From ab2ec9bf51b7b4fd162002b22dc42ace995a60dc Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 22 Jan 2023 18:52:15 +0000 Subject: [PATCH 1/9] tmp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 1532 +++++ ...strativeTemplatePolicyWindows10.schema.mof | 51 + .../readme.md | 6 + .../settings.json | 39 + ...istrativeTemplatePolicyWindows10.Tests.ps1 | 212 + Tests/Unit/Stubs/Microsoft365.psm1 | 5495 ++++++++++------- 6 files changed, 5266 insertions(+), 2069 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 new file mode 100644 index 0000000000..c2102dd8de --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -0,0 +1,1532 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + Select-MgProfile 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" + + if(-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumPolicyConfigurationIngestionType = $null + if ($null -ne $getValue.PolicyConfigurationIngestionType) + { + $enumPolicyConfigurationIngestionType = $getValue.PolicyConfigurationIngestionType.ToString() + } + + #endregion + + #region + $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $Id + + $complexDefinitionValues = @() + foreach($setting in $settings) + { + $definitionValue=@{} + $definitionValue.Add('Id',$setting.Id) + if($null -ne $setting.ConfigurationType) + { + $definitionValue.Add('ConfigurationType',$setting.ConfigurationType.toString()) + } + $definitionValue.Add('Enabled',$setting.Enabled) + $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id + + $enumClassType = $null + if ($null -ne $definition.ClassType) + { + $enumClassType = $definition.ClassType.ToString() + } + + $enumPolicyType = $null + if ($null -ne $definition.PolicyType) + { + $enumPolicyType = $definition.PolicyType.ToString() + } + $complexDefinition = @{ + CategoryPath = $definition.CategoryPath + ClassType = $enumClassType + DisplayName = $definition.DisplayName + #ExplainText = $definition.ExplainText + #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId + #HasRelatedDefinitions = $definition.HasRelatedDefinitions + #MinDeviceCspVersion = $definition.MinDeviceCspVersion + #MinUserCspVersion = $definition.MinUserCspVersion + PolicyType = $enumPolicyType + SupportedOn = $definition.SupportedOn + #Id = $definition.Id + } + + $definitionValue.Add('Definition',$complexDefinition) + $complexDefinitionValues += $definitionValue + } + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.DisplayName + PolicyConfigurationIngestionType = $enumPolicyConfigurationIngestionType + DefinitionValues = $complexDefinitionValues + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementGroupPolicyConfigurationAssignment -GroupPolicyConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('DefinitionValues') | Out-Null + + $keys=(([Hashtable]$CreateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + if($key -eq 'DefinitionValues') + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in ($CreateParameters.$key).DefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $policy=New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/groupPolicyConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('DefinitionValues') | Out-Null + + $keys=(([Hashtable]$UpdateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + #Update Core policy + $UpdateParameters.Add("@odata.type", "#microsoft.graph.GroupPolicyConfiguration") + Update-MgDeviceManagementGroupPolicyConfiguration ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + + #Update Assignments + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/groupPolicyConfigurations' + #endregion + #Update DefinitionValues + [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues + if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $currentDefinitionValues=$currentInstance.DefinitionValues + if($null -ne $currentDefinitionValues -and $currentDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $currentDefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $comparedDefinitionValues = Compare-Object ` + -ReferenceObject $currentDefinitionValues.Id ` + -DifferenceObject $targetDefinitionValues.Id ` + -IncludeEqual + + $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject + $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '='}).InputObject + + foreach($definitionValueId in $definitionValuesToAdd) + { + $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexDefinitionValue = @{ + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + } + New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $complexDefinitionValue + } + + foreach($definitionValueId in $definitionValuesToRemove) + { + Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId + } + + foreach($definitionValueId in $definitionValuesToCheck) + { + $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexDefinitionValue = @{ + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + } + + $toUpdate = Compare-M365DSCComplexObject ` + -Source $currentDefinitionValue ` + -Target $complexDefinitionValue + + If(-not $toUpdate) + { + $complexDefinitionValue.Remove('Id') + Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId ` + -BodyParameter $complexDefinitionValue + } + } + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + #Removing Key Definition because it is Read-Only + if($key -eq 'DefinitionValues') + { + foreach($definitionValue in $source.DefinitionValues) + { + $definitionValue.remove('Definition') + } + foreach($definitionValue in $target.DefinitionValues) + { + $definitionValue.remove('Definition') + } + } + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break; + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + Select-MgProfile 'beta' -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if($Results.DefinitionValues) + { + $complexMapping=@( + @{ + Name="Definition" + CimInstanceName="MSFT_IntuneGroupPolicyDefinition" + IsRequired=$false + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DefinitionValues ` + -CIMInstanceName IntuneGroupPolicyDefinitionValue ` + -ComplexTypeMapping $complexMapping + if ($complexTypeStringResult) + { + $Results.DefinitionValues = $complexTypeStringResult + } + else + { + $Results.Remove('DefinitionValues') | Out-Null + } + } + if($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + if ($Results.DefinitionValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true + } + if ($Results.Definition) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + function Update-DeviceConfigurationPolicyAssignment + { + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try + { + $deviceManagementPolicyAssignments=@() + + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + } + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } + + + }function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename=@{ + "odataType"="@odata.type" + } + + $result=$Properties + + $type=$Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result=$values + + return ,$result + } + #endregion + + #region Single + if($type -like "*Hashtable") + { + $result=([Hashtable]$Properties).clone() + } + if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys=($hashProperties.clone()).keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName=$keyToRename.$key + } + + $property=$hashProperties.$key + if($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + + return $result + #endregion +} +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject=[hashtable]::new($ComplexObject) + $keys=$ComplexObject.Keys + foreach ($key in $keys) + { + if($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType=$ComplexObject.$key.gettype().fullname + + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName=$key + if($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName=$key.Name + } + + if($null -ne $ComplexObject.$keyName) + { + $keyType=$ComplexObject.$keyName.gettype().fullname + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace='', + + [Parameter()] + [System.uint32] + $IndentLevel=3, + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'IndentLevel'=$IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty='' + if($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + $isArray=$false + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray=$true + } + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if(-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if($isArray -and $key -in $ComplexTypeMapping.Name ) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if($isArray) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray=$PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent='' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent+=' ' + } + $currentProperty += "$indent}" + if($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if($IndentLevel -eq 5) + { + $indent='' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent+=' ' + } + $currentProperty += $indent + } + + $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") + if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty=$null + } + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + foreach($item in $Source) + { + + $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach($targetItem in $Target) + { + $compareResult= Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$key) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$key + + #Identifying date from the current values + $targetType=($Target.$tkey.getType()).Name + if($targetType -like "*Date*") + { + $compareResult=$true + $sourceDate= [DateTime]$Source.$key + if($sourceDate -ne $targetType) + { + $compareResult=$null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($null -ne $hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof new file mode 100644 index 0000000000..384a19c876 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -0,0 +1,51 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinition +{ + [Write, Description("The localized full category path for the policy.")] String CategoryPath; + [Write, Description("Identifies the type of groups the policy can be applied to. Possible values are: user, machine."), ValueMap{"user","machine"}, Values{"user","machine"}] String ClassType; + [Write, Description("The localized policy name.")] String DisplayName; + [Write, Description("The localized explanation or help text associated with the policy. The default value is empty.")] String ExplainText; + [Write, Description("The category id of the parent category")] String GroupPolicyCategoryId; + [Write, Description("Signifies whether or not there are related definitions to this definition")] Boolean HasRelatedDefinitions; + [Write, Description("Minimum required CSP version for device configuration in this definition")] String MinDeviceCspVersion; + [Write, Description("Minimum required CSP version for user configuration in this definition")] String MinUserCspVersion; + [Write, Description("Specifies the type of group policy. Possible values are: admxBacked, admxIngested."), ValueMap{"admxBacked","admxIngested"}, Values{"admxBacked","admxIngested"}] String PolicyType; + [Write, Description("Localized string used to specify what operating system or application version is affected by the policy.")] String SupportedOn; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; +} + +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValue +{ + [Write, Description("Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference."), ValueMap{"policy","preference"}, Values{"policy","preference"}] String ConfigurationType; + [Write, Description("Enables or disables the associated group policy definition.")] Boolean Enabled; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinition")] String Definition; +} + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10")] +class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource +{ + [Write, Description("User provided description for the resource object.")] String Description; + [Write, Description("User provided name for the resource object.")] String DisplayName; + [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md new file mode 100644 index 0000000000..6563fb5ea8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + +## Description + +Intune Device Configuration Administrative Template Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json new file mode 100644 index 0000000000..dff983cd83 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json @@ -0,0 +1,39 @@ +{ + "resourceName": "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10", + "description": "This resource configures an Intune Device Configuration Administrative Template Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..daccdb85bf --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -0,0 +1,212 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + Export-TargetResource @testParams + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 5c03d259f7..5c71b93b98 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -17179,7 +17179,8 @@ function Update-MgDeviceManagementIntent function Update-MgDeviceManagementIntentSetting { [CmdletBinding()] - param( + param + ( [Parameter()] [System.String] $DeviceManagementSettingInstanceId, @@ -17245,55 +17246,74 @@ function Update-MgDeviceManagementIntentSetting $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Get-MgDeviceManagementRoleAssignment +function Get-MgDeviceManagementWindowAutopilotDeploymentProfile { [CmdletBinding()] - param( + param + ( [Parameter()] - [System.String[]] - $Property, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Int32] - $PageSize, + [System.String[]] + $Property, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Int32] $Skip, + [Parameter()] + [System.String[]] + $Sort, + [Parameter()] [System.Int32] $Top, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -17301,113 +17321,125 @@ function Get-MgDeviceManagementRoleAssignment [Parameter()] [System.String] - $Filter, + $CountVariable + ) +} +function New-MgDeviceManagementWindowAutopilotDeploymentProfile +{ + [CmdletBinding()] + param + ( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] - [System.String] - $Search, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject[]] + $AssignedDevices, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject[]] + $Assignments, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( + [System.DateTime] + $CreatedDateTime, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, [Parameter()] [PSObject] - $InputObject, + $DeviceType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $DisplayName, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $EnableWhiteGlove, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $EnrollmentStatusScreenSettings, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [System.Int32] - $Top, + [System.String] + $Id, [Parameter()] [System.String] - $CountVariable, + $Language, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $ManagementServiceAppId, [Parameter()] - [System.String] - $RoleDefinitionId, + [PSObject] + $OutOfBoxExperienceSettings, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, [Parameter()] - [System.String] - $Filter, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function Get-MgDeviceManagementRoleDefinitionRoleAssignment + +function Remove-MgDeviceManagementWindowAutopilotDeploymentProfile { [CmdletBinding()] - param( + param + ( [Parameter()] - [System.String[]] - $Property, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] @@ -17415,209 +17447,212 @@ function Get-MgDeviceManagementRoleDefinitionRoleAssignment [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.Int32] - $PageSize, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [PSObject] + [PSObject[]] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.String] - $RoleAssignmentId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm + ) +} +function Update-MgDeviceManagementWindowAutopilotDeploymentProfile +{ + [CmdletBinding()] + param + ( [Parameter()] [System.String] - $Filter, + $WindowsAutopilotDeploymentProfileId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject[]] + $AssignedDevices, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDeviceManagementRoleAssignment -{ - [CmdletBinding()] - param( + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + [Parameter()] [System.String] $Description, [Parameter()] [System.String] - $DisplayName, + $DeviceNameTemplate, [Parameter()] - [System.String[]] - $ResourceScopes, + [PSObject] + $DeviceType, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $EnableWhiteGlove, [Parameter()] [PSObject] - $RoleScopeTags, + $EnrollmentStatusScreenSettings, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [PSObject] - $ScopeType, + [System.String] + $Id, [Parameter()] - [System.String[]] - $Members, + [System.String] + $Language, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $ScopeMembers, + [System.String] + $ManagementServiceAppId, [Parameter()] [PSObject] - $BodyParameter, + $OutOfBoxExperienceSettings, [Parameter()] - [System.String] - $Id, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $RoleDefinition, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PassThru, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm + ) +} +function Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [PSObject] - $Permissions, + [System.String[]] + $ExpandProperty, [Parameter()] [System.String[]] - $RoleScopeTagIds, + $Property, [Parameter()] - [PSObject] - $RoleAssignments, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $Search, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Int32] + $Top, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $RolePermissions, + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] @@ -17625,158 +17660,135 @@ function New-MgDeviceManagementRoleDefinition [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsBuiltInRoleDefinition, + $All, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String] + $CountVariable ) } -function Remove-MgDeviceManagementRoleAssignment +#endregion +#region MicrosoftGraph +function Get-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Property, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceAndAppManagementRoleAssignmentId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $CountVariable, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleAssignment +function Get-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ScopeType, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $Members, + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] @@ -17784,291 +17796,277 @@ function Update-MgDeviceManagementRoleAssignment [Parameter()] [System.String[]] - $ScopeMembers, - - [Parameter()] - [PSObject] - $BodyParameter, + $Sort, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $RoleDefinitionId, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $RoleScopeTags, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleDefinition +function Get-MgDeviceManagementRoleDefinitionRoleAssignment { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $Permissions, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $RoleAssignments, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $RoleAssignmentId, [Parameter()] [System.String] $RoleDefinitionId, [Parameter()] - [PSObject] - $RolePermissions, + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltInRoleDefinition, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgDeviceManagementRoleScopeTag +function New-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] - [PSObject] - $InputObject, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $RoleScopeTags, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $RoleScopeTagId, + [PSObject] + $ScopeType, [Parameter()] - [System.Int32] - $Skip, + [System.String[]] + $Members, [Parameter()] - [System.Int32] - $Top, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $CountVariable, + [System.String[]] + $ScopeMembers, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $BodyParameter, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Get-MgDeviceManagementDeviceEnrollmentConfiguration +function New-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $Permissions, [Parameter()] - [System.Int32] - $Top, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $RoleAssignments, [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $IsBuiltInRoleDefinition, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgRoleManagement +function Remove-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( @@ -18076,39 +18074,55 @@ function Get-MgRoleManagement [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgRoleManagementDirectory +function Remove-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -18118,69 +18132,81 @@ function Get-MgRoleManagementDirectory $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] $HttpPipelineAppend, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgRoleManagementDirectoryRoleAssignment +function Update-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] [System.String] - $UnifiedRoleAssignmentId, + $Description, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [PSObject] + $ScopeType, [Parameter()] - [System.String] - $CountVariable, + [System.String[]] + $Members, [Parameter()] [System.Uri] @@ -18188,115 +18214,46 @@ function Get-MgRoleManagementDirectoryRoleAssignment [Parameter()] [System.String[]] - $Sort, + $ScopeMembers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Filter, + $Id, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Search, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgRoleManagementDirectoryRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [System.String] - $UnifiedRoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [PSObject] + $RoleScopeTags, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgDeviceManagementDeviceEnrollmentConfiguration +function Update-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( @@ -18305,20 +18262,12 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $Description, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -18329,21 +18278,29 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $Priority, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Version, + [PSObject] + $Permissions, [Parameter()] [System.String[]] $RoleScopeTagIds, + [Parameter()] + [PSObject] + $RoleAssignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, + [Parameter()] [System.Uri] $Proxy, @@ -18361,45 +18318,49 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $RoleDefinitionId, [Parameter()] [PSObject] - $DeviceEnrollmentConfigurationType, + $RolePermissions, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsBuiltInRoleDefinition, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgRoleManagementDirectoryRoleAssignment +function Get-MgDeviceManagementRoleScopeTag { [CmdletBinding()] param( [Parameter()] - [PSObject] - $Principal, - - [Parameter()] - [System.String] - $ResourceScope, + [System.String[]] + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $DirectoryScope, + [System.Int32] + $PageSize, [Parameter()] [PSObject] @@ -18407,147 +18368,137 @@ function New-MgRoleManagementDirectoryRoleAssignment [Parameter()] [System.String] - $PrincipalId, + $RoleScopeTagId, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Top, [Parameter()] [System.String] - $Id, + $CountVariable, [Parameter()] - [System.String] - $Condition, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [PSObject] - $AppScope, - - [Parameter()] - [System.String] - $DirectoryScopeId, - - [Parameter()] - [System.String] - $PrincipalOrganizationId, - [Parameter()] [System.String] - $AppScopeId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgRoleManagementDirectoryRoleDefinition +#endregion +#region MicrosoftGraph +function Get-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TemplateId, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $Version, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.Int32] + $Top, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $InheritsPermissionsFrom, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $RolePermissions, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgDeviceManagementDeviceEnrollmentConfiguration +function Get-MgRoleManagement { [CmdletBinding()] param( @@ -18555,48 +18506,36 @@ function Remove-MgDeviceManagementDeviceEnrollmentConfiguration [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Property, [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function Remove-MgRoleManagementDirectory +function Get-MgRoleManagementDirectory { [CmdletBinding()] param( @@ -18604,138 +18543,190 @@ function Remove-MgRoleManagementDirectory [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgRoleManagementDirectoryRoleAssignment +function Get-MgRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $UnifiedRoleAssignmentId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $UnifiedRoleAssignmentId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgRoleManagementDirectoryRoleDefinition +function Get-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Property, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] [System.String] $UnifiedRoleDefinitionId, + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + [Parameter()] [System.String] - $IfMatch, + $CountVariable, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDeviceManagementDeviceEnrollmentConfiguration +function New-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( @@ -18759,10 +18750,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.String] $DisplayName, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -18787,10 +18774,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.String[]] $RoleScopeTagIds, - [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, - [Parameter()] [System.Uri] $Proxy, @@ -18807,10 +18790,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -18828,78 +18807,110 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration $HttpPipelineAppend ) } -function Update-MgRoleManagement +function New-MgRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Principal, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $ResourceScope, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $DeviceManagement, + $DirectoryScope, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $PrincipalId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $EntitlementManagement, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Condition, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [PSObject] - $Directory, + $RoleDefinition, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $CloudPc, + $AppScope, + + [Parameter()] + [System.String] + $DirectoryScopeId, + + [Parameter()] + [System.String] + $PrincipalOrganizationId, + + [Parameter()] + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties + [PSObject] + $HttpPipelineAppend ) } -function Update-MgRoleManagementDirectory +function New-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [PSObject] - $RoleAssignmentScheduleRequests, + [System.String] + $Description, [Parameter()] - [PSObject] - $TransitiveRoleAssignments, + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $ResourceScopes, [Parameter()] [System.Collections.Hashtable] @@ -18910,36 +18921,20 @@ function Update-MgRoleManagementDirectory $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $RoleEligibilitySchedules, - - [Parameter()] - [PSObject] - $ResourceNamespaces, + [System.String] + $TemplateId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $RoleDefinitions, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleInstances, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleRequests, - - [Parameter()] - [PSObject] - $RoleAssignmentSchedules, + [System.String] + $Version, [Parameter()] - [PSObject] - $RoleAssignments, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] @@ -18953,161 +18948,201 @@ function Update-MgRoleManagementDirectory [System.String] $Id, + [Parameter()] + [PSObject] + $InheritsPermissionsFrom, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $RoleAssignmentScheduleInstances, - - [Parameter()] - [PSObject] - $RoleAssignmentApprovals, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsEnabled, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgRoleManagementDirectoryRoleDefinition +function Remove-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ResourceScopes, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $UnifiedRoleDefinitionId, + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Version, + $DeviceEnrollmentConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgRoleManagementDirectory +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, + $IfMatch, [Parameter()] - [PSObject] - $InheritsPermissionsFrom, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Break, [Parameter()] [PSObject] - $RolePermissions, + $HttpPipelineAppend + ) +} +function Remove-MgRoleManagementDirectoryRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + [Parameter()] [System.String] - $TemplateId, + $UnifiedRoleAssignmentId, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabled, + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp +function Remove-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [PSObject] - $AppGroupType, - [Parameter()] [System.Management.Automation.SwitchParameter] $PassThru, [Parameter()] - [PSObject] - $Apps, + [System.String] + $UnifiedRoleDefinitionId, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] @@ -19117,58 +19152,46 @@ function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $HttpPipelineAppend, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function New-MgDeviceAppMgtAndroidManagedAppProtection +function Update-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [System.String] + $Description, [Parameter()] - [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, + $Assignments, [Parameter()] - [System.String] - $CustomBrowserDisplayName, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $MinimumRequiredPatchVersion, + $DisplayName, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -19176,1460 +19199,1551 @@ function New-MgDeviceAppMgtAndroidManagedAppProtection [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $Priority, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Version, [Parameter()] [System.String[]] - $AllowedAndroidDeviceModels, + $RoleScopeTagIds, [Parameter()] [System.String] - $MinimumWarningAppVersion, + $DeviceEnrollmentConfigurationId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $ManagedBrowser, + $BodyParameter, [Parameter()] [System.String] - $Description, + $Id, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String] - $MaximumWarningOSVersion, - - [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MinimumWarningCompanyPortalVersion, + [PSObject] + $DeviceEnrollmentConfigurationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, - - [Parameter()] - [System.String] - $MinimumWarningPatchVersion, + $Break, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, - + $HttpPipelineAppend + ) +} +function Update-MgRoleManagement +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrintBlocked, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $CustomDialerAppDisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $NotificationRestriction, + $DeviceManagement, [Parameter()] - [System.String] - $CustomBrowserPackageId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + $EntitlementManagement, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + $Directory, [Parameter()] [PSObject] - $ApprovedKeyboards, + $CloudPc, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $Break, [Parameter()] - [PSObject] - $AppGroupType, - + [System.Collections.Hashtable] + $AdditionalProperties + ) +} +function Update-MgRoleManagementDirectory +{ + [CmdletBinding()] + param( [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [PSObject] + $RoleAssignmentScheduleRequests, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, + $TransitiveRoleAssignments, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $MaximumRequiredOSVersion, + [PSObject] + $RoleEligibilitySchedules, [Parameter()] - [System.String] - $MinimumWipePatchVersion, + [PSObject] + $ResourceNamespaces, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $RoleDefinitions, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, + $RoleEligibilityScheduleInstances, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + $RoleEligibilityScheduleRequests, [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + [PSObject] + $RoleAssignmentSchedules, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $RoleAssignments, [Parameter()] - [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $AllowedAndroidDeviceManufacturers, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + $Confirm, [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $AllowedDataStorageLocations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $RoleAssignmentScheduleInstances, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $RoleAssignmentApprovals, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $Break, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $HttpPipelineAppend + ) +} +function Update-MgRoleManagementDirectoryRoleDefinition +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $ResourceScopes, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Version, + $UnifiedRoleDefinitionId, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, + $HttpPipelinePrepend, [Parameter()] [System.String] - $MinimumWipeOSVersion, + $Version, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $Break, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $BodyParameter, [Parameter()] - [PSObject] - $MobileThreatDefenseRemediationAction, + [System.String] + $Id, [Parameter()] [PSObject] - $ExemptedAppPackages, + $InheritsPermissionsFrom, [Parameter()] [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, + $Confirm, [Parameter()] - [PSObject] - $DeploymentSummary, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + $RolePermissions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MaximumWipeOSVersion, + $TemplateId, [Parameter()] - [System.Int32] - $MinimumPinLength, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +#endregion +#region MicrosoftGraph +function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EncryptAppData, + [PSObject] + $BodyParameter, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $AppGroupType, [Parameter()] [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, + $PassThru, [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $Apps, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetEvaluationType, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $Confirm, [Parameter()] - [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AppActionIfDeviceLockNotSet, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgDeviceAppMgtAndroidManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $MinimumRequiredCompanyPortalVersion, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [PSObject] + $AppActionIfDevicePasscodeComplexityLessThanHigh, [Parameter()] [PSObject] - $Assignments, + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $CustomBrowserDisplayName, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String] + $MinimumRequiredPatchVersion, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + $AppActionIfAndroidDeviceModelNotAllowed, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, [Parameter()] [PSObject] - $BodyParameter, + $MobileThreatDefensePartnerPriority, [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + [System.String[]] + $AllowedAndroidDeviceModels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MinimumWarningAppVersion, [Parameter()] [PSObject] - $PinCharacterSet, + $ManagedBrowser, [Parameter()] - [PSObject] - $TargetedAppManagementLevels - ) -} -function Set-MgDeviceAppMgtTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( + [System.String] + $Description, + [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $MaximumWarningOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [System.TimeSpan] + $PeriodBeforePinReset, + + [Parameter()] + [System.String] + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $RequireClass3Biometrics, [Parameter()] - [PSObject] - $Assignments, + [System.String] + $MinimumWarningPatchVersion, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDeviceComplianceRequired, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $PrintBlocked, + + [Parameter()] + [System.String] + $CustomDialerAppDisplayName, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AllowedDataIngestionLocations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, + [System.Int32] + $DeployedAppCount, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $NotificationRestriction, + + [Parameter()] + [System.String] + $CustomBrowserPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgDeviceAppMgt -{ - [CmdletBinding()] - param( + $BiometricAuthenticationBlocked, + [Parameter()] [PSObject] - $TargetedManagedAppConfigurations, + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] - [PSObject] - $ManagedEBooks, + [System.String] + $Id, [Parameter()] [PSObject] - $MobileApps, + $RequiredAndroidSafetyNetAppsVerificationType, [Parameter()] [PSObject] - $EnterpriseCodeSigningCertificates, + $ApprovedKeyboards, [Parameter()] - [PSObject] - $ManagedAppPolicies, + [System.Management.Automation.SwitchParameter] + $DeviceComplianceRequired, [Parameter()] [PSObject] - $DeviceAppManagementTasks, + $AppGroupType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $ManagedAppStatuses, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $RequirePinAfterBiometricChange, [Parameter()] [System.String] - $MicrosoftStoreForBusinessLanguage, + $MaximumRequiredOSVersion, [Parameter()] [System.String] - $Id, + $MinimumWipePatchVersion, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, + + [Parameter()] + [System.Int32] + $MaximumPinRetries, [Parameter()] [PSObject] - $ManagedAppRegistrations, + $AppActionIfDevicePasscodeComplexityLessThanLow, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfMaximumPinRetriesExceeded, + + [Parameter()] + [System.String] + $MinimumWipeCompanyPortalVersion, [Parameter()] [PSObject] - $WindowsManagedAppProtections, + $AllowedOutboundDataTransferDestinations, [Parameter()] [PSObject] - $DefaultManagedAppProtections, + $AppActionIfAndroidDeviceManufacturerNotAllowed, + + [Parameter()] + [System.String] + $MinimumWipeAppVersion, + + [Parameter()] + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledForMicrosoftStoreForBusiness, + $OrganizationalCredentialsRequired, [Parameter()] - [PSObject] - $MobileAppCategories, + [System.String] + $CustomDialerAppPackageId, [Parameter()] [PSObject] - $ManagedEBookCategories, + $AllowedDataStorageLocations, [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, + [System.Int32] + $BlockAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [PSObject] - $SymantecCodeSigningCertificate, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $IosManagedAppProtections, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [PSObject] - $IosLobAppProvisioningConfigurations, + $DialerRestrictionLevel, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] [PSObject] - $BodyParameter, + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] - [PSObject] - $WindowsInformationProtectionWipeActions, + [System.String] + $Version, [Parameter()] [PSObject] - $MdmWindowsInformationProtectionPolicies, + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] - [PSObject] - $WindowsManagementApp, + [System.String] + $MinimumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $DataBackupBlocked, [Parameter()] - [PSObject] - $SideLoadingKeys, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [PSObject] - $PolicySets, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $WindowsInformationProtectionDeviceRegistrations, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $VppTokens, + $MobileThreatDefenseRemediationAction, [Parameter()] [PSObject] - $WindowsInformationProtectionPolicies, + $ExemptedAppPackages, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $KeyboardsRestricted, [Parameter()] [PSObject] - $MicrosoftStoreForBusinessPortalSelection, + $DeploymentSummary, [Parameter()] [PSObject] - $AndroidManagedAppProtections, + $Apps, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ScreenCaptureBlocked, [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [PSObject] - $MobileAppConfigurations, + [System.String] + $MaximumWipeOSVersion, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Int32] + $MinimumPinLength, - [Parameter()] - [PSObject] - $WdacSupplementalPolicies - ) -} -function Update-MgDeviceAppMgtAndroidManagedAppProtection -{ - [CmdletBinding()] - param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $SimplePinBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, - - [Parameter()] - [System.String] - $AndroidManagedAppProtectionId, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.Management.Automation.SwitchParameter] + $EncryptAppData, [Parameter()] [System.String] - $CustomBrowserDisplayName, + $MinimumWarningOSVersion, [Parameter()] - [System.String] - $MinimumRequiredPatchVersion, + [System.Management.Automation.SwitchParameter] + $ConnectToVpnOnLaunch, [Parameter()] - [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + $PinRequired, [Parameter()] - [PSObject] - $MobileThreatDefensePartnerPriority, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $FingerprintAndBiometricEnabled, [Parameter()] - [System.String[]] - $AllowedAndroidDeviceModels, + [PSObject] + $AppActionIfDeviceLockNotSet, [Parameter()] - [PSObject] - $ManagedBrowser, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, [Parameter()] [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $MaximumWarningOSVersion, + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.String] - $MinimumWarningCompanyPortalVersion, + [PSObject] + $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String] - $MinimumWarningPatchVersion, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.String] - $CustomDialerAppDisplayName, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $BodyParameter, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CustomBrowserPackageId, + [PSObject] + $PinCharacterSet, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + [PSObject] + $TargetedAppManagementLevels + ) +} +function Set-MgDeviceAppMgtTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Id, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $ApprovedKeyboards, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $PassThru, [Parameter()] [PSObject] - $AppGroupType, + $Assignments, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $TargetedManagedAppConfigurationId, [Parameter()] - [System.String] - $MinimumWipePatchVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, - + $Break + ) +} +function Update-MgDeviceAppMgt +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $TargetedManagedAppConfigurations, [Parameter()] - [System.String] - $Description, + [PSObject] + $ManagedEBooks, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + $MobileApps, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + $EnterpriseCodeSigningCertificates, [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + [PSObject] + $ManagedAppPolicies, [Parameter()] - [System.String] - $Version, + [PSObject] + $DeviceAppManagementTasks, [Parameter()] - [PSObject] - $AllowedOutboundDataTransferDestinations, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, + $ManagedAppStatuses, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $AllowedAndroidDeviceManufacturers, + $MicrosoftStoreForBusinessLanguage, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [System.String] + $Id, [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [PSObject] + $ManagedAppRegistrations, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $WindowsManagedAppProtections, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $DefaultManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsEnabledForMicrosoftStoreForBusiness, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [PSObject] + $MobileAppCategories, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $ManagedEBookCategories, [Parameter()] - [System.String] - $MinimumWarningAppVersion, + [System.DateTime] + $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, + $SymantecCodeSigningCertificate, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $IosManagedAppProtections, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, - - [Parameter()] - [System.String] - $MinimumWipeOSVersion, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $IosLobAppProvisioningConfigurations, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [PSObject] + $BodyParameter, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $WindowsInformationProtectionWipeActions, [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, + $MdmWindowsInformationProtectionPolicies, [Parameter()] [PSObject] - $ExemptedAppPackages, + $WindowsManagementApp, [Parameter()] [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, + $PassThru, [Parameter()] [PSObject] - $DeploymentSummary, + $SideLoadingKeys, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + $PolicySets, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $WindowsInformationProtectionDeviceRegistrations, [Parameter()] - [System.Int32] - $MinimumPinLength, + [PSObject] + $VppTokens, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + [PSObject] + $WindowsInformationProtectionPolicies, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [PSObject] + $MicrosoftStoreForBusinessPortalSelection, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AndroidManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $EncryptAppData, + $Break, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.DateTime] + $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, + [PSObject] + $MobileAppConfigurations, [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetEvaluationType, - + $WdacSupplementalPolicies + ) +} +function Update-MgDeviceAppMgtAndroidManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $Confirm, [Parameter()] - [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, + $AppActionIfDevicePasscodeComplexityLessThanHigh, + + [Parameter()] + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] [PSObject] - $AppActionIfDeviceLockNotSet, + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.String] + $CustomBrowserDisplayName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumRequiredPatchVersion, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $AppActionIfAndroidDeviceModelNotAllowed, [Parameter()] - [System.String] - $MinimumRequiredCompanyPortalVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] - $LastModifiedDateTime, + $CreatedDateTime, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String[]] + $AllowedAndroidDeviceModels, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + $ManagedBrowser, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MaximumWarningOSVersion, [Parameter()] - [PSObject] - $BodyParameter, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + $RequireClass3Biometrics, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MinimumWarningPatchVersion, [Parameter()] [PSObject] - $PinCharacterSet, + $AppActionIfDeviceComplianceRequired, [Parameter()] - [PSObject] - $TargetedAppManagementLevels - ) -} -function Get-MgDeviceAppManagement -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $PrintBlocked, + + [Parameter()] + [System.String] + $CustomDialerAppDisplayName, + [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $DeployedAppCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $NotificationRestriction, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $CustomBrowserPackageId, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $BiometricAuthenticationBlocked, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Get-MgDeviceAppManagementAndroidManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $ApprovedKeyboards, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $AppGroupType, + + [Parameter()] + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $RequirePinAfterBiometricChange, [Parameter()] [System.String] - $CountVariable, + $MaximumRequiredOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWipePatchVersion, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] [System.String] - $Filter, + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RequiredAndroidSafetyNetAppsVerificationType, + + [Parameter()] + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $MinimumWipeCompanyPortalVersion, [Parameter()] [System.String] - $Search, + $Version, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfAndroidDeviceManufacturerNotAllowed, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementiOSManagedAppProtection -{ - [CmdletBinding()] - param( + [System.String] + $MinimumWipeAppVersion, + [Parameter()] - [System.String[]] - $Property, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $OrganizationalCredentialsRequired, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $CustomDialerAppPackageId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedDataStorageLocations, + + [Parameter()] + [System.Int32] + $BlockAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $DisplayName, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsAssigned, + + [Parameter()] + [PSObject] + $DialerRestrictionLevel, [Parameter()] [System.String] - $CountVariable, + $MinimumWarningAppVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] - [System.String[]] - $Sort, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] [System.String] - $Filter, + $MinimumWipeOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] - [System.String] - $Search, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementiOSManagedAppProtectionApp -{ - [CmdletBinding()] - param( + $HttpPipelinePrepend, + [Parameter()] - [System.String[]] - $Property, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [PSObject] - $InputObject, + $ExemptedAppPackages, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $KeyboardsRestricted, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $DeploymentSummary, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Apps, [Parameter()] - [System.String] - $IosManagedAppProtectionId, + [System.Management.Automation.SwitchParameter] + $ScreenCaptureBlocked, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, + + [Parameter()] + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Int32] - $Top, + $MinimumPinLength, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWarningOSVersion, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $EncryptAppData, [Parameter()] - [System.String] - $Filter, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ConnectToVpnOnLaunch, [Parameter()] - [System.String] - $Search, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.String] - $ManagedMobileAppId, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PinRequired, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + $AppActionIfDevicePasscodeComplexityLessThanLow, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDeviceLockNotSet, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $SaveAsBlocked, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $Assignments, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, + [PSObject] + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $FingerprintAndBiometricEnabled, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [PSObject] + $BodyParameter, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $PinCharacterSet, [Parameter()] [PSObject] - $HttpPipelineAppend + $TargetedAppManagementLevels ) } -function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment +function Get-MgDeviceAppManagement { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgDeviceAppManagementAndroidManagedAppProtection +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $TargetedManagedAppPolicyAssignmentId, + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] @@ -20643,10 +20757,6 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment [System.String[]] $Sort, - [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -20659,6 +20769,10 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $AndroidManagedAppProtectionId, + [Parameter()] [System.String] $Search, @@ -20676,1007 +20790,974 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment $HttpPipelineAppend ) } -function New-MgDeviceAppManagementiOSManagedAppProtection +function Get-MgDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.String[]] - $ExemptedUniversalLinks, + $Property, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, - - [Parameter()] - [System.String] - $MinimumWipeSdkVersion, + $InputObject, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $IosManagedAppProtectionId, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $ManagedBrowser, + [System.String] + $CountVariable, [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.String[]] + $Sort, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $MaximumWarningOSVersion, + $Filter, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $AppActionIfDeviceComplianceRequired, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PinRequired, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, - + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementiOSManagedAppProtectionApp +{ + [CmdletBinding()] + param( [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $DeployedAppCount, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $HttpPipelinePrepend, [Parameter()] [System.String] - $MinimumWarningSdkVersion, + $IosManagedAppProtectionId, [Parameter()] - [System.String] - $Id, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $AppGroupType, + [System.String] + $CountVariable, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $Search, [Parameter()] [System.String] - $AllowedIosDeviceModels, + $ManagedMobileAppId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Break, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.String] - $MinimumWipeAppVersion, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DisplayName, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $DialerRestrictionLevel, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [System.String] - $MinimumWarningAppVersion, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Version, + $Filter, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Apps, + [System.String] + $Search, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [PSObject] - $MobileThreatDefenseRemediationAction, - + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.String[]] + $Property, [Parameter()] [PSObject] - $DeploymentSummary, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $PinCharacterSet, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.Int32] + $Skip, [Parameter()] [System.Int32] - $MinimumPinLength, + $Top, [Parameter()] [System.String] - $MinimumWarningOSVersion, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + $TargetedManagedAppPolicyAssignmentId, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $ExemptedAppProtocols, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Assignments, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $CustomDialerAppProtocol, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [System.String] + $Search, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CustomBrowserProtocol, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AllowedInboundDataTransferSources, - + $HttpPipelineAppend + ) +} +function New-MgDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExemptedUniversalLinks, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $MaximumAllowedDeviceThreatLevel, [Parameter()] [System.String] - $MinimumRequiredSdkVersion, - - [Parameter()] - [System.String[]] - $ManagedUniversalLinks - ) -} -function New-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $DeployedAppCount, + $MinimumWipeSdkVersion, [Parameter()] [PSObject] - $TargetedAppManagementLevels, + $AppDataEncryptionType, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ThirdPartyKeyboardsBlocked, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $ManagedBrowser, [Parameter()] [System.String] $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [System.String] - $Version, + $MaximumWarningOSVersion, + + [Parameter()] + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] [PSObject] - $DeploymentSummary, + $AppActionIfDeviceComplianceRequired, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $PrintBlocked, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $AppGroupType, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $CustomSettings, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $BodyParameter, + $NotificationRestriction, [Parameter()] - [System.String] - $Id, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $Apps, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWarningSdkVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementAndroidManagedAppProtection -{ - [CmdletBinding()] - param( + $AppGroupType, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $MaximumRequiredOSVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedIosDeviceModels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ContactSyncBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementiOSManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $AllowedOutboundDataTransferDestinations, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWipeAppVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + $OrganizationalCredentialsRequired, [Parameter()] [PSObject] - $InputObject, + $AllowedDataStorageLocations, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $FaceIdBlocked, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $SaveAsBlocked, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProtectInboundDataFromUnknownSources, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( + $DialerRestrictionLevel, + [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $MinimumWarningAppVersion, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Version, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWipeOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $Apps, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] [System.String] - $IfMatch, + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] [PSObject] - $HttpPipelineAppend, + $DeploymentSummary, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $SimplePinBlocked, + + [Parameter()] + [PSObject] + $PinCharacterSet, + + [Parameter()] + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgDeviceAppManagement -{ - [CmdletBinding()] - param( + $DisableProtectionOfManagedOutboundOpenInData, + [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, + [System.Int32] + $MinimumPinLength, [Parameter()] - [PSObject] - $TargetedManagedAppConfigurations, + [System.String] + $MinimumWarningOSVersion, [Parameter()] [PSObject] - $PolicySets, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $ManagedEBooks, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [PSObject] - $MobileApps, + $ExemptedAppProtocols, [Parameter()] [PSObject] - $EnterpriseCodeSigningCertificates, + $Assignments, [Parameter()] [PSObject] - $ManagedAppPolicies, + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [PSObject] - $DeviceAppManagementTasks, + $AppActionIfIosDeviceModelNotAllowed, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $CustomDialerAppProtocol, [Parameter()] - [PSObject] - $ManagedAppStatuses, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [PSObject] - $WindowsManagementApp, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [PSObject] - $ManagedAppRegistrations, + [System.String] + $CustomBrowserProtocol, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedInboundDataTransferSources, [Parameter()] - [PSObject] - $WindowsManagedAppProtections, + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $DefaultManagedAppProtections, + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledForMicrosoftStoreForBusiness, + $Break, [Parameter()] - [PSObject] - $WindowsInformationProtectionWipeActions, + [System.String] + $MinimumRequiredSdkVersion, [Parameter()] - [System.String] - $MicrosoftStoreForBusinessLanguage, + [System.String[]] + $ManagedUniversalLinks + ) +} +function New-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $ManagedEBookCategories, + $TargetedAppManagementLevels, [Parameter()] [System.DateTime] - $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, + $LastModifiedDateTime, [Parameter()] [PSObject] - $SymantecCodeSigningCertificate, + $Assignments, [Parameter()] - [PSObject] - $IosManagedAppProtections, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $IosLobAppProvisioningConfigurations, + [System.String] + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $BodyParameter, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $MobileAppCategories, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsAssigned, [Parameter()] [PSObject] - $SideLoadingKeys, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Version, [Parameter()] [PSObject] - $WindowsInformationProtectionDeviceRegistrations, + $DeploymentSummary, [Parameter()] - [PSObject] - $VppTokens, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $WindowsInformationProtectionPolicies, + $AppGroupType, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $MicrosoftStoreForBusinessPortalSelection, + $CustomSettings, [Parameter()] [PSObject] - $AndroidManagedAppProtections, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [PSObject] - $MdmWindowsInformationProtectionPolicies, + $Apps, [Parameter()] - [PSObject] - $MobileAppConfigurations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $WdacSupplementalPolicies + $HttpPipelineAppend ) } -function Update-MgDeviceAppManagementiOSManagedAppProtection +function Remove-MgDeviceAppManagementAndroidManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ExemptedUniversalLinks, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeSdkVersion, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.String] + $IfMatch, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $InputObject, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + $Break, [Parameter()] [PSObject] - $ManagedBrowser, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, - - [Parameter()] - [System.Int32] - $PreviousPinBlockCount, - - [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, - - [Parameter()] - [System.Int32] - $MinimumPinLength, - + $HttpPipelineAppend + ) +} +function Remove-MgDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PinRequired, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AllowedDataIngestionLocations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $InputObject, [Parameter()] [System.String] $IosManagedAppProtectionId, [Parameter()] - [System.String] - $MinimumWarningSdkVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $Break, [Parameter()] [PSObject] - $AppGroupType, - + $HttpPipelineAppend + ) +} +function Remove-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + $PassThru, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $IfMatch, [Parameter()] - [System.String] - $AllowedIosDeviceModels, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Confirm, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $ProxyUseDefaultCredentials, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Update-MgDeviceAppManagement +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, + $TargetedManagedAppConfigurations, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [PSObject] + $PolicySets, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [PSObject] + $ManagedEBooks, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $MobileApps, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $EnterpriseCodeSigningCertificates, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + [PSObject] + $ManagedAppPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + [PSObject] + $DeviceAppManagementTasks, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $Confirm, [Parameter()] [PSObject] - $DialerRestrictionLevel, - - [Parameter()] - [System.String] - $MinimumWarningAppVersion, + $ManagedAppStatuses, [Parameter()] - [System.String] - $Version, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.String] - $MinimumRequiredSdkVersion, - - [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + $WindowsManagementApp, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [PSObject] + $ManagedAppRegistrations, [Parameter()] [PSObject] @@ -21684,406 +21765,597 @@ function Update-MgDeviceAppManagementiOSManagedAppProtection [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, - - [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + $WindowsManagedAppProtections, [Parameter()] [PSObject] - $DeploymentSummary, + $DefaultManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $IsEnabledForMicrosoftStoreForBusiness, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $WindowsInformationProtectionWipeActions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.String] + $MicrosoftStoreForBusinessLanguage, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [PSObject] + $ManagedEBookCategories, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [System.DateTime] + $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, [Parameter()] [PSObject] - $HttpPipelineAppend, + $SymantecCodeSigningCertificate, [Parameter()] [PSObject] - $ExemptedAppProtocols, + $IosManagedAppProtections, [Parameter()] [PSObject] - $Assignments, + $IosLobAppProvisioningConfigurations, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + $BodyParameter, [Parameter()] [System.String] - $CustomDialerAppProtocol, + $Id, [Parameter()] - [System.String] - $MaximumWarningOSVersion, + [PSObject] + $MobileAppCategories, [Parameter()] [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + $PassThru, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $SideLoadingKeys, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [PSObject] + $WindowsInformationProtectionDeviceRegistrations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [PSObject] + $VppTokens, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $WindowsInformationProtectionPolicies, [Parameter()] - [System.String] - $CustomBrowserProtocol, + [PSObject] + $MicrosoftStoreForBusinessPortalSelection, [Parameter()] [PSObject] - $AllowedInboundDataTransferSources, + $AndroidManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MdmWindowsInformationProtectionPolicies, [Parameter()] [PSObject] - $BodyParameter, + $MobileAppConfigurations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $PinCharacterSet, - - [Parameter()] - [System.String[]] - $ManagedUniversalLinks + $WdacSupplementalPolicies ) } -function Update-MgDeviceAppManagementTargetedManagedAppConfiguration +function Update-MgDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String[]] + $ExemptedUniversalLinks, + [Parameter()] [PSObject] - $DeploymentSummary, + $MaximumAllowedDeviceThreatLevel, + + [Parameter()] + [System.String] + $MinimumWipeSdkVersion, [Parameter()] [PSObject] - $TargetedAppManagementLevels, + $AppDataEncryptionType, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ThirdPartyKeyboardsBlocked, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $ManagedBrowser, [Parameter()] [System.String] $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.String] - $Version, + [System.Int32] + $MinimumPinLength, [Parameter()] - [System.Int32] - $DeployedAppCount, + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $AppGroupType, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $CustomSettings, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + $NotificationRestriction, [Parameter()] - [PSObject] - $Apps, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $IosManagedAppProtectionId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWarningSdkVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -#endregion -#region MicrosoftGraph -function Get-MgGroup -{ - [CmdletBinding()] - param( + $AppGroupType, + [Parameter()] - [System.String[]] - $Property, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $InputObject, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, [Parameter()] - [System.Int32] - $Top, + [System.String] + $MaximumRequiredOSVersion, [Parameter()] [System.String] - $CountVariable, + $AllowedIosDeviceModels, [Parameter()] - [System.String] - $GroupId, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $PrintBlocked, [Parameter()] - [System.String] - $ConsistencyLevel, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DataBackupBlocked, [Parameter()] [System.String] - $Filter, + $MinimumWipeAppVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $OrganizationalCredentialsRequired, + + [Parameter()] + [PSObject] + $AllowedDataStorageLocations, [Parameter()] [System.String] - $Search, + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $FaceIdBlocked, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProtectInboundDataFromUnknownSources, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsAssigned, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgGroupLifecyclePolicy -{ - [CmdletBinding()] - param( + $DialerRestrictionLevel, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $MinimumWarningAppVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Version, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MinimumWipeOSVersion, + + [Parameter()] + [PSObject] + $Apps, [Parameter()] [System.String] - $GroupLifecyclePolicyId, + $MinimumRequiredSdkVersion, [Parameter()] - [System.Int32] - $PageSize, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, + + [Parameter()] + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [System.Int32] - $Top, + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DeploymentSummary, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DisableProtectionOfManagedOutboundOpenInData, + + [Parameter()] + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [System.String] - $Filter, + $MinimumWarningOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $Search, + [PSObject] + $ExemptedAppProtocols, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $Assignments, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [PSObject] - $HttpPipelineAppend - ) + $AppActionIfIosDeviceModelNotAllowed, + + [Parameter()] + [System.String] + $CustomDialerAppProtocol, + + [Parameter()] + [System.String] + $MaximumWarningOSVersion, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.TimeSpan] + $PeriodBeforePinReset, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $CustomBrowserProtocol, + + [Parameter()] + [PSObject] + $AllowedInboundDataTransferSources, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $PinCharacterSet, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks + ) } -function Get-MgGroupMember +function Update-MgDeviceAppManagementTargetedManagedAppConfiguration { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $DeploymentSummary, + + [Parameter()] + [PSObject] + $TargetedAppManagementLevels, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $Version, + + [Parameter()] + [System.Int32] + $DeployedAppCount, + [Parameter()] [System.String[]] - $Property, + $RoleScopeTagIds, + + [Parameter()] + [PSObject] + $AppGroupType, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $CustomSettings, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $Apps, + + [Parameter()] + [System.String] + $TargetedManagedAppConfigurationId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +#endregion +#region MicrosoftGraph +function Get-MgGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $PageSize, @@ -22144,12 +22416,16 @@ function Get-MgGroupMember [System.String[]] $ExpandProperty, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgGroupMemberOf +function Get-MgGroupLifecyclePolicy { [CmdletBinding()] param( @@ -22157,10 +22433,18 @@ function Get-MgGroupMemberOf [System.String[]] $Property, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $GroupLifecyclePolicyId, + [Parameter()] [System.Int32] $PageSize, @@ -22173,10 +22457,6 @@ function Get-MgGroupMemberOf [System.Int32] $Skip, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Int32] $Top, @@ -22185,10 +22465,6 @@ function Get-MgGroupMemberOf [System.String] $CountVariable, - [Parameter()] - [System.String] - $GroupId, - [Parameter()] [System.Uri] $Proxy, @@ -22197,10 +22473,6 @@ function Get-MgGroupMemberOf [System.String[]] $Sort, - [Parameter()] - [System.String] - $ConsistencyLevel, - [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -22217,10 +22489,6 @@ function Get-MgGroupMemberOf [System.String] $Search, - [Parameter()] - [System.String] - $DirectoryObjectId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -22234,7 +22502,7 @@ function Get-MgGroupMemberOf $HttpPipelineAppend ) } -function Get-MgGroupOwner +function Get-MgGroupMember { [CmdletBinding()] param( @@ -22311,52 +22579,214 @@ function Get-MgGroupOwner $HttpPipelineAppend ) } -function New-MgGroup +function Get-MgGroupMemberOf { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] - [System.String] - $Mail, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Visibility, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $PermissionGrants, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CreatedByAppId, + [System.Int32] + $Skip, [Parameter()] [PSObject] - $Sites, + $InputObject, [Parameter()] - [PSObject] - $AppRoleAssignments, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SecurityEnabled, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $AssignedLabels, + [System.String] + $GroupId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $ConsistencyLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgGroupOwner +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.String] + $GroupId, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $ConsistencyLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Mail, + + [Parameter()] + [System.String] + $Visibility, + + [Parameter()] + [PSObject] + $PermissionGrants, + + [Parameter()] + [System.String] + $CreatedByAppId, + + [Parameter()] + [PSObject] + $Sites, + + [Parameter()] + [PSObject] + $AppRoleAssignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SecurityEnabled, + + [Parameter()] + [PSObject] + $AssignedLabels, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] $Calendar, [Parameter()] @@ -46356,3 +46786,930 @@ function Set-CsUserCallingSettings ) } #endregion +#region MgDeviceManagementGroupPolicyConfiguration +function Get-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationAssignment +function Get-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValue +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials + ) +} + +#endregion + From e7ce923c81c94518e19b4496947abece115b9406 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 6 Feb 2023 19:49:42 +0000 Subject: [PATCH 2/9] merge --- CHANGELOG.md | 46 +++++- ...ntuneDeviceConfigurationPolicyWindows10.md | 4 +- ...ionProtectionPolicyWindows10MdmEnrolled.md | 144 ++++++++++++++++++ docs/docs/resources/planner/PlannerBucket.md | 4 +- docs/docs/resources/planner/PlannerPlan.md | 4 +- .../power-platform/PPPowerAppsEnvironment.md | 2 +- .../security-compliance/SCProtectionAlert.md | 13 +- .../resources/teams/TeamsCallHoldPolicy.md | 23 +++ .../resources/teams/TeamsCallParkPolicy.md | 26 ++++ .../teams/TeamsComplianceRecordingPolicy.md | 26 ++++ .../resources/teams/TeamsCortanaPolicy.md | 23 +++ .../teams/TeamsEnhancedEncryptionPolicy.md | 24 +++ .../resources/teams/TeamsMobilityPolicy.md | 25 +++ .../teams/TeamsNetworkRoamingPolicy.md | 24 +++ .../teams/TeamsTenantNetworkRegion.md | 23 +++ .../resources/teams/TeamsTenantNetworkSite.md | 29 ++++ .../teams/TeamsTenantNetworkSubnet.md | 24 +++ .../resources/teams/TeamsTranslationRule.md | 24 +++ .../teams/TeamsUnassignedNumberTreatment.md | 26 ++++ docs/docs/resources/teams/TeamsVdiPolicy.md | 24 +++ .../resources/teams/TeamsWorkloadPolicy.md | 29 ++++ .../Update-M365DSCAzureAdApplication.md | 4 +- 22 files changed, 557 insertions(+), 14 deletions(-) create mode 100644 docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md create mode 100644 docs/docs/resources/teams/TeamsCallHoldPolicy.md create mode 100644 docs/docs/resources/teams/TeamsCallParkPolicy.md create mode 100644 docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md create mode 100644 docs/docs/resources/teams/TeamsCortanaPolicy.md create mode 100644 docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md create mode 100644 docs/docs/resources/teams/TeamsMobilityPolicy.md create mode 100644 docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkRegion.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkSite.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkSubnet.md create mode 100644 docs/docs/resources/teams/TeamsTranslationRule.md create mode 100644 docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md create mode 100644 docs/docs/resources/teams/TeamsVdiPolicy.md create mode 100644 docs/docs/resources/teams/TeamsWorkloadPolicy.md diff --git a/CHANGELOG.md b/CHANGELOG.md index a87802b110..d994c8228b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,29 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.201.1 + +* PlannerTask + * Fixed issue where Attachments Uri weren't properly exiting single quotes. + FIXES [#2822](https://github.com/microsoft/Microsoft365DSC/issues/2822) +* PPPowerAppsEnvironment + * Adds support for Developr SKU and fix for Teams SKU + FIXES [#2821](https://github.com/microsoft/Microsoft365DSC/issues/2821) +* SCProtectionAlert + * Support for certificate based auth + * Fix removal of alert + * Added additional supported values for ThreatType, Severity & AggregationType + FIXES [#2793](https://github.com/microsoft/Microsoft365DSC/issues/2793) +* TeamsTenantNetworkRegion + * Initial Release. +* TeamsTenantNetworkSite + * Initial Release. +* TeamsTenantNetworkSubnet + * Initial Release. +* DEPENDENCIES + * Updated Microsoft.Graph.* to version 1.21.0 + * Updated MicrosoftTeams to version 4.9.3 + +# 1.23.125.1 * TeamsAudioConferencingPolicy * Initial Release. @@ -20,6 +43,27 @@ * Initial Release. * TeamsTranslationRule * Initial Release. +* TeamsUnassignedNumberTreatment + * Initial Release. +* TeamsVDIPolicy + * Initial Release. +* TeamsWorkloadPolicy + * Initial Release. +* DRG + * Added CIM constructor in Get-TargetResource + * Improved management of AdditionalProperties + * Improved datetime and dateoffset management + * Fixed UnitTest + * Generate Stubs if required + * Fixes #2819 +* IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + * Initial Release + * Fixes #2604 +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.155. +* Planner + * Fixed api-permissions on PlannerBucket and PlannerPlan. + FIXES [#2843](https://github.com/microsoft/Microsoft365DSC/issues/2843) # 1.23.118.1 diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md index cc272d78b2..d45a84a0b4 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | Description of the device configuration policy for Windows 10. | | -| **Description** | Write | String | Display name of the device configuration policy for Windows 10. | | +| **DisplayName** | Key | String | Display name of the device configuration policy for Windows 10. | | +| **Description** | Write | String | Description of the device configuration policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **EnterpriseCloudPrintDiscoveryEndPoint** | Write | String | Endpoint for discovering cloud printers. | | | **EnterpriseCloudPrintOAuthAuthority** | Write | String | Authentication endpoint for acquiring OAuth tokens. | | diff --git a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md new file mode 100644 index 0000000000..a6b1b07bb9 --- /dev/null +++ b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md @@ -0,0 +1,144 @@ +# IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AzureRightsManagementServicesAllowed** | Write | Boolean | Specifies whether to allow Azure RMS encryption for WIP | | +| **DataRecoveryCertificate** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) | | +| **EnforcementLevel** | Write | String | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. | `noProtection`, `encryptAndAuditOnly`, `encryptAuditAndPrompt`, `encryptAuditAndBlock` | +| **EnterpriseDomain** | Write | String | Primary enterprise domain | | +| **EnterpriseInternalProxyServers** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies | | +| **EnterpriseIPRanges** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[] | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to | | +| **EnterpriseIPRangesAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false | | +| **EnterpriseNetworkDomainNames** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to | | +| **EnterpriseProtectedDomainNames** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | List of enterprise domains to be protected | | +| **EnterpriseProxiedDomains** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[] | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy | | +| **EnterpriseProxyServers** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is a list of proxy servers. Any server not on this list is considered non-enterprise | | +| **EnterpriseProxyServersAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false | | +| **ExemptApps** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionApp[] | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. | | +| **IconsVisible** | Write | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app | | +| **IndexingEncryptedStoresOrItemsBlocked** | Write | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items | | +| **NeutralDomainResources** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | List of domain names that can used for work or personal resource | | +| **ProtectedApps** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionApp[] | Protected applications can access enterprise data and the data handled by those applications are protected with encryption | | +| **ProtectionUnderLockConfigRequired** | Write | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured | | +| **RevokeOnUnenrollDisabled** | Write | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. | | +| **RightsManagementServicesTemplateId** | Write | String | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access | | +| **SmbAutoEncryptedFileExtensions** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary | | +| **Description** | Write | String | The policy's description. | | +| **DisplayName** | Write | String | Policy display name. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Certificate** | Write | String | Data recovery Certificate | | +| **Description** | Write | String | Data recovery Certificate description | | +| **ExpirationDateTime** | Write | String | Data recovery Certificate expiration datetime | | +| **SubjectName** | Write | String | Data recovery Certificate subject name | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **Resources** | Write | StringArray[] | Collection of resources | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **Ranges** | Write | MSFT_MicrosoftGraphIpRange[] | Collection of ip ranges | | + +### MSFT_MicrosoftGraphIpRange + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CidrAddress** | Write | String | IPv4 address in CIDR notation. Not nullable. | | +| **LowerAddress** | Write | String | Lower address. | | +| **UpperAddress** | Write | String | Upper address. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.iPv4CidrRange`, `#microsoft.graph.iPv6CidrRange`, `#microsoft.graph.iPv4Range`, `#microsoft.graph.iPv6Range` | + +### MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **ProxiedDomains** | Write | MSFT_MicrosoftGraphProxiedDomain[] | Collection of proxied domains | | + +### MSFT_MicrosoftGraphProxiedDomain + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IpAddressOrFQDN** | Write | String | The IP address or FQDN | | +| **Proxy** | Write | String | Proxy IP or FQDN | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionApp + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Denied** | Write | Boolean | If true, app is denied protection or exemption. | | +| **Description** | Write | String | The app's description. | | +| **DisplayName** | Write | String | App display name. | | +| **ProductName** | Write | String | The product name. | | +| **PublisherName** | Write | String | The publisher name | | +| **BinaryName** | Write | String | The binary name. | | +| **BinaryVersionHigh** | Write | String | The high binary version. | | +| **BinaryVersionLow** | Write | String | The lower binary version. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.windowsInformationProtectionDesktopApp`, `#microsoft.graph.windowsInformationProtectionStoreApp` | + + +## Description + +Intune Windows Information Protection Policy for Windows10 Mdm Enrolled + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All + +- **Update** + + - None + + diff --git a/docs/docs/resources/planner/PlannerBucket.md b/docs/docs/resources/planner/PlannerBucket.md index 3e1b358d09..26d9594560 100644 --- a/docs/docs/resources/planner/PlannerBucket.md +++ b/docs/docs/resources/planner/PlannerBucket.md @@ -32,11 +32,11 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - Tasks.Read + - Tasks.Read.All - **Update** - - Tasks.ReadWrite + - Tasks.ReadWrite.All #### Application permissions diff --git a/docs/docs/resources/planner/PlannerPlan.md b/docs/docs/resources/planner/PlannerPlan.md index 28052b4b67..e56b54164b 100644 --- a/docs/docs/resources/planner/PlannerPlan.md +++ b/docs/docs/resources/planner/PlannerPlan.md @@ -31,11 +31,11 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - Group.Read.All, Tasks.Read + - Group.Read.All, Tasks.Read.All - **Update** - - Group.Read.All, Tasks.Read, Tasks.ReadWrite + - Group.Read.All, Tasks.Read.All, Tasks.ReadWrite.All #### Application permissions diff --git a/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md b/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md index d7c14e1e5b..fa00e7f85a 100644 --- a/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md +++ b/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **DisplayName** | Key | String | Display name for the PowerApps environment | | | **Location** | Required | String | Location of the PowerApps environment. | `canada`, `unitedstates`, `europe`, `asia`, `australia`, `india`, `japan`, `unitedkingdom`, `unitedstatesfirstrelease`, `southamerica`, `france`, `usgov` | -| **EnvironmentSKU** | Required | String | Environment type. | `Production`, `Standard`, `Trial`, `Sandbox`, `SubscriptionBasedTrial`, `Teams` | +| **EnvironmentSKU** | Required | String | Environment type. | `Production`, `Standard`, `Trial`, `Sandbox`, `SubscriptionBasedTrial`, `Teams`, `Developer` | | **Ensure** | Write | String | Only accepted value is 'Present'. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Power Platform Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/security-compliance/SCProtectionAlert.md b/docs/docs/resources/security-compliance/SCProtectionAlert.md index 3c47761e1a..c7d4b5d38c 100644 --- a/docs/docs/resources/security-compliance/SCProtectionAlert.md +++ b/docs/docs/resources/security-compliance/SCProtectionAlert.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **AlertBy** | Write | StringArray[] | Specifies the scope for aggregated alert policies | | | **AlertFor** | Write | StringArray[] | This parameter is reserved for internal Microsoft use | | -| **AggregationType** | Write | String | Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity | `None`, `SimpleAggregation`, `AnomalousAggregation` | +| **AggregationType** | Write | String | Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity | `None`, `SimpleAggregation`, `AnomalousAggregation`, `CustomAggregation` | | **Category** | Write | String | Specifies a category for the alert policy | | | **Comment** | Write | String | Specifies an optional comment | | | **Disabled** | Write | Boolean | Enables or disables the alert policy | | @@ -24,12 +24,17 @@ | **PrivacyManagementScopedSensitiveInformationTypes** | Write | StringArray[] | PrivacyManagementScopedSensitiveInformationTypes | | | **PrivacyManagementScopedSensitiveInformationTypesForCounting** | Write | StringArray[] | PrivacyManagementScopedSensitiveInformationTypesForCounting | | | **PrivacyManagementScopedSensitiveInformationTypesThreshold** | Write | UInt64 | PrivacyManagementScopedSensitiveInformationTypesThreshold | | -| **Severity** | Write | String | specifies the severity of the detection | `Low`, `Medium`, `High` | -| **ThreatType** | Write | String | Specifies the type of activities that are monitored by the alert policy | `Activity`, `Malware`, `Phish`, `Malicious`, `MaliciousUrlClick` | +| **Severity** | Write | String | specifies the severity of the detection | `Low`, `Medium`, `High`, `Informational` | +| **ThreatType** | Write | String | Specifies the type of activities that are monitored by the alert policy | `Activity`, `Malware`, `Phish`, `Malicious`, `MaliciousUrlClick`, `MailFlow` | | **Threshold** | Write | UInt32 | Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3. | | | **TimeWindow** | Write | UInt32 | Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour). | | | **VolumeThreshold** | Write | UInt32 | Volume Threshold | | -| **Credential** | Required | PSCredential | Credentials of the Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | ## Description diff --git a/docs/docs/resources/teams/TeamsCallHoldPolicy.md b/docs/docs/resources/teams/TeamsCallHoldPolicy.md new file mode 100644 index 0000000000..6db5659545 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCallHoldPolicy.md @@ -0,0 +1,23 @@ +# TeamsCallHoldPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier to be assigned to the new Teams call hold policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant. | | +| **AudioFileId** | Write | String | A string representing the ID referencing an audio file uploaded via the Import-CsOnlineAudioFile cmdlet. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams call hold policy. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new Teams call hold policy in your tenant. The Teams call hold policy is used to customize the call hold experience for Teams clients. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsCallParkPolicy.md b/docs/docs/resources/teams/TeamsCallParkPolicy.md new file mode 100644 index 0000000000..c3fffb4949 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCallParkPolicy.md @@ -0,0 +1,26 @@ +# TeamsCallParkPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | A unique identifier for the policy - this will be used to retrieve the policy later on to assign it to specific users. | | +| **AllowCallPark** | Write | Boolean | If set to true, customers will be able to leverage the call park feature to place calls on hold and then decide how the call should be handled - transferred to another department, retrieved using the same phone, or retrieved using a different phone. | | +| **Description** | Write | String | Description of the Teams Call Park Policy. | | +| **ParkTimeoutSeconds** | Write | UInt64 | Specify the number of seconds to wait before ringing the parker when the parked call hasn't been picked up. Value can be from 120 to 1800 (seconds). | | +| **PickupRangeEnd** | Write | UInt64 | Specify the maximum value that a rendered pickup code can take. Value can be from 10 to 9999. Note: PickupRangeStart must be smaller than PickupRangeEnd. | | +| **PickupRangeStart** | Write | UInt64 | Specify the minimum value that a rendered pickup code can take. Value can be from 10 to 9999. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The TeamsCallParkPolicy controls whether or not users are able to leverage the call park feature in Microsoft Teams. Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone. The New-CsTeamsCallParkPolicy resource lets you create a new custom policy that can then be assigned to one or more specific users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md new file mode 100644 index 0000000000..9cad2bfe71 --- /dev/null +++ b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md @@ -0,0 +1,26 @@ +# TeamsComplianceRecordingPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier of the application instance of a policy-based recording application to be retrieved. | | +| **ComplianceRecordingApplications** | Write | StringArray[] | A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to. | | +| **DisableComplianceRecordingAudioNotificationForCalls** | Write | Boolean | Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording. | | +| **Enabled** | Write | Boolean | Controls whether this Teams recording policy is active or not. | | +| **WarnUserOnRemoval** | Write | Boolean | This parameter is reserved for future use. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsCortanaPolicy.md b/docs/docs/resources/teams/TeamsCortanaPolicy.md new file mode 100644 index 0000000000..51f3fb6502 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCortanaPolicy.md @@ -0,0 +1,23 @@ +# TeamsCortanaPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for Teams cortana policy you're creating. | | +| **CortanaVoiceInvocationMode** | Write | String | The value of this field indicates if Cortana is enabled and mode of invocation. | `Disabled`, `PushToTalkUserOverride`, `WakeWordPushToTalkUserOverride` | +| **Description** | Write | String | Provide a description of your policy to identify purpose of creating it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The CsTeamsCortanaPolicy resources enable administrators to control settings for Cortana voice assistant in Microsoft Teams. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md b/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md new file mode 100644 index 0000000000..36dc81c7f7 --- /dev/null +++ b/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md @@ -0,0 +1,24 @@ +# TeamsEnhancedEncryptionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier assigned to the Teams enhanced encryption policy. | | +| **CallingEndtoEndEncryptionEnabledType** | Write | String | Determines whether End-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on End-to-end encrypted calls. Set this to Disabled to prohibit. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy. | | +| **MeetingEndToEndEncryption** | Write | String | N/A | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Use this resource to create a new Teams enhanced encryption policy. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsMobilityPolicy.md b/docs/docs/resources/teams/TeamsMobilityPolicy.md new file mode 100644 index 0000000000..63971e3521 --- /dev/null +++ b/docs/docs/resources/teams/TeamsMobilityPolicy.md @@ -0,0 +1,25 @@ +# TeamsMobilityPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Specify the name of the policy that you are creating. | | +| **Description** | Write | String | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to. | | +| **IPAudioMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | +| **IPVideoMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | +| **MobileDialerPreference** | Write | String | N/A | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The TeamsMobilityPolicy allows Admins to control Teams mobile usage for users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md new file mode 100644 index 0000000000..4ef6442b08 --- /dev/null +++ b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md @@ -0,0 +1,24 @@ +# TeamsNetworkRoamingPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | | | +| **AllowIPVideo** | Write | Boolean | Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video. | | +| **Description** | Write | String | Description of the new policy to be created. | | +| **MediaBitRateKb** | Write | UInt64 | Determines the media bit rate for audio/video/app sharing transmissions in meetings. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +New-CsTeamsNetworkRoamingPolicy allows IT Admins to create policies for Network Roaming and Bandwidth Control experiences in Microsoft Teams. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkRegion.md b/docs/docs/resources/teams/TeamsTenantNetworkRegion.md new file mode 100644 index 0000000000..90e5257224 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkRegion.md @@ -0,0 +1,23 @@ +# TeamsTenantNetworkRegion + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for the network region to be created. | | +| **CentralSite** | Write | String | Name of the associated Central Site. | | +| **Description** | Write | String | Provide a description of the network region to identify purpose of creating it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkRegion to define network regions. A network region interconnects various parts of a network across multiple geographic areas. The RegionID parameter is a logical name that represents the geography of the region, and has no dependencies or restrictions. Tenant network region is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkSite.md b/docs/docs/resources/teams/TeamsTenantNetworkSite.md new file mode 100644 index 0000000000..359e30bf52 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkSite.md @@ -0,0 +1,29 @@ +# TeamsTenantNetworkSite + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for the network site to be created. | | +| **Description** | Write | String | Provide a description of the network site to identify purpose of creating it. | | +| **EmergencyCallingPolicy** | Write | String | This parameter is used to assign a custom emergency calling policy to a network site | | +| **EmergencyCallRoutingPolicy** | Write | String | This parameter is used to assign a custom emergency call routing policy to a network site | | +| **EnableLocationBasedRouting** | Write | Boolean | This parameter determines whether the current site is enabled for location based routing. | | +| **LocationPolicy** | Write | String | LocationPolicy is the identifier for the location policy which the current network site is associating to. | | +| **NetworkRegionID** | Write | String | NetworkRegionID is the identifier for the network region which the current network site is associating to. | | +| **NetworkRoamingPolicy** | Write | String | NetworkRoamingPolicy is the identifier for the network roaming policy to which the network site will associate to. | | +| **SiteAddress** | Write | String | The address of current network site. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkSite to define network sites. Network sites are defined as a collection of IP subnets. Each network site must be associated with a network region. Tenant network site is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md b/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md new file mode 100644 index 0000000000..f032e9c269 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md @@ -0,0 +1,24 @@ +# TeamsTenantNetworkSubnet + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **MaskBits** | Key | UInt32 | This parameter determines the length of bits to mask to the subnet. IPv4 format subnet accepts maskbits from 0 to 32 inclusive. IPv6 format subnet accepts maskbits from 0 to 128 inclusive. | | +| **Identity** | Key | String | Unique identifier for the network subnet to be created. | | +| **Description** | Write | String | Provide a description of the network subnet to identify purpose of creating it. | | +| **NetworkSiteID** | Write | String | NetworkSiteID is the identifier for the network site which the current network subnet is associating to. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkSubnet to define network subnets and assign them to network sites. Each internal subnet may only be associated with one site. Tenant network subnet is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTranslationRule.md b/docs/docs/resources/teams/TeamsTranslationRule.md new file mode 100644 index 0000000000..97ee1fce55 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTranslationRule.md @@ -0,0 +1,24 @@ +# TeamsTranslationRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identifier of the rule. This parameter is required and later used to assign the rule to the Inbound or Outbound Trunk Normalization policy. | | +| **Description** | Write | String | A friendly description of the normalization rule. | | +| **Pattern** | Write | String | A regular expression that caller or callee number must match in order for this rule to be applied. | | +| **Translation** | Write | String | The regular expression pattern that will be applied to the number to convert it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Cmdlet to create a new telephone number manipulation rule. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md b/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md new file mode 100644 index 0000000000..9231bbe5e2 --- /dev/null +++ b/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md @@ -0,0 +1,26 @@ +# TeamsUnassignedNumberTreatment + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Id of the treatment. | | +| **Description** | Write | String | Free format description of this treatment. | | +| **Pattern** | Write | String | A regular expression that the called number must match in order for the treatment to take effect. It is best pratice to start the regular expression with the hat character and end it with the dollar character. You can use various regular expression test sites on the Internet to validate the expression. | | +| **Target** | Write | String | The identity of the destination the call should be routed to. Depending on the TargetType it should either be the ObjectId of the user or application instance/resource account or the AudioFileId of the uploaded audio file. | | +| **TargetType** | Write | String | The type of target used for the treatment. Allowed values are User, ResourceAccount and Announcement. | `User`, `ResourceAccount`, `Announcement` | +| **TreatmentPriority** | Write | UInt32 | The priority of the treatment. Used to distinguish identical patterns. The lower the priority the higher preference. The priority needs to be unique. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new treatment for how calls to an unassigned number range should be routed. The call can be routed to a user, an application or to an announcement service where a custom message will be played to the caller. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsVdiPolicy.md b/docs/docs/resources/teams/TeamsVdiPolicy.md new file mode 100644 index 0000000000..6f7f3ac712 --- /dev/null +++ b/docs/docs/resources/teams/TeamsVdiPolicy.md @@ -0,0 +1,24 @@ +# TeamsVdiPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identity of the VDI Policy. | | +| **DisableAudioVideoInCallsAndMeetings** | Write | Boolean | Disables Audio and Video in Calls and Meeting. | | +| **DisableCallsAndMeetings** | Write | Boolean | Disables Calls and Meetings. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +This resource implements Teams VDI Policies. + + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsWorkloadPolicy.md b/docs/docs/resources/teams/TeamsWorkloadPolicy.md new file mode 100644 index 0000000000..11e9da9b3b --- /dev/null +++ b/docs/docs/resources/teams/TeamsWorkloadPolicy.md @@ -0,0 +1,29 @@ +# TeamsWorkloadPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identity for the Teams workload policy | | +| **AllowCalling** | Write | Boolean | Allows calling. | | +| **AllowCallingPinned** | Write | Boolean | Allows pinning a call. | | +| **AllowMeeting** | Write | Boolean | Allows meetins. | | +| **AllowMeetingPinned** | Write | Boolean | Allows pinning meetings. | | +| **AllowMessaging** | Write | Boolean | Allows messaging. | | +| **AllowMessagingPinned** | Write | Boolean | Allows pinning a message. | | +| **Description** | Write | String | Description of the policy. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +This resources implements a Teams workload policy. + + +## Permissions + + diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md index a595c3b5cb..d4732bc0d3 100644 --- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md +++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md @@ -22,7 +22,7 @@ Exchange permissions: https://docs.microsoft.com/en-us/exchange/permissions-exo/ Note: If you want to configure App-Only permission for Exchange, as described here: https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-2-assign-api-permissions-to-the-application -Using the following permission will achieve exactly that: @{Api='Exchange';PermissionName='Exchange.ManageAsApp'} +Using the following permission will achieve exactly that: @{Api='Exchange';PermissionsName='Exchange.ManageAsApp'} ## Output @@ -55,6 +55,6 @@ This function does not generate any output. -------------------------- EXAMPLE 3 -------------------------- -`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer` +`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionsName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer` From 308d4e8f7308d52b9daf0144e07b0ff6288592a8 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Thu, 16 Feb 2023 19:28:00 +0000 Subject: [PATCH 3/9] tmp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 333 ++++++++++++------ ...strativeTemplatePolicyWindows10.schema.mof | 29 +- .../M365DSCResourceGenerator.psm1 | 112 +++--- Tests/Unit/Stubs/Microsoft365.psm1 | 303 ++++++++++++++++ 4 files changed, 614 insertions(+), 163 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index c2102dd8de..da8744c9c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -18,7 +18,7 @@ function Get-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -157,11 +157,59 @@ function Get-TargetResource #MinUserCspVersion = $definition.MinUserCspVersion PolicyType = $enumPolicyType SupportedOn = $definition.SupportedOn - #Id = $definition.Id + Id = $definition.Id } $definitionValue.Add('Definition',$complexDefinition) + + $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id + + $complexPresentationValues = @() + foreach($presentationValue in $presentationValues) + { + $complexPresentationValue = @{} + $complexPresentationValue.Add("odataType",$presentationValue.AdditionalProperties.'@odata.type') + $complexPresentationValue.Add("Id",$presentationValue.Id) + switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') + { + "*.groupPolicyPresentationValueBoolean" + { + $complexPresentationValue.Add("BooleanValue",$presentationValue.AdditionalProperties.value) + } + "*.groupPolicyPresentationValue*Decimal" + { + $complexPresentationValue.Add("DecimalValue",$presentationValue.AdditionalProperties.value) + } + "*.groupPolicyPresentationValueList" + { + $complexKeyValuePairValues = @() + foreach($value in $presentationValue.AdditionalProperties.values) + { + $complexKeyValuePairValues += @{ + Name = $(if($null -ne $value.name){$value.name.replace('"','')}) + Value = $(if($null -ne $value.value){$value.value.replace('"','')}) + } + } + $complexPresentationValue.Add("KeyValuePairValues",$complexKeyValuePairValues) + } + "*.groupPolicyPresentationValueMultiText" + { + $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.values) + } + "*.groupPolicyPresentationValueText" + { + $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.value) + } + } + $complexPresentationValues += $complexPresentationValue + } + + $definitionValue.Add('PresentationValues',$complexPresentationValues) $complexDefinitionValues += $definitionValue + + } #endregion @@ -228,7 +276,7 @@ function Set-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -333,6 +381,44 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' } + + #Create DefinitionValues + [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues + #write-verbose ($targetDefinitionValues |convertto-json -depth 20) + + <#if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue.remove('Definition') + } + }#> + + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } + $complexDefinitionValue = @{ + Definition = @{Id = $definitionValue.Definition.Id} + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues + } + + New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $complexDefinitionValue + } #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -371,47 +457,42 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' #endregion + #Update DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $targetDefinitionValues) - { - $definitionValue.remove('Definition') - } - } - $currentDefinitionValues=$currentInstance.DefinitionValues - if($null -ne $currentDefinitionValues -and $currentDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $currentDefinitionValues) - { - $definitionValue.remove('Definition') - } - } + #write-verbose ($targetDefinitionValues |convertto-json -depth 20) + write-verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") + $comparedDefinitionValues = Compare-Object ` - -ReferenceObject $currentDefinitionValues.Id ` - -DifferenceObject $targetDefinitionValues.Id ` + -ReferenceObject ($currentDefinitionValues.Id) ` + -DifferenceObject ($targetDefinitionValues.Id) ` -IncludeEqual $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject - $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '='}).InputObject - + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=='}).InputObject + write-verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") foreach($definitionValueId in $definitionValuesToAdd) { - $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null if($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType + Definition = @{Id = $definitionValue.Definition.Id} + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues } + write-verbose( $complexDefinitionValue|convertto-json) New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -BodyParameter $complexDefinitionValue @@ -426,30 +507,53 @@ function Set-TargetResource foreach($definitionValueId in $definitionValuesToCheck) { - $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} - $currentDefinitionValue = $currentDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue.remove('Definition') + $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue.remove('Definition') + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null if($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues } $toUpdate = Compare-M365DSCComplexObject ` - -Source $currentDefinitionValue ` - -Target $complexDefinitionValue + -Source $complexDefinitionValue ` + -Target $currentDefinitionValue If(-not $toUpdate) { $complexDefinitionValue.Remove('Id') + $complexDefinitionValue.Remove('PresentationValues') Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -GroupPolicyDefinitionValueId $definitionValueId ` -BodyParameter $complexDefinitionValue + + foreach($presentationValue in $complexPresentationValues) + { + $presentationValueId = $presentationValue.Id + $presentationValue.remove('Id') + + Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId ` + -GroupPolicyPresentationValueId $presentationValueId ` + -BodyParameter $presentationValue + } } } } @@ -482,7 +586,7 @@ function Test-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -524,7 +628,6 @@ function Test-TargetResource [Switch] $ManagedIdentity ) - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -540,6 +643,7 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) @@ -581,7 +685,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -700,7 +803,17 @@ function Export-TargetResource $complexMapping=@( @{ Name="Definition" - CimInstanceName="MSFT_IntuneGroupPolicyDefinition" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValueDefinition" + IsRequired=$false + } + @{ + Name="PresentationValues" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValue" + IsRequired=$false + } + @{ + Name="KeyValuePairValues" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair" IsRequired=$false } ) @@ -742,10 +855,22 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true } - if ($Results.Definition) + if ($Results.DefinitionValues.Definition) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" } + if ($Results.DefinitionValues.PresentationValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PresentationValues" + } + if ($Results.DefinitionValues.PresentationValues.KeyValuePairValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyValuePairValues" + } + + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -768,73 +893,74 @@ function Export-TargetResource return '' } } - function Update-DeviceConfigurationPolicyAssignment +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - $DeviceConfigurationPolicyId, - - [Parameter()] - [Array] - $Targets, - - [Parameter()] - [System.String] - $Repository='deviceManagement/configurationPolicies', - - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - $APIVersion='beta' - ) - try - { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) - { - $formattedTarget.Add('groupId',$target.groupId) - } - if($target.collectionId) - { - $formattedTarget.Add('collectionId',$target.collectionId) - } - if($target.deviceAndAppManagementAssignmentFilterType) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) - } - if($target.deviceAndAppManagementAssignmentFilterId) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) - } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $formattedTarget.Add('groupId',$target.groupId) } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - return $null - } + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + return $null + } - }function Rename-M365DSCCimInstanceParameter + +} +function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] @@ -845,6 +971,11 @@ function Export-TargetResource $keyToRename=@{ "odataType"="@odata.type" + "BooleanValue"="value" + "StringValue"="value" + "DecimalValue"="value" + "KeyValuePairValues"="values" + "StringValues"="values" } $result=$Properties @@ -1359,7 +1490,7 @@ function Compare-M365DSCComplexObject { $targetValue="Target is null" } - Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + #Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } @@ -1367,7 +1498,7 @@ function Compare-M365DSCComplexObject { if($source.count -ne $target.count) { - Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + #Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } if($source.count -eq 0) @@ -1470,7 +1601,7 @@ function Compare-M365DSCComplexObject if ($null -ne $compareResult) { - #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 384a19c876..48f0ad49f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -8,7 +8,7 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0.0")] -class MSFT_IntuneGroupPolicyDefinition +class MSFT_IntuneGroupPolicyDefinitionValueDefinition { [Write, Description("The localized full category path for the policy.")] String CategoryPath; [Write, Description("Identifies the type of groups the policy can be applied to. Possible values are: user, machine."), ValueMap{"user","machine"}, Values{"user","machine"}] String ClassType; @@ -21,7 +21,7 @@ class MSFT_IntuneGroupPolicyDefinition [Write, Description("Specifies the type of group policy. Possible values are: admxBacked, admxIngested."), ValueMap{"admxBacked","admxIngested"}, Values{"admxBacked","admxIngested"}] String PolicyType; [Write, Description("Localized string used to specify what operating system or application version is affected by the policy.")] String SupportedOn; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; -} +}; [ClassVersion("1.0.0.0")] class MSFT_IntuneGroupPolicyDefinitionValue @@ -29,8 +29,27 @@ class MSFT_IntuneGroupPolicyDefinitionValue [Write, Description("Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference."), ValueMap{"policy","preference"}, Values{"policy","preference"}] String ConfigurationType; [Write, Description("Enables or disables the associated group policy definition.")] Boolean Enabled; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinition")] String Definition; -} + [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValueDefinition")] String Definition; + [Write, Description("The associated group policy presentation values with the definition value."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValue")] String PresentationValues[]; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValuePresentationValue +{ + [Write, Description("A value for the associated presentation.")] Boolean BooleanValue; + [Write, Description("A value for the associated presentation.")] Uint64 DecimalValue; + [Write, Description("A value for the associated presentation.")] String StringValue; + [Write, Description("A list of pairs for the associated presentation."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair")] String KeyValuePairValues[]; + [Write, Description("A list of pairs for the associated presentation.")] String StringValues[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("A value for the associated presentation."), ValueMap{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}, Values{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}] String odataType; +}; +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair +{ + [Write, Description("Value for this key-value pair.")] String Value; + [Write, Description("Name for this key-value pair.")] String Name; +}; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10")] class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource @@ -38,7 +57,7 @@ class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_ [Write, Description("User provided description for the resource object.")] String Description; [Write, Description("User provided name for the resource object.")] String DisplayName; [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index bfc2e9b9a5..419617c5fe 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -581,73 +581,71 @@ function New-M365DSCResource $AssignmentsUpdate += " -Repository '$repository'`r`n" $AssignmentsFunctions = @" - function Update-DeviceConfigurationPolicyAssignment - { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - `$DeviceConfigurationPolicyId, +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + `$DeviceConfigurationPolicyId, - [Parameter()] - [Array] - `$Targets, + [Parameter()] + [Array] + `$Targets, - [Parameter()] - [System.String] - `$Repository='deviceManagement/configurationPolicies', + [Parameter()] + [System.String] + `$Repository='deviceManagement/configurationPolicies', - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - `$APIVersion='beta' - ) - try - { - `$deviceManagementPolicyAssignments=@() + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + `$APIVersion='beta' + ) + try + { + `$deviceManagementPolicyAssignments=@() - `$Uri="https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" + `$Uri="https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" - foreach(`$target in `$targets) + foreach(`$target in `$targets) + { + `$formattedTarget=@{"@odata.type"=`$target.dataType} + if(`$target.groupId) { - `$formattedTarget=@{"@odata.type"=`$target.dataType} - if(`$target.groupId) - { - `$formattedTarget.Add('groupId',`$target.groupId) - } - if(`$target.collectionId) - { - `$formattedTarget.Add('collectionId',`$target.collectionId) - } - if(`$target.deviceAndAppManagementAssignmentFilterType) - { - `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',`$target.deviceAndAppManagementAssignmentFilterType) - } - if(`$target.deviceAndAppManagementAssignmentFilterId) - { - `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',`$target.deviceAndAppManagementAssignmentFilterId) - } - `$deviceManagementPolicyAssignments+=@{'target'= `$formattedTarget} + `$formattedTarget.Add('groupId',`$target.groupId) } - `$body=@{'assignments'=`$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message `$body - Invoke-MgGraphRequest -Method POST -Uri `$Uri -Body `$body -ErrorAction Stop - - } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' ` - -Exception `$_ ` - -Source `$(`$MyInvocation.MyCommand.Source) ` - -TenantId `$TenantId ` - -Credential `$Credential - - return `$null + if(`$target.collectionId) + { + `$formattedTarget.Add('collectionId',`$target.collectionId) + } + if(`$target.deviceAndAppManagementAssignmentFilterType) + { + `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',`$target.deviceAndAppManagementAssignmentFilterType) + } + if(`$target.deviceAndAppManagementAssignmentFilterId) + { + `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',`$target.deviceAndAppManagementAssignmentFilterId) + } + `$deviceManagementPolicyAssignments+=@{'target'= `$formattedTarget} } + `$body=@{'assignments'=`$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message `$body + Invoke-MgGraphRequest -Method POST -Uri `$Uri -Body `$body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception `$_ ` + -Source `$(`$MyInvocation.MyCommand.Source) ` + -TenantId `$TenantId ` + -Credential `$Credential - + return `$null } +} + "@ $AssignmentsCIM = @' diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f0d160b18b..96c1c8dfbd 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -47269,3 +47269,306 @@ function Update-MgDeviceAppMgtMdmWindowInformationProtectionPolicy #endregion +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $DefinitionValue, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Presentation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $DefinitionValue, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Presentation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + From 47166d4637a1bd856a913fb2ed64f9c7e290bf77 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 18:59:07 +0100 Subject: [PATCH 4/9] temp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 829 ++++++++++-------- ...strativeTemplatePolicyWindows10.schema.mof | 2 +- 2 files changed, 456 insertions(+), 375 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index da8744c9c6..087c7a18a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -9,12 +9,12 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -31,10 +31,10 @@ function Get-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -67,8 +67,6 @@ function Get-TargetResource -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - Select-MgProfile 'beta' - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -86,13 +84,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -118,99 +116,105 @@ function Get-TargetResource #endregion #region - $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $Id + $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $Id - $complexDefinitionValues = @() - foreach($setting in $settings) + $complexDefinitionValues = @() + foreach ($setting in $settings) + { + $definitionValue = @{} + $definitionValue.Add('Id', $setting.Id) + if ($null -ne $setting.ConfigurationType) { - $definitionValue=@{} - $definitionValue.Add('Id',$setting.Id) - if($null -ne $setting.ConfigurationType) - { - $definitionValue.Add('ConfigurationType',$setting.ConfigurationType.toString()) - } - $definitionValue.Add('Enabled',$setting.Enabled) - $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` - -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + $definitionValue.Add('ConfigurationType', $setting.ConfigurationType.toString()) + } + $definitionValue.Add('Enabled', $setting.Enabled) + $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id - $enumClassType = $null - if ($null -ne $definition.ClassType) - { - $enumClassType = $definition.ClassType.ToString() - } + $enumClassType = $null + if ($null -ne $definition.ClassType) + { + $enumClassType = $definition.ClassType.ToString() + } - $enumPolicyType = $null - if ($null -ne $definition.PolicyType) - { - $enumPolicyType = $definition.PolicyType.ToString() - } - $complexDefinition = @{ - CategoryPath = $definition.CategoryPath - ClassType = $enumClassType - DisplayName = $definition.DisplayName - #ExplainText = $definition.ExplainText - #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId - #HasRelatedDefinitions = $definition.HasRelatedDefinitions - #MinDeviceCspVersion = $definition.MinDeviceCspVersion - #MinUserCspVersion = $definition.MinUserCspVersion - PolicyType = $enumPolicyType - SupportedOn = $definition.SupportedOn - Id = $definition.Id - } + $enumPolicyType = $null + if ($null -ne $definition.PolicyType) + { + $enumPolicyType = $definition.PolicyType.ToString() + } + $complexDefinition = @{ + CategoryPath = $definition.CategoryPath + ClassType = $enumClassType + DisplayName = $definition.DisplayName + #ExplainText = $definition.ExplainText + #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId + #HasRelatedDefinitions = $definition.HasRelatedDefinitions + #MinDeviceCspVersion = $definition.MinDeviceCspVersion + #MinUserCspVersion = $definition.MinUserCspVersion + PolicyType = $enumPolicyType + SupportedOn = $definition.SupportedOn + Id = $definition.Id + } - $definitionValue.Add('Definition',$complexDefinition) + $definitionValue.Add('Definition', $complexDefinition) - $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` - -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id - $complexPresentationValues = @() - foreach($presentationValue in $presentationValues) + $complexPresentationValues = @() + foreach ($presentationValue in $presentationValues) + { + $complexPresentationValue = @{} + $complexPresentationValue.Add('odataType', $presentationValue.AdditionalProperties.'@odata.type') + $complexPresentationValue.Add('Id', $presentationValue.Id) + switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') { - $complexPresentationValue = @{} - $complexPresentationValue.Add("odataType",$presentationValue.AdditionalProperties.'@odata.type') - $complexPresentationValue.Add("Id",$presentationValue.Id) - switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') + '*.groupPolicyPresentationValueBoolean' { - "*.groupPolicyPresentationValueBoolean" - { - $complexPresentationValue.Add("BooleanValue",$presentationValue.AdditionalProperties.value) - } - "*.groupPolicyPresentationValue*Decimal" - { - $complexPresentationValue.Add("DecimalValue",$presentationValue.AdditionalProperties.value) - } - "*.groupPolicyPresentationValueList" + $complexPresentationValue.Add('BooleanValue', $presentationValue.AdditionalProperties.value) + } + '*.groupPolicyPresentationValue*Decimal' + { + $complexPresentationValue.Add('DecimalValue', $presentationValue.AdditionalProperties.value) + } + '*.groupPolicyPresentationValueList' + { + $complexKeyValuePairValues = @() + foreach ($value in $presentationValue.AdditionalProperties.values) { - $complexKeyValuePairValues = @() - foreach($value in $presentationValue.AdditionalProperties.values) - { - $complexKeyValuePairValues += @{ - Name = $(if($null -ne $value.name){$value.name.replace('"','')}) - Value = $(if($null -ne $value.value){$value.value.replace('"','')}) - } + $complexKeyValuePairValues += @{ + Name = $(if ($null -ne $value.name) + { + $value.name.replace('"', '') + }) + Value = $(if ($null -ne $value.value) + { + $value.value.replace('"', '') + }) } - $complexPresentationValue.Add("KeyValuePairValues",$complexKeyValuePairValues) - } - "*.groupPolicyPresentationValueMultiText" - { - $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.values) - } - "*.groupPolicyPresentationValueText" - { - $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.value) } + $complexPresentationValue.Add('KeyValuePairValues', $complexKeyValuePairValues) + } + '*.groupPolicyPresentationValueMultiText' + { + $complexPresentationValue.Add('StringValue', $presentationValue.AdditionalProperties.values) + } + '*.groupPolicyPresentationValueText' + { + $complexPresentationValue.Add('StringValue', $presentationValue.AdditionalProperties.value) } - $complexPresentationValues += $complexPresentationValue } + $complexPresentationValues += $complexPresentationValue + } - $definitionValue.Add('PresentationValues',$complexPresentationValues) - $complexDefinitionValues += $definitionValue + $definitionValue.Add('PresentationValues', $complexPresentationValues) + $complexDefinitionValues += $definitionValue - } + } #endregion $results = @{ @@ -234,10 +238,10 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -267,12 +271,12 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -289,10 +293,10 @@ function Set-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -344,40 +348,40 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null $CreateParameters.Remove('DefinitionValues') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - if($key -eq 'DefinitionValues') + if ($key -eq 'DefinitionValues') { #Removing Key Definition because it is Read-Only - foreach($definitionValue in ($CreateParameters.$key).DefinitionValues) + foreach ($definitionValue in ($CreateParameters.$key).DefinitionValues) { $definitionValue.remove('Definition') } } - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $policy=New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' } @@ -395,21 +399,21 @@ function Set-TargetResource } }#> - foreach($definitionValue in $targetDefinitionValues) + foreach ($definitionValue in $targetDefinitionValues) { $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id} + Definition = @{Id = $definitionValue.Definition.Id } Enabled = $definitionValue.Enabled ConfigurationType = $enumConfigurationType PresentationValues = $complexPresentationValues @@ -424,7 +428,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -432,26 +436,26 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null $UpdateParameters.Remove('DefinitionValues') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code #Update Core policy - $UpdateParameters.Add("@odata.type", "#microsoft.graph.GroupPolicyConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.GroupPolicyConfiguration') Update-MgDeviceManagementGroupPolicyConfiguration ` -GroupPolicyConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters #Update Assignments - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -459,67 +463,91 @@ function Set-TargetResource #endregion #Update DefinitionValues + [Array]$currentDefinitionValues = $currentInstance.DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - write-verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") + Write-Verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") $comparedDefinitionValues = Compare-Object ` -ReferenceObject ($currentDefinitionValues.Id) ` -DifferenceObject ($targetDefinitionValues.Id) ` -IncludeEqual - $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject - $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject - $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=='}).InputObject - write-verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") - foreach($definitionValueId in $definitionValuesToAdd) + $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject + $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject + Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") + + $formattedDefinitionValuesToAdd = @() + foreach ($definitionValueId in $definitionValuesToAdd) { - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id} + Definition = @{Id = $definitionValue.Definition.Id } Enabled = $definitionValue.Enabled ConfigurationType = $enumConfigurationType PresentationValues = $complexPresentationValues } - write-verbose( $complexDefinitionValue|convertto-json) - New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -BodyParameter $complexDefinitionValue + $formattedDefinitionValuesToAdd += $complexDefinitionValue } - foreach($definitionValueId in $definitionValuesToRemove) + $formattedDefinitionValuesToUpdate = @() + foreach ($definitionValueId in $definitionValuesToCheck) { - Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue + $enumConfigurationType = $null + if ($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexPresentationValues = @() + if ($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } + $complexDefinitionValue = @{ + Definition = @{Id = $definitionValue.Definition.Id } + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues + } + $formattedDefinitionValuesToUpdate += $complexDefinitionValue } - foreach($definitionValueId in $definitionValuesToCheck) + Write-Verbose( $formattedDefinitionValuesToAdd | ConvertTo-Json) + Write-Verbose( $formattedDefinitionValuesToUpdate | ConvertTo-Json) + Update-DeviceConfigurationGroupPolicyDefinitionValue ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -DefinitionValueToAdd $formattedDefinitionValuesToAdd ` + -DefinitionValueToUpdate $formattedDefinitionValuesToUpdate ` + -DefinitionValueToRemove $definitionValuesToRemove + <#foreach ($definitionValueId in $definitionValuesToCheck) { - $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $currentDefinitionValue.remove('Definition') $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $definitionValue.remove('Definition') $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } @@ -534,7 +562,7 @@ function Set-TargetResource -Source $complexDefinitionValue ` -Target $currentDefinitionValue - If(-not $toUpdate) + If (-not $toUpdate) { $complexDefinitionValue.Remove('Id') $complexDefinitionValue.Remove('PresentationValues') @@ -543,7 +571,7 @@ function Set-TargetResource -GroupPolicyDefinitionValueId $definitionValueId ` -BodyParameter $complexDefinitionValue - foreach($presentationValue in $complexPresentationValues) + foreach ($presentationValue in $complexPresentationValues) { $presentationValueId = $presentationValue.Id $presentationValue.remove('Id') @@ -551,11 +579,11 @@ function Set-TargetResource Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -GroupPolicyDefinitionValueId $definitionValueId ` - -GroupPolicyPresentationValueId $presentationValueId ` + -GroupPolicyPresentationValueId $presentationValueId ` -BodyParameter $presentationValue } } - } + }#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -577,12 +605,12 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -599,10 +627,10 @@ function Test-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -662,13 +690,13 @@ function Test-TargetResource { $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source #Removing Key Definition because it is Read-Only - if($key -eq 'DefinitionValues') + if ($key -eq 'DefinitionValues') { - foreach($definitionValue in $source.DefinitionValues) + foreach ($definitionValue in $source.DefinitionValues) { $definitionValue.remove('Definition') } - foreach($definitionValue in $target.DefinitionValues) + foreach ($definitionValue in $target.DefinitionValues) { $definitionValue.remove('Definition') } @@ -681,7 +709,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -693,8 +721,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { @@ -743,7 +771,6 @@ function Export-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - Select-MgProfile 'beta' -ErrorAction Stop #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -785,6 +812,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -798,23 +826,23 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if($Results.DefinitionValues) + if ($Results.DefinitionValues) { - $complexMapping=@( + $complexMapping = @( @{ - Name="Definition" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValueDefinition" - IsRequired=$false + Name = 'Definition' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValueDefinition' + IsRequired = $false } @{ - Name="PresentationValues" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValue" - IsRequired=$false + Name = 'PresentationValues' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValuePresentationValue' + IsRequired = $false } @{ - Name="KeyValuePairValues" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair" - IsRequired=$false + Name = 'KeyValuePairValues' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair' + IsRequired = $false } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -830,7 +858,7 @@ function Export-TargetResource $Results.Remove('DefinitionValues') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -849,28 +877,29 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } if ($Results.DefinitionValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefinitionValues' -IsCIMArray:$true } if ($Results.DefinitionValues.Definition) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Definition' } if ($Results.DefinitionValues.PresentationValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PresentationValues" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PresentationValues' } if ($Results.DefinitionValues.PresentationValues.KeyValuePairValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyValuePairValues" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KeyValuePairValues' } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n,`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -908,41 +937,41 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -950,37 +979,89 @@ function Update-DeviceConfigurationPolicyAssignment catch { New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } + + +} + +function Update-DeviceConfigurationGroupPolicyDefinitionValue +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $DefinitionValueToAdd, + + [Parameter()] + [Array] + $DefinitionValueToUpdate, + + [Parameter()] + [Array] + $DefinitionValueToRemove + ) + try + { + $deviceManagementPolicyAssignments = @() + + $Uri = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + + $body = @{ + 'added' = $DefinitionValueToAdd + 'updated' = $DefinitionValueToUpdate + 'deletedIds' = $DefinitionValueToRemove.Id + } | ConvertTo-Json -Depth 20 + write-verbose -Message ("In update") + write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential return $null } } + function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" - "BooleanValue"="value" - "StringValue"="value" - "DecimalValue"="value" - "KeyValuePairValues"="values" - "StringValues"="values" + $keyToRename = @{ + 'odataType' = '@odata.type' + 'BooleanValue' = 'value' + 'StringValue' = 'value' + 'DecimalValue' = 'value' + 'KeyValuePairValues' = 'values' + 'StringValues' = 'values' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -990,34 +1071,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1029,51 +1110,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1090,27 +1171,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1168,15 +1249,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1184,26 +1265,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1212,23 +1293,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1242,37 +1323,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1281,17 +1362,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1302,26 +1383,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1330,11 +1411,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1345,32 +1426,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1390,49 +1471,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1442,7 +1523,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1454,7 +1535,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1472,47 +1553,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } #Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { #Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1522,36 +1603,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1559,16 +1640,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1578,18 +1659,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1613,47 +1694,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 48f0ad49f9..024ee6033c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -55,7 +55,7 @@ class MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource { [Write, Description("User provided description for the resource object.")] String Description; - [Write, Description("User provided name for the resource object.")] String DisplayName; + [Required, Description("User provided name for the resource object.")] String DisplayName; [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; From be9ac1774365e8dbff0177e467c42516e89bcfc9 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 8 Apr 2023 18:46:08 +0100 Subject: [PATCH 5/9] Initial release --- CHANGELOG.md | 5 + ...AdministrativeTemplatePolicyWindows10.psm1 | 189 ++--- ...strativeTemplatePolicyWindows10.schema.mof | 2 + ...istrativeTemplatePolicyWindows10.Tests.ps1 | 461 ++++++++++-- Tests/Unit/Stubs/Microsoft365.psm1 | 704 ++++++++++++++++++ 5 files changed, 1175 insertions(+), 186 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..985d0810f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + * IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + * Initial release + FIXES [#2833](https://github.com/microsoft/Microsoft365DSC/issues/2833) + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 087c7a18a1..fad5bc82f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -112,7 +112,6 @@ function Get-TargetResource { $enumPolicyConfigurationIngestionType = $getValue.PolicyConfigurationIngestionType.ToString() } - #endregion #region @@ -160,9 +159,10 @@ function Get-TargetResource $definitionValue.Add('Definition', $complexDefinition) - $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + $presentationValues = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + -GroupPolicyDefinitionValueId $setting.Id ` + -ExpandProperty 'presentation' $complexPresentationValues = @() foreach ($presentationValue in $presentationValues) @@ -170,6 +170,8 @@ function Get-TargetResource $complexPresentationValue = @{} $complexPresentationValue.Add('odataType', $presentationValue.AdditionalProperties.'@odata.type') $complexPresentationValue.Add('Id', $presentationValue.Id) + $complexPresentationValue.Add('presentationDefinitionId', $presentationValue.Presentation.Id) + $complexPresentationValue.Add('presentationDefinitionLabel', $presentationValue.Presentation.Label) switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') { '*.groupPolicyPresentationValueBoolean' @@ -212,8 +214,6 @@ function Get-TargetResource $definitionValue.Add('PresentationValues', $complexPresentationValues) $complexDefinitionValues += $definitionValue - - } #endregion @@ -388,17 +388,7 @@ function Set-TargetResource #Create DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - - <#if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $targetDefinitionValues) - { - $definitionValue.remove('Definition') - } - }#> - + $formattedDefinitionValuesToAdd = @() foreach ($definitionValue in $targetDefinitionValues) { $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue @@ -410,19 +400,26 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } - - New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -BodyParameter $complexDefinitionValue + $formattedDefinitionValuesToAdd += $complexDefinitionValue } + + Update-DeviceConfigurationGroupPolicyDefinitionValue ` + -DeviceConfigurationPolicyId $policy.Id ` + -DefinitionValueToAdd $formattedDefinitionValuesToAdd #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -465,8 +462,6 @@ function Set-TargetResource #Update DefinitionValues [Array]$currentDefinitionValues = $currentInstance.DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - Write-Verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") $comparedDefinitionValues = Compare-Object ` -ReferenceObject ($currentDefinitionValues.Id) ` @@ -476,7 +471,7 @@ function Set-TargetResource $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject - Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") + #Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") $formattedDefinitionValuesToAdd = @() foreach ($definitionValueId in $definitionValuesToAdd) @@ -491,13 +486,19 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } $formattedDefinitionValuesToAdd += $complexDefinitionValue } @@ -515,75 +516,29 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } $formattedDefinitionValuesToUpdate += $complexDefinitionValue } - Write-Verbose( $formattedDefinitionValuesToAdd | ConvertTo-Json) - Write-Verbose( $formattedDefinitionValuesToUpdate | ConvertTo-Json) Update-DeviceConfigurationGroupPolicyDefinitionValue ` -DeviceConfigurationPolicyId $currentInstance.Id ` -DefinitionValueToAdd $formattedDefinitionValuesToAdd ` -DefinitionValueToUpdate $formattedDefinitionValuesToUpdate ` -DefinitionValueToRemove $definitionValuesToRemove - <#foreach ($definitionValueId in $definitionValuesToCheck) - { - $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } - $currentDefinitionValue.remove('Definition') - $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } - $definitionValue.remove('Definition') - $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue - $enumConfigurationType = $null - if ($null -ne $definitionValue.ConfigurationType) - { - $enumConfigurationType = $definitionValue.ConfigurationType.toString() - } - $complexPresentationValues = @() - if ($null -ne $definitionValue.PresentationValues) - { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues - } - $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues - } - - $toUpdate = Compare-M365DSCComplexObject ` - -Source $complexDefinitionValue ` - -Target $currentDefinitionValue - If (-not $toUpdate) - { - $complexDefinitionValue.Remove('Id') - $complexDefinitionValue.Remove('PresentationValues') - Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId ` - -BodyParameter $complexDefinitionValue - - foreach ($presentationValue in $complexPresentationValues) - { - $presentationValueId = $presentationValue.Id - $presentationValue.remove('Id') - - Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId ` - -GroupPolicyPresentationValueId $presentationValueId ` - -BodyParameter $presentationValue - } - } - }#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -702,6 +657,19 @@ function Test-TargetResource } } + #Removing Key Definition because it is Read-Only + if ($key -eq 'PresentationValues') + { + foreach ($presentationValue in $source.PresentationValues) + { + $presentationValue.remove('presentationDefinitionLabel') + } + foreach ($presentationValue in $target.PresentationValues) + { + $presentationValue.remove('presentationDefinitionLabel') + } + } + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) @@ -716,13 +684,14 @@ function Test-TargetResource } } + $ValuesToCheck.Remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { @@ -974,7 +943,6 @@ function Update-DeviceConfigurationPolicyAssignment $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { @@ -986,8 +954,6 @@ function Update-DeviceConfigurationPolicyAssignment return $null } - - } function Update-DeviceConfigurationGroupPolicyDefinitionValue @@ -1001,31 +967,33 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue [Parameter()] [Array] - $DefinitionValueToAdd, + $DefinitionValueToAdd = @(), [Parameter()] [Array] - $DefinitionValueToUpdate, + $DefinitionValueToUpdate = @(), [Parameter()] [Array] - $DefinitionValueToRemove + $DefinitionValueToRemove = @() ) try { - $deviceManagementPolicyAssignments = @() - $Uri = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + $body = @{} + $DefinitionValueToRemoveIds = @() + if ($null -ne $DefinitionValueToRemove -and $DefinitionValueToRemove.count -gt 0) + { + $DefinitionValueToRemoveIds = $DefinitionValueToRemove + } $body = @{ - 'added' = $DefinitionValueToAdd - 'updated' = $DefinitionValueToUpdate - 'deletedIds' = $DefinitionValueToRemove.Id - } | ConvertTo-Json -Depth 20 - write-verbose -Message ("In update") - write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + 'added' = $DefinitionValueToAdd + 'updated' = $DefinitionValueToUpdate + 'deletedIds' = $DefinitionValueToRemoveIds + } + #Write-Verbose -Message ($body | ConvertTo-Json -Depth 20) + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ErrorAction Stop } catch { @@ -1037,8 +1005,6 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue return $null } - - } function Rename-M365DSCCimInstanceParameter @@ -1472,7 +1438,6 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] $Space = ' ' - ) $returnValue = '' @@ -1700,7 +1665,6 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() @@ -1720,7 +1684,6 @@ function Convert-M365DSCDRGComplexTypeToHashtable if ($null -ne $hashComplexObject) { - $results = $hashComplexObject.clone() $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 024ee6033c..1d5c053a54 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -42,6 +42,8 @@ class MSFT_IntuneGroupPolicyDefinitionValuePresentationValue [Write, Description("A list of pairs for the associated presentation."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair")] String KeyValuePairValues[]; [Write, Description("A list of pairs for the associated presentation.")] String StringValues[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The unique identifier for presentation definition. Read-only.")] String PresentationDefinitionId; + [Write, Description("The label of the presentation definition. Read-only.")] String PresentationDefinitionLabel; [Write, Description("A value for the associated presentation."), ValueMap{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}, Values{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}] String odataType; }; [ClassVersion("1.0.0.0")] diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index daccdb85bf..6ecdf149f3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -36,37 +36,86 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { } - Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { - } - Mock -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -MockWith { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationAssignment -MockWith { + return @(@{ + target = @{ + deviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @{'@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget' } + } + }) + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + Mock -CommandName Update-DeviceConfigurationGroupPolicyDefinitionValue -MockWith { } } # Test contexts - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (N-ClientOnly) + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return $null } + + Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + id = 'fakeNewId' + displayName = 'fakeNewDisplayName' + } + } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -75,35 +124,110 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Create the group from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName New-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationPolicyAssignment -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Absent" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Absent' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + ConfigurationType = 'fakeConfigurationType' + Enabled = $true + Id = 'fakeDefinitionValueId' + PolicyConfigurationIngestionType = 'unknown' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationLabel' + } + PolicyConfigurationIngestionType = 'unknown' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -116,59 +240,206 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = 'fakePresentationDefinitionId' + presentationDefinitionLabel = 'fakePresentationDefinitionLabel' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = 'fakePresentationId' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'fakeDefinitionValueId' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + Enabled = $true + Id = 'fakeDefinitionValueId' + ConfigurationType = 'policy' + } + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' } } - } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationDefinitionLabel' + } + } + } + } It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = 'fakePresentationDefinitionId' + presentationDefinitionLabel = 'fakePresentationDefinitionLabel' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = 'fakePresentationId' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'fakeDefinitionValueId' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + Enabled = $true + Id = 'fakeDefinitionValueId' + ConfigurationType = 'policy' + } + ) + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"user_script`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationDefinitionLabel' + } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -176,13 +447,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationPolicyAssignment -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationGroupPolicyDefinitionValue -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $testParams = @{ @@ -190,20 +463,62 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + return @(@{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'AdministrativeTemplatePolicyWindows10' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + }) + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + ConfigurationType = 'fakeConfigurationType' + Enabled = $true + Id = 'fakeDefinitionValueId' + PolicyConfigurationIngestionType = 'unknown' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationLabel' + } + PolicyConfigurationIngestionType = 'unknown' } } } - It "Should Reverse Engineer resource from the Export method" { - Export-TargetResource @testParams + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty } } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 96ac41e9bc..1314465c6d 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -48876,6 +48876,710 @@ function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresent ) } +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials + ) +} + +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Get-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Set-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + + + #endregion #region MgDeviceManagementWindowFeatureUpdateProfile From af4f6814068ddb86d985670db1d82a5d0b2b71c6 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 17:28:16 +0100 Subject: [PATCH 6/9] Added example --- ...trativeTemplatePolicyWindows10-Example.ps1 | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..158c7db433 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 @@ -0,0 +1,144 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' + PolicyConfigurationIngestionType = 'unknown' + } + } +} From 621eff8258ff69e328d3c9fc9c9aeb5a0a104b99 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 11 Apr 2023 11:15:02 +0100 Subject: [PATCH 7/9] Adding missing stubs --- Tests/Unit/Stubs/Microsoft365.psm1 | 265 +++++++++++++++++++++++++++++ 1 file changed, 265 insertions(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 1314465c6d..c3c3487b00 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -49578,8 +49578,273 @@ function Update-MgDeviceManagementGroupPolicyConfiguration ) } +function Get-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} #endregion #region MgDeviceManagementWindowFeatureUpdateProfile From c5c392a84013226c7df6cb48f9c8a19451da9ae8 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 11 Apr 2023 16:55:45 +0100 Subject: [PATCH 8/9] removed comments --- ...ceConfigurationAdministrativeTemplatePolicyWindows10.psm1 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index fad5bc82f8..bd6d0c4060 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -147,11 +147,6 @@ function Get-TargetResource CategoryPath = $definition.CategoryPath ClassType = $enumClassType DisplayName = $definition.DisplayName - #ExplainText = $definition.ExplainText - #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId - #HasRelatedDefinitions = $definition.HasRelatedDefinitions - #MinDeviceCspVersion = $definition.MinDeviceCspVersion - #MinUserCspVersion = $definition.MinUserCspVersion PolicyType = $enumPolicyType SupportedOn = $definition.SupportedOn Id = $definition.Id From 63623af781fbb38ef46b8211166e19301263ed3f Mon Sep 17 00:00:00 2001 From: William-francillette Date: Wed, 12 Apr 2023 05:45:14 +0100 Subject: [PATCH 9/9] Fix Unit test --- ...nfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index 6ecdf149f3..016c96b78e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -33,6 +33,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } + Mock -CommandName Write-Host -MockWith { + } + Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { } @@ -74,7 +77,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) ) DefinitionValues = [CimInstance[]]@( - (N-ClientOnly) (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ ConfigurationType = 'policy' PresentationValues = [CimInstance[]]@(