Merge pull request #3338 from microsoft/Dev

Release 1.23.524.1

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change log for Microsoft365DSC
 
+# 1.23.524.1
+
+* AADGroup
+  * Performance Improvements for export.
+* AADUser
+  * Performance improvements for export.
+* O365OrgSettings
+  * Added support for the AdminCenterReportDisplayConcealedNames property.
+* SCAutoSensitivityLabelRule
+  * Fixes an issue with the HeaderMatchesPatterns property not compiling when empty.
+* TeamsOrgWideAppSettings
+  * Initial release.
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.0.111
+  * Updated ReverseDSC to version 2.0.0.15
+
 # 1.23.517.1
 
 * AADEntitlementManagementAccessPackageAssignmentPolicy

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1

@@ -125,12 +125,26 @@ function Get-TargetResource
             Write-Verbose -Message 'GroupID was specified'
             try
             {
-                $Group = Get-MgGroup -GroupId $Id -ErrorAction Stop
+                if ($null -ne $Script:exportedGroups-and $Script:ExportMode)
+                {
+                    $Group = $Script:exportedGroups | Where-Object -FilterScript {$_.Id -eq $Id}
+                }
+                else
+                {
+                    $Group = Get-MgGroup -GroupId $Id -ErrorAction Stop
+                }
             }
             catch
             {
                 Write-Verbose -Message "Couldn't get group by ID, trying by name"
-                $Group = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
+                if ($null -ne $Script:exportedGroups-and $Script:ExportMode)
+                {
+                    $Group = $Script:exportedGroups | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName}
+                }
+                else
+                {
+                    $Group = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
+                }
                 if ($Group.Length -gt 1)
                 {
                     throw "Duplicate AzureAD Groups named $DisplayName exist in tenant"
@@ -141,7 +155,14 @@ function Get-TargetResource
         {
             Write-Verbose -Message 'Id was NOT specified'
             ## Can retreive multiple AAD Groups since displayname is not unique
-            $Group = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
+            if ($null -ne $Script:exportedGroups-and $Script:ExportMode)
+            {
+                $Group = $Script:exportedGroups | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName}
+            }
+            else
+            {
+                $Group = Get-MgGroup -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop
+            }
             if ($Group.Length -gt 1)
             {
                 throw "Duplicate AzureAD Groups named $DisplayName exist in tenant"
@@ -1016,18 +1037,19 @@ function Export-TargetResource
 
     try
     {
-        [array] $groups = Get-MgGroup -Filter $Filter -All:$true -ErrorAction Stop
-        $groups = $groups | Where-Object -FilterScript {
+        $Script:ExportMode = $true
+        [array] $Script:exportedGroups = Get-MgGroup -Filter $Filter -All:$true -ErrorAction Stop
+        $Script:exportedGroups = $Script:exportedGroups | Where-Object -FilterScript {
             -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and `
                 -not ($_.MailEnabled -and $_.SecurityEnabled)
         }
 
         $i = 1
         $dscContent = ''
         Write-Host "`r`n" -NoNewline
-        foreach ($group in $groups)
+        foreach ($group in $Script:exportedGroups)
         {
-            Write-Host "    |---[$i/$($groups.Count)] $($group.DisplayName)" -NoNewline
+            Write-Host "    |---[$i/$($Script:exportedGroups.Count)] $($group.DisplayName)" -NoNewline
             $Params = @{
                 ApplicationSecret     = $ApplicationSecret
                 DisplayName           = $group.DisplayName

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/settings.json

@@ -7,6 +7,9 @@
                 "read": [
                     {
                         "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "ReportSettings.Read.All"
                     }
                 ],
                 "update": [
@@ -27,13 +30,19 @@
                     },
                     {
                         "name": "User.Read.All"
+                    },
+                    {
+                        "name": "ReportSettings.ReadWrite.All"
                     }
                 ]
             },
             "application": {
                 "read": [
                     {
                         "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "ReportSettings.Read.All"
                     }
                 ],
                 "update": [
@@ -54,6 +63,9 @@
                     },
                     {
                         "name": "User.Read.All"
+                    },
+                    {
+                        "name": "ReportSettings.ReadWrite.All"
                     }
                 ]
             }

Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1

@@ -162,13 +162,21 @@ function Get-TargetResource
 
     try
     {
-        Write-Verbose -Message "Getting Office 365 User $UserPrincipalName"
-        $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
-        $user = Get-MgUser -UserId $UserPrincipalName -Property $propertiesToRetrieve -ErrorAction SilentlyContinue
-        if ($null -eq $user)
+        if (-not $Script:ExportMode)
         {
-            Write-Verbose -Message "The specified User doesn't already exist."
-            return $nullReturn
+            Write-Verbose -Message "Getting Office 365 User $UserPrincipalName"
+            $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
+            $user = Get-MgUser -UserId $UserPrincipalName -Property $propertiesToRetrieve -ErrorAction SilentlyContinue
+            if ($null -eq $user)
+            {
+                Write-Verbose -Message "The specified User doesn't already exist."
+                return $nullReturn
+            }
+        }
+        else
+        {
+            Write-Verbose -Message "Retrieving user from the exported instances"
+            $user = $Script:M365DSCExportInstances | Where-Object -FilterScript {$_.UserPrincipalName -eq $UserPrincipalName}
         }
 
         Write-Verbose -Message "Found User $($UserPrincipalName)"
@@ -184,11 +192,20 @@ function Get-TargetResource
         }
         $passwordNeverExpires = $userPasswordPolicyInfo.PasswordNeverExpires
 
-        $assignedRoles = Get-MgRoleManagementDirectoryRoleAssignment -Filter "PrincipalId eq '$($user.Id)'"
+        if ($null -eq $Script:allDirectoryRoleAssignment)
+        {
+            $Script:allDirectoryRoleAssignment = Get-MgRoleManagementDirectoryRoleAssignment -All
+        }
+        $assignedRoles = $Script:allDirectoryRoleAssignment | Where-Object -FilterScript {$_.PrincipalId -eq $user.Id}
+
         $rolesValue = @()
+        if ($null -eq $Script:allAssignedRoles -and $assignedRoles.Length -gt 0)
+        {
+            $Script:allAssignedRoles = Get-MgRoleManagementDirectoryRoleDefinition -All
+        }
         foreach ($assignedRole in $assignedRoles)
         {
-            $currentRoleInfo = Get-MgRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $assignedRole.RoleDefinitionId
+            $currentRoleInfo = $Script:allAssignedRoles | Where-Object -FilterScript {$_.Id -eq $assignedRole.RoleDefinitionId}
             $rolesValue += $currentRoleInfo.DisplayName
         }
 
@@ -726,39 +743,17 @@ function Test-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
-    Write-Verbose -Message "Testing configuration of Office 365 User $UserPrincipalName"
-
-    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
+    Write-Verbose -Message "Testing configuration of Azure AD User $UserPrincipalName"
     $CurrentValues = Get-TargetResource @PSBoundParameters
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
 
+    $ValuesToCheck = $PSBoundParameters
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
         -DesiredValues $PSBoundParameters `
-        -ValuesToCheck @('Ensure', `
-            'UserPrincipalName', `
-            'LicenseAssignment', `
-            'UsageLocation', `
-            'FirstName', `
-            'LastName', `
-            'DisplayName', `
-            'City', `
-            'Country', `
-            'Department', `
-            'Fax', `
-            'MobilePhone', `
-            'Office', `
-            'PasswordNeverExpires', `
-            'PhoneNumber', `
-            'PostalCode', `
-            'PreferredLanguage', `
-            'State', `
-            'StreetAddress', `
-            'Title', `
-            'UserType',
-        'Roles')
+        -ValuesToCheck $ValuesToCheck.Keys
 
     Write-Verbose -Message "Test-TargetResource returned $TestResult"
 
@@ -816,21 +811,22 @@ function Export-TargetResource
 
     try
     {
-        $users = Get-MgUser -Filter $Filter -All:$true -ErrorAction Stop
+        $Script:ExportMode = $true
+        $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies')
+        $Script:M365DSCExportInstances = Get-MgUser -Filter $Filter -All:$true -Property $propertiesToRetrieve -ErrorAction Stop
 
         $dscContent = [System.Text.StringBuilder]::new()
         $i = 1
         Write-Host "`r`n" -NoNewline
-        foreach ($user in $users)
+        foreach ($user in $Script:M365DSCExportInstances)
         {
-            Write-Host "    |---[$i/$($users.Length)] $($user.UserPrincipalName)" -NoNewline
+            Write-Host "    |---[$i/$($Script:M365DSCExportInstances.Length)] $($user.UserPrincipalName)" -NoNewline
             $userUPN = $user.UserPrincipalName
             if (-not [System.String]::IsNullOrEmpty($userUPN))
             {
                 $Params = @{
                     UserPrincipalName     = $userUPN
                     Credential            = $Credential
-                    Password              = $Credential
                     ApplicationId         = $ApplicationId
                     TenantId              = $TenantId
                     CertificateThumbprint = $CertificateThumbprint

Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1

@@ -17,6 +17,10 @@ function Get-TargetResource
         [System.Boolean]
         $M365WebEnableUsersToOpenFilesFrom3PStorage,
 
+        [Parameter()]
+        [System.Boolean]
+        $AdminCenterReportDisplayConcealedNames,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -81,10 +85,12 @@ function Get-TargetResource
         $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d'
         $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled'
 
+        $AdminCenterReportDisplayConcealedNamesValue = Get-M365DSCOrgSettingsAdminCenterReport
         return @{
             IsSingleInstance                           = 'Yes'
             CortanaEnabled                             = $CortanaEnabledValue.AccountEnabled
             M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled
+            AdminCenterReportDisplayConcealedNames     = $AdminCenterReportDisplayConcealedNamesValue.displayConcealedNames
             Ensure                                     = 'Present'
             Credential                                 = $Credential
             ApplicationId                              = $ApplicationId
@@ -124,6 +130,10 @@ function Set-TargetResource
         [System.Boolean]
         $M365WebEnableUsersToOpenFilesFrom3PStorage,
 
+        [Parameter()]
+        [System.Boolean]
+        $AdminCenterReportDisplayConcealedNames,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -180,7 +190,7 @@ function Set-TargetResource
     $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id'
     if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled)
     {
-        Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}"
+        Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}"
         Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) `
             -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage
     }
@@ -189,10 +199,18 @@ function Set-TargetResource
     $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled, Id'
     if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled)
     {
-        Write-Verbose -Message "Setting the Cortana setting to {$CortanaEnabled}"
+        Write-Verbose -Message "Updating the Cortana setting to {$CortanaEnabled}"
         Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) `
             -AccountEnabled:$CortanaEnabled
     }
+
+    $AdminCenterReportDisplayConcealedNamesEnabled = Get-M365DSCOrgSettingsAdminCenterReport
+    Write-Verbose "$($AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames) = $AdminCenterReportDisplayConcealedNames"
+    if ($AdminCenterReportDisplayConcealedNames -ne $AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames)
+    {
+        Write-Verbose -Message "Updating the Admin Center Report Display Concealed Names setting to {$AdminCenterReportDisplayConcealedNames}"
+        Update-M365DSCOrgSettingsAdminCenterReport -DisplayConcealedNames $AdminCenterReportDisplayConcealedNames
+    }
 }
 
 function Test-TargetResource
@@ -214,6 +232,10 @@ function Test-TargetResource
         [System.Boolean]
         $M365WebEnableUsersToOpenFilesFrom3PStorage,
 
+        [Parameter()]
+        [System.Boolean]
+        $AdminCenterReportDisplayConcealedNames,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -366,4 +388,32 @@ function Export-TargetResource
     }
 }
 
+function Get-M365DSCOrgSettingsAdminCenterReport
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param()
+
+    $url = 'https://graph.microsoft.com/beta/admin/reportSettings'
+    $results = Invoke-MgGraphRequest -Method GET -Uri $url
+    return $results
+}
+
+function Update-M365DSCOrgSettingsAdminCenterReport
+{
+    [CmdletBinding()]
+    [OutputType([Void])]
+    param(
+        [Parameter(Mandatory = $true)]
+        [System.Boolean]
+        $DisplayConcealedNames
+    )
+    $url = 'https://graph.microsoft.com/beta/admin/reportSettings'
+    $body = @{
+        "@odata.context"      ="https://graph.microsoft.com/beta/$metadata#admin/reportSettings/$entity"
+        displayConcealedNames = $DisplayConcealedNames
+    }
+    Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null
+}
+
 Export-ModuleMember -Function *-TargetResource

Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof

@@ -4,6 +4,7 @@ class MSFT_O365OrgSettings : OMI_BaseResource
     [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
     [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled;
     [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage;
+    [Write, Description("Controls whether or not the Admin Center reports will conceale user, group and site names.")] Boolean AdminCenterReportDisplayConcealedNames;
     [Write, Description("Since there is only one setting available, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure;
     [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;