From f49d0694f22c0af8439be517acf163d4869f656a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BChler?= <{ID}+{username}@users.noreply.github.com> Date: Thu, 16 Jan 2025 12:45:11 +0100 Subject: [PATCH 1/3] Fix DisableResilienceDefaults result --- .../MSFT_AADConditionalAccessPolicy.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 0ee0fdacb8..53fa6d85e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -711,7 +711,7 @@ function Get-TargetResource #no translation needed PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled #no translation needed - DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled + DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults #make false if undefined, true if true PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode #no translation needed From ea75c66af0b85c22500000fcf4890acfddd9c67b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BChler?= <{ID}+{username}@users.noreply.github.com> Date: Thu, 16 Jan 2025 12:46:15 +0100 Subject: [PATCH 2/3] Add DisableResilienceDefaults false szenario --- .../MSFT_AADConditionalAccessPolicy.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 53fa6d85e6..9cf2dcd73a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1745,7 +1745,7 @@ function Set-TargetResource $NewParameters.Add('grantControls', $GrantControls) } - if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled) + if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or !([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { Write-Verbose -Message 'Set-Targetresource: process session controls' $sessioncontrols = $null @@ -1812,9 +1812,9 @@ function Set-TargetResource $sessioncontrols.persistentBrowser.isEnabled = $true $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode } - if ($DisableResilienceDefaultsIsEnabled) + if (!([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { - $sessioncontrols.Add('disableResilienceDefaults', $true) + $sessioncontrols.Add('disableResilienceDefaults', $DisableResilienceDefaultsIsEnabled) } $NewParameters.Add('sessionControls', $sessioncontrols) #add SessionControls to the parameter list From ffbd6944faa9fe267be1888e0e424f359fcf2a0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BChler?= <{ID}+{username}@users.noreply.github.com> Date: Thu, 16 Jan 2025 13:10:34 +0100 Subject: [PATCH 3/3] Update CHANGELOG.md for AADConditionalAccessPolicy fixes and scenarios --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47e595e3e1..e9862f06e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* AADConditionalAccessPolicy + * Fixed DisableResilienceDefaults result + * Add DisableResilienceDefaults false szenario + + # 1.25.115.1 * AADAuthenticationRequirement