diff --git a/CHANGELOG.md b/CHANGELOG.md index ea91e19d89..fae009b604 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * AAD * Added ApplicationSecret auth method to multiple resources +* IntuneAndroidManagedStoreAppConfiguration + * Initial release. * MISC * Removed hardcoded Graph urls and replaced by MSCloudLoginAssistant values. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 new file mode 100644 index 0000000000..3916bbb6ef --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 @@ -0,0 +1,823 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [System.String] + $packageId, + + [Parameter()] + [System.String] + $payloadJson, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $permissionActions, + + [Parameter()] + [System.Boolean] + $appSupportsOemConfig, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $profileApplicability, + + [Parameter()] + [System.Boolean] + $connectedAppsEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "Nothing with id {$id} was found" + return $nullResult + } + + Write-Verbose -Message "Found something with id {$id}" + + #need to convert dictionary object into a hashtable array so we can work with it + $complexPermissionActions = @() + foreach ($setting in $getValue.AdditionalProperties.permissionActions) + { + $mySettings = @{} + $mySettings.Add('permission', $setting['permission']) + $mySettings.Add('action', $setting['action']) + + if ($mySettings.values.Where({$null -ne $_}).count -gt 0) + { + $complexPermissionActions += $mySettings + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + targetedMobileApps = $getValue.TargetedMobileApps + packageId = $getValue.AdditionalProperties.packageId + payloadJson = $getValue.AdditionalProperties.payloadJson + appSupportsOemConfig = $getValue.AdditionalProperties.appSupportsOemConfig + profileApplicability = $getValue.AdditionalProperties.profileApplicability + connectedAppsEnabled = $getValue.AdditionalProperties.connectedAppsEnabled + permissionActions = $complexPermissionActions + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -ManagedDeviceMobileAppConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [System.String] + $packageId, + + [Parameter()] + [System.String] + $payloadJson, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $permissionActions, + + [Parameter()] + [System.Boolean] + $appSupportsOemConfig, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $profileApplicability, + + [Parameter()] + [System.Boolean] + $connectedAppsEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('AccessTokens') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('Verbose') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceAppManagementMobileAppConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceAppManagementMobileAppConfiguration @UpdateParameters ` + -ManagedDeviceMobileAppConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [System.String] + $packageId, + + [Parameter()] + [System.String] + $payloadJson, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $permissionActions, + + [Parameter()] + [System.Boolean] + $appSupportsOemConfig, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $profileApplicability, + + [Parameter()] + [System.Boolean] + $connectedAppsEnabled, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + foreach ($key in $PSBoundParameters.Keys) + { + if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') + { + $CIMArraySource = @() + $CIMArrayTarget = @() + $CIMArraySource += $PSBoundParameters[$key] + $CIMArrayTarget += $CurrentValues.$key + if ($CIMArraySource.count -ne $CIMArrayTarget.count) + { + Write-Verbose -Message "Configuration drift:Number of items does not match: Source=$($CIMArraySource.count) Target=$($CIMArrayTarget.count)" + $testResult = $false + break + } + $i = 0 + foreach ($item in $CIMArraySource ) + { + $testResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $CIMArraySource[$i]) ` + -Target ($CIMArrayTarget[$i]) + + $i++ + if (-Not $testResult) + { + $testResult = $false + break + } + } + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + $ValuesToCheck.Remove('Id') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.permissionActions) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.permissionActions ` + -CIMInstanceName 'MSFT_androidPermissionAction' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.permissionActions = $complexTypeStringResult + } + else + { + $Results.Remove('permissionActions') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + if ($Results.permissionActions) + { + $isCIMArray = $false + if ($Results.permissionActions.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'permissionActions' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'packageId' + 'payloadJson' + 'permissionActions' + 'appSupportsOemConfig' + 'profileApplicability' + 'connectedAppsEnabled' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidManagedStoreAppConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof new file mode 100644 index 0000000000..55f79afabc Binary files /dev/null and b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/readme.md new file mode 100644 index 0000000000..508348de73 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/readme.md @@ -0,0 +1,6 @@ + +# IntuneAndroidManagedStoreAppConfiguration + +## Description + +This resource configures an Intune Android Managed Store Application Configuration Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/settings.json new file mode 100644 index 0000000000..bdbcf2fc68 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneAndroidManagedStoreAppConfiguration", + "description": "This resource configures an Intune Android Managed Store Application Configuration Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/1-Create.ps1 new file mode 100644 index 0000000000..3ea0cb72ce --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/1-Create.ps1 @@ -0,0 +1,51 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneAndroidManagedStoreAppConfiguration "ConfigureIntuneAndroidManagedStoreAppConfiguration" + { + Description = "IntuneAndroidManagedStoreAppConfiguration Description"; + DisplayName = "IntuneAndroidManagedStoreAppConfiguration DisplayName"; + Ensure = "Present"; + appSupportsOemConfig = $False; + connectedAppsEnabled = $False; + packageId = "app:org.mozilla.firefox"; + payloadJson = ""; + permissionActions = @( + MSFT_androidPermissionAction{ + permission = 'android.permission.RECEIVE_SMS' + } + MSFT_androidPermissionAction{ + permission = 'android.permission.READ_SMS' + } + MSFT_androidPermissionAction{ + permission = 'android.permission.RECEIVE_WAP_PUSH' + } + ); + profileApplicability = "androidDeviceOwner"; + targetedMobileApps = @("30ab8f7a-14fb-4a05-befa-ea7f51141ad9"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} \ No newline at end of file diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/2-Update.ps1 new file mode 100644 index 0000000000..f18fe9a63b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/2-Update.ps1 @@ -0,0 +1,51 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneAndroidManagedStoreAppConfiguration "ConfigureIntuneAndroidManagedStoreAppConfiguration" + { + Description = "IntuneAndroidManagedStoreAppConfiguration Description"; + DisplayName = "IntuneAndroidManagedStoreAppConfiguration DisplayName"; + Ensure = "Present"; + appSupportsOemConfig = $False; + connectedAppsEnabled = $True; #updated value + packageId = "app:org.mozilla.firefox"; + payloadJson = ""; + permissionActions = @( + MSFT_androidPermissionAction{ + permission = 'android.permission.RECEIVE_SMS' + } + MSFT_androidPermissionAction{ + permission = 'android.permission.READ_SMS' + } + MSFT_androidPermissionAction{ + permission = 'android.permission.RECEIVE_WAP_PUSH' + } + ); + profileApplicability = "androidDeviceOwner"; + targetedMobileApps = @("30ab8f7a-14fb-4a05-befa-ea7f51141ad9"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} \ No newline at end of file diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/3-Remove.ps1 new file mode 100644 index 0000000000..b16600523e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAndroidManagedStoreAppConfiguration/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneAndroidManagedStoreAppConfiguration "ConfigureIntuneAndroidManagedStoreAppConfiguration" + { + Description = "IntuneAndroidManagedStoreAppConfiguration Description"; + DisplayName = "IntuneAndroidManagedStoreAppConfiguration DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAndroidManagedStoreAppConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAndroidManagedStoreAppConfiguration.Tests.ps1 new file mode 100644 index 0000000000..080b63f164 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAndroidManagedStoreAppConfiguration.Tests.ps1 @@ -0,0 +1,307 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneAndroidManagedStoreAppConfiguration' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the Android Managed Store App Configuration Policy doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + permissionActions = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_androidPermissionAction -Property @{ + permission = "android.permission.READ_SMS" + action = "prompt" + } -ClientOnly) + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the Android Managed Store App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceAppManagementMobileAppConfiguration' -Exactly 1 + } + } + + Context -Name 'When the Android Managed Store App Configuration Policy already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + permissionActions = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_androidPermissionAction -Property @{ + permission = "android.permission.READ_SMS" + action = "prompt" + } -ClientOnly) + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + permissionActions = @( + @{ + permission = "android.permission.READ_SMS" + action = "prompt" + + } + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + '@odata.type' = '#microsoft.graph.androidManagedStoreAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the Android Managed Store App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + permissionActions = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_androidPermissionAction -Property @{ + permission = "android.permission.READ_SMS" + action = "prompt" + } -ClientOnly) + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + permissionActions = @( + @{ + permission = "android.permission.READ_SMS" + action = "prompt" + } + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + '@odata.type' = '#microsoft.graph.androidManagedStoreAppConfiguration' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + permissionActions = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_androidPermissionAction -Property @{ + permission = "android.permission.READ_SMS" + action = "prompt" + } -ClientOnly) + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + permissionActions = @( + @{ + permission = "android.permission.READ_SMS" + action = "prompt" + + } + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + '@odata.type' = '#microsoft.graph.androidManagedStoreAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the Android Managed Store App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test Android Managed Store App Configuration Policy' + Description = 'Test Android Managed Store App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + permissionActions = @( + @{ + permission = "android.permission.READ_SMS" + action = "prompt" + + } + ) + appSupportsOemConfig = $False + connectedAppsEnabled = $False + packageId = "app:org.mozilla.firefox" + payloadJson = "" + profileApplicability = "androidDeviceOwner" + '@odata.type' = '#microsoft.graph.androidManagedStoreAppConfiguration' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file