Merge pull request #6373 from microsoft/Dev

Release 1.25.723.2

Author: NikCharlebois

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change log for Microsoft365DSC
 
+# Release 1.25.723.2
+
+* AADConditionalAccessPolicy
+  * Remove the ValidateSet from the ProtocolFlows property.
+* AADCrossTenantAccessPolicyConfigurationDefault
+  * Fixed the return values from the Get-TargetResource method.
+* AADUser
+  * Fixed an issue when fetching a property from an empty array.
+
 # 1.25.723.1
 
 * AADApplication

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -236,7 +236,6 @@ function Get-TargetResource
         $ServicePrincipalRiskLevels,
 
         [Parameter()]
-        [ValidateSet("implicitAccessTokenAndGetResponseMode","implicitIdTokenAndGetResponseMode","implicitAccessTokenAndPostResponseMode","implicitIdTokenAndPostResponseMode","authorizationCodeWithoutPkce","authorizationCodeWithPkce","clientCredentials","refreshTokenGrant","encryptedAuthorizeResponse","password","directUserGrant","saml20","kerberos","prtGrant","seamlessSso","prtBrokerBased","prtNonBrokerBased","onBehalfOf","samlOnBehalfOf","deviceCodeFlow","authenticationTransfer")]
         [System.String[]]
         $ProtocolFlows,
 
@@ -1020,7 +1019,6 @@ function Set-TargetResource
         $ServicePrincipalRiskLevels,
 
         [Parameter()]
-        [ValidateSet("implicitAccessTokenAndGetResponseMode","implicitIdTokenAndGetResponseMode","implicitAccessTokenAndPostResponseMode","implicitIdTokenAndPostResponseMode","authorizationCodeWithoutPkce","authorizationCodeWithPkce","clientCredentials","refreshTokenGrant","encryptedAuthorizeResponse","password","directUserGrant","saml20","kerberos","prtGrant","seamlessSso","prtBrokerBased","prtNonBrokerBased","onBehalfOf","samlOnBehalfOf","deviceCodeFlow","authenticationTransfer")]
         [System.String[]]
         $ProtocolFlows,
 
@@ -2248,7 +2246,6 @@ function Test-TargetResource
         $ServicePrincipalRiskLevels,
 
         [Parameter()]
-        [ValidateSet("implicitAccessTokenAndGetResponseMode","implicitIdTokenAndGetResponseMode","implicitAccessTokenAndPostResponseMode","implicitIdTokenAndPostResponseMode","authorizationCodeWithoutPkce","authorizationCodeWithPkce","clientCredentials","refreshTokenGrant","encryptedAuthorizeResponse","password","directUserGrant","saml20","kerberos","prtGrant","seamlessSso","prtBrokerBased","prtNonBrokerBased","onBehalfOf","samlOnBehalfOf","deviceCodeFlow","authenticationTransfer")]
         [System.String[]]
         $ProtocolFlows,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -53,7 +53,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Authentication context class references.")] String AuthenticationContexts[];
     [Write, Description("Insider risk levels conditions."), ValueMap{"minor", "moderate", "elevated", "unknownFutureValue"}, Values{"minor", "moderate", "elevated", "unknownFutureValue"}] String InsiderRiskLevels[];
     [Write, Description("Service principal risk levels included in the policy."), ValueMap{"low", "medium", "high", "none", "unknownFutureValue"}, Values{"low", "medium", "high", "none", "unknownFutureValue"}] String ServicePrincipalRiskLevels[];
-    [Write, Description("Specifies the protocol flows to block."), ValueMap{"implicitAccessTokenAndGetResponseMode","implicitIdTokenAndGetResponseMode","implicitAccessTokenAndPostResponseMode","implicitIdTokenAndPostResponseMode","authorizationCodeWithoutPkce","authorizationCodeWithPkce","clientCredentials","refreshTokenGrant","encryptedAuthorizeResponse","password","directUserGrant","saml20","kerberos","prtGrant","seamlessSso","prtBrokerBased","prtNonBrokerBased","onBehalfOf","samlOnBehalfOf","deviceCodeFlow","authenticationTransfer"}, Values{"implicitAccessTokenAndGetResponseMode","implicitIdTokenAndGetResponseMode","implicitAccessTokenAndPostResponseMode","implicitIdTokenAndPostResponseMode","authorizationCodeWithoutPkce","authorizationCodeWithPkce","clientCredentials","refreshTokenGrant","encryptedAuthorizeResponse","password","directUserGrant","saml20","kerberos","prtGrant","seamlessSso","prtBrokerBased","prtNonBrokerBased","onBehalfOf","samlOnBehalfOf","deviceCodeFlow","authenticationTransfer"}] String ProtocolFlows[];
+    [Write, Description("Specifies the protocol flows to block.")] String ProtocolFlows[];
     [Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1

@@ -98,24 +98,65 @@ function Get-TargetResource
         $B2BCollaborationInboundValue = $null
         if ($null -ne $getValue.B2BCollaborationInbound)
         {
-            $B2BCollaborationInboundValue = $getValue.B2BCollaborationInbound
+            $B2BCollaborationInboundValue = @{
+                Applications = @{
+                    AccessType = $getValue.B2BCollaborationInbound.Applications.AccessType
+                    Targets    = [System.String[]] $getValue.B2BCollaborationInbound.Applications.Targets
+                }
+                UsersAndGroups =@{
+                    AccessType = $getValue.B2BCollaborationInbound.UsersAndGroups.AccessType
+                    Targets    = [System.String[]] $getValue.B2BCollaborationInbound.UsersAndGroups.Targets
+                }
+            }
         }
         if ($null -ne $getValue.B2BCollaborationOutbound)
         {
-            $B2BCollaborationOutboundValue = $getValue.B2BCollaborationOutbound
+            $B2BCollaborationOutboundValue = @{
+                Applications = @{
+                    AccessType = $getValue.B2BCollaborationOutbound.Applications.AccessType
+                    Targets    = [System.String[]] $getValue.B2BCollaborationOutbound.Applications.Targets
+                }
+                UsersAndGroups =@{
+                    AccessType = $getValue.B2BCollaborationOutbound.UsersAndGroups.AccessType
+                    Targets    = [System.String[]] $getValue.B2BCollaborationOutbound.UsersAndGroups.Targets
+                }
+            }
         }
         if ($null -ne $getValue.B2BDirectConnectInbound)
         {
-            $B2BDirectConnectInboundValue = $getValue.B2BDirectConnectInbound
+            $B2BDirectConnectInboundValue = @{
+                Applications = @{
+                    AccessType = $getValue.B2BDirectConnectInbound.Applications.AccessType
+                    Targets    = [System.String[]] $getValue.B2BDirectConnectInbound.Applications.Targets
+                }
+                UsersAndGroups =@{
+                    AccessType = $getValue.B2BDirectConnectInbound.UsersAndGroups.AccessType
+                    Targets    = [System.String[]] $getValue.B2BDirectConnectInbound.UsersAndGroups.Targets
+                }
+            }
         }
         if ($null -ne $getValue.B2BDirectConnectOutbound)
         {
-            $B2BDirectConnectOutboundValue = $getValue.B2BDirectConnectOutbound
+            $B2BDirectConnectOutboundValue = @{
+                Applications = @{
+                    AccessType = $getValue.B2BDirectConnectOutbound.Applications.AccessType
+                    Targets    = [System.String[]] $getValue.B2BDirectConnectOutbound.Applications.Targets
+                }
+                UsersAndGroups =@{
+                    AccessType = $getValue.B2BDirectConnectOutbound.UsersAndGroups.AccessType
+                    Targets    = [System.String[]] $getValue.B2BDirectConnectOutbound.UsersAndGroups.Targets
+                }
+            }
         }
         if ($null -ne $getValue.InboundTrust)
         {
-            $InboundTrustValue = $getValue.InboundTrust
+            $InboundTrustValue = @{
+                IsCompliantDeviceAccepted           = $getValue.InboundTrust.IsCompliantDeviceAccepted
+                IsHybridAzureADJoinedDeviceAccepted = $getValue.InboundTrust.IsHybridAzureADJoinedDeviceAccepted
+                IsMfaAccepted                       = $getValue.InboundTrust.IsMfaAccepted
+            }
         }
+
         $results = @{
             IsSingleInstance         = 'Yes'
             B2BCollaborationInbound  = $B2BCollaborationInboundValue

Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1

@@ -222,7 +222,7 @@ function Get-TargetResource
         }
 
         # return membership of static groups only
-        [array]$currentMemberOf = ($batchResponse | Where-Object -FilterScript { $_.id -eq 'MemberOf' }).body.value | Select-Object -ExpandProperty DisplayName
+        [array]$currentMemberOf = ($batchResponse | Where-Object -FilterScript { $_.id -eq 'MemberOf' }).body.value.DisplayName
 
         $userPasswordPolicyInfo = $user | Select-Object UserprincipalName, @{
             N = 'PasswordNeverExpires'; E = { $_.PasswordPolicies -contains 'DisablePasswordExpiration' }

Modules/Microsoft365DSC/Microsoft365DSC.psd1

@@ -3,15 +3,15 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 2025-07-23
+# Generated on: 2025-07-25
 
 @{
 
   # Script module or binary module file associated with this manifest.
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.25.723.1'
+  ModuleVersion     = '1.25.723.2'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()
@@ -151,52 +151,12 @@
       IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
       # ReleaseNotes of this module
-      ReleaseNotes = '* AADApplication
-  * Reduced export time by up to 75%.
-      * AADConditionalAccessPolicy
-  * Added support for the ProtocolFlows property.
-* AADGroup
-  * Reduced export time by up to 60%.
-* AADPIMGroupSettings
-  * Reduced export time by 80%.
-* AADGroupEligibilitySchedule
-  * Reduced export time by 80%.
-* AADGroupEligibilityScheduleSettings
-  * Reduced export time by 90%.
-* AADPasswordRuleSettings
-  * Updated creation of new DirectorySetting object to explicitly use default values to avoid exception
-* AADRoleEligibilityScheduleRequest
-  * Reduced export time by up to 50%.
-* AADRoleSetting
-  * Reduced export time by 80%.
-* AADServicePrincipal
-  * Reduced export time by 70%.
+      ReleaseNotes = '* AADConditionalAccessPolicy
+  * Remove the ValidateSet from the ProtocolFlows property.
+* AADCrossTenantAccessPolicyConfigurationDefault
+  * Fixed the return values from the Get-TargetResource method.
 * AADUser
-  * Reduced export time by 25%.
-* IntuneDeviceCleanupRuleV2
-  * Initial release.
-* IntuneMobileAppsBuiltInStoreApp
-  * Initial release.
-* IntuneMobileAppsManagedGooglePlayApp
-  * Initial release.
-* IntuneMobileAppsBundleMacOS
-  * Initial release.
-* IntuneMobileAppsStoreApp
-  * Initial release.
-* IntuneMobileAppsSystemAppAndroid
-  * Initial release.
-* IntuneMobileAppsWin32AppWindows10
-  * Initial release.
-* IntuneSettingCatalogASRRulesPolicyWindows10
-  * Added new options to `EnableControlledFolderAccess` property.
-    FIXES [#6353](https://github.com/microsoft/Microsoft365DSC/issues/6353)
-* IntuneSettingCatalogCustomPolicyWindows10
-  * Add `RoleScopeTagIds` property to functions.
-    FIXES [#6348](https://github.com/microsoft/Microsoft365DSC/issues/6348)
-* M365DSCDRGUtil
-  * Added new function `Invoke-M365DSCIntuneMobileAppInitialUpload` for initial mobile app content upload.
-* MISC
-  * Fixed log messages from being out of order for AAD resource'
+  * Fixed an issue when fetching a property from an empty array.'
 
       # Flag to indicate whether the module requires explicit user acceptance for install/update
       # RequireLicenseAcceptance = $false

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADCrossTenantAccessPolicyConfigurationDefault.Tests.ps1

@@ -283,7 +283,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                         }
                         B2BDirectConnectInbound  = @{
                             applications = @{
-                                accessType = 'blocked'
+                                accessType = 'allowed'
                                 targets    = @(
                                     @{
                                         target     = 'AllApplications'