Merge pull request #6507 from microsoft/Dev

Release 1.25.910.1

Author: NikCharlebois

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change log for Microsoft365DSC
 
+# 1.25.910.1
+
+* AADApplication
+  * Fixed an issue with `AdminConsentGranted` not being correct if the
+    permissions are from multiple source APIs.
+* AADCrossTenantAccessPolicyConfigurationDefault
+  * Evaluate users and groups by display name to be consistent with
+    other resources.
+
 # 1.25.903.2
 
 * AADEnrichedAuditLogs

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -1950,7 +1950,7 @@ function Get-M365DSCAzureADAppPermissions
                 {
                     if ($oAuth2grant.Count -gt 0)
                     {
-                        $scopes = $oAuth2grant[0].Scope.Split(' ')
+                        $scopes = ($oAuth2grant.Scope -join " ").Split(' ')
                         if ($scopes.Contains($scopeInfoValue))
                         {
                             $currentPermission.AdminConsentGranted = $true

Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1

@@ -108,6 +108,42 @@ function Get-TargetResource
                     Targets    = [System.Array] $getValue.B2BCollaborationInbound.UsersAndGroups.Targets
                 }
             }
+
+            # Convert users back to UPN
+            $newValue = @()
+            foreach ($valueEntry in $B2BCollaborationInboundValue.UsersAndGroups.Targets)
+            {
+                $currentEntry = @{
+                    Target     = $valueEntry.Target
+                    TargetType = $valueEntry.TargetType
+                }
+                if ($valueEntry.TargetType -eq 'user')
+                {
+                    $user = Get-MgUser -UserId $valueEntry.Target -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $currentEntry.Target = $user.UserPrincipalName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                else
+                {
+                    $group = [System.Array] (Get-MgGroup -GroupId $valueEntry.Target -ErrorAction SilentlyContinue)
+                    if ($null -ne $group -and $group.Length -eq 1)
+                    {
+                        $currentEntry.Target = $group.DisplayName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                $newValue += $currentEntry
+            }
+            $B2BCollaborationInboundValue.UsersAndGroups.Targets = $newValue
         }
         if ($null -ne $getValue.B2BCollaborationOutbound)
         {
@@ -121,6 +157,42 @@ function Get-TargetResource
                     Targets    = [System.Array] $getValue.B2BCollaborationOutbound.UsersAndGroups.Targets
                 }
             }
+
+            # Convert users back to UPN
+            $newValue = @()
+            foreach ($valueEntry in $B2BCollaborationOutboundValue.UsersAndGroups.Targets)
+            {
+                $currentEntry = @{
+                    Target     = $valueEntry.Target
+                    TargetType = $valueEntry.TargetType
+                }
+                if ($valueEntry.TargetType -eq 'user')
+                {
+                    $user = Get-MgUser -UserId $valueEntry.Target -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $currentEntry.Target = $user.UserPrincipalName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                else
+                {
+                    $group = [System.Array] (Get-MgGroup -GroupId $valueEntry.Target -ErrorAction SilentlyContinue)
+                    if ($null -ne $group -and $group.Length -eq 1)
+                    {
+                        $currentEntry.Target = $group.DisplayName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                $newValue += $currentEntry
+            }
+            $B2BCollaborationOutboundValue.UsersAndGroups.Targets = $newValue
         }
         if ($null -ne $getValue.B2BDirectConnectInbound)
         {
@@ -147,6 +219,41 @@ function Get-TargetResource
                     Targets    = [System.Array] $getValue.B2BDirectConnectOutbound.UsersAndGroups.Targets
                 }
             }
+            # Convert users back to UPN
+            $newValue = @()
+            foreach ($valueEntry in $B2BDirectConnectOutboundValue.UsersAndGroups.Targets)
+            {
+                $currentEntry = @{
+                    Target     = $valueEntry.Target
+                    TargetType = $valueEntry.TargetType
+                }
+                if ($valueEntry.TargetType -eq 'user')
+                {
+                    $user = Get-MgUser -UserId $valueEntry.Target -ErrorAction SilentlyContinue
+                    if ($null -ne $user)
+                    {
+                        $currentEntry.Target = $user.UserPrincipalName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                else
+                {
+                    $group = [System.Array] (Get-MgGroup -GroupId $valueEntry.Target -ErrorAction SilentlyContinue)
+                    if ($null -ne $group -and $group.Length -eq 1)
+                    {
+                        $currentEntry.Target = $group.DisplayName
+                    }
+                    else
+                    {
+                        $currentEntry.Target = $valueEntry.Target
+                    }
+                }
+                $newValue += $currentEntry
+            }
+            $B2BDirectConnectOutboundValue.UsersAndGroups.Targets = $newValue
         }
         if ($null -ne $getValue.InboundTrust)
         {
@@ -775,6 +882,8 @@ function Get-M365DSCAADCrossTenantAccessPolicyB2BSetting
         $targets = @()
         foreach ($currentTarget in $Setting.usersAndGroups.targets)
         {
+            $user  = $null
+            $group = $null
             if ($currentTarget.targetType -eq 'User')
             {
                 $user = Get-MgUser -UserId $currentTarget.target -ErrorAction SilentlyContinue

Modules/Microsoft365DSC/Microsoft365DSC.psd1

@@ -3,15 +3,15 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 2025-09-05
+# Generated on: 2025-09-11
 
 @{
 
   # Script module or binary module file associated with this manifest.
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.25.903.2'
+  ModuleVersion     = '1.25.910.1'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()
@@ -151,15 +151,12 @@
       IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
       # ReleaseNotes of this module
-      ReleaseNotes = '* AADServicePrincipal
-  * Change in logic to evaluate instances in Test-TargetResource when
-    multiple instances exist with the same display name.
-* IntuneWindowsBackupForOrganizationConfiguration
-  * Initial release.
-* MISC
-  * Code cleanup across all EXO, Commerce, Defender and Fabric resources.
-* DEPENDENCIES
-  * Update ReverseDSC to version 2.0.0.30.'
+      ReleaseNotes = '* AADApplication
+  * Fixed an issue with `AdminConsentGranted` not being correct if the
+    permissions are from multiple source APIs.
+* AADCrossTenantAccessPolicyConfigurationDefault
+  * Evaluate users and groups by display name to be consistent with
+    other resources.'
 
       # Flag to indicate whether the module requires explicit user acceptance for install/update
       # RequireLicenseAcceptance = $false

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADCrossTenantAccessPolicyConfigurationDefault.Tests.ps1

@@ -100,7 +100,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                         UsersAndGroups = (New-CimInstance -ClassName MSFT_AADCrossTenantAccessPolicyTargetConfiguration -Property @{
                             AccessType = 'allowed'
                             Targets    = [CimInstance[]]@((New-CimInstance -ClassName MSFT_AADCrossTenantAccessPolicyTarget -Property @{
-                                    Target     = 'AllUsers'
+                                    Target     = '[email protected]'
                                     TargetType = 'user'
                                 } -ClientOnly))
                         } -ClientOnly)
@@ -126,7 +126,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 accessType = 'allowed'
                                 targets    = @(
                                     @{
-                                        target     = 'AllUsers'
+                                        target     = '[email protected]'
                                         targetType = 'user'
                                     }
                                 )