtect = $AntiPhishPolicy.TargetedDomainsToProtect TargetedDomainQuarantineTag = $AntiPhishPolicy.TargetedDomainQuarantineTag TargetedUserActionRecipients = $AntiPhishPolicy.TargetedUserActionRecipients @@ -401,6 +413,11 @@ function Set-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), + [Parameter()] + [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] + [System.String] + $TargetedDomainProtectionAction = 'NoAction', + [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), @@ -624,6 +641,11 @@ function Test-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), + [Parameter()] + [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] + [System.String] + $TargetedDomainProtectionAction = 'NoAction', + [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof index 5da587ef4e..7beea61e89 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof @@ -29,6 +29,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Write, Description("The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence.")] String MailboxIntelligenceQuarantineTag; [Write, Description("The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence.")] String SpoofQuarantineTag; [Write, Description("The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedDomainActionRecipients[]; + [Write, Description("The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedDomainProtectionAction; [Write, Description("The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.")] String TargetedDomainsToProtect[]; [Write, Description("The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection.")] String TargetedDomainQuarantineTag; [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof index cc46b7a7a3..0f6c1123b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOInboundConnector/MSFT_EXOInboundConnector.schema.mof @@ -4,9 +4,9 @@ class MSFT_EXOInboundConnector : OMI_BaseResource { [Key, Description("The Identity parameter specifies the outbound connector that you want to modify.")] String Identity; [Write, Description("The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com.")] String AssociatedAcceptedDomains[]; - [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false")] Boolean CloudServicesMailEnabled; + [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!")] Boolean CloudServicesMailEnabled; [Write, Description("The Comment parameter specifies an optional comment.")] String Comment; - [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; + [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises"),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; [Write, Description("The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.")] String EFSkipIPs[]; [Write, Description("The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors.")] Boolean EFSkipLastIP; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof index ad76daaf7d..070d9c825d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.schema.mof @@ -2,13 +2,13 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOMailTips")] class MSFT_EXOMailTips : OMI_BaseResource { - [Key] String Organization; + [Key, Description("Specify the name of your organization.")] String Organization; [Write, Description("Specifies whether MailTips are enabled.")] Boolean MailTipsAllTipsEnabled; [Write, Description("Specifies whether MailTips that rely on group metrics data are enabled.")] Boolean MailTipsGroupMetricsEnabled; [Write, Description("Specifies what a large audience is.")] UInt32 MailTipsLargeAudienceThreshold; [Write, Description("Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.")] Boolean MailTipsMailboxSourcedTipsEnabled; [Write, Description("Specifies whether MailTips for external recipients are enabled.")] Boolean MailTipsExternalRecipientsTipsEnabled; - [Write, ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Specifies if this MailTip should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 index f95da5fd4e..72f75da2b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 @@ -419,7 +419,9 @@ function Export-TargetResource $i = 1 foreach ($mailbox in $mailboxes) { - $folderPath = $mailbox.UserPrincipalName + ':\Calendar' + # Name of calendar folder depends on the language of the mailbox + $calendarFolderName = (Get-MailboxFolderStatistics -Identity $($mailbox.UserPrincipalName) -FolderScope Calendar | Where-Object {$_.FolderType -eq 'Calendar'}).Name + $folderPath = $mailbox.UserPrincipalName + ':\' + $calendarFolderName Write-Host " |---[$i/$($mailboxes.Count)] $($folderPath)" -NoNewline $Params = @{ Identity = $folderPath @@ -452,7 +454,6 @@ function Export-TargetResource $i++ } - return $dscContent } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof index 6af4a83d19..8f6b555c4b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.schema.mof @@ -6,18 +6,18 @@ class MSFT_EXOOutboundConnector : OMI_BaseResource [Write, Description("Specifies whether connector is enabled.")] Boolean Enabled; [Write, Description("Specifies whether connector should use MXRecords for target resolution.")] Boolean UseMXRecord; [Write, Description("The Comment parameter specifies an optional comment.")] String Comment; - [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard "), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; - [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises"),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; + [Write, Description("The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!"), ValueMap{"Default","Migrated","HybridWizard"}, Values{"Default","Migrated","HybridWizard"}] String ConnectorSource; + [Write, Description("The ConnectorType parameter specifies a category for the domains that are serviced by the connector."),ValueMap{"Partner","OnPremises"},Values{"Partner","OnPremises"}] String ConnectorType; [Write, Description("The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas.")] String RecipientDomains[]; [Write, Description("The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line.")] String SmartHosts[]; [Write, Description("The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com")] String TlsDomain; - [Write, Description("The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. Valid values are:EncryptionOnly | CertificateValidation | DomainValidation"), ValueMap{"EncryptionOnly","CertificateValidation","DomainValidation"}, Values{"EncryptionOnly","CertificateValidation","DomainValidation"}] String TlsSettings; - [Write, Description("The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). Valid values are: $true | $false")] Boolean IsTransportRuleScoped; - [Write, Description("The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). Valid values are: $true | $false")] Boolean RouteAllMessagesViaOnPremises; - [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false")] Boolean CloudServicesMailEnabled; - [Write, Description("The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. Valid values are: $true | $false (default)")] Boolean AllAcceptedDomains; + [Write, Description("The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector."), ValueMap{"EncryptionOnly","CertificateValidation","DomainValidation"}, Values{"EncryptionOnly","CertificateValidation","DomainValidation"}] String TlsSettings; + [Write, Description("The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).")] Boolean IsTransportRuleScoped; + [Write, Description("The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting).")] Boolean RouteAllMessagesViaOnPremises; + [Write, Description("The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!")] Boolean CloudServicesMailEnabled; + [Write, Description("The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.")] Boolean AllAcceptedDomains; [Write, Description("The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system.")] Boolean SenderRewritingEnabled; - [Write, Description("The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. Valid values are: $true | $false (default)")] Boolean TestMode; + [Write, Description("The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.")] Boolean TestMode; [Write, Description("The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas.")] String ValidationRecipients[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 new file mode 100644 index 0000000000..32003b72a4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -0,0 +1,719 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of ReportSubmissionPolicy" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $nullReturn.IsSingleInstance = 'Yes' + + try + { + $ReportSubmissionPolicy = Get-ReportSubmissionPolicy -ErrorAction Stop + + if ($null -eq $ReportSubmissionPolicy) + { + Write-Verbose -Message "ReportSubmissionPolicy does not exist." + return $nullReturn + } + else + { + $result = @{ + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $ReportSubmissionPolicy.DisableQuarantineReportingOption + EnableCustomNotificationSender = $ReportSubmissionPolicy.EnableCustomNotificationSender + EnableOrganizationBranding = $ReportSubmissionPolicy.EnableOrganizationBranding + EnableReportToMicrosoft = $ReportSubmissionPolicy.EnableReportToMicrosoft + EnableThirdPartyAddress = $ReportSubmissionPolicy.EnableThirdPartyAddress + EnableUserEmailNotification = $ReportSubmissionPolicy.EnableUserEmailNotification + JunkReviewResultMessage = $ReportSubmissionPolicy.JunkReviewResultMessage + NotJunkReviewResultMessage = $ReportSubmissionPolicy.NotJunkReviewResultMessage + NotificationFooterMessage = $ReportSubmissionPolicy.NotificationFooterMessage + NotificationSenderAddress = $ReportSubmissionPolicy.NotificationSenderAddress + PhishingReviewResultMessage = $ReportSubmissionPolicy.PhishingReviewResultMessage + PostSubmitMessage = $ReportSubmissionPolicy.PostSubmitMessage + PostSubmitMessageEnabled = $ReportSubmissionPolicy.PostSubmitMessageEnabled + PostSubmitMessageTitle = $ReportSubmissionPolicy.PostSubmitMessageTitle + PreSubmitMessage = $ReportSubmissionPolicy.PreSubmitMessage + PreSubmitMessageEnabled = $ReportSubmissionPolicy.PreSubmitMessageEnabled + PreSubmitMessageTitle = $ReportSubmissionPolicy.PreSubmitMessageTitle + ReportJunkAddresses = $ReportSubmissionPolicy.ReportJunkAddresses + ReportJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportJunkToCustomizedAddress + ReportNotJunkAddresses = $ReportSubmissionPolicy.ReportNotJunkAddresses + ReportNotJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress + ReportPhishAddresses = $ReportSubmissionPolicy.ReportPhishAddresses + ReportPhishToCustomizedAddress = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress + ThirdPartyReportAddresses = $ReportSubmissionPolicy.ThirdPartyReportAddresses + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } + + Write-Verbose -Message "Found ReportSubmissionPolicy" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message "Setting configuration of ReportSubmissionPolicy" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentReportSubmissionPolicy = Get-TargetResource @PSBoundParameters + + $ReportSubmissionPolicyParams = [System.Collections.Hashtable]($PSBoundParameters) + $ReportSubmissionPolicyParams.Remove('Ensure') | Out-Null + $ReportSubmissionPolicyParams.Remove('IsSingleInstance') | Out-Null + $ReportSubmissionPolicyParams.Remove('Credential') | Out-Null + $ReportSubmissionPolicyParams.Remove('ApplicationId') | Out-Null + $ReportSubmissionPolicyParams.Remove('TenantId') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificateThumbprint') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificatePath') | Out-Null + $ReportSubmissionPolicyParams.Remove('CertificatePassword') | Out-Null + $ReportSubmissionPolicyParams.Remove('ManagedIdentity') | Out-Null + $ReportSubmissionPolicyParams.Add('Identity', 'DefaultReportSubmissionPolicy') | Out-Null + + if ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating ReportSubmissionPolicy" + + New-ReportSubmissionPolicy + Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false + } + elseif ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') + { + Write-Verbose -Message "Setting ReportSubmissionPolicy with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionPolicyParams)" + Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false + } + elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing ReportSubmissionPolicy" + Remove-ReportSubmissionPolicy -Identity "DefaultReportSubmissionPolicy" + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of ReportSubmissionPolicy" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $ReportSubmissionPolicy = Get-ReportSubmissionPolicy -ErrorAction Stop + if ($ReportSubmissionPolicy.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + + Write-Host " |---Export Default ReportSubmissionPolicy" -NoNewline + + $Params = @{ + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + IsSingleInstance = 'Yes' + } + + $Results = Get-TargetResource @Params + + $keysToRemove = @() + foreach ($key in $Results.Keys) + { + if ([System.String]::IsNullOrEmpty($Results.$key)) + { + $keysToRemove += $key + } + } + foreach ($key in $keysToRemove) + { + $Results.Remove($key) | Out-Null + } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof new file mode 100644 index 0000000000..b23f9eef75 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -0,0 +1,38 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("EXOReportSubmissionPolicy")] +class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.")] Boolean DisableQuarantineReportingOption; + [Write, Description("The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableCustomNotificationSender; + [Write, Description("The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableOrganizationBranding; + [Write, Description("The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled.")] Boolean EnableReportToMicrosoft; + [Write, Description("The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online.")] Boolean EnableThirdPartyAddress; + [Write, Description("The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] Boolean EnableUserEmailNotification; + [Write, Description("The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk.")] String JunkReviewResultMessage; + [Write, Description("The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk.")] String NotJunkReviewResultMessage; + [Write, Description("The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] String NotificationFooterMessage; + [Write, Description("The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.")] String NotificationSenderAddress; + [Write, Description("The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing.")] String PhishingReviewResultMessage; + [Write, Description("The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages.")] String PostSubmitMessage; + [Write, Description("The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools.")] Boolean PostSubmitMessageEnabled; + [Write, Description("The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages.")] String PostSubmitMessageTitle; + [Write, Description("The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. ")] String PreSubmitMessage; + [Write, Description("The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools.")] Boolean PreSubmitMessageEnabled; + [Write, Description("The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages.")] String PreSubmitMessageTitle; + [Write, Description("The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportJunkAddresses[]; + [Write, Description("The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. ")] Boolean ReportJunkToCustomizedAddress; + [Write, Description("The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportNotJunkAddresses[]; + [Write, Description("The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportNotJunkToCustomizedAddress; + [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[]; + [Write, Description("The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; + [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[]; + [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md new file mode 100644 index 0000000000..7541b9ecf4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/readme.md @@ -0,0 +1,5 @@ +# EXOReportSubmissionPolicy + +## Description + +Create or modify an EXOReportSubmissionPolicy in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json new file mode 100644 index 0000000000..53824b15a2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOReportSubmissionPolicy", + "description": "", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Transport Hygiene", + "Security Admin", + "View-Only Configuration", + "Security Reader" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 new file mode 100644 index 0000000000..775c1e0fc5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -0,0 +1,450 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $SentTo = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of ReportSubmissionRule" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $nullReturn.IsSingleInstance = 'Yes' + + try + { + $ReportSubmissionRule = Get-ReportSubmissionRule -ErrorAction Stop + + if ($null -eq $ReportSubmissionRule) + { + Write-Verbose -Message "ReportSubmissionRule does not exist." + return $nullReturn + } + else + { + $result = @{ + IsSingleInstance = 'Yes' + Identity = $ReportSubmissionRule.Identity + Comments = $ReportSubmissionRule.Comments + SentTo = $ReportSubmissionRule.SentTo + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } + + Write-Verbose -Message "Found ReportSubmissionRule" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $SentTo = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message "Setting configuration of ReportSubmissionRule" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentReportSubmissionRule = Get-TargetResource @PSBoundParameters + + $ReportSubmissionRuleParams = [System.Collections.Hashtable]($PSBoundParameters) + $ReportSubmissionRuleParams.Remove('Ensure') | Out-Null + $ReportSubmissionRuleParams.Remove('IsSingleInstance') | Out-Null + $ReportSubmissionRuleParams.Remove('Credential') | Out-Null + $ReportSubmissionRuleParams.Remove('ApplicationId') | Out-Null + $ReportSubmissionRuleParams.Remove('TenantId') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificateThumbprint') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificatePath') | Out-Null + $ReportSubmissionRuleParams.Remove('CertificatePassword') | Out-Null + $ReportSubmissionRuleParams.Remove('ManagedIdentity') | Out-Null + + if ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating ReportSubmissionRule" + + $ReportSubmissionRuleParams.Add('Name', $Identity) | Out-Null + $ReportSubmissionRuleParams.Remove('Identity') | Out-Null + # There is only one ReportSubmissionPolicy, so we can hardcode the identity. + $ReportSubmissionRuleParams.Add('ReportSubmissionPolicy', 'DefaultReportSubmissionPolicy') | Out-Null + + New-ReportSubmissionRule @ReportSubmissionRuleParams + } + elseif ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Present') + { + Write-Verbose -Message "Setting ReportSubmissionRule with values: $(Convert-M365DscHashtableToString -Hashtable $ReportSubmissionRuleParams)" + Set-ReportSubmissionRule @ReportSubmissionRuleParams -Confirm:$false + } + elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionRule.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing ReportSubmissionRule" + Remove-ReportSubmissionRule -Identity $Identity -Confirm:$false + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $SentTo = @(), + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of ReportSubmissionRule" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $ReportSubmissionRule = Get-ReportSubmissionRule -ErrorAction Stop + if ($ReportSubmissionRule.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $dscContent = '' + + Write-Host " |---Export ReportSubmissionRule" -NoNewline + + $Params = @{ + Identity = $ReportSubmissionRule.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + IsSingleInstance = 'Yes' + } + + $Results = Get-TargetResource @Params + + $keysToRemove = @() + foreach ($key in $Results.Keys) + { + if ([System.String]::IsNullOrEmpty($Results.$key)) + { + $keysToRemove += $key + } + } + foreach ($key in $keysToRemove) + { + $Results.Remove($key) | Out-Null + } + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof new file mode 100644 index 0000000000..f5f8d47198 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.schema.mof @@ -0,0 +1,17 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("EXOReportSubmissionRule")] +class MSFT_EXOReportSubmissionRule : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The Identity parameter specifies the report submission rule that you want to modify.")] String Identity; + [Write, Description("The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.")] String Comments; + [Write, Description("The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.")] String SentTo[]; + [Write, Description("Specifies if this report submission rule should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md new file mode 100644 index 0000000000..c0186b1109 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/readme.md @@ -0,0 +1,5 @@ +# EXOReportSubmissionRule + +## Description + +Create or modify an EXOReportSubmissionRule in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json new file mode 100644 index 0000000000..7991aee13b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "EXOReportSubmissionRule", + "description": "", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Transport Hygiene", + "Security Admin", + "View-Only Configuration", + "Security Reader" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index 6dd6a7d7ae..726c860b29 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -294,7 +294,7 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -327,7 +327,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -463,7 +463,7 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -496,7 +496,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -523,7 +523,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] @@ -780,6 +780,16 @@ function Get-TargetResource { $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'") } + + if ($TransportRule.State -eq "Enabled") + { + $enabled = $true + } + else + { + $enabled = $false + } + $result = @{ Name = $TransportRule.Name ADComparisonAttribute = $TransportRule.ADComparisonAttribute @@ -820,7 +830,7 @@ function Get-TargetResource CopyTo = $TransportRule.CopyTo DeleteMessage = $TransportRule.DeleteMessage DlpPolicy = $TransportRule.DlpPolicy - Enabled = $TransportRule.Enabled + Enabled = $enabled ExceptIfADComparisonAttribute = $TransportRule.ExceptIfADComparisonAttribute ExceptIfADComparisonOperator = $TransportRule.ExceptIfADComparisonOperator ExceptIfAnyOfCcHeader = $TransportRule.ExceptIfAnyOfCcHeader @@ -851,7 +861,6 @@ function Get-TargetResource ExceptIfFromScope = $TransportRule.ExceptIfFromScope ExceptIfHasClassification = $TransportRule.ExceptIfHasClassification ExceptIfHasNoClassification = $TransportRule.ExceptIfHasNoClassification - ExceptIfHasSenderOverride = $TransportRule.ExceptIfHasSenderOverride ExceptIfHeaderContainsMessageHeader = $TransportRule.ExceptIfHeaderContainsMessageHeader ExceptIfHeaderContainsWords = $TransportRule.ExceptIfHeaderContainsWords ExceptIfHeaderMatchesMessageHeader = $TransportRule.ExceptIfHeaderMatchesMessageHeader @@ -859,7 +868,6 @@ function Get-TargetResource ExceptIfManagerAddresses = $TransportRule.ExceptIfManagerAddresses ExceptIfManagerForEvaluatedUser = $TransportRule.ExceptIfManagerForEvaluatedUser ExceptIfMessageTypeMatches = $TransportRule.ExceptIfMessageTypeMatches - ExceptIfMessageContainsDataClassifications = $TransportRule.ExceptIfMessageContainsDataClassifications ExceptIfMessageSizeOver = $TransportRule.ExceptIfMessageSizeOver ExceptIfRecipientADAttributeContainsWords = $TransportRule.ExceptIfRecipientADAttributeContainsWords ExceptIfRecipientADAttributeMatchesPatterns = $TransportRule.ExceptIfRecipientADAttributeMatchesPatterns @@ -892,7 +900,6 @@ function Get-TargetResource GenerateNotification = $TransportRule.GenerateNotification HasClassification = $TransportRule.HasClassification HasNoClassification = $TransportRule.HasNoClassification - HasSenderOverride = $TransportRule.HasSenderOverride HeaderContainsMessageHeader = $TransportRule.HeaderContainsMessageHeader HeaderContainsWords = $TransportRule.HeaderContainsWords HeaderMatchesMessageHeader = $TransportRule.HeaderMatchesMessageHeader @@ -900,13 +907,11 @@ function Get-TargetResource IncidentReportContent = $TransportRule.IncidentReportContent ManagerAddresses = $TransportRule.ManagerAddresses ManagerForEvaluatedUser = $TransportRule.ManagerForEvaluatedUser - MessageContainsDataClassifications = $MessageContainsDataClassificationsValue MessageSizeOver = $TransportRule.MessageSizeOver MessageTypeMatches = $TransportRule.MessageTypeMatches Mode = $TransportRule.Mode ModerateMessageByManager = $TransportRule.ModerateMessageByManager ModerateMessageByUser = $TransportRule.ModerateMessageByUser - NotifySender = $TransportRule.NotifySender PrependSubject = $TransportRule.PrependSubject Priority = $TransportRule.Priority Quarantine = $TransportRule.Quarantine @@ -1269,7 +1274,7 @@ function Set-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -1302,7 +1307,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -1438,7 +1443,7 @@ function Set-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -1471,7 +1476,7 @@ function Set-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -1498,7 +1503,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] @@ -1739,6 +1744,22 @@ function Set-TargetResource $NewTransportRuleParams.Remove('CertificatePassword') | Out-Null $NewTransportRuleParams.Remove('ManagedIdentity') | Out-Null + # check for deprecated DLP parameters and remove them + if ($NewTransportRuleParams.ContainsKey('MessageContainsDataClassifications') ` + -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') ` + -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') ` + -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') ` + -or $NewTransportRuleParams.ContainsKey('NotifySender')) + { + $NewTransportRuleParams.Remove('MessageContainsDataClassifications') | Out-Null + $NewTransportRuleParams.Remove('ExceptIfMessageContainsDataClassifications') | Out-Null + $NewTransportRuleParams.Remove('HasSenderOverride') | Out-Null + $NewTransportRuleParams.Remove('ExceptIfHasSenderOverride') | Out-Null + $NewTransportRuleParams.Remove('NotifySender') | Out-Null + + Write-Verbose -Message "DEPRECATED - The DLP parameters (MessageContainsDataClassifications, ExceptIfMessageContainsDataClassifications, ExceptIfHasSenderOverride, HasSenderOverride and NotifySender) are deprecated and will be ignored." + } + $SetTransportRuleParams = $NewTransportRuleParams.Clone() $SetTransportRuleParams.Add('Identity', $Name) $SetTransportRuleParams.Remove('Enabled') | Out-Null @@ -2062,7 +2083,7 @@ function Test-TargetResource [Parameter()] [System.Boolean] - $ExceptIfHasSenderOverride, + $ExceptIfHasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -2095,7 +2116,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $ExceptIfMessageContainsDataClassifications = @(), + $ExceptIfMessageContainsDataClassifications = @(), #DEPRECATED [Parameter()] [System.String] @@ -2231,7 +2252,7 @@ function Test-TargetResource [Parameter()] [System.Boolean] - $HasSenderOverride, + $HasSenderOverride, #DEPRECATED [Parameter()] [System.String] @@ -2264,7 +2285,7 @@ function Test-TargetResource [Parameter()] [System.String[]] - $MessageContainsDataClassifications, + $MessageContainsDataClassifications, #DEPRECATED [Parameter()] [System.String] @@ -2291,7 +2312,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('NotifyOnly', 'RejectMessage', 'RejectUnlessFalsePositiveOverride', 'RejectUnlessSilentOverride', 'RejectUnlessExplicitOverride')] [System.String] - $NotifySender, + $NotifySender, #DEPRECATED [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof index 719d45221a..d97a4e60e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof @@ -71,7 +71,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders."), ValueMap{"InOrganization","NotInOrganization"}, Values{"InOrganization","NotInOrganization"}] String ExceptIfFromScope; [Write, Description("The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification.")] String ExceptIfHasClassification; [Write, Description("The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications.")] Boolean ExceptIfHasNoClassification; - [Write, Description("The ExceptIfHasSenderOverride parameter specifies an exception that looks for messages where the sender chose to override a DLP policy.")] Boolean ExceptIfHasSenderOverride; + [Write, Description("DEPRECATED")] Boolean ExceptIfHasSenderOverride; [Write, Description("The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter.")] String ExceptIfHeaderContainsMessageHeader; [Write, Description("The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field.")] String ExceptIfHeaderContainsWords[]; [Write, Description("The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter.")] String ExceptIfHeaderMatchesMessageHeader; @@ -79,7 +79,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ExceptIfManagerAddresses[]; [Write, Description("The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.")] String ExceptIfManagerForEvaluatedUser; [Write, Description("The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String ExceptIfMessageTypeMatches; - [Write, Description("The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments.")] String ExceptIfMessageContainsDataClassifications[]; + [Write, Description("DEPRECATED")] String ExceptIfMessageContainsDataClassifications[]; [Write, Description("The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ")] String ExceptIfMessageSizeOver; [Write, Description("The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.")] String ExceptIfRecipientADAttributeContainsWords[]; [Write, Description("The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.")] String ExceptIfRecipientADAttributeMatchesPatterns[]; @@ -112,7 +112,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The GenerateNotification parameter specifies an action that sends a notification message to recipients.")] String GenerateNotification; [Write, Description("The HasClassification parameter specifies a condition that looks for messages with the specified message classification.")] String HasClassification; [Write, Description("The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications.")] Boolean HasNoClassification; - [Write, Description("The HasSenderOverride parameter specifies a condition that looks for messages where the sender chose to override a DLP policy.")] Boolean HasSenderOverride; + [Write, Description("DEPRECATED")] Boolean HasSenderOverride; [Write, Description("The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter.")] String HeaderContainsMessageHeader; [Write, Description("The HeaderContainsWords parameter specifies a condition that looks for words in a header field.")] String HeaderContainsWords[]; [Write, Description("The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.")] String HeaderMatchesMessageHeader; @@ -120,13 +120,13 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. ")] String IncidentReportContent[]; [Write, Description("The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ManagerAddresses[]; [Write, Description("The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients."), ValueMap{"Recipient","Sender"}, Values{"Recipient","Sender"}] String ManagerForEvaluatedUser; - [Write, Description("The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments.")] String MessageContainsDataClassifications[]; + [Write, Description("DEPRECATED")] String MessageContainsDataClassifications[]; [Write, Description("The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.")] String MessageSizeOver; [Write, Description("The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String MessageTypeMatches; [Write, Description("The Mode parameter specifies how the rule operates."), ValueMap{"Audit","AuditAndNotify","Enforce"}, Values{"Audit","AuditAndNotify","Enforce"}] String Mode; [Write, Description("The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute.")] Boolean ModerateMessageByManager; [Write, Description("The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users.")] String ModerateMessageByUser[]; - [Write, Description("The NotifySender parameter specifies an action that notifies the sender when messages violate DLP policies."), ValueMap{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}, Values{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}] String NotifySender; + [Write, Description("DEPRECATED"), ValueMap{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}, Values{"NotifyOnly","RejectMessage","RejectUnlessFalsePositiveOverride","RejectUnlessSilentOverride","RejectUnlessExplicitOverride"}] String NotifySender; [Write, Description("The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages.")] String PrependSubject; [Write, Description("The Priority parameter specifies a priority value for the rule that determines the order of rule processing.")] String Priority; [Write, Description("The Quarantine parameter specifies an action that quarantines messages.")] Boolean Quarantine; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 26369ba93e..6eb10811c2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -120,6 +120,7 @@ function Get-TargetResource if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue)) { $currentomaSettings.value = $OmaSettingPlainTextValue + $currentomaSettings.isEncrypted = $false } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index f97e8e2d40..5936b4ac81 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1,3 +1,9 @@ +# More information on the properties can be found here: +# - https://learn.microsoft.com/en-us/graph/api/intune-deviceconfig-macosgeneraldeviceconfiguration-create?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applistitem?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-macosprivacyaccesscontrolitem?view=graph-rest-beta +# - https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-macosappleeventreceiver?view=graph-rest-beta + function Get-TargetResource { [CmdletBinding()] @@ -317,7 +323,14 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + try + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction Stop + } + catch + { + $getValue = $null + } #region resource generator code if ($null -eq $getValue) @@ -336,7 +349,7 @@ function Get-TargetResource return $nullResult } - Write-Verbose -Message "Found something with id {$id}" + Write-Verbose -Message "Found something with id {$($getValue.id)}" $results = @{ #region resource generator code @@ -417,7 +430,7 @@ function Get-TargetResource $results.Add('PrivacyAccessControls', $getValue.additionalProperties.privacyAccessControls) } - $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() foreach ($assignmentEntry in $AssignmentsValues) { @@ -762,14 +775,10 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - + if ($UpdateDelayPolicy.Count -gt 0) + { + $UpdateDelayPolicy = $UpdateDelayPolicy -join ',' + } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -791,7 +800,6 @@ function Set-TargetResource }#> $CreateParameters.Remove('Id') | Out-Null - $CreateParameters.Remove('Verbose') | Out-Null foreach ($key in ($CreateParameters.clone()).Keys) { @@ -842,7 +850,6 @@ function Set-TargetResource }#> $UpdateParameters.Remove('Id') | Out-Null - $UpdateParameters.Remove('Verbose') | Out-Null foreach ($key in ($UpdateParameters.clone()).Keys) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 496c10318c..02cf9eaed4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -11,59 +11,59 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphapplistitemMacOS { - [Write, Description(""), ValueMap{"#microsoft.graph.appleAppListItem"}, Values{"#microsoft.graph.appleAppListItem"}] String odataType; - [Write, Description("")] String appId; - [Write, Description("")] String appStoreUrl; - [Write, Description("")] String name; - [Write, Description("")] String publisher; + [Write, Description("Specify the odataType"), ValueMap{"#microsoft.graph.appleAppListItem"}, Values{"#microsoft.graph.appleAppListItem"}] String odataType; + [Write, Description("The application or bundle identifier of the application")] String appId; + [Write, Description("The Store URL of the application")] String appStoreUrl; + [Write, Description("The application name")] String name; + [Write, Description("The publisher of the application")] String publisher; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String accessibility; - [Write, Description("Blocks iCloud from syncing contacts."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String addressBook; - [Write, Description(""), EmbeddedInstance("MSFT_MicrosoftGraphmacosappleeventreceiver")] String appleEventsAllowedReceivers[]; - [Write, Description("")] Boolean blockCamera; - [Write, Description("")] Boolean blockListenEvent; - [Write, Description("")] Boolean blockMicrophone; - [Write, Description("")] Boolean blockScreenCapture; - [Write, Description("Blocks iCloud from syncing calendars."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String calendar; - [Write, Description("")] String codeRequirement; - [Write, Description("")] String displayName; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String fileProviderPresence; - [Write, Description("")] String identifier; - [Write, Description(""), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String mediaLibrary; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String photos; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String postEvent; - [Write, Description("Blocks iCloud from syncing reminders."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String reminders; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String speechRecognition; - [Write, Description("")] Boolean staticCodeValidation; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyAllFiles; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDesktopFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDocumentsFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDownloadsFolder; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyNetworkVolumes; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyRemovableVolumes; - [Write, Description(""), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicySystemAdminFiles; + [Write, Description("Allow the app or process to control the Mac via the Accessibility subsystem."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String accessibility; + [Write, Description("Allow or block access to contact information managed by Contacts."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String addressBook; + [Write, Description("Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process."), EmbeddedInstance("MSFT_MicrosoftGraphmacosappleeventreceiver")] String appleEventsAllowedReceivers[]; + [Write, Description("Block access to camera app.")] Boolean blockCamera; + [Write, Description("Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.")] Boolean blockListenEvent; + [Write, Description("Block access to microphone.")] Boolean blockMicrophone; + [Write, Description("Block app from capturing contents of system display. Requires macOS 10.15 or later.")] Boolean blockScreenCapture; + [Write, Description("Allow or block access to event information managed by Calendar."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String calendar; + [Write, Description("Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'.")] String codeRequirement; + [Write, Description("The display name of the app, process, or executable.")] String displayName; + [Write, Description("Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String fileProviderPresence; + [Write, Description("The bundle ID or path of the app, process, or executable.")] String identifier; + [Write, Description("A bundle ID is used to identify an app. A path is used to identify a process or executable."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; + [Write, Description("Allow or block access to music and the media library."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String mediaLibrary; + [Write, Description("Allow or block access to images managed by Photos."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String photos; + [Write, Description("Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String postEvent; + [Write, Description("Allow or block access to information managed by Reminders."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String reminders; + [Write, Description("Allow or block access to system speech recognition facility."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String speechRecognition; + [Write, Description("Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.")] Boolean staticCodeValidation; + [Write, Description("Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyAllFiles; + [Write, Description("Allow or block access to Desktop folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDesktopFolder; + [Write, Description("Allow or block access to Documents folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDocumentsFolder; + [Write, Description("Allow or block access to Downloads folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDownloadsFolder; + [Write, Description("Allow or block access to network volumes. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyNetworkVolumes; + [Write, Description("Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyRemovableVolumes; + [Write, Description("Allow app or process to access files used in system administration."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicySystemAdminFiles; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphmacosappleeventreceiver { - [Write, Description("")] Boolean allowed; - [Write, Description("")] String codeRequirement; - [Write, Description("")] String identifier; - [Write, Description(""), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; + [Write, Description("Allow or block this app from receiving Apple events.")] Boolean allowed; + [Write, Description("Code requirement for the app or binary that receives the Apple Event.")] String codeRequirement; + [Write, Description("Bundle ID of the app or file path of the process or executable that receives the Apple Event.")] String identifier; + [Write, Description("Use bundle ID for an app or path for a process or executable that receives the Apple Event."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyMacOS")] class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("")] String Id; - [Key, Description("")] String DisplayName; - [Write, Description("")] String Description; - [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; - [Write, Description("")] Boolean AirDropBlocked; + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.")] Boolean AddingGameCenterFriendsBlocked; + [Write, Description("Configures whether or not to allow AirDrop.")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; [Write, Description("Blocks users from taking photographs and videos.")] Boolean CameraBlocked; [Write, Description("Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots.")] Boolean ClassroomAppBlockRemoteScreenObservation; @@ -72,12 +72,12 @@ class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource [Write, Description("Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.")] Boolean ClassroomForceRequestPermissionToLeaveClasses; [Write, Description("Teachers can lock a student's device or app without the student's approval.")] Boolean ClassroomForceUnpromptedAppAndDeviceLock; [Write, Description("Device compliance can be viewed in the Restricted Apps Compliance report."), ValueMap{"none","appsInListCompliant","appsNotInListCompliant"}, Values{"none","appsInListCompliant","appsNotInListCompliant"}] String CompliantAppListType; - [Write, Description(" "), EmbeddedInstance("MSFT_MicrosoftGraphapplistitemMacOS")] String CompliantAppsList[]; - [Write, Description("")] Boolean ContentCachingBlocked; + [Write, Description("List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType)."), EmbeddedInstance("MSFT_MicrosoftGraphapplistitemMacOS")] String CompliantAppsList[]; + [Write, Description("Configures whether or not to allow content caching.")] Boolean ContentCachingBlocked; [Write, Description("Block look up, a feature that looks up the definition of a highlighted word.")] Boolean DefinitionLookupBlocked; [Write, Description("Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. ")] String EmailInDomainSuffixes[]; - [Write, Description("")] Boolean EraseContentAndSettingsBlocked; - [Write, Description("")] Boolean GameCenterBlocked; + [Write, Description("Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.")] Boolean EraseContentAndSettingsBlocked; + [Write, Description("Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.")] Boolean GameCenterBlocked; [Write, Description("Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.")] Boolean ICloudBlockActivityContinuation; [Write, Description("Blocks iCloud from syncing contacts.")] Boolean ICloudBlockAddressBook; [Write, Description("Blocks iCloud from syncing bookmarks.")] Boolean ICloudBlockBookmarks; @@ -87,40 +87,40 @@ class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource [Write, Description("Blocks iCloud from syncing notes.")] Boolean ICloudBlockNotes; [Write, Description("Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.")] Boolean ICloudBlockPhotoLibrary; [Write, Description("Blocks iCloud from syncing reminders.")] Boolean ICloudBlockReminders; - [Write, Description("")] Boolean ICloudDesktopAndDocumentsBlocked; - [Write, Description("")] Boolean ICloudPrivateRelayBlocked; + [Write, Description("Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.")] Boolean ICloudDesktopAndDocumentsBlocked; + [Write, Description("Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.")] Boolean ICloudPrivateRelayBlocked; [Write, Description("Blocks files from being transferred using iTunes.")] Boolean ITunesBlockFileSharing; - [Write, Description("")] Boolean ITunesBlockMusicService; + [Write, Description("Configures whether or not to block files from being transferred using iTunes.")] Boolean ITunesBlockMusicService; [Write, Description("Block dictation, which is a feature that converts the user's voice to text.")] Boolean KeyboardBlockDictation; [Write, Description("Disables syncing credentials stored in the Keychain to iCloud")] Boolean KeychainBlockCloudSync; - [Write, Description("")] Boolean MultiplayerGamingBlocked; - [Write, Description("")] Boolean PasswordBlockAirDropSharing; - [Write, Description("")] Boolean PasswordBlockAutoFill; + [Write, Description("Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.")] Boolean MultiplayerGamingBlocked; + [Write, Description("Configures whether or not to block sharing passwords with the AirDrop passwords feature.")] Boolean PasswordBlockAirDropSharing; + [Write, Description("Configures whether or not to block the AutoFill Passwords feature.")] Boolean PasswordBlockAutoFill; [Write, Description("Requires user to set a non-biometric passcode or password to unlock the device.")] Boolean PasswordBlockFingerprintUnlock; [Write, Description("Blocks user from changing the set passcode.")] Boolean PasswordBlockModification; - [Write, Description("")] Boolean PasswordBlockProximityRequests; + [Write, Description("Configures whether or not to block requesting passwords from nearby devices.")] Boolean PasswordBlockProximityRequests; [Write, Description("Block simple password sequences, such as 1234 or 1111.")] Boolean PasswordBlockSimple; [Write, Description("Number of days until device password must be changed. (1-65535)")] UInt32 PasswordExpirationDays; - [Write, Description("")] UInt32 PasswordMaximumAttemptCount; + [Write, Description("Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11")] UInt32 PasswordMaximumAttemptCount; [Write, Description("Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.")] UInt32 PasswordMinimumCharacterSetCount; [Write, Description("Minimum number of digits or characters in password (4-16).")] UInt32 PasswordMinimumLength; [Write, Description("Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeLock; [Write, Description("Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeScreenTimeout; - [Write, Description("")] UInt32 PasswordMinutesUntilFailedLoginReset; + [Write, Description("Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.")] UInt32 PasswordMinutesUntilFailedLoginReset; [Write, Description("Number of new passwords that must be used until an old one can be reused. (1-24)")] UInt32 PasswordPreviousPasswordBlockCount; - [Write, Description(" Specify the type of password required.")] Boolean PasswordRequired; + [Write, Description("Specify the type of password required.")] Boolean PasswordRequired; [Write, Description("Specify the type of password required."), ValueMap{"deviceDefault","alphanumeric","numeric"}, Values{"deviceDefault","alphanumeric","numeric"}] String PasswordRequiredType; [Write, Description("Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later."), EmbeddedInstance("MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem")] String PrivacyAccessControls[]; [Write, Description("Blocks Safari from remembering what users enter in web forms.")] Boolean SafariBlockAutofill; - [Write, Description("")] Boolean ScreenCaptureBlocked; - [Write, Description("")] UInt32 SoftwareUpdateMajorOSDeferredInstallDelayInDays; - [Write, Description("")] UInt32 SoftwareUpdateMinorOSDeferredInstallDelayInDays; - [Write, Description("")] UInt32 SoftwareUpdateNonOSDeferredInstallDelayInDays; + [Write, Description("Configures whether or not to block the user from taking Screenshots.")] Boolean ScreenCaptureBlocked; + [Write, Description("Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMajorOSDeferredInstallDelayInDays; + [Write, Description("Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMinorOSDeferredInstallDelayInDays; + [Write, Description("Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateNonOSDeferredInstallDelayInDays; [Write, Description("Delay the user's software update for this many days. The maximum is 90 days. (1-90)")] UInt32 SoftwareUpdatesEnforcedDelayInDays; [Write, Description("Blocks Spotlight from returning any results from an Internet search")] Boolean SpotlightBlockInternetResults; - [Write, Description("")] UInt32 TouchIdTimeoutInHours; - [Write, Description(""), ValueMap{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}, Values{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}] String UpdateDelayPolicy[]; - [Write, Description("")] Boolean WallpaperModificationBlocked; + [Write, Description("Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647")] UInt32 TouchIdTimeoutInHours; + [Write, Description("Configures whether to delay OS and/or app updates for macOS."), ValueMap{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}, Values{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}] String UpdateDelayPolicy[]; + [Write, Description("Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.")] Boolean WallpaperModificationBlocked; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index af02b7fa1f..a9f1efca80 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -90,10 +90,15 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction SilentlyContinue - + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction Stop + } + catch + { + $getValue = $null + } if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Id {$Id}" @@ -104,14 +109,18 @@ function Get-TargetResource -Filter "Name eq '$Name' and Platforms eq 'windows10'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript {[String]::IsNullOrWhiteSpace($_.TemplateReference.TemplateId)} - if ($null -ne $getValue) + if ($getValue.count -gt 1) + { + throw "Error: The displayName {$Name} is not unique in the tenant`r`nEnsure the display Name is unique for this type of resource." + } + if (-not [string]::IsNullOrEmpty($getValue.id)) { $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $getValue.id -ExpandProperty 'settings' -ErrorAction SilentlyContinue } } } #endregion - if ($null -eq $getValue) + if ([string]::IsNullOrEmpty($getValue.id)) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Name {$Name}" return $nullResult diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof index 34bf2bb21e..5312d83fa4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof @@ -1,9 +1,9 @@ [ClassVersion("1.0.0.0"), FriendlyName("M365DSCRuleEvaluation")] class MSFT_M365DSCRuleEvaluation : OMI_BaseResource { - [Key, Description("")] String ResourceName; - [Required, Description("")] String RuleDefinition; - [Write, Description("")] String AfterRuleCountQuery; + [Key, Description("Name of the resource to monitor")] String ResourceName; + [Required, Description("Specify the rules to monitor the resource for.")] String RuleDefinition; + [Write, Description("Query to check how many instances exist, using PowerShell format")] String AfterRuleCountQuery; [Write, Description("Credentials of the Azure Active Directory Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md index e09b1d18bb..1ce5ea7a3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/readme.md @@ -2,4 +2,4 @@ ## Description -This resource configures the Azure AD Tenant Details +This resource monitors Microsoft365DSC resources based on provided rules. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof index d7e5535712..6cba94f8a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof @@ -4,7 +4,7 @@ class MSFT_O365AdminAuditLogConfig : OMI_BaseResource [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write,Description("'Present' is the only value accepted."),ValueMap{"Present"},Values{"Present"}] string Ensure; [Required, Description("Determins if Unified Audit Log Ingestion is enabled"),ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] string UnifiedAuditLogIngestionEnabled; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof index 6b470ca165..0e5417dc50 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof @@ -7,7 +7,7 @@ class MSFT_O365Group : OMI_BaseResource [Write, Description("The group's description.")] string Description; [Write, Description("Members of the group.")] string Members[]; [Write, Description("Present ensures the group exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; [Write, Description("Secret of the Azure Active Directory application used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof index 85239337bc..6b1fa5a53c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof @@ -3,7 +3,7 @@ class MSFT_O365OrgCustomizationSetting : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 7aae81cc87..9338fb505c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -230,7 +230,8 @@ function Get-TargetResource } } - # Microsoft Viva Briefing Email + # DEPRECATED - Microsoft Viva Briefing Email + <# $vivaBriefingEmailValue = $false try { @@ -282,7 +283,7 @@ function Get-TargetResource } $results += @{ MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue - } + }#> # Viva Insights settings $currentVivaInsightsSettings = Get-DefaultTenantMyAnalyticsFeatureConfig -Verbose:$false @@ -609,16 +610,18 @@ function Set-TargetResource } # Microsoft Viva Briefing Email - $briefingValue = 'opt-out' - if ($MicrosoftVivaBriefingEmail) + if ($null -ne $MicrosoftVivaBriefingEmail) { - $briefingValue = 'opt-in' + Write-Verbose -Message "DEPRECATED - The MicrosoftVivaBriefingEmail parameter is deprecated and will be ignored." } + #$briefingValue = 'opt-out' + + <# DEPRECATED if ($currentValues.MicrosoftVivaBriefingEmail -and $MicrosoftVivaBriefingEmail -ne $currentValues.MicrosoftVivaBriefingEmail) { Write-Verbose -Message "Updating Microsoft Viva Briefing Email settings." Set-DefaultTenantBriefingConfig -IsEnabledByDefault $briefingValue -Verbose:$false | Out-Null - } + }#> # Viva Insights if ($currentValues.VivaInsightsWebExperience -ne $VivaInsightsWebExperience) @@ -978,6 +981,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck.Remove("MicrosoftVivaBriefingEmail") | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index c8dcbc5119..ef55bc0421 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -12,16 +12,16 @@ class MSFT_SPOTenantSettings : OMI_BaseResource [Write, Description("Allow feedback via UserVoice.")] boolean UserVoiceForFeedbackEnabled; [Write, Description("Configure PublicCDN")] boolean PublicCdnEnabled; [Write, Description("Configure filetypes allowed for PublicCDN")] String PublicCdnAllowedFileTypes; - [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups")] boolean UseFindPeopleInPeoplePicker; - [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups")] boolean NotificationsInSharePointEnabled; - [Write, Description("")] boolean OwnerAnonymousNotification; - [Write, Description("")] boolean ApplyAppEnforcedRestrictionsToAdHocRecipients; - [Write, Description("")] boolean FilePickerExternalImageSearchEnabled; + [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups.")] boolean UseFindPeopleInPeoplePicker; + [Write, Description("When set to $true, users aren't able to share with security groups or SharePoint groups.")] boolean NotificationsInSharePointEnabled; + [Write, Description("Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed.")] boolean OwnerAnonymousNotification; + [Write, Description("When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.")] boolean ApplyAppEnforcedRestrictionsToAdHocRecipients; + [Write, Description("Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images.")] boolean FilePickerExternalImageSearchEnabled; [Write, Description("Defines if the default themes are visible or hidden")] boolean HideDefaultThemes; [Write, Description("To enable or disable Sync button on Team sites")] boolean HideSyncButtonOnTeamSite; [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault; [Write, Description("Allow or Block Conditional Access Policy on the SharePoint Tenant"), ValueMap{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}, Values{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}] string ConditionalAccessPolicy; - [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds; + [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds[]; [Write, Description("Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.")] boolean CommentsOnSitePagesDisabled; [Write, Description("Only accepted value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 990cec49d6..99cd1302ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -385,34 +385,41 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline foreach ($team in $Teams) { - $channels = Get-TeamChannel -GroupId $team.GroupId - $i = 1 - Write-Host " |---[$j/$($Teams.Length)] Team {$($team.DisplayName)}" - foreach ($channel in $channels) + if($null -ne $team.GroupId) { - Write-Host " |---[$i/$($channels.Length)] $($channel.DisplayName)" -NoNewline - $params = @{ - TeamName = $team.DisplayName - GroupId = $team.GroupId - DisplayName = $channel.DisplayName - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Credential = $Credential + $channels = Get-TeamChannel -GroupId $team.GroupId + $i = 1 + Write-Host " |---[$j/$($Teams.Length)] Team {$($team.DisplayName)}" + foreach ($channel in $channels) + { + Write-Host " |---[$i/$($channels.Length)] $($channel.DisplayName)" -NoNewline + $params = @{ + TeamName = $team.DisplayName + GroupId = $team.GroupId + DisplayName = $channel.DisplayName + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + } + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark } - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host " |---[$j/$($Teams.Length)] Team has no GroupId and will be skipped" } $j++ } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 index 20662f46da..9747cf0fba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 @@ -9,6 +9,7 @@ function Get-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, @@ -118,6 +119,7 @@ function Set-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, @@ -245,6 +247,7 @@ function Test-TargetResource $UserInitiatedMode, [Parameter()] + [ValidateSet('Enabled', 'Disabled', 'EnabledUserOverride')] [System.String] $ReceiveSurveysMode, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof index 86829d0d21..cc4896cc6c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.schema.mof @@ -1,13 +1,13 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsFeedbackPolicy")] class MSFT_TeamsFeedbackPolicy : OMI_BaseResource { - [Write, Description("")] String UserInitiatedMode; - [Write, Description("")] String ReceiveSurveysMode; - [Write, Description("")] Boolean AllowScreenshotCollection; - [Write, Description("")] Boolean AllowEmailCollection; - [Write, Description("")] Boolean AllowLogCollection; - [Write, Description("")] Boolean EnableFeatureSuggestions; - [Key, Description("")] String Identity; + [Key, Description("Specify the name of the Teams Feedback Policy.")] String Identity; + [Write, Description("Specifies if users are allowed to give feedback.")] String UserInitiatedMode; + [Write, Description("Specifies if users are allowed to receive the survey."), ValueMap{"Enabled","Disabled","EnabledUserOverride"}, Values{"Enabled","Disabled","EnabledUserOverride"}] String ReceiveSurveysMode; + [Write, Description("Specifies if Screenshot Collection is enabled or not.")] Boolean AllowScreenshotCollection; + [Write, Description("Specifies if Email Collection is enabled or not.")] Boolean AllowEmailCollection; + [Write, Description("Specifies if Log Collection is enabled or not.")] Boolean AllowLogCollection; + [Write, Description("Specifies if users are allowed to provide feature suggestions")] Boolean EnableFeatureSuggestions; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 37f30daa0c..197912037e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -224,7 +224,7 @@ function Get-TargetResource $MeetingInviteLanguages, [Parameter()] - [System.UInt32] + [System.Int32] [ValidateRange(-1, 99999)] $NewMeetingRecordingExpirationDays, @@ -635,7 +635,7 @@ function Set-TargetResource $MeetingInviteLanguages, [Parameter()] - [System.UInt32] + [System.Int32] [ValidateRange(-1, 99999)] $NewMeetingRecordingExpirationDays, @@ -1003,7 +1003,7 @@ function Test-TargetResource $MeetingInviteLanguages, [Parameter()] - [System.UInt32] + [System.Int32] [ValidateRange(-1, 99999)] $NewMeetingRecordingExpirationDays, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof index ecf42b7dc9..e5d68caeac 100644 Binary files a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof and b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 index a7c77f4b8c..8f886a2671 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 @@ -80,6 +80,10 @@ function Get-TargetResource [System.Boolean] $AllowUserDeleteChat, + [Parameter()] + [System.Boolean] + $AllowVideoMessages, + [Parameter()] [System.String] [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')] @@ -188,6 +192,7 @@ function Get-TargetResource AllowRemoveUser = $policy.AllowRemoveUser AllowPriorityMessages = $policy.AllowPriorityMessages AllowUserDeleteChat = $policy.AllowUserDeleteChat + AllowVideoMessages = $policy.AllowVideoMessages ChannelsInChatListEnabledType = $policy.ChannelsInChatListEnabledType AudioMessageEnabledType = $policy.AudioMessageEnabledType Description = $policy.Description @@ -293,6 +298,10 @@ function Set-TargetResource [System.Boolean] $AllowUserDeleteChat, + [Parameter()] + [System.Boolean] + $AllowVideoMessages, + [Parameter()] [System.String] [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')] @@ -465,6 +474,10 @@ function Test-TargetResource [System.Boolean] $AllowUserDeleteChat, + [Parameter()] + [System.Boolean] + $AllowVideoMessages, + [Parameter()] [System.String] [ValidateSet('DisabledUserOverride', 'EnabledUserOverride')] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof index 0e29efb6ce..0dca96be54 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.schema.mof @@ -20,6 +20,7 @@ class MSFT_TeamsMessagingPolicy : OMI_BaseResource [Write, Description("Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowRemoveUser; [Write, Description("Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.")] boolean AllowPriorityMessages; [Write, Description("Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).")] boolean AllowUserDeleteChat; + [Write, Description("Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.")] boolean AllowVideoMessages; [Write, Description("Provide a description of your policy to identify purpose of creating it.")] string Description; [Write, Description("Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION."),ValueMap{"STRICT","MODERATE","NORESTRICTION"}, Values{"STRICT","MODERATE","NORESTRICTION"}] string GiphyRatingType; [Write, Description("Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None."),ValueMap{"UserPreference","Everyone","None"}, Values{"UserPreference","Everyone","None"}] string ReadReceiptsEnabledType; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof index bf6729e732..75a9ae245a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsMobilityPolicy")] class MSFT_TeamsMobilityPolicy : OMI_BaseResource { - [Key, Description("Specify the name of the policy that you are creating.")] String Identity; + [Key, Description("Specify the name of the Teams Mobility Policy.")] String Identity; [Write, Description("Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.")] String Description; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPAudioMobileMode; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPVideoMobileMode; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof index 442bd5aad6..9997e9e405 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsNetworkRoamingPolicy")] class MSFT_TeamsNetworkRoamingPolicy : OMI_BaseResource { - [Key, Description("")] String Identity; + [Key, Description("Specify the name of the Teams Network Roaming Policy.")] String Identity; [Write, Description("Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.")] Boolean AllowIPVideo; [Write, Description("Description of the new policy to be created.")] String Description; [Write, Description("Determines the media bit rate for audio/video/app sharing transmissions in meetings.")] UInt64 MediaBitRateKb; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 new file mode 100644 index 0000000000..1698bb7de0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionPolicy/1-ConfigureReportSubmissionPolicy.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionPolicy 'ConfigureReportSubmissionPolicy' + { + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 new file mode 100644 index 0000000000..e1af0e2270 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOReportSubmissionRule/1-ConfigureReportSubmissionRule.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionRule 'ConfigureReportSubmissionRule' + { + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 6bef493831..d243a51528 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-12-20 +# Generated on: 2024-01-03 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.1220.1' + ModuleVersion = '1.24.103.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,31 +140,40 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADEntitlementManagementAccessPackage - * Retrieve catalog by name instead of id. - * IntuneDeviceAndAppManagementAssignmentFilter - * Add support for remaining platforms supported by this policy - FIXES [#4065](https://github.com/microsoft/Microsoft365DSC/issues/4065) - * IntuneDeviceConfigurationCustomPolicyWindows10 - * Add support to decrypt encrypted OmaSettings and export them in plaintext - FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) - * IntuneDeviceEnrollmentPlatformRestriction - * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly - FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) - * IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fix issue when trying to remove policy and Identity is set to a random GUID - or from another tenant - FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) - * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled - * Added Assignments - FIXES [#2932](https://github.com/microsoft/Microsoft365DSC/issues/2932) - * SCAutoSensitivieyLabelPolicy - FIXES [#4036] Don''t see any limits on our docs for priority - * M365DSCDRGUtil - * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload - FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) - * DEPENDENCIES - * Updated MSCloudLoginAssistant to version 1.1.4.' + ReleaseNotes = '* AADConditionalAccessPolicy + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) + * EXOInboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. + * EXOMailTips + * Added parameter descriptions for better documentation + * EXOOutboundConnector + * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. + * EXOReportSubmissionPolicy + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) + * EXOReportSubmissionRule + * Initial release + FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) + * EXOTransportRule + * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) + FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) + * IntuneDeviceConfigurationPolicyMacOS + * Added parameter descriptions for better documentation + * IntuneSettingCatalogCustomPolicyWindows10 + * Fix Get-TargetResource when the parameter Id is not present + FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) + * SPOTenantSettings + * Added parameter descriptions for better documentation + * TeamsChannel + * Add error handling if GroupId of a team is null + FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) + * TeamsFeedbackPolicy + * Added parameter descriptions for better documentation + * TeamsMobilityPolicy + * Added parameter descriptions for better documentation + * TeamsNetworkRoamingPolicy + * Added parameter descriptions for better documentation' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 index b9be03f10c..5efaf13f2e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 @@ -159,6 +159,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } + Mock -CommandName Get-MailboxFolderStatistics -MockWith { + return @{ + FolderType = "Calendar"; + Name = "Calendar"; + } + } + Mock -CommandName Get-MailboxCalendarFolder -MockWith { return @{ DetailLevel = "AvailabilityOnly"; @@ -171,7 +178,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 new file mode 100644 index 0000000000..fbc8b1287f --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionPolicy.Tests.ps1 @@ -0,0 +1,262 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOReportSubmissionPolicy' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName New-ReportSubmissionPolicy -MockWith { + } + + Mock -CommandName Set-ReportSubmissionPolicy -MockWith { + } + + Mock -CommandName Remove-ReportSubmissionPolicy -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Write-Warning -MockWith { + } + } + + # Test contexts + Context -Name 'ReportSubmissionPolicy creation.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return $null + } + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionPolicy' -Exactly 1 + } + + } + + Context -Name 'ReportSubmissionPolicy update not required.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReportSubmissionPolicy update needed.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $False + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $False + PreSubmitMessageEnabled = $False + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + } + + Mock -CommandName Set-ReportSubmissionPolicy -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Successfully call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionPolicy' -Exactly 1 + } + } + + Context -Name 'ReportSubmissionPolicy removal.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential + IsSingleInstance = 'Yes' + EnableReportToMicrosoft = $True + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + EnableReportToMicrosoft = $True + } + } + + Mock -CommandName Remove-ReportSubmissionPolicy -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the Policy in the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionPolicy' -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ReportSubmissionPolicy -MockWith { + return @{ + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 new file mode 100644 index 0000000000..6dac6f96ce --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOReportSubmissionRule.Tests.ps1 @@ -0,0 +1,216 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOReportSubmissionRule' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName New-ReportSubmissionRule -MockWith { + } + + Mock -CommandName Set-ReportSubmissionRule -MockWith { + } + + Mock -CommandName Remove-ReportSubmissionRule -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Write-Warning -MockWith { + } + } + + # Test contexts + Context -Name 'ReportSubmissionRule creation.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return $null + } + } + + It 'Should return Absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-ReportSubmissionRule' -Exactly 1 + } + + } + + Context -Name 'ReportSubmissionRule update not required.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'ReportSubmissionRule update needed.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Ensure = 'Present' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("different@contoso.com") + } + } + + Mock -CommandName Set-ReportSubmissionRule -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Successfully call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-ReportSubmissionRule' -Exactly 1 + } + } + + Context -Name 'ReportSubmissionRule removal.' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Identity = "DefaultReportSubmissionRule" + } + } + + Mock -CommandName Remove-ReportSubmissionRule -MockWith { + return @{ + + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the Policy in the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Remove-ReportSubmissionRule' -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ReportSubmissionRule -MockWith { + return @{ + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = @("submission@contoso.com") + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 index 65ef89ac0b..a9ad5088b1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 @@ -60,7 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -93,7 +93,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -106,7 +106,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -135,7 +135,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -148,7 +148,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -167,7 +167,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' @@ -180,7 +180,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $False - ReceiveSurveysMode = 'FakeStringValueDrift #Drift' + ReceiveSurveysMode = 'Disabled' AllowEmailCollection = $False UserInitiatedMode = 'FakeStringValueDrift #Drift' Identity = 'FakeStringValue' @@ -215,7 +215,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsFeedbackPolicy -MockWith { return @{ EnableFeatureSuggestions = $True - ReceiveSurveysMode = 'FakeStringValue' + ReceiveSurveysMode = 'Enabled' AllowEmailCollection = $True UserInitiatedMode = 'FakeStringValue' Identity = 'FakeStringValue' diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 495ef266fa..f5544b9f0f 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -842,6 +842,19 @@ function Get-MailboxCalendarFolder $Identity ) } +function Get-MailboxFolderStatistics +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $FolderScope + ) +} function Get-MailboxPermission { [CmdletBinding()] @@ -1340,6 +1353,24 @@ function Get-RemoteDomain $ResultSize ) } +function Get-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} function Get-ResourceConfig { [CmdletBinding()] @@ -4318,6 +4349,34 @@ function New-RemoteDomain $DomainName ) } +function New-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + + ) +} +function New-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.String] + $ReportSubmissionPolicy + ) +} function New-RoleAssignmentPolicy { [CmdletBinding()] @@ -6031,6 +6090,28 @@ function Remove-RemoteDomain $Identity ) } +function Remove-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity + ) +} +function Remove-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} function Remove-RoleAssignmentPolicy { [CmdletBinding()] @@ -11343,6 +11424,136 @@ function Set-RemoteDomain $UseSimpleDisplayName ) } +function Set-ReportSubmissionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.String] + $NotificationSenderAddress, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $ReportJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportNotJunkAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ReportPhishAddresses = @(), + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress, + + [Parameter()] + [System.String[]] + $ThirdPartyReportAddresses = @(), + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +function Set-ReportSubmissionRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Comments, + + [Parameter()] + [System.String[]] + $SentTo, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} function Set-ResourceConfig { [CmdletBinding()] diff --git a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md index fff4d9dee0..c5e08e360f 100644 --- a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md +++ b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md @@ -32,6 +32,7 @@ | **MailboxIntelligenceQuarantineTag** | Write | String | The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence. | | | **SpoofQuarantineTag** | Write | String | The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence. | | | **TargetedDomainActionRecipients** | Write | StringArray[] | The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. | | +| **TargetedDomainProtectionAction** | Write | String | The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages. | `BccMessage`, `Delete`, `MoveToJmf`, `NoAction`, `Quarantine`, `Redirect` | | **TargetedDomainsToProtect** | Write | StringArray[] | The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true. | | | **TargetedDomainQuarantineTag** | Write | String | The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection. | | | **TargetedUserActionRecipients** | Write | StringArray[] | The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. | | diff --git a/docs/docs/resources/exchange/EXOInboundConnector.md b/docs/docs/resources/exchange/EXOInboundConnector.md index e78bbd243a..cd9a5b7152 100644 --- a/docs/docs/resources/exchange/EXOInboundConnector.md +++ b/docs/docs/resources/exchange/EXOInboundConnector.md @@ -6,9 +6,9 @@ | --- | --- | --- | --- | --- | | **Identity** | Key | String | The Identity parameter specifies the outbound connector that you want to modify. | | | **AssociatedAcceptedDomains** | Write | StringArray[] | The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com. | | -| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false | | +| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! | | | **Comment** | Write | String | The Comment parameter specifies an optional comment. | | -| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard | `Default`, `Migrated`, `HybridWizard` | +| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | `Default`, `Migrated`, `HybridWizard` | | **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises | `Partner`, `OnPremises` | | **EFSkipIPs** | Write | StringArray[] | The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false. | | | **EFSkipLastIP** | Write | Boolean | The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors. | | diff --git a/docs/docs/resources/exchange/EXOMailTips.md b/docs/docs/resources/exchange/EXOMailTips.md index bca289784c..c567d10c8e 100644 --- a/docs/docs/resources/exchange/EXOMailTips.md +++ b/docs/docs/resources/exchange/EXOMailTips.md @@ -4,13 +4,13 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Organization** | Key | String | | | +| **Organization** | Key | String | Specify the name of your organization. | | | **MailTipsAllTipsEnabled** | Write | Boolean | Specifies whether MailTips are enabled. | | | **MailTipsGroupMetricsEnabled** | Write | Boolean | Specifies whether MailTips that rely on group metrics data are enabled. | | | **MailTipsLargeAudienceThreshold** | Write | UInt32 | Specifies what a large audience is. | | | **MailTipsMailboxSourcedTipsEnabled** | Write | Boolean | Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled. | | | **MailTipsExternalRecipientsTipsEnabled** | Write | Boolean | Specifies whether MailTips for external recipients are enabled. | | -| **Ensure** | Write | String | | `Present`, `Absent` | +| **Ensure** | Write | String | Specifies if this MailTip should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | diff --git a/docs/docs/resources/exchange/EXOOutboundConnector.md b/docs/docs/resources/exchange/EXOOutboundConnector.md index f4e1ef0956..3848275f5d 100644 --- a/docs/docs/resources/exchange/EXOOutboundConnector.md +++ b/docs/docs/resources/exchange/EXOOutboundConnector.md @@ -8,18 +8,18 @@ | **Enabled** | Write | Boolean | Specifies whether connector is enabled. | | | **UseMXRecord** | Write | Boolean | Specifies whether connector should use MXRecords for target resolution. | | | **Comment** | Write | String | The Comment parameter specifies an optional comment. | | -| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! values are Default (the default) | Migrated | HybridWizard | `Default`, `Migrated`, `HybridWizard` | -| **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises | `Partner`, `OnPremises` | +| **ConnectorSource** | Write | String | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | `Default`, `Migrated`, `HybridWizard` | +| **ConnectorType** | Write | String | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. | `Partner`, `OnPremises` | | **RecipientDomains** | Write | StringArray[] | The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas. | | | **SmartHosts** | Write | StringArray[] | The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line. | | | **TlsDomain** | Write | String | The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com | | -| **TlsSettings** | Write | String | The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. Valid values are:EncryptionOnly | CertificateValidation | DomainValidation | `EncryptionOnly`, `CertificateValidation`, `DomainValidation` | -| **IsTransportRuleScoped** | Write | Boolean | The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). Valid values are: $true | $false | | -| **RouteAllMessagesViaOnPremises** | Write | Boolean | The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). Valid values are: $true | $false | | -| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! Valid values are: $true | $false | | -| **AllAcceptedDomains** | Write | Boolean | The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. Valid values are: $true | $false (default) | | +| **TlsSettings** | Write | String | The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector. | `EncryptionOnly`, `CertificateValidation`, `DomainValidation` | +| **IsTransportRuleScoped** | Write | Boolean | The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). | | +| **RouteAllMessagesViaOnPremises** | Write | Boolean | The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting). | | +| **CloudServicesMailEnabled** | Write | Boolean | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY! | | +| **AllAcceptedDomains** | Write | Boolean | The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. | | | **SenderRewritingEnabled** | Write | Boolean | The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system. | | -| **TestMode** | Write | Boolean | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. Valid values are: $true | $false (default) | | +| **TestMode** | Write | Boolean | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. | | | **ValidationRecipients** | Write | StringArray[] | The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas. | | | **Ensure** | Write | String | Specifies if this Outbound connector should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | diff --git a/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md new file mode 100644 index 0000000000..c23728a1a4 --- /dev/null +++ b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md @@ -0,0 +1,98 @@ +# EXOReportSubmissionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes'. | `Yes` | +| **DisableQuarantineReportingOption** | Write | Boolean | The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine. | | +| **EnableCustomNotificationSender** | Write | Boolean | The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **EnableOrganizationBranding** | Write | Boolean | The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **EnableReportToMicrosoft** | Write | Boolean | The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled. | | +| **EnableThirdPartyAddress** | Write | Boolean | The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online. | | +| **EnableUserEmailNotification** | Write | Boolean | The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **JunkReviewResultMessage** | Write | String | The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk. | | +| **NotJunkReviewResultMessage** | Write | String | The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk. | | +| **NotificationFooterMessage** | Write | String | The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **NotificationSenderAddress** | Write | String | The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing. | | +| **PhishingReviewResultMessage** | Write | String | The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing. | | +| **PostSubmitMessage** | Write | String | The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages. | | +| **PostSubmitMessageEnabled** | Write | Boolean | The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools. | | +| **PostSubmitMessageTitle** | Write | String | The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages. | | +| **PreSubmitMessage** | Write | String | The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. | | +| **PreSubmitMessageEnabled** | Write | Boolean | The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools. | | +| **PreSubmitMessageTitle** | Write | String | The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages. | | +| **ReportJunkAddresses** | Write | StringArray[] | The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportJunkToCustomizedAddress** | Write | Boolean | The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ReportNotJunkAddresses** | Write | StringArray[] | The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportNotJunkToCustomizedAddress** | Write | Boolean | The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ReportPhishAddresses** | Write | StringArray[] | The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | +| **ReportPhishToCustomizedAddress** | Write | Boolean | The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | +| **ThirdPartyReportAddresses** | Write | StringArray[] | Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook. | | +| **Ensure** | Write | String | Specifies if this report submission policy should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +Create or modify an EXOReportSubmissionPolicy in your cloud-based organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Transport Hygiene, Security Admin, View-Only Configuration, Security Reader + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionPolicy 'ConfigureReportSubmissionPolicy' + { + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $False + EnableCustomNotificationSender = $False + EnableOrganizationBranding = $False + EnableReportToMicrosoft = $True + EnableThirdPartyAddress = $False + EnableUserEmailNotification = $False + PostSubmitMessageEnabled = $True + PreSubmitMessageEnabled = $True + ReportJunkToCustomizedAddress = $False + ReportNotJunkToCustomizedAddress = $False + ReportPhishToCustomizedAddress = $False + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOReportSubmissionRule.md b/docs/docs/resources/exchange/EXOReportSubmissionRule.md new file mode 100644 index 0000000000..6f30f417c6 --- /dev/null +++ b/docs/docs/resources/exchange/EXOReportSubmissionRule.md @@ -0,0 +1,69 @@ +# EXOReportSubmissionRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes'. | `Yes` | +| **Identity** | Write | String | The Identity parameter specifies the report submission rule that you want to modify. | | +| **Comments** | Write | String | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. | | +| **SentTo** | Write | StringArray[] | The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent. | | +| **Ensure** | Write | String | Specifies if this report submission rule should exist. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +Create or modify an EXOReportSubmissionRule in your cloud-based organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Transport Hygiene, Security Admin, View-Only Configuration, Security Reader + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOReportSubmissionRule 'ConfigureReportSubmissionRule' + { + IsSingleInstance = 'Yes' + Identity = "DefaultReportSubmissionRule" + Comments = "This is my default rule" + SentTo = "submission@contoso.com" + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/exchange/EXOTransportRule.md b/docs/docs/resources/exchange/EXOTransportRule.md index 84632f4127..9d1aeb353d 100644 --- a/docs/docs/resources/exchange/EXOTransportRule.md +++ b/docs/docs/resources/exchange/EXOTransportRule.md @@ -74,7 +74,7 @@ | **ExceptIfFromScope** | Write | String | The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders. | `InOrganization`, `NotInOrganization` | | **ExceptIfHasClassification** | Write | String | The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification. | | | **ExceptIfHasNoClassification** | Write | Boolean | The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications. | | -| **ExceptIfHasSenderOverride** | Write | Boolean | The ExceptIfHasSenderOverride parameter specifies an exception that looks for messages where the sender chose to override a DLP policy. | | +| **ExceptIfHasSenderOverride** | Write | Boolean | DEPRECATED | | | **ExceptIfHeaderContainsMessageHeader** | Write | String | The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter. | | | **ExceptIfHeaderContainsWords** | Write | StringArray[] | The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field. | | | **ExceptIfHeaderMatchesMessageHeader** | Write | String | The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter. | | @@ -82,7 +82,7 @@ | **ExceptIfManagerAddresses** | Write | StringArray[] | The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ExceptIfManagerForEvaluatedUser** | Write | String | The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients. | | | **ExceptIfMessageTypeMatches** | Write | String | The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | -| **ExceptIfMessageContainsDataClassifications** | Write | StringArray[] | The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments. | | +| **ExceptIfMessageContainsDataClassifications** | Write | StringArray[] | DEPRECATED | | | **ExceptIfMessageSizeOver** | Write | String | The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. | | | **ExceptIfRecipientADAttributeContainsWords** | Write | StringArray[] | The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients. | | | **ExceptIfRecipientADAttributeMatchesPatterns** | Write | StringArray[] | The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions. | | @@ -115,7 +115,7 @@ | **GenerateNotification** | Write | String | The GenerateNotification parameter specifies an action that sends a notification message to recipients. | | | **HasClassification** | Write | String | The HasClassification parameter specifies a condition that looks for messages with the specified message classification. | | | **HasNoClassification** | Write | Boolean | The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications. | | -| **HasSenderOverride** | Write | Boolean | The HasSenderOverride parameter specifies a condition that looks for messages where the sender chose to override a DLP policy. | | +| **HasSenderOverride** | Write | Boolean | DEPRECATED | | | **HeaderContainsMessageHeader** | Write | String | The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter. | | | **HeaderContainsWords** | Write | StringArray[] | The HeaderContainsWords parameter specifies a condition that looks for words in a header field. | | | **HeaderMatchesMessageHeader** | Write | String | The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter. | | @@ -123,13 +123,13 @@ | **IncidentReportContent** | Write | StringArray[] | The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. | | | **ManagerAddresses** | Write | StringArray[] | The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ManagerForEvaluatedUser** | Write | String | The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients. | `Recipient`, `Sender` | -| **MessageContainsDataClassifications** | Write | StringArray[] | The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments. | | +| **MessageContainsDataClassifications** | Write | StringArray[] | DEPRECATED | | | **MessageSizeOver** | Write | String | The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments. | | | **MessageTypeMatches** | Write | String | The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | | **Mode** | Write | String | The Mode parameter specifies how the rule operates. | `Audit`, `AuditAndNotify`, `Enforce` | | **ModerateMessageByManager** | Write | Boolean | The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute. | | | **ModerateMessageByUser** | Write | StringArray[] | The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users. | | -| **NotifySender** | Write | String | The NotifySender parameter specifies an action that notifies the sender when messages violate DLP policies. | `NotifyOnly`, `RejectMessage`, `RejectUnlessFalsePositiveOverride`, `RejectUnlessSilentOverride`, `RejectUnlessExplicitOverride` | +| **NotifySender** | Write | String | DEPRECATED | `NotifyOnly`, `RejectMessage`, `RejectUnlessFalsePositiveOverride`, `RejectUnlessSilentOverride`, `RejectUnlessExplicitOverride` | | **PrependSubject** | Write | String | The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages. | | | **Priority** | Write | String | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. | | | **Quarantine** | Write | Boolean | The Quarantine parameter specifies an action that quarantines messages. | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md index bd1438f974..1992587186 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md @@ -4,11 +4,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | | | -| **DisplayName** | Key | String | | | -| **Description** | Write | String | | | -| **AddingGameCenterFriendsBlocked** | Write | Boolean | | | -| **AirDropBlocked** | Write | Boolean | | | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **AddingGameCenterFriendsBlocked** | Write | Boolean | Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later. | | +| **AirDropBlocked** | Write | Boolean | Configures whether or not to allow AirDrop. | | | **AppleWatchBlockAutoUnlock** | Write | Boolean | Blocks users from unlocking their Mac with Apple Watch. | | | **CameraBlocked** | Write | Boolean | Blocks users from taking photographs and videos. | | | **ClassroomAppBlockRemoteScreenObservation** | Write | Boolean | Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots. | | @@ -17,12 +17,12 @@ | **ClassroomForceRequestPermissionToLeaveClasses** | Write | Boolean | Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course. | | | **ClassroomForceUnpromptedAppAndDeviceLock** | Write | Boolean | Teachers can lock a student's device or app without the student's approval. | | | **CompliantAppListType** | Write | String | Device compliance can be viewed in the Restricted Apps Compliance report. | `none`, `appsInListCompliant`, `appsNotInListCompliant` | -| **CompliantAppsList** | Write | MSFT_MicrosoftGraphapplistitemMacOS[] | | | -| **ContentCachingBlocked** | Write | Boolean | | | +| **CompliantAppsList** | Write | MSFT_MicrosoftGraphapplistitemMacOS[] | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). | | +| **ContentCachingBlocked** | Write | Boolean | Configures whether or not to allow content caching. | | | **DefinitionLookupBlocked** | Write | Boolean | Block look up, a feature that looks up the definition of a highlighted word. | | | **EmailInDomainSuffixes** | Write | StringArray[] | Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. | | -| **EraseContentAndSettingsBlocked** | Write | Boolean | | | -| **GameCenterBlocked** | Write | Boolean | | | +| **EraseContentAndSettingsBlocked** | Write | Boolean | Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later. | | +| **GameCenterBlocked** | Write | Boolean | Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later. | | | **ICloudBlockActivityContinuation** | Write | Boolean | Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later. | | | **ICloudBlockAddressBook** | Write | Boolean | Blocks iCloud from syncing contacts. | | | **ICloudBlockBookmarks** | Write | Boolean | Blocks iCloud from syncing bookmarks. | | @@ -32,40 +32,40 @@ | **ICloudBlockNotes** | Write | Boolean | Blocks iCloud from syncing notes. | | | **ICloudBlockPhotoLibrary** | Write | Boolean | Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage. | | | **ICloudBlockReminders** | Write | Boolean | Blocks iCloud from syncing reminders. | | -| **ICloudDesktopAndDocumentsBlocked** | Write | Boolean | | | -| **ICloudPrivateRelayBlocked** | Write | Boolean | | | +| **ICloudDesktopAndDocumentsBlocked** | Write | Boolean | Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later. | | +| **ICloudPrivateRelayBlocked** | Write | Boolean | Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later. | | | **ITunesBlockFileSharing** | Write | Boolean | Blocks files from being transferred using iTunes. | | -| **ITunesBlockMusicService** | Write | Boolean | | | +| **ITunesBlockMusicService** | Write | Boolean | Configures whether or not to block files from being transferred using iTunes. | | | **KeyboardBlockDictation** | Write | Boolean | Block dictation, which is a feature that converts the user's voice to text. | | | **KeychainBlockCloudSync** | Write | Boolean | Disables syncing credentials stored in the Keychain to iCloud | | -| **MultiplayerGamingBlocked** | Write | Boolean | | | -| **PasswordBlockAirDropSharing** | Write | Boolean | | | -| **PasswordBlockAutoFill** | Write | Boolean | | | +| **MultiplayerGamingBlocked** | Write | Boolean | Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later. | | +| **PasswordBlockAirDropSharing** | Write | Boolean | Configures whether or not to block sharing passwords with the AirDrop passwords feature. | | +| **PasswordBlockAutoFill** | Write | Boolean | Configures whether or not to block the AutoFill Passwords feature. | | | **PasswordBlockFingerprintUnlock** | Write | Boolean | Requires user to set a non-biometric passcode or password to unlock the device. | | | **PasswordBlockModification** | Write | Boolean | Blocks user from changing the set passcode. | | -| **PasswordBlockProximityRequests** | Write | Boolean | | | +| **PasswordBlockProximityRequests** | Write | Boolean | Configures whether or not to block requesting passwords from nearby devices. | | | **PasswordBlockSimple** | Write | Boolean | Block simple password sequences, such as 1234 or 1111. | | | **PasswordExpirationDays** | Write | UInt32 | Number of days until device password must be changed. (1-65535) | | -| **PasswordMaximumAttemptCount** | Write | UInt32 | | | +| **PasswordMaximumAttemptCount** | Write | UInt32 | Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11 | | | **PasswordMinimumCharacterSetCount** | Write | UInt32 | Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0. | | | **PasswordMinimumLength** | Write | UInt32 | Minimum number of digits or characters in password (4-16). | | | **PasswordMinutesOfInactivityBeforeLock** | Write | UInt32 | Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device. | | | **PasswordMinutesOfInactivityBeforeScreenTimeout** | Write | UInt32 | Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device. | | -| **PasswordMinutesUntilFailedLoginReset** | Write | UInt32 | | | +| **PasswordMinutesUntilFailedLoginReset** | Write | UInt32 | Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached. | | | **PasswordPreviousPasswordBlockCount** | Write | UInt32 | Number of new passwords that must be used until an old one can be reused. (1-24) | | -| **PasswordRequired** | Write | Boolean | Specify the type of password required. | | +| **PasswordRequired** | Write | Boolean | Specify the type of password required. | | | **PasswordRequiredType** | Write | String | Specify the type of password required. | `deviceDefault`, `alphanumeric`, `numeric` | | **PrivacyAccessControls** | Write | MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem[] | Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later. | | | **SafariBlockAutofill** | Write | Boolean | Blocks Safari from remembering what users enter in web forms. | | -| **ScreenCaptureBlocked** | Write | Boolean | | | -| **SoftwareUpdateMajorOSDeferredInstallDelayInDays** | Write | UInt32 | | | -| **SoftwareUpdateMinorOSDeferredInstallDelayInDays** | Write | UInt32 | | | -| **SoftwareUpdateNonOSDeferredInstallDelayInDays** | Write | UInt32 | | | +| **ScreenCaptureBlocked** | Write | Boolean | Configures whether or not to block the user from taking Screenshots. | | +| **SoftwareUpdateMajorOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | +| **SoftwareUpdateMinorOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | +| **SoftwareUpdateNonOSDeferredInstallDelayInDays** | Write | UInt32 | Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 | | | **SoftwareUpdatesEnforcedDelayInDays** | Write | UInt32 | Delay the user's software update for this many days. The maximum is 90 days. (1-90) | | | **SpotlightBlockInternetResults** | Write | Boolean | Blocks Spotlight from returning any results from an Internet search | | -| **TouchIdTimeoutInHours** | Write | UInt32 | | | -| **UpdateDelayPolicy** | Write | StringArray[] | | `none`, `delayOSUpdateVisibility`, `delayAppUpdateVisibility`, `unknownFutureValue`, `delayMajorOsUpdateVisibility` | -| **WallpaperModificationBlocked** | Write | Boolean | | | +| **TouchIdTimeoutInHours** | Write | UInt32 | Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647 | | +| **UpdateDelayPolicy** | Write | StringArray[] | Configures whether to delay OS and/or app updates for macOS. | `none`, `delayOSUpdateVisibility`, `delayAppUpdateVisibility`, `unknownFutureValue`, `delayMajorOsUpdateVisibility` | +| **WallpaperModificationBlocked** | Write | Boolean | Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | @@ -94,11 +94,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **odataType** | Write | String | | `#microsoft.graph.appleAppListItem` | -| **appId** | Write | String | | | -| **appStoreUrl** | Write | String | | | -| **name** | Write | String | | | -| **publisher** | Write | String | | | +| **odataType** | Write | String | Specify the odataType | `#microsoft.graph.appleAppListItem` | +| **appId** | Write | String | The application or bundle identifier of the application | | +| **appStoreUrl** | Write | String | The Store URL of the application | | +| **name** | Write | String | The application name | | +| **publisher** | Write | String | The publisher of the application | | ### MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem @@ -106,32 +106,32 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **accessibility** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **addressBook** | Write | String | Blocks iCloud from syncing contacts. | `notConfigured`, `enabled`, `disabled` | -| **appleEventsAllowedReceivers** | Write | MSFT_MicrosoftGraphmacosappleeventreceiver[] | | | -| **blockCamera** | Write | Boolean | | | -| **blockListenEvent** | Write | Boolean | | | -| **blockMicrophone** | Write | Boolean | | | -| **blockScreenCapture** | Write | Boolean | | | -| **calendar** | Write | String | Blocks iCloud from syncing calendars. | `notConfigured`, `enabled`, `disabled` | -| **codeRequirement** | Write | String | | | -| **displayName** | Write | String | | | -| **fileProviderPresence** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **identifier** | Write | String | | | -| **identifierType** | Write | String | | `bundleID`, `path` | -| **mediaLibrary** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **photos** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **postEvent** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **reminders** | Write | String | Blocks iCloud from syncing reminders. | `notConfigured`, `enabled`, `disabled` | -| **speechRecognition** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **staticCodeValidation** | Write | Boolean | | | -| **systemPolicyAllFiles** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDesktopFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDocumentsFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyDownloadsFolder** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyNetworkVolumes** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicyRemovableVolumes** | Write | String | | `notConfigured`, `enabled`, `disabled` | -| **systemPolicySystemAdminFiles** | Write | String | | `notConfigured`, `enabled`, `disabled` | +| **accessibility** | Write | String | Allow the app or process to control the Mac via the Accessibility subsystem. | `notConfigured`, `enabled`, `disabled` | +| **addressBook** | Write | String | Allow or block access to contact information managed by Contacts. | `notConfigured`, `enabled`, `disabled` | +| **appleEventsAllowedReceivers** | Write | MSFT_MicrosoftGraphmacosappleeventreceiver[] | Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process. | | +| **blockCamera** | Write | Boolean | Block access to camera app. | | +| **blockListenEvent** | Write | Boolean | Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later. | | +| **blockMicrophone** | Write | Boolean | Block access to microphone. | | +| **blockScreenCapture** | Write | Boolean | Block app from capturing contents of system display. Requires macOS 10.15 or later. | | +| **calendar** | Write | String | Allow or block access to event information managed by Calendar. | `notConfigured`, `enabled`, `disabled` | +| **codeRequirement** | Write | String | Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'. | | +| **displayName** | Write | String | The display name of the app, process, or executable. | | +| **fileProviderPresence** | Write | String | Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **identifier** | Write | String | The bundle ID or path of the app, process, or executable. | | +| **identifierType** | Write | String | A bundle ID is used to identify an app. A path is used to identify a process or executable. | `bundleID`, `path` | +| **mediaLibrary** | Write | String | Allow or block access to music and the media library. | `notConfigured`, `enabled`, `disabled` | +| **photos** | Write | String | Allow or block access to images managed by Photos. | `notConfigured`, `enabled`, `disabled` | +| **postEvent** | Write | String | Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream. | `notConfigured`, `enabled`, `disabled` | +| **reminders** | Write | String | Allow or block access to information managed by Reminders. | `notConfigured`, `enabled`, `disabled` | +| **speechRecognition** | Write | String | Allow or block access to system speech recognition facility. | `notConfigured`, `enabled`, `disabled` | +| **staticCodeValidation** | Write | Boolean | Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature. | | +| **systemPolicyAllFiles** | Write | String | Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDesktopFolder** | Write | String | Allow or block access to Desktop folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDocumentsFolder** | Write | String | Allow or block access to Documents folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyDownloadsFolder** | Write | String | Allow or block access to Downloads folder. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyNetworkVolumes** | Write | String | Allow or block access to network volumes. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicyRemovableVolumes** | Write | String | Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later. | `notConfigured`, `enabled`, `disabled` | +| **systemPolicySystemAdminFiles** | Write | String | Allow app or process to access files used in system administration. | `notConfigured`, `enabled`, `disabled` | ### MSFT_MicrosoftGraphmacosappleeventreceiver @@ -139,10 +139,10 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **allowed** | Write | Boolean | | | -| **codeRequirement** | Write | String | | | -| **identifier** | Write | String | | | -| **identifierType** | Write | String | | `bundleID`, `path` | +| **allowed** | Write | Boolean | Allow or block this app from receiving Apple events. | | +| **codeRequirement** | Write | String | Code requirement for the app or binary that receives the Apple Event. | | +| **identifier** | Write | String | Bundle ID of the app or file path of the process or executable that receives the Apple Event. | | +| **identifierType** | Write | String | Use bundle ID for an app or path for a process or executable that receives the Apple Event. | `bundleID`, `path` | ## Description diff --git a/docs/docs/resources/intune/M365DSCRuleEvaluation.md b/docs/docs/resources/intune/M365DSCRuleEvaluation.md index 0e6eef9331..16d1597653 100644 --- a/docs/docs/resources/intune/M365DSCRuleEvaluation.md +++ b/docs/docs/resources/intune/M365DSCRuleEvaluation.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **ResourceName** | Key | String | | | -| **RuleDefinition** | Required | String | | | -| **AfterRuleCountQuery** | Write | String | | | +| **ResourceName** | Key | String | Name of the resource to monitor | | +| **RuleDefinition** | Required | String | Specify the rules to monitor the resource for. | | +| **AfterRuleCountQuery** | Write | String | Query to check how many instances exist, using PowerShell format | | | **Credential** | Write | PSCredential | Credentials of the Azure Active Directory Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -18,7 +18,7 @@ ## Description -This resource configures the Azure AD Tenant Details +This resource monitors Microsoft365DSC resources based on provided rules. ## Permissions diff --git a/docs/docs/resources/office365/O365AdminAuditLogConfig.md b/docs/docs/resources/office365/O365AdminAuditLogConfig.md index 2a92250c59..cac59d71ef 100644 --- a/docs/docs/resources/office365/O365AdminAuditLogConfig.md +++ b/docs/docs/resources/office365/O365AdminAuditLogConfig.md @@ -7,7 +7,7 @@ | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **Ensure** | Write | String | 'Present' is the only value accepted. | `Present` | | **UnifiedAuditLogIngestionEnabled** | Required | String | Determins if Unified Audit Log Ingestion is enabled | `Enabled`, `Disabled` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | diff --git a/docs/docs/resources/office365/O365Group.md b/docs/docs/resources/office365/O365Group.md index 0ab25d109d..91915dbb46 100644 --- a/docs/docs/resources/office365/O365Group.md +++ b/docs/docs/resources/office365/O365Group.md @@ -10,7 +10,7 @@ | **Description** | Write | String | The group's description. | | | **Members** | Write | StringArray[] | Members of the group. | | | **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed. | `Present`, `Absent` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application used for authentication. | | diff --git a/docs/docs/resources/office365/O365OrgCustomizationSetting.md b/docs/docs/resources/office365/O365OrgCustomizationSetting.md index a698e12c58..2db392e80c 100644 --- a/docs/docs/resources/office365/O365OrgCustomizationSetting.md +++ b/docs/docs/resources/office365/O365OrgCustomizationSetting.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **Ensure** | Write | String | Since there is only one setting availble, this must be set to 'Present' | `Present` | -| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | diff --git a/docs/docs/resources/sharepoint/SPOTenantSettings.md b/docs/docs/resources/sharepoint/SPOTenantSettings.md index 3128023107..3673bb83b0 100644 --- a/docs/docs/resources/sharepoint/SPOTenantSettings.md +++ b/docs/docs/resources/sharepoint/SPOTenantSettings.md @@ -15,16 +15,16 @@ | **UserVoiceForFeedbackEnabled** | Write | Boolean | Allow feedback via UserVoice. | | | **PublicCdnEnabled** | Write | Boolean | Configure PublicCDN | | | **PublicCdnAllowedFileTypes** | Write | String | Configure filetypes allowed for PublicCDN | | -| **UseFindPeopleInPeoplePicker** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups | | -| **NotificationsInSharePointEnabled** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups | | -| **OwnerAnonymousNotification** | Write | Boolean | | | -| **ApplyAppEnforcedRestrictionsToAdHocRecipients** | Write | Boolean | | | -| **FilePickerExternalImageSearchEnabled** | Write | Boolean | | | +| **UseFindPeopleInPeoplePicker** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups. | | +| **NotificationsInSharePointEnabled** | Write | Boolean | When set to $true, users aren't able to share with security groups or SharePoint groups. | | +| **OwnerAnonymousNotification** | Write | Boolean | Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed. | | +| **ApplyAppEnforcedRestrictionsToAdHocRecipients** | Write | Boolean | When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy. | | +| **FilePickerExternalImageSearchEnabled** | Write | Boolean | Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images. | | | **HideDefaultThemes** | Write | Boolean | Defines if the default themes are visible or hidden | | | **HideSyncButtonOnTeamSite** | Write | Boolean | To enable or disable Sync button on Team sites | | | **MarkNewFilesSensitiveByDefault** | Write | String | Allow or block external sharing until at least one Office DLP policy scans the content of the file. | `AllowExternalSharing`, `BlockExternalSharing` | | **ConditionalAccessPolicy** | Write | String | Allow or Block Conditional Access Policy on the SharePoint Tenant | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess` | -| **DisabledWebPartIds** | Write | String | Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site | | +| **DisabledWebPartIds** | Write | StringArray[] | Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site | | | **CommentsOnSitePagesDisabled** | Write | Boolean | Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature. | | | **Ensure** | Write | String | Only accepted value is 'Present'. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the account to authenticate with. | | diff --git a/docs/docs/resources/teams/TeamsFeedbackPolicy.md b/docs/docs/resources/teams/TeamsFeedbackPolicy.md index 1dbb8e6b1a..d0c7c3c845 100644 --- a/docs/docs/resources/teams/TeamsFeedbackPolicy.md +++ b/docs/docs/resources/teams/TeamsFeedbackPolicy.md @@ -4,13 +4,13 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **UserInitiatedMode** | Write | String | | | -| **ReceiveSurveysMode** | Write | String | | | -| **AllowScreenshotCollection** | Write | Boolean | | | -| **AllowEmailCollection** | Write | Boolean | | | -| **AllowLogCollection** | Write | Boolean | | | -| **EnableFeatureSuggestions** | Write | Boolean | | | -| **Identity** | Key | String | | | +| **Identity** | Key | String | Specify the name of the Teams Feedback Policy. | | +| **UserInitiatedMode** | Write | String | Specifies if users are allowed to give feedback. | | +| **ReceiveSurveysMode** | Write | String | Specifies if users are allowed to receive the survey. | `Enabled`, `Disabled`, `EnabledUserOverride` | +| **AllowScreenshotCollection** | Write | Boolean | Specifies if Screenshot Collection is enabled or not. | | +| **AllowEmailCollection** | Write | Boolean | Specifies if Email Collection is enabled or not. | | +| **AllowLogCollection** | Write | Boolean | Specifies if Log Collection is enabled or not. | | +| **EnableFeatureSuggestions** | Write | Boolean | Specifies if users are allowed to provide feature suggestions | | | **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the workload's Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/teams/TeamsMeetingPolicy.md b/docs/docs/resources/teams/TeamsMeetingPolicy.md index 005b1e7ea9..f57fe2d437 100644 --- a/docs/docs/resources/teams/TeamsMeetingPolicy.md +++ b/docs/docs/resources/teams/TeamsMeetingPolicy.md @@ -52,7 +52,7 @@ | **AllowNetworkConfigurationSettingsLookup** | Write | Boolean | Determines whether network configuration setting lookups can be made by users who are not Enterprise Voice enabled. It is used to enable Network Roaming policies. | | | **AllowWatermarkForCameraVideo** | Write | Boolean | N/A | | | **AllowWatermarkForScreenSharing** | Write | Boolean | N/A | | -| **NewMeetingRecordingExpirationDays** | Write | UInt32 | Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1. | | +| **NewMeetingRecordingExpirationDays** | Write | SInt32 | Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1. | | | **AllowCartCaptionsScheduling** | Write | String | Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real-time captions in meetings. | `EnabledUserOverride`, `DisabledUserOverride`, `Disabled` | | **AllowDocumentCollaboration** | Write | String | N/A | | | **AllowedStreamingMediaInput** | Write | String | N/A | | diff --git a/docs/docs/resources/teams/TeamsMessagingPolicy.md b/docs/docs/resources/teams/TeamsMessagingPolicy.md index 567b005317..69389222c9 100644 --- a/docs/docs/resources/teams/TeamsMessagingPolicy.md +++ b/docs/docs/resources/teams/TeamsMessagingPolicy.md @@ -23,6 +23,7 @@ | **AllowRemoveUser** | Write | Boolean | Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit. | | | **AllowPriorityMessages** | Write | Boolean | Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit. | | | **AllowUserDeleteChat** | Write | Boolean | Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat). | | +| **AllowVideoMessages** | Write | Boolean | Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages. | | | **Description** | Write | String | Provide a description of your policy to identify purpose of creating it. | | | **GiphyRatingType** | Write | String | Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION. | `STRICT`, `MODERATE`, `NORESTRICTION` | | **ReadReceiptsEnabledType** | Write | String | Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None. | `UserPreference`, `Everyone`, `None` | diff --git a/docs/docs/resources/teams/TeamsMobilityPolicy.md b/docs/docs/resources/teams/TeamsMobilityPolicy.md index dbc8781707..ce0f1cfdbf 100644 --- a/docs/docs/resources/teams/TeamsMobilityPolicy.md +++ b/docs/docs/resources/teams/TeamsMobilityPolicy.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Specify the name of the policy that you are creating. | | +| **Identity** | Key | String | Specify the name of the Teams Mobility Policy. | | | **Description** | Write | String | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to. | | | **IPAudioMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | | **IPVideoMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | diff --git a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md index fda32b6d50..7bd09020d3 100644 --- a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md +++ b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | | | +| **Identity** | Key | String | Specify the name of the Teams Network Roaming Policy. | | | **AllowIPVideo** | Write | Boolean | Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video. | | | **Description** | Write | String | Description of the new policy to be created. | | | **MediaBitRateKb** | Write | UInt64 | Determines the media bit rate for audio/video/app sharing transmissions in meetings. | |