Merge branch 'Dev' into AADGroupEligibilityScheduleRequest

CHANGELOG.md

@@ -1,6 +1,19 @@
 # Change log for Microsoft365DSC
 
-# 1.24.1218.1
+# UNRELEASED
+
+* AADAuthenticationRequirement
+  * Changed Export logic to extract instances from all users.
+* AADOrganizationCertificateBasedAuthConfiguration
+  * Fixed the primary key of the resource.
+    FIXES [#5523](https://github.com/microsoft/Microsoft365DSC/issues/5523)
+* AADRoleEligibilityScheduleRequest
+  * Fixed error when extracting an entry with a deleted principal.
+* DefenderDeviceAuthenticatedScanDefinition
+  * Fixed the Data Type export.
+* MISC
+  * DEFENDER
+    * Added support for the UseBasicParsing paramter for REST calls.
 
 * AADApplication
   * Added support for Oauth2PermissionScopes.

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1

@@ -310,7 +310,7 @@ function Export-TargetResource
 
     try
     {
-        [array]$getValue = Get-MgUser -ErrorAction Stop | Where-Object -FilterScript { $null -ne $_.Id }
+        [array]$getValue = Get-MgUser -ErrorAction Stop -All | Where-Object -FilterScript { $null -ne $_.Id }
 
         $i = 1
         $dscContent = ''

Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1

@@ -9,7 +9,7 @@ function Get-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $CertificateAuthorities,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $OrganizationId,
         #endregion
@@ -141,7 +141,7 @@ function Set-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $CertificateAuthorities,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $OrganizationId,
         #endregion
@@ -225,7 +225,13 @@ function Set-TargetResource
             certificateAuthorities = $createCertAuthorities
         }
 
-        $policy = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params
+        $uri = ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + `
+                    "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/")
+
+        Write-Verbose -Message "Creating with Parameters:`r`n$(ConvertTo-Json $params -Depth 10)"
+        Invoke-MgGraphRequest -Uri $uri `
+                              -Method 'POST' `
+                              -Body $params
     }
 }
 
@@ -240,7 +246,7 @@ function Test-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $CertificateAuthorities,
 
-        [Parameter()]
+        [Parameter(Mandatory = $true)]
         [System.String]
         $OrganizationId,
         #endregion
@@ -417,6 +423,10 @@ function Export-TargetResource
         }
         foreach ($config in $getValue)
         {
+            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+            {
+                $Global:M365DSCExportResourceInstancesCount++
+            }
             $displayedKey = "CertificateBasedAuthConfigurations for $($getValue.DisplayName)"
             Write-Host "    |---[$i/$($getValue.Count)] $displayedKey" -NoNewline
             $params = @{

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1

@@ -756,8 +756,15 @@ function Export-TargetResource
                 if ($null -eq $groupInfo)
                 {
                     $principalType = 'ServicePrincipal'
-                    $spnInfo = Get-MgServicePrincipal -ServicePrincipalId $request.PrincipalId
-                    $PrincipalValue = $spnInfo.DisplayName
+                    $spnInfo = Get-MgServicePrincipal -ServicePrincipalId $request.PrincipalId -ErrorAction SilentlyContinue
+                    if ($null -ne $spnInfo)
+                    {
+                        $PrincipalValue = $spnInfo.DisplayName
+                    }
+                    else
+                    {
+                        $PrincipalValue = $null
+                    }
                 }
                 else
                 {
@@ -769,61 +776,64 @@ function Export-TargetResource
                 $PrincipalValue = $userInfo.UserPrincipalName
             }
 
-            $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
-            $params = @{
-                Id                    = $request.Id
-                Principal             = $PrincipalValue
-                PrincipalType         = $principalType
-                DirectoryScopeId      = $request.DirectoryScopeId
-                RoleDefinition        = $RoleDefinitionId.DisplayName
-                Ensure                = 'Present'
-                Credential            = $Credential
-                ApplicationId         = $ApplicationId
-                TenantId              = $TenantId
-                ApplicationSecret     = $ApplicationSecret
-                CertificateThumbprint = $CertificateThumbprint
-                ManagedIdentity       = $ManagedIdentity.IsPresent
-                AccessTokens          = $AccessTokens
-            }
+            if ($null -ne $PrincipalValue)
+            {
+                $RoleDefinitionId = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
+                $params = @{
+                    Id                    = $request.Id
+                    Principal             = $PrincipalValue
+                    PrincipalType         = $principalType
+                    DirectoryScopeId      = $request.DirectoryScopeId
+                    RoleDefinition        = $RoleDefinitionId.DisplayName
+                    Ensure                = 'Present'
+                    Credential            = $Credential
+                    ApplicationId         = $ApplicationId
+                    TenantId              = $TenantId
+                    ApplicationSecret     = $ApplicationSecret
+                    CertificateThumbprint = $CertificateThumbprint
+                    ManagedIdentity       = $ManagedIdentity.IsPresent
+                    AccessTokens          = $AccessTokens
+                }
 
-            $Results = Get-TargetResource @Params
+                $Results = Get-TargetResource @Params
 
-            $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
-                -Results $Results
-            try
-            {
-                if ($null -ne $results.ScheduleInfo)
+                $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
+                    -Results $Results
+                try
                 {
-                    $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo
+                    if ($null -ne $results.ScheduleInfo)
+                    {
+                        $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo
+                    }
+                }
+                catch
+                {
+                    Write-Verbose -Message "Error converting Schedule: $_"
+                }
+                if ($Results.TicketInfo)
+                {
+                    $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo
+                }
+                $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
+                    -ConnectionMode $ConnectionMode `
+                    -ModulePath $PSScriptRoot `
+                    -Results $Results `
+                    -Credential $Credential
+                if ($null -ne $Results.ScheduleInfo)
+                {
+                    $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
+                        -ParameterName 'ScheduleInfo'
+                }
+                if ($null -ne $Results.TicketInfo)
+                {
+                    $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
+                        -ParameterName 'TicketInfo'
                 }
-            }
-            catch
-            {
-                Write-Verbose -Message "Error converting Schedule: $_"
-            }
-            if ($Results.TicketInfo)
-            {
-                $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo
-            }
-            $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
-                -ConnectionMode $ConnectionMode `
-                -ModulePath $PSScriptRoot `
-                -Results $Results `
-                -Credential $Credential
-            if ($null -ne $Results.ScheduleInfo)
-            {
-                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
-                    -ParameterName 'ScheduleInfo'
-            }
-            if ($null -ne $Results.TicketInfo)
-            {
-                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
-                    -ParameterName 'TicketInfo'
-            }
 
-            $dscContent += $currentDSCBlock
-            Save-M365DSCPartialExport -Content $currentDSCBlock `
-                -FileName $Global:PartialExportFileName
+                $dscContent += $currentDSCBlock
+                Save-M365DSCPartialExport -Content $currentDSCBlock `
+                    -FileName $Global:PartialExportFileName
+            }
             $i++
             Write-Host $Global:M365DSCEmojiGreenCheckMark
         }

Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1

@@ -575,11 +575,11 @@ function Invoke-M365DSCVerifiedIdWebRequest
     if ($Method -eq 'PATCH' -or $Method -eq 'POST')
     {
         $BodyJson = $body | ConvertTo-Json
-        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson
+        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson -UseBasicParsing
     }
     else
     {
-        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers
+        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -UseBasicParsing
     }
 
     if ($Method -eq 'DELETE')

Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1

@@ -922,11 +922,11 @@ function Invoke-M365DSCVerifiedIdWebRequest
     if ($Method -eq 'PATCH' -or $Method -eq 'POST')
     {
         $BodyJson = $body | ConvertTo-Json -Depth 10
-        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson
+        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson -UseBasicParsing
     }
     else
     {
-        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers
+        $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -UseBasicParsing
     }
 
     if ($Method -eq 'DELETE')

Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1

@@ -345,7 +345,7 @@ function Export-TargetResource
             Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken
         }
         $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities'
-        $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $headers
+        $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $headers -UseBasicParsing
         $authorities = ConvertFrom-Json $response.Content
 
         $resourceGroups = Get-AzResourceGroup -ErrorAction Stop

Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/MSFT_DefenderDeviceAuthenticatedScanDefinition.psm1

@@ -146,8 +146,8 @@ function Get-TargetResource
         else
         {
             $ScanAuthenticationParamsValue = @{
-                '@odata.context' = '#microsoft.windowsDefenderATP.api.SnmpAuthParams'
-                Type             = 'NoAuthNoPriv'
+                DataType = '#microsoft.windowsDefenderATP.api.SnmpAuthParams'
+                Type     = 'NoAuthNoPriv'
             }
         }
 

Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1

@@ -24,7 +24,8 @@ function Invoke-M365DSCDefenderREST
     $response = Invoke-WebRequest -Method $Method `
                                   -Uri $Uri `
                                   -Headers $headers `
-                                  -Body $bodyJSON
+                                  -Body $bodyJSON `
+                                  -UseBasicParsing
     $result = ConvertFrom-Json $response.Content
     return $result
 }

docs/docs/user-guide/get-started/how-to-install.md

@@ -15,7 +15,7 @@ Executing this command can take a minute or two to complete, after which the bas
 
 ## Dependencies
 
-However, Microsoft365DSC depends on several other modules to function properly. For example, it uses the <a href="https://www.powershellgallery.com/packages/MSCloudLoginAssistant/">MSCloudLoginAssistant</a> module to delegate all authentication logic to the various workloads, it leverages a dozen <a href="https://www.powershellgallery.com/packages?q=Microsoft.Graph">Microsoft Graph PowerShell modules</a> to interact with various configuration settings, etc. Current versions of Microsoft365DSC no longer download all the required prerequisites by default. When you install the Microsoft365DSC, you only get the core component after which you have to download all prerequisite modules as well. It is our recommendation that you run the following command to update all dependencies on the system after installing the module:
+However, Microsoft365DSC depends on several other modules to function properly. For example, it uses the <a href="https://www.powershellgallery.com/packages/MSCloudLoginAssistant/">MSCloudLoginAssistant</a> module to delegate all authentication logic to the various workloads, it leverages a dozen <a href="https://www.powershellgallery.com/packages?q=Microsoft.Graph">Microsoft Graph PowerShell modules</a> to interact with various configuration settings, etc. Current versions of Microsoft365DSC no longer download all the required prerequisites by default. When you install the Microsoft365DSC module, you only get the core component after which you have to download all prerequisite modules as well. It is our recommendation that you run the following command to update all dependencies on the system after installing the module:
 
 ```PowerShell
 Update-M365DSCDependencies
@@ -41,11 +41,10 @@ Get-Module Microsoft365DSC -ListAvailable | select ModuleBase, Version
 
 ## Updating To A Newer Version
 
-To update an older version of Microsoft365DSC, use the **Update-Module** cmdlet and run the **Update-M365DSCDependencies** cmdlet again to update any dependencies.
+To update an older version of Microsoft365DSC, use the **Update-M365DSCModule** cmdlet. This will update the current version of Microsoft365DSC and all dependencies in one go as well as uninstalling all outdated versions. 
 
 ```PowerShell
-Update-Module Microsoft365DSC
-Update-M365DSCDependencies
+Update-M365DSCModule
 ```
 
 ## More Information
@@ -55,7 +54,7 @@ More information about installing modules:
 - <a href="https://docs.microsoft.com/en-us/powershell/scripting/developer/module/installing-a-powershell-module?view=powershell-7.2" target="_blank">Installing a PowerShell module</a>
 - <a href="https://docs.microsoft.com/en-us/powershell/module/powershellget/find-module?view=powershell-7.2" target="_blank">Find-Module cmdlet</a>
 - <a href="https://docs.microsoft.com/en-us/powershell/module/powershellget/install-module?view=powershell-7.2" target="_blank">Install-Module cmdlet</a>
-- <a href="https://docs.microsoft.com/en-us/powershell/module/powershellget/update-module?view=powershell-7.2" target="_blank">Update-Module cmdlet</a>
+- <a href="https://microsoft365dsc.com/user-guide/cmdlets/Update-M365DSCModule/" target="_blank">Update-M365DSCModule cmdlet</a>
 - <a href="https://docs.microsoft.com/en-us/powershell/module/powershellget/save-module?view=powershell-7.2" target="_blank">Save-Module cmdlet</a>
 - <a href="https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_psmodulepath?view=powershell-7.2" target="_blank">About PSModulePath</a>
 

docs/docs/user-guide/get-started/troubleshooting.md

@@ -64,3 +64,28 @@ Optionally, for improved performance, you can increase the handles and threads p
 $quotaConfiguration.HandlesPerHost = 8192
 $quotaConfiguration.ThreadsPerHost = 512
 ```
+
+
+## Error "InvalidOperation: Cannot index into a null array" when creating a report from configuration
+
+### ISSUE
+
+When creating a report from either running `New-M365DSCDeltaReport` or `New-M365DSCReportFromConfiguration`, you might receive the following error and the generated report is empty:
+
+```powershell
+Cannot index into a null array.
+At C:\Program Files\WindowsPowerShell\Modules\DSCParser\2.0.0.5\Modules\DSCParser.psm1:**456** char:9
++         $resourceType         = $resource.CommandElements[0].Value
++         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+    + FullyQualifiedErrorId : NullArray
+```
+
+### CAUSE
+
+This issue might occur if there are multiple versions of Microsoft365DSC present on the current machine and the configuration contains nested objects.
+The nested objects are resolved from their CIM definitions, and if multiple versions of Microsoft365DSC are present, multiple versions of these CIM definitions exist. 
+
+### RESOLUTION
+
+Update and install to the latest supported version of Microsoft365DSC using `Update-M365DSCModule`. This will uninstall all outdated versions and dependencies and update to the latest version available on the PowerShell Gallery.