Merge pull request #6418 from microsoft/Dev

Release 1.25.806.1

Author: NikCharlebois

CHANGELOG.md

@@ -1,5 +1,51 @@
 # Change log for Microsoft365DSC
 
+# 1.25.806.1
+
+* AADApplication
+  * Fixed an issue where not all properties were exported.
+* AADAuthenticationMethodPolicyFido2
+  * Fixed an issue where the policy was not updated properly.
+    FIXES [#6391](https://github.com/microsoft/Microsoft365DSC/issues/6391)
+* AADCrossTenantAccessPolicyConfigurationDefault
+  * Fixed an issue where the export returns an invalid value for `Targets`.
+    FIXES [#6397](https://github.com/microsoft/Microsoft365DSC/issues/6397)
+* AADEntitlementManagementAccessPackage
+  * Fixed an issue where `AccessPackagesIncompatibleWith` would not be populated with a value.
+    FIXES [#5063](https://github.com/microsoft/Microsoft365DSC/issues/5063)
+* AADServicePrincipal
+  * Fixes for retrieving instance by name.
+* AADUser
+  * Added support for Mail attribute.
+* EXOOrganizationConfig
+  * Added support for the RejectDirectSend property.
+* FabricAdminTenantSettings
+  * Fixed the export of the resource.
+    FIXES [#6345](https://github.com/microsoft/Microsoft365DSC/issues/6345)
+* IntuneMobileAppsLobAppiOS
+  * Initial release.
+* IntuneMobileAppsLobAppAndroid
+  * Initial release.
+* IntuneMobileAppsLobAppWindows10
+  * Initial release.
+* IntuneMobileAppsLobAppMsiWindows10
+  * Initial release.
+* IntuneMobileAppsWin32AppWindows10
+  * Updated the property name of `autoUpdateSupersededApps` to `autoUpdateSupersededAppsState`.
+* SCAutoSensitivityLabelRule
+  * Updated supported values for `Workload` property.
+    FIXES [#4617](https://github.com/microsoft/Microsoft365DSC/issues/4617)
+* SCSensitivityLabel
+  * Reduced export time by 90%
+* TeamsEventsPolicy
+  * Added 7 new properties.
+    FIXES [#6403](https://github.com/microsoft/Microsoft365DSC/issues/6403)
+* M365DSCResourceGenerator
+  * Fixed an issue where duplicate parameters would lead to an error during generation.
+    FIXES [#5489](https://github.com/microsoft/Microsoft365DSC/issues/5489)
+* DEPENDENCIES
+  * Updated ReverseDSC to version 2.0.0.29.
+
 # 1.25.730.1
 
 * AADServicePrincipal

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -1,5 +1,5 @@
 Confirm-M365DSCModuleDependency -ModuleName 'MSFT_AADApplication'
-$Script:PropertiesToRetrieve = "displayName, description, groupMembershipClaims, web, api, id, appId, applicationTemplateId, signInAudience, authenticationBehaviors, keyCredentials, requiredResourceAccess"
+$Script:PropertiesToRetrieve = "appRoles, identifierUris, displayName, description, groupMembershipClaims, optionalClaims, web, api, id, appId, spa, applicationTemplateId, signInAudience, authenticationBehaviors, isFallbackPublicClient, publicClient, keyCredentials, passwordCredentials, requiredResourceAccess"
 
 function Get-TargetResource
 {
@@ -544,7 +544,6 @@ function Get-TargetResource
             AccessTokens             = $AccessTokens
         }
 
-        Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)"
         return $result
     }
     catch
@@ -1232,10 +1231,9 @@ function Set-TargetResource
             }
         }
 
-        Write-Verbose -Message "Updating permissions for Azure AD Application {$($currentAADApp.DisplayName)} with RequiredResourceAccess:`r`n$($allRequiredAccess | Out-String)"
-        Write-Verbose -Message "ResourceAccess:`r`n$($allRequiredAccess.ResourceAccess | Out-String)"
+        Write-Verbose -Message "Updating permissions for Azure AD Application {$($currentAADApp.DisplayName)} with RequiredResourceAccess:`r`n$($allRequiredAccess | ConvertTo-Json -Depth 10)"
         Write-Verbose -Message "Current App Id: $($currentAADApp.AppId)"
-
+        Write-Verbose -Message "Current ObjectId: $($currentAADApp.Id)"
         # Even if the property is named ApplicationId, we need to pass in the ObjectId
         Update-MgApplication -ApplicationId ($currentAADApp.Id) `
             -RequiredResourceAccess $allRequiredAccess | Out-Null
@@ -1594,7 +1592,6 @@ function Export-TargetResource
                 $Results = Get-TargetResource @Params
                 if ($Results.Ensure -eq 'Present')
                 {
-
                     if ($Results.Permissions.Count -gt 0)
                     {
                         $complexMapping = @(

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1

@@ -379,6 +379,7 @@ function Set-TargetResource
         }
         #region resource generator code
         Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $UpdateParameters -Depth 10)"
+        $UpdateParameters.Add('@odata.type', '#microsoft.graph.fido2AuthenticationMethodConfiguration')
         Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration  `
             -AuthenticationMethodConfigurationId $currentInstance.Id `
             -BodyParameter $UpdateParameters

Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1

@@ -101,11 +101,11 @@ function Get-TargetResource
             $B2BCollaborationInboundValue = @{
                 Applications = @{
                     AccessType = $getValue.B2BCollaborationInbound.Applications.AccessType
-                    Targets    = [System.String[]] $getValue.B2BCollaborationInbound.Applications.Targets
+                    Targets    = [System.Array]$getValue.B2BCollaborationInbound.Applications.Targets
                 }
                 UsersAndGroups =@{
                     AccessType = $getValue.B2BCollaborationInbound.UsersAndGroups.AccessType
-                    Targets    = [System.String[]] $getValue.B2BCollaborationInbound.UsersAndGroups.Targets
+                    Targets    = [System.Array] $getValue.B2BCollaborationInbound.UsersAndGroups.Targets
                 }
             }
         }
@@ -114,11 +114,11 @@ function Get-TargetResource
             $B2BCollaborationOutboundValue = @{
                 Applications = @{
                     AccessType = $getValue.B2BCollaborationOutbound.Applications.AccessType
-                    Targets    = [System.String[]] $getValue.B2BCollaborationOutbound.Applications.Targets
+                    Targets    = [System.Array] $getValue.B2BCollaborationOutbound.Applications.Targets
                 }
                 UsersAndGroups =@{
                     AccessType = $getValue.B2BCollaborationOutbound.UsersAndGroups.AccessType
-                    Targets    = [System.String[]] $getValue.B2BCollaborationOutbound.UsersAndGroups.Targets
+                    Targets    = [System.Array] $getValue.B2BCollaborationOutbound.UsersAndGroups.Targets
                 }
             }
         }
@@ -127,11 +127,11 @@ function Get-TargetResource
             $B2BDirectConnectInboundValue = @{
                 Applications = @{
                     AccessType = $getValue.B2BDirectConnectInbound.Applications.AccessType
-                    Targets    = [System.String[]] $getValue.B2BDirectConnectInbound.Applications.Targets
+                    Targets    = [System.Array] $getValue.B2BDirectConnectInbound.Applications.Targets
                 }
                 UsersAndGroups =@{
                     AccessType = $getValue.B2BDirectConnectInbound.UsersAndGroups.AccessType
-                    Targets    = [System.String[]] $getValue.B2BDirectConnectInbound.UsersAndGroups.Targets
+                    Targets    = [System.Array] $getValue.B2BDirectConnectInbound.UsersAndGroups.Targets
                 }
             }
         }
@@ -140,11 +140,11 @@ function Get-TargetResource
             $B2BDirectConnectOutboundValue = @{
                 Applications = @{
                     AccessType = $getValue.B2BDirectConnectOutbound.Applications.AccessType
-                    Targets    = [System.String[]] $getValue.B2BDirectConnectOutbound.Applications.Targets
+                    Targets    = [System.Array] $getValue.B2BDirectConnectOutbound.Applications.Targets
                 }
                 UsersAndGroups =@{
                     AccessType = $getValue.B2BDirectConnectOutbound.UsersAndGroups.AccessType
-                    Targets    = [System.String[]] $getValue.B2BDirectConnectOutbound.UsersAndGroups.Targets
+                    Targets    = [System.Array] $getValue.B2BDirectConnectOutbound.UsersAndGroups.Targets
                 }
             }
         }
@@ -837,4 +837,3 @@ function Get-M365DSCAADCrossTenantAccessPolicyInboundTrust
 }
 
 Export-ModuleMember -Function *-TargetResource
-

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1

@@ -169,7 +169,7 @@ function Get-TargetResource
         [Array]$query = Get-MgBetaEntitlementManagementAccessPackageIncompatibleWith -AccessPackageId $getValue.id
         if ($query.count -gt 0)
         {
-            $getIncompatibleAccessPackages += $query.id
+            $getAccessPackagesIncompatibleWith += $query.id
         }
 
         $getIncompatibleGroups = @()
@@ -954,4 +954,3 @@ function Export-TargetResource
 }
 
 Export-ModuleMember -Function *-TargetResource
-

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1

@@ -612,7 +612,7 @@ function Test-TargetResource
 
     $result = Test-M365DSCTargetResource -DesiredValues $PSBoundParameters `
                                          -ResourceName $($MyInvocation.MyCommand.Source).Replace('MSFT_', '') `
-                                         -ExcludedProperties @('Action', 'IsValidationOnly', 'Justification') -Verbose
+                                         -ExcludedProperties @('Action', 'IsValidationOnly', 'Justification')
     return $result
 }
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1

@@ -156,12 +156,13 @@ function Get-TargetResource
             $nullReturn = $PSBoundParameters
             $nullReturn.Ensure = 'Absent'
 
+            $AADServicePrincipal = $null
             try
             {
                 if (-not [System.String]::IsNullOrEmpty($ObjectID))
                 {
                     $AADServicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $ObjectId `
-                        -Property $Script:PropertiesToExport
+                        -Property $Script:PropertiesToExport `
                         -Expand 'AppRoleAssignedTo' `
                         -ErrorAction Stop
                 }
@@ -176,12 +177,12 @@ function Get-TargetResource
                 $ObjectGuid = [System.Guid]::empty
                 if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid))
                 {
-                    $appInstance = Get-MgApplication -Filter "DisplayName eq '$($AppId -replace "'", "''")'"
-                    if ($appInstance)
-                    {
-                        $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" `
+                    $AADServicePrincipal = [Array](Get-MgServicePrincipal -Filter "DisplayName eq '$($AppId -replace "'", "''")'" `
                             -Property $Script:PropertiesToExport `
-                            -Expand 'AppRoleAssignedTo'
+                            -Expand 'AppRoleAssignedTo')
+                    if ($null -ne $AADServicePrincipal -and $AADServicePrincipal.Count -gt 1)
+                    {
+                        Throw "Multiple Service Principal with the DisplayName $($AppId) exist in the tenant."
                     }
                 }
                 else
@@ -341,12 +342,36 @@ function Get-TargetResource
             $appIdToExport = $AADServicePrincipal.AppId
         }
 
+        $tagsValue = @()
+        if ($null -ne $AADServicePrincipal.Tags)
+        {
+            $tagsValue = [Array]($AADServicePrincipal.Tags)
+        }
+
+        $alternativeNamesValue = @()
+        if ($null -ne $AADServicePrincipal.AlternativeNames)
+        {
+            $alternativeNamesValue = [Array]($AADServicePrincipal.AlternativeNames)
+        }
+
+        $replyUrlsValue = @()
+        if ($null -ne $AADServicePrincipal.ReplyURLs)
+        {
+            $replyUrlsValue = [Array]($AADServicePrincipal.ReplyURLs)
+        }
+
+        $servicePrincipalNamesValue = @()
+        if ($null -ne $AADServicePrincipal.ServicePrincipalNames)
+        {
+            $servicePrincipalNamesValue = [Array]($AADServicePrincipal.ServicePrincipalNames)
+        }
+
         $result = @{
             AppId                              = $appIdToExport
             AppRoleAssignedTo                  = $AppRoleAssignedToValues
             ObjectID                           = $AADServicePrincipal.Id
             DisplayName                        = $AADServicePrincipal.DisplayName
-            AlternativeNames                   = $AADServicePrincipal.AlternativeNames
+            AlternativeNames                   = $alternativeNamesValue
             AccountEnabled                     = [boolean]$AADServicePrincipal.AccountEnabled
             AppRoleAssignmentRequired          = $AADServicePrincipal.AppRoleAssignmentRequired
             CustomSecurityAttributes           = $complexCustomSecurityAttributes
@@ -358,11 +383,11 @@ function Get-TargetResource
             Owners                             = $ownersValues
             PreferredSingleSignOnMode          = $AADServicePrincipal.PreferredSingleSignOnMode
             PublisherName                      = $AADServicePrincipal.PublisherName
-            ReplyURLs                          = $AADServicePrincipal.ReplyURLs
+            ReplyURLs                          = $replyUrlsValue
             SamlMetadataURL                    = $AADServicePrincipal.SamlMetadataURL
-            ServicePrincipalNames              = $AADServicePrincipal.ServicePrincipalNames
+            ServicePrincipalNames              = $servicePrincipalNamesValue
             ServicePrincipalType               = $AADServicePrincipal.ServicePrincipalType
-            Tags                               = $AADServicePrincipal.Tags
+            Tags                               = $tagsValue
             KeyCredentials                     = $complexKeyCredentials
             PasswordCredentials                = $complexPasswordCredentials
             Ensure                             = 'Present'

Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1

@@ -62,6 +62,10 @@ function Get-TargetResource
         [System.String]
         $Office,
 
+        [Parameter()]
+        [System.String]
+        $Mail,
+
         [Parameter()]
         [System.String[]]
         $OtherMails,
@@ -169,6 +173,7 @@ function Get-TargetResource
                 UsageLocation         = $null
                 LicenseAssignment     = $null
                 MemberOf              = $null
+                Mail                  = $null
                 OtherMails            = $null
                 Password              = $null
                 Credential            = $Credential
@@ -182,7 +187,7 @@ function Get-TargetResource
             }
 
             Write-Verbose -Message "Getting Office 365 User $UserPrincipalName"
-            $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FaxNumber', 'MobilePhone', 'OfficeLocation', 'OtherMails', 'BusinessPhones', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
+            $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FaxNumber', 'MobilePhone', 'OfficeLocation', 'Mail', 'OtherMails', 'BusinessPhones', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
             $user = Get-MgUser -UserId $UserPrincipalName -Property $propertiesToRetrieve -ErrorAction SilentlyContinue
             if ($null -eq $user)
             {
@@ -261,6 +266,7 @@ function Get-TargetResource
             Fax                   = $user.FaxNumber
             MobilePhone           = $user.MobilePhone
             Office                = $user.OfficeLocation
+            Mail                  = $user.Mail
             OtherMails            = $user.OtherMails
             PasswordNeverExpires  = $passwordNeverExpires
             PasswordPolicies      = $user.PasswordPolicies
@@ -355,6 +361,10 @@ function Set-TargetResource
         [System.String]
         $Office,
 
+        [Parameter()]
+        [System.String]
+        $Mail,
+
         [Parameter()]
         [System.String[]]
         $OtherMails,
@@ -479,6 +489,7 @@ function Set-TargetResource
             MobilePhone              = $MobilePhone
             PasswordPolicies         = $PasswordPolicies
             OfficeLocation           = $Office
+            Mail                     = $Mail
             OtherMails               = $OtherMails
             PostalCode               = $PostalCode
             PreferredLanguage        = $PreferredLanguage
@@ -793,6 +804,10 @@ function Test-TargetResource
         [System.String]
         $Office,
 
+        [Parameter()]
+        [System.String]
+        $Mail,
+
         [Parameter()]
         [System.String[]]
         $OtherMails,
@@ -942,7 +957,7 @@ function Export-TargetResource
     try
     {
         $Script:ExportMode = $true
-        $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'OtherMails', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
+        $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'Mail', 'OtherMails', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
         $ExportParameters = @{
             Filter      = $Filter
             All         = [switch]$true

Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof

@@ -16,6 +16,7 @@ class MSFT_AADUser : OMI_BaseResource
     [Write, Description("The Groups that the user is a direct member of")] String MemberOf[];
     [Write, Description("The Mobile Phone Number of the user")] String MobilePhone;
     [Write, Description("The Office Name of the user")] String Office;
+    [Write, Description("The mail address of the user")] String Mail;
     [Write, Description("The other mails assigned to the user")] String OtherMails[];
     [Write, Description("Specifies whether the user password expires periodically. Default value is false")] Boolean PasswordNeverExpires;
     [Write, Description("Specifies password policies for the user.")] String PasswordPolicies;

Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1

@@ -67,7 +67,12 @@ function Get-TargetResource
     $nullResult.Ensure = 'Absent'
     try
     {
-        $instance = Get-FocusedInbox -Identity $Identity -ErrorAction SilentlyContinue
+        $mailbox = Get-Mailbox -Identity $Identity -ErrorAction SilentlyContinue
+        if ($null -ne $mailbox)
+        {
+            $instance = Get-FocusedInbox -Identity $Identity
+        }
+
         if ($null -eq $instance)
         {
             return $nullResult
@@ -76,7 +81,8 @@ function Get-TargetResource
         $results = @{
             Identity                     = $Identity
             FocusedInboxOn               = [Boolean]$instance.FocusedInboxOn
-            FocusedInboxOnLastUpdateTime = [DateTime]$instance.FocusedInboxOnLastUpdateTime
+            # DEPRECATED
+            # FocusedInboxOnLastUpdateTime = [DateTime]$instance.FocusedInboxOnLastUpdateTime
             Ensure                       = 'Present'
             Credential                   = $Credential
             ApplicationId                = $ApplicationId
@@ -228,6 +234,7 @@ function Test-TargetResource
 
     $CurrentValues = Get-TargetResource @PSBoundParameters
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone()
+    $ValuesToCheck.Remove('FocusedInboxOnLastUpdateTime') | Out-Null
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
@@ -309,6 +316,11 @@ function Export-TargetResource
         }
         foreach ($config in $Script:exportedInstances)
         {
+            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+            {
+                $Global:M365DSCExportResourceInstancesCount++
+            }
+
             $displayedKey = $config.UserPrincipalName
             Write-M365DSCHost -Message "    |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -DeferWrite
             $params = @{