Merge pull request #3725 from microsoft/Dev

Release 1.23.927.1
microsoft · Sep 27, 2023 · e466572 · e466572
2 parents 9ded092 + f399e69
commit e466572
Show file tree

Hide file tree

Showing 10 changed files with 688 additions and 202 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,22 @@
 # Change log for Microsoft365DSC
 
+# 1.23.927.1
+
+* AADApplication
+  * Added support for restoring soft deleted instances.
+* AADRoleSetting
+  * Fixed issue with export where ApplicationSecret was not returned.
+    FIXES [#3695](https://github.com/microsoft/Microsoft365DSC/issues/3695)
+* M365DSCRuleEvaluation
+  * Improvements to how rules are evaluated and how drifts are logged.
+* O365OrgSettings
+  * Changes to how ToDo discrepencies are being fixed in the SET method.
+* DEPENDENCIES
+  * Updated Microsoft.Graph to version 2.6.1.
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117.
+* MISC
+  * Fixed handling of Graph connection in Update-M365DSCAllowedGraphScopes
+
 # 1.23.920.2
 
 * DEPENDENCIES

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
@@ -421,7 +421,44 @@ function Set-TargetResource
     $currentParameters.Remove('LogoutURL') | Out-Null
     $currentParameters.Remove('Homepage') | Out-Null
 
+    $skipToUpdate = $false
+    $AppIdValue = $null
     if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent')
+    {
+        # Before attempting to create a new instance, let's first check to see if there is already an existing instance that is soft deleted
+        if (-not [System.String]::IsNullOrEmpty($AppId))
+        {
+            Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by Id {$AppId}."
+            [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -DirectoryObjectId $AppId -ErrorAction SilentlyContinue
+        }
+
+        if ($null -eq $deletedApp)
+        {
+            Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by DisplayName {$DisplayName}."
+            [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue
+        }
+
+        if ($null -ne $deletedApp -and $deletedApp.Length -eq 1)
+        {
+            $deletedSinceInDays = [System.DateTime]::Now.Subtract($deletedApp[0].DeletedDateTime).Days
+            if ($deletedSinceInDays -le 30)
+            {
+                Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. Restoring it instead of creating a new one. This could take a few minutes to complete."
+                Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $deletedApp.Id
+                $skipToUpdate = $true
+                $AppIdValue = $deletedApp.Id
+            }
+            else
+            {
+                Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. However, the deleted date was over days ago and it cannot be restored. Will recreate a new instance instead."
+            }
+        }
+        elseif ($deletedApp.Length -gt 1)
+        {
+            Write-Verbose -Message "Multiple instances of a deleted application with name {$DisplayName} wehre found. Creating a new instance since we can't determine what instance to restore."
+        }
+    }
+    if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent' -and -not $skipToUpdate)
     {
         Write-Verbose -Message "Creating New AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)"
         $currentParameters.Remove('ObjectId') | Out-Null
@@ -441,14 +478,18 @@ function Set-TargetResource
 
     }
     # App should exist and will be configured to desired state
-    if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present')
+    elseif (($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present') -or $skipToUpdate)
     {
         $currentParameters.Remove('ObjectId') | Out-Null
 
-        $currentParameters.Add('ApplicationId', $currentAADApp.ObjectId)
+        if (-not $skipToUpdate)
+        {
+            $AppIdValue = $currentAADApp.ObjectId
+        }
+        $currentParameters.Add('ApplicationId', $AppIdValue)
         Write-Verbose -Message "Updating existing AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)"
         Update-MgApplication @currentParameters
-        $currentAADApp.Add('ID', $currentAADApp.ObjectId)
+        $currentAADApp.Add('ID', $AppIdValue)
         $needToUpdatePermissions = $true
     }
     # App exists but should not
@@ -815,7 +856,7 @@ function Export-TargetResource
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
         -InboundParameters $PSBoundParameters
-    
+
     $dscContent = [System.Text.StringBuilder]::new()
     $i = 1
     Write-Host "`r`n" -NoNewline

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1
@@ -370,6 +370,7 @@ function Get-TargetResource
             ApplicationId                                             = $ApplicationId
             TenantId                                                  = $TenantId
             CertificateThumbprint                                     = $CertificateThumbprint
+            ApplicationSecret                                         = $ApplicationSecret
             Credential                                                = $Credential
             ManagedIdentity                                           = $ManagedIdentity.IsPresent
         }
@@ -1302,11 +1303,6 @@ function Test-TargetResource
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
 
     $ValuesToCheck = $PSBoundParameters
-    $ValuesToCheck.Remove('ApplicationId') | Out-Null
-    $ValuesToCheck.Remove('TenantId') | Out-Null
-    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
-    $ValuesToCheck.Remove('Id') | Out-Null
-    $ValuesToCheck.Remove('ManagedIdentity') | Out-Null
 
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `

diff --git a/...s/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/...s/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1
@@ -161,9 +161,7 @@ function Test-TargetResource
         Import-Module $module.Path -Force -Function 'Export-TargetResource' | Out-Null
         $cmdName = "MSFT_$ResourceName\Export-TargetResource"
 
-        Write-Verbose -Message "Retrieving Instances"
-        $instances = &$cmdName @params
-        Write-Verbose -Message "Retrieved {$($instances.Length)} Instances"
+        [Array]$instances = &$cmdName @params
 
         $DSCStringContent = @"
         # Generated with Microsoft365DSC version 1.23.906.1
@@ -193,45 +191,70 @@ function Test-TargetResource
         Write-Verbose -Message "Successfully converted {$($DSCConvertedInstances.Length)} DSC Objects."
 
         Write-Verbose -Message "Querying DSC Objects for invalid instances based on the specified Rule Definition."
-        $queryBlock = [Scriptblock]::Create($RuleDefinition)
-        [Array]$invalidInstances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock
-        Write-Verbose -Message "Identified {$($invalidInstances.Length)} invalid instances."
+        if ($RuleDefinition -eq '*')
+        {
+            [Array]$instances = $DSCConvertedInstances
+            Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
+        }
+        else
+        {
+            $queryBlock = [Scriptblock]::Create($RuleDefinition)
+            [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock
+            Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
+        }
 
-        $result = $InvalidInstances.Length -eq 0
+        $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0
 
         if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
         {
             Write-Verbose -Message "Checking the After Rule Count"
-            $afterRuleCountQueryString = "`$invalidInstances.Length $AfterRuleCountQuery"
+            $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery"
             $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString)
             $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock)
-            Write-Verbose -Message "Output of rule count: $($result | Out-String)"
-        }
+            $message = [System.Text.StringBuilder]::New()
+            if ($instances.Length -eq 0)
+            {
+                [void]$message.AppendLine("No instances were found for the given Rule Definition.")
+            }
+            elseif (-not $result)
+            {
+                $invalidInstancesLogNames = ''
+                foreach ($invalidInstance in $instances)
+                {
+                    $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n"
+                }
 
-        if (-not $result)
+                [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames")
+                [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition")
+                [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery")
+                Add-M365DSCEvent -Message $message.ToString() `
+                            -EventType 'RuleEvaluation' `
+                            -EntryType 'Warning' `
+                            -EventID 1 -Source $CurrentResourceName
+            }
+        }
+        elseif (-not $result)
         {
+            $invalidInstances = Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName
             # Log drifts for each invalid instances found.
             $invalidInstancesLogNames = ''
             foreach ($invalidInstance in $invalidInstances)
             {
-                $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n"
+                $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.InputObject)`r`n"
             }
 
             if (-not $result)
             {
                 $message = [System.Text.StringBuilder]::New()
                 [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames")
                 [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition")
-                if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
-                {
-                    [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery")
-                }
                 Add-M365DSCEvent -Message $message.ToString() `
                         -EventType 'RuleEvaluation' `
                         -EntryType 'Warning' `
                         -EventID 1 -Source $CurrentResourceName
             }
         }
+        Write-Verbose -Message "Test-TargetResource returned $result"
         return $result
     }
 }

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
@@ -570,22 +570,21 @@ function Set-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
-    Write-Verbose -Message 'Setting configuration of Office 365 Settings'
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
         -InboundParameters $PSBoundParameters
     $currentValues = Get-TargetResource @PSBoundParameters
 
     if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $currentValues.M365WebEnableUsersToOpenFilesFrom3PStorage)
     {
-        Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}"
+        Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}"
         $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'
         $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id'
         Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) `
             -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage
     }
     if ($PlannerAllowCalendarSharing -ne $currentValues.PlannerAllowCalendarSharing)
     {
-        Write-Verbose -Message "Setting the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}"
+        Write-Verbose -Message "Updating the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}"
         Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing
     }
 
@@ -641,7 +640,6 @@ function Set-TargetResource
 
     # Reports Display Names
     $AdminCenterReportDisplayConcealedNamesEnabled = Get-M365DSCOrgSettingsAdminCenterReport
-    Write-Verbose "$($AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames) = $AdminCenterReportDisplayConcealedNames"
     if ($AdminCenterReportDisplayConcealedNames -ne $AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames)
     {
         Write-Verbose -Message "Updating the Admin Center Report Display Concealed Names setting to {$AdminCenterReportDisplayConcealedNames}"
@@ -787,15 +785,15 @@ function Set-TargetResource
 
     # To Do
     $ToDoParametersToUpdate = @{}
-    if ($currentValues.ToDoIsPushNotificationEnabled -and $ToDoIsPushNotificationEnabled -ne $currentValues.ToDoIsPushNotificationEnabled)
+    if ($ToDoIsPushNotificationEnabled -ne $currentValues.ToDoIsPushNotificationEnabled)
     {
         $ToDoParametersToUpdate.Add('isPushNotificationEnabled', $ToDoIsPushNotificationEnabled)
     }
-    if ($currentValues.ToDoIsExternalJoinEnabled -and $ToDoIsExternalJoinEnabled -ne $currentValues.ToDoIsExternalJoinEnabled)
+    if ($ToDoIsExternalJoinEnabled -ne $currentValues.ToDoIsExternalJoinEnabled)
     {
         $ToDoParametersToUpdate.Add('isExternalJoinEnabled', $ToDoIsExternalJoinEnabled)
     }
-    if ($currentValues.ToDoIsExternalShareEnabled -and $ToDoIsExternalShareEnabled -ne $currentValues.ToDoIsExternalShareEnabled)
+    if ($ToDoIsExternalShareEnabled -ne $currentValues.ToDoIsExternalShareEnabled)
     {
         $ToDoParametersToUpdate.Add('isExternalShareEnabled', $ToDoIsExternalShareEnabled)
     }

diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1
@@ -10,75 +10,75 @@
         },
         @{
             ModuleName      = 'Microsoft.Graph.Applications'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Authentication'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.DeviceManagement'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Devices.CorporateManagement'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.DeviceManagement.Administration'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Identity.DirectoryManagement'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Identity.Governance'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Identity.SignIns'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Reports'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.Teams'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.DeviceManagement.Administration'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Beta.DirectoryObjects'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Groups'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Planner'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Users'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.Graph.Users.Actions'
-            RequiredVersion = '2.5.0'
+            RequiredVersion = '2.6.1'
         },
         @{
             ModuleName      = 'Microsoft.PowerApps.Administration.PowerShell'
-            RequiredVersion = '2.0.174'
+            RequiredVersion = '2.0.177'
         },
         @{
             ModuleName      = 'MicrosoftTeams'