From 58bbebc6e0016a9d5dc42118a5b2127292497b9b Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 11:39:38 +0000 Subject: [PATCH 1/8] Initial release Initial release. 2 DSC resource to cover both Android Enterprise and Android Device Owner/Administrator certificate policies. --- CHANGELOG.md | 4 + ...stedRootCertificateAndroidDeviceOwner.psm1 | 696 ++++++++++++++++++ ...otCertificateAndroidDeviceOwner.schema.mof | Bin 0 -> 6542 bytes .../readme.md | 6 + .../settings.json | 44 ++ ...ustedRootCertificateAndroidEnterprise.psm1 | 696 ++++++++++++++++++ ...ootCertificateAndroidEnterprise.schema.mof | Bin 0 -> 6538 bytes .../readme.md | 6 + .../settings.json | 44 ++ .../1-Create.ps1 | 36 + .../2-Update.ps1 | 36 + .../3-Remove.ps1 | 34 + .../1-Create.ps1 | 36 + .../2-Update.ps1 | 36 + .../3-Remove.ps1 | 34 + ...ootCertificateAndroidDeviceOwner.Tests.ps1 | 225 ++++++ ...RootCertificateAndroidEnterprise.Tests.ps1 | 225 ++++++ 17 files changed, 2158 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 230f896151..bf603af91f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,10 @@ FIXES [#5430](https://github.com/microsoft/Microsoft365DSC/issues/5430) * IntuneRoleScopeTag * Initial release. +* IntuneTrustedRootCertificateAndroidDeviceOwner + * Initial release. +* IntuneTrustedRootCertificateAndroidEnterprise + * Initial release. * TeamsUserPolicyAssignment * Added support for the Global policies. * TeamsUpgradePolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 new file mode 100644 index 0000000000..0c6e450cce --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -0,0 +1,696 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Device Owner with Id {$id} was found" + return $nullResult + } + + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + certFileName = $getValue.AdditionalProperties.certFileName + trustedRootCertificate = $getValue.AdditionalProperties.trustedRootCertificate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'certFileName' + 'trustedRootCertificate' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof new file mode 100644 index 0000000000000000000000000000000000000000..ac51a700c467fbf188048618be5f6660dda27fb6 GIT binary patch literal 6542 zcmeHMTTc@~6h6-;{)b6@5E9eqt3H*RX|zIU!3RQ2X$x%ZExn*f`0MKT&FOS@wo_<# z3lGLLWw*0C=YGC(&hY2=ne0kenli@cR5~)kHIaezWlKu(PRjCj{w>M2oXbmjA+7ly zBQ>eZfi&cs>|y^6cDHb?fo31yE8O?+?aKt5NcR$NT*(xinpjg_M|je;J8z|8W#K#h z`OdNBdT0L{(a)KD1&stWI`Rf<LaVa$s8`J_F&IocihX(MS0c{L6`S{rWCPA&K&9&_mk9og8V zMLUqlMdjl*ywAkM_*I)=1#Eu>bGcxL9I6Z5FAa~0^-2HFnsNh6A@c`*z*NO^2i zQBj2yS?`CDaXItnx>fIK^{3oLGlG>?t1F|GcA$>TIz~4mGOlyj1uU=oix%)4H!c63 zm3WA}Y635ee8H8m^qe|{GB^o}dWn@dTVXfvudSfVtl2JX+jeh@UW`fP{dqr&OZL0# zcFDxI14Ly4&k-NG@TIdOJ5plm1c*v>Y~Ve1Kt%Ai9K%Wj-0$Mo2-n2+%Pkwt9pDV9 zG1?Pc(_Pu2{IJwUGhLT==}*bq0QHR=0tu^_2X-Je`_f~4*%!0t=WIaP^7itY-(lva zH8Q|qKTBxezUX=HWj{@Pf@HUkOcG&c7+Bn8XHkhl$}U#&=3E8Q!I`8FZwzg`a4ut= zB|7rDI4NbTM>@JpkX7OA#?FBr;4J0lF><-Ie0#X-!Ai6gC#*1PYw*KU}!s!tZrUe z&u%fEPTw$cVsGY+pjg$c$gf#O8ep%UdN6-@l9pJ@aE&t{`%s=_5&d}1<SyW3>hr3neZ_TUCr13IF2-V|)=f7-#kJKFtYvyO zQZ$QbR|g%QH0oJp*mbPu(c)UJj~cO7CdLe_?p literal 0 HcmV?d00001 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md new file mode 100644 index 0000000000..f5210fed88 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md @@ -0,0 +1,6 @@ + +# IntuneTrustedRootCertificateAndroidDeviceOwner + +## Description + +This resource configures an Intune Android Device Owner Trusted Root Certificate Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json new file mode 100644 index 0000000000..04a5f508cd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneTrustedRootCertificateAndroidDeviceOwner", + "description": "This resource configures an Android Device Owner Intune Trusted Root Certificate Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 new file mode 100644 index 0000000000..6652c53a90 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -0,0 +1,696 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android with Id {$id} was found" + return $nullResult + } + + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android with id {$id} and DisplayName {$DisplayName} was found" + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + certFileName = $getValue.AdditionalProperties.certFileName + trustedRootCertificate = $getValue.AdditionalProperties.trustedRootCertificate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'certFileName' + 'trustedRootCertificate' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof new file mode 100644 index 0000000000000000000000000000000000000000..e18d156b40da1e31de7dc2577b90e4fd1cb2ef45 GIT binary patch literal 6538 zcmeI1O>Y}F5QgVmp#Onz4~>DsXs_)_@ke2_Zi84!4}noAmf{GNCBc%@x$v zak=8!)~=F6Q3&gmxXa;uyz|bG{^#Q>JG6-nY@yFf8`+KSW1HF3p4gs!X9xD}`r5O7 zyRa|q3%gv;adu|sc4B?|-HtT>on~L^ekPeyU03>kt!rvat%Te+dgID&wbDRiVXbF+ zGVwF-tmk#%o#}e!!ms+?|8*8Vuk1I;7)!>;zR?(~FSIse^R;BG=-XR8a~iwT6TZ!) z1;69?K(o+vsnOtzeEkDS+4rlw)bok74;Iety`Fp}J+b;mau;6qQa-!V?}65PyZS!U zta;J8zTS)L?`f6CNJNW?{p{Dpy9;SFv={zP3`<^YzfLu>yOTY#zdVv|rEkE&kKTv7 z^wXu{QN~;qp*J3zcyuIVC}zvhYK;tx$K99rs4pntc2$V z@I6+*fEzC#&T(UR?f^ea!L_Rb*?A7hGN^f zK2=7EHLt`WCzXip3Kgf)q8|Mm8E;nc+_vg{TKmzvYerCMLv;nM_yHTqI?xRw%Qoj- zKy%&S^gvp1*ZLoMjpxd%f%wANFS>)J&uLSxL)4&al&Hk@3cLGwJ;}PvGv9^n`|fQs ziY1LwJU^^(Nx!>omkht12$f?+4t|&@meG%Nq;Tp|j0!vU^&TA%3_i5y^3qJ-5B2Lt z_p$GnFFl$^;u)lY_Ob5AUJCEcb%FHJ%F^Z@{nM@N#Q4sB6$_qfFYr_vqtA0)^u+Z0 z>>uIPD~Ul4f@g>>~24aPoc3%&r>ck|R#q=37t5 zU_UZdG{D8o@5!jKFeCTPT~fVr9OA02oE&`nLY6mS45X92 zQD)be<{aVHEJ18aJkg{Ved%MlrmY{JX$|5M_5t*H>`uWAqp22Gb2W5>czLM{_8bTs z%`!k*tnJ9X_9zEo_wUqm-9qQstE|-2H$G+_OoRTZ^M{|Ker=01fE_$J=e9^jhJoG-rS}O5amQG}G zod@&%`8WA7Qp*#FUka*74} zamJO->>|zvk`%BOJQ;fxXMbu2Pny^$uzp=`sXjmUq_4ZJR517-Tb$=g@_~vLcEe?B z!|7F%o&Ac;F4mn(4yTOaoHFk^wu@+YE4OEj5~d^i&*kmJn`K;7t#6wPeWCHza~+&Y z9Vg0NJXy|-uRWLChZW~}b+f~dSw)p5AG_eL+#8g9(AJ;T6A!ZFRQ%z5CBe6xeg!+W z&!DG@3cdWu=OX`QsP>U$QDkmT_1o$X_fg+C%?h6X!^>^2cOA(|eqZ(k>D9^=cbWeJ DcH4#@ literal 0 HcmV?d00001 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md new file mode 100644 index 0000000000..1f4f9d1fe1 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md @@ -0,0 +1,6 @@ + +# IntuneTrustedRootCertificateAndroidEnterprise + +## Description + +This resource configures an Intune Android Enterprise Trusted Root Certificate Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json new file mode 100644 index 0000000000..f6900ac6c0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneTrustedRootCertificateAndroidEnterprise", + "description": "This resource configures an Android Enterprise Intune Trusted Root Certificate Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 new file mode 100644 index 0000000000..9e6411137f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..36395dc1ac --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..a5cf33d766 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 new file mode 100644 index 0000000000..f57c69cacd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 new file mode 100644 index 0000000000..666de2cd47 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 new file mode 100644 index 0000000000..8d201f5e13 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 new file mode 100644 index 0000000000..f1ee580a86 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneTrustedRootCertificateAndroidDeviceOwner' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneTrustedRootCertificateAndroidDeviceOwner doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneTrustedRootCertificateAndroidDeviceOwner already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 new file mode 100644 index 0000000000..3203cd35aa --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneTrustedRootCertificateAndroidEnterprise' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneTrustedRootCertificateAndroidEnterprise doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneTrustedRootCertificateAndroidEnterprise already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file From b5fa576825b422805351aa01cd02230728dffa67 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 11:51:53 +0000 Subject: [PATCH 2/8] Changed line 94 as requested --- .../MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 | 4 +++- .../MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index 0c6e450cce..b036444231 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -91,7 +91,9 @@ $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } + if (-not [string]::IsNullOrWhiteSpace($id)){ + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } #region resource generator code if ($null -eq $getValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index 6652c53a90..5d39b914ad 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -91,7 +91,9 @@ $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } + if (-not [string]::IsNullOrWhiteSpace($id)){ + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } #region resource generator code if ($null -eq $getValue) From 1fcbc2b7fb4fd883839c2e3865162fbbccedc1ba Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 11:56:22 +0000 Subject: [PATCH 3/8] All files now UTF-8 --- ...ustedRootCertificateAndroidEnterprise.psm1 | 2 +- ...ootCertificateAndroidEnterprise.schema.mof | Bin 6538 -> 3239 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index 5d39b914ad..6e8fbe3c65 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -1,4 +1,4 @@ -function Get-TargetResource +function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof index e18d156b40da1e31de7dc2577b90e4fd1cb2ef45..9b82a0fa297fa6434519043546d9c5458f6dd37c 100644 GIT binary patch literal 3239 zcmd^CQE%EX5Ps)ZoY=#tgwXcdK2e}kv~{am+C8AEGVuY{5<9XTHdgh&@9Y@j(h}0X zj!GzM&c3_vzWeT&jWTA;9cm+#>~%j6KDoc{$$ckvFW~a#V)`(~wMg-jNw&lsr5!1` z5X(|CONXvhCeqE&7_pS@rRh9&fIhRIT3GDE7)`20;Y@qo=?cMa3Iw$P>zet!l!_Q`QLH4ha0PfTmom7O^H5d?HINYnMHk& zYaj+VfQc(3Cq`;Wq<3w>Q!2Kxzr~ls#_k{7r88-&N`jh z0Uhqcg%&7zwsGM(ts7Z!Np;rRSvlydOS=(H5VCDPd+;nr5Me+1}ahaBKTCT0v`BF z!QLh@TqzaSSsvqMMFntNfQSt7RrXc7G(>o%(aRsq&p0)(p*xqS-tVUo|06CV<3 zER!iU)H@cOsNl6Eo7sIss3VP>02M4VTl$6IJWt)yb0D<(q;ngfssGvFvu?@ZU#cPu zY0Fq6jD@CsL+K5$qM+5yFL4erRuX0uqmvT&E$k|$5RrasyX)iE7QCZQElNhrDrqkR zH;f{$v;)O1r{1#B+YP3g*2kb22hu$1u_g9l2Z@lV+&7e9x+?QINiikd9Ai|9kF;*o zl^{&ODM65US0{q*2y&4O)DbjKDq!tG5Vy`>8YcT}AWpA9s<0sQ>@~ literal 6538 zcmeI1O>Y}F5QgVmp#Onz4~>DsXs_)_@ke2_Zi84!4}noAmf{GNCBc%@x$v zak=8!)~=F6Q3&gmxXa;uyz|bG{^#Q>JG6-nY@yFf8`+KSW1HF3p4gs!X9xD}`r5O7 zyRa|q3%gv;adu|sc4B?|-HtT>on~L^ekPeyU03>kt!rvat%Te+dgID&wbDRiVXbF+ zGVwF-tmk#%o#}e!!ms+?|8*8Vuk1I;7)!>;zR?(~FSIse^R;BG=-XR8a~iwT6TZ!) z1;69?K(o+vsnOtzeEkDS+4rlw)bok74;Iety`Fp}J+b;mau;6qQa-!V?}65PyZS!U zta;J8zTS)L?`f6CNJNW?{p{Dpy9;SFv={zP3`<^YzfLu>yOTY#zdVv|rEkE&kKTv7 z^wXu{QN~;qp*J3zcyuIVC}zvhYK;tx$K99rs4pntc2$V z@I6+*fEzC#&T(UR?f^ea!L_Rb*?A7hGN^f zK2=7EHLt`WCzXip3Kgf)q8|Mm8E;nc+_vg{TKmzvYerCMLv;nM_yHTqI?xRw%Qoj- zKy%&S^gvp1*ZLoMjpxd%f%wANFS>)J&uLSxL)4&al&Hk@3cLGwJ;}PvGv9^n`|fQs ziY1LwJU^^(Nx!>omkht12$f?+4t|&@meG%Nq;Tp|j0!vU^&TA%3_i5y^3qJ-5B2Lt z_p$GnFFl$^;u)lY_Ob5AUJCEcb%FHJ%F^Z@{nM@N#Q4sB6$_qfFYr_vqtA0)^u+Z0 z>>uIPD~Ul4f@g>>~24aPoc3%&r>ck|R#q=37t5 zU_UZdG{D8o@5!jKFeCTPT~fVr9OA02oE&`nLY6mS45X92 zQD)be<{aVHEJ18aJkg{Ved%MlrmY{JX$|5M_5t*H>`uWAqp22Gb2W5>czLM{_8bTs z%`!k*tnJ9X_9zEo_wUqm-9qQstE|-2H$G+_OoRTZ^M{|Ker=01fE_$J=e9^jhJoG-rS}O5amQG}G zod@&%`8WA7Qp*#FUka*74} zamJO->>|zvk`%BOJQ;fxXMbu2Pny^$uzp=`sXjmUq_4ZJR517-Tb$=g@_~vLcEe?B z!|7F%o&Ac;F4mn(4yTOaoHFk^wu@+YE4OEj5~d^i&*kmJn`K;7t#6wPeWCHza~+&Y z9Vg0NJXy|-uRWLChZW~}b+f~dSw)p5AG_eL+#8g9(AJ;T6A!ZFRQ%z5CBe6xeg!+W z&!DG@3cdWu=OX`QsP>U$QDkmT_1o$X_fg+C%?h6X!^>^2cOA(|eqZ(k>D9^=cbWeJ DcH4#@ From d2c810b99b0077e3b13cdd0048cff42e308fc6e8 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 13:54:41 +0000 Subject: [PATCH 4/8] Replaced tabs with spaces as requested --- .../MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 | 4 ++-- .../MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index b036444231..853acc71e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -92,8 +92,8 @@ try { if (-not [string]::IsNullOrWhiteSpace($id)){ - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } #region resource generator code if ($null -eq $getValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index 6e8fbe3c65..891db04371 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -92,8 +92,8 @@ function Get-TargetResource try { if (-not [string]::IsNullOrWhiteSpace($id)){ - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } #region resource generator code if ($null -eq $getValue) From e1cb1e694f3acee43b467afe93261af440fb2929 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 16:08:35 +0000 Subject: [PATCH 5/8] Corrected assignments repository --- ...MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 | 6 ++++-- .../MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index 853acc71e7..01e012572d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -111,6 +111,8 @@ return $nullResult } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" $results = @{ @@ -288,7 +290,7 @@ function Set-TargetResource { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` - -Repository 'deviceAppManagement/mobileAppConfigurations' + -Repository 'deviceManagement/deviceConfigurations' } #endregion } @@ -331,7 +333,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` - -Repository 'deviceAppManagement/mobileAppConfigurations' + -Repository 'deviceManagement/deviceConfigurations' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index 891db04371..c96767bbce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -111,6 +111,8 @@ function Get-TargetResource return $nullResult } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android with id {$id} and DisplayName {$DisplayName} was found" $results = @{ @@ -288,7 +290,7 @@ function Set-TargetResource { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` - -Repository 'deviceAppManagement/mobileAppConfigurations' + -Repository 'deviceManagement/deviceConfigurations' } #endregion } @@ -331,7 +333,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` - -Repository 'deviceAppManagement/mobileAppConfigurations' + -Repository 'deviceManagement/deviceConfigurations' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') From 234cf5632528f957042fc17150550b4e647c821b Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Wed, 27 Nov 2024 17:14:30 +0000 Subject: [PATCH 6/8] corrected curly bracket formatting on line 94 --- .../MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 | 3 ++- .../MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index 01e012572d..b1b028a180 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -91,7 +91,8 @@ $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)){ + if (-not [string]::IsNullOrWhiteSpace($id)) + { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index c96767bbce..c410ccb865 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -91,7 +91,8 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)){ + if (-not [string]::IsNullOrWhiteSpace($id)) + { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } From 838be96eb2e675311e44eeee8cae4b22c5397fba Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Thu, 28 Nov 2024 11:30:48 +0000 Subject: [PATCH 7/8] removed tabs --- .../MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index b1b028a180..f2f7532773 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -93,7 +93,7 @@ { if (-not [string]::IsNullOrWhiteSpace($id)) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #region resource generator code From 2e27c185a162c3c612d9a02c16fb3a3d7d1cd502 Mon Sep 17 00:00:00 2001 From: dannyKBjj Date: Thu, 28 Nov 2024 11:37:30 +0000 Subject: [PATCH 8/8] resaved everything as UTF-8 --- ...stedRootCertificateAndroidDeviceOwner.psm1 | 2 +- ...otCertificateAndroidDeviceOwner.schema.mof | Bin 6542 -> 3241 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index f2f7532773..0576afe7e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -1,4 +1,4 @@ -function Get-TargetResource +function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof index ac51a700c467fbf188048618be5f6660dda27fb6..e5013f7f6ba42f5af9190b89e032b75220acca38 100644 GIT binary patch literal 3241 zcmd^CQBT`25Pt8kICT#Lsj9YDcq%PS(bj>Wu!jmEH@>#k5<9Y;vJUazcXr&y6q*KJ zSEMQ;XW!j--+gzT4l`!V9cm+#JnDY!e{p}^>ze#!smd5`QLH4ha0PfTmWa5O^80H?HD!}nMJ*q zYasgAhjUj(PK?x$NdMS}D@BByWe6+BL<3CYiByuL${b5+}Me7WuVOc8J=Fxk#Bs;)_;-R}yylC{gd|`1=mS30#ho zhcjmI8jUJ-icQj9Q>}6Xg&z#mAltOJCH;=;ox!jvqjY5q@Tpn_JTRDo zy-i}cQYx*pJjBe34B*%R5gp>I?3;vXi113Ipk8lusCIdcbBcEQD`y zjk#JO-;u>|8|mS|AByGh^}Bm8mE50u=M7O_V^PIf1z4*I5Ux(f3r znM|prKCt3M1+PWfOz#^)9cttRs9>4d&@Tk%dFs}lJ)zYno!bCS{m%xUbxRKZQWar9 zd&UZ3Bs6UtO0R(x1ubuWjdO^xk}#tfotVI*u*;Z2MEZ^GwvXRh@eVq*C>b%Uq|FT6 zIEuW|78JXjc*{m_H<)T#AcJD;N%Nq`me_|aBtoKc-%x_dvdm`%EiZ>+j7ssD7LK|S zgb6q$2qN$5M9>{TE|P&df`%}wC4)mUf*HC^tEoC?N@d6-ghPqvwOuz{KS)!g9}`yn TM%j4v24QbMapu0OXhQx2&~$?x literal 6542 zcmeHMTTc@~6h6-;{)b6@5E9eqt3H*RX|zIU!3RQ2X$x%ZExn*f`0MKT&FOS@wo_<# z3lGLLWw*0C=YGC(&hY2=ne0kenli@cR5~)kHIaezWlKu(PRjCj{w>M2oXbmjA+7ly zBQ>eZfi&cs>|y^6cDHb?fo31yE8O?+?aKt5NcR$NT*(xinpjg_M|je;J8z|8W#K#h z`OdNBdT0L{(a)KD1&stWI`Rf<LaVa$s8`J_F&IocihX(MS0c{L6`S{rWCPA&K&9&_mk9og8V zMLUqlMdjl*ywAkM_*I)=1#Eu>bGcxL9I6Z5FAa~0^-2HFnsNh6A@c`*z*NO^2i zQBj2yS?`CDaXItnx>fIK^{3oLGlG>?t1F|GcA$>TIz~4mGOlyj1uU=oix%)4H!c63 zm3WA}Y635ee8H8m^qe|{GB^o}dWn@dTVXfvudSfVtl2JX+jeh@UW`fP{dqr&OZL0# zcFDxI14Ly4&k-NG@TIdOJ5plm1c*v>Y~Ve1Kt%Ai9K%Wj-0$Mo2-n2+%Pkwt9pDV9 zG1?Pc(_Pu2{IJwUGhLT==}*bq0QHR=0tu^_2X-Je`_f~4*%!0t=WIaP^7itY-(lva zH8Q|qKTBxezUX=HWj{@Pf@HUkOcG&c7+Bn8XHkhl$}U#&=3E8Q!I`8FZwzg`a4ut= zB|7rDI4NbTM>@JpkX7OA#?FBr;4J0lF><-Ie0#X-!Ai6gC#*1PYw*KU}!s!tZrUe z&u%fEPTw$cVsGY+pjg$c$gf#O8ep%UdN6-@l9pJ@aE&t{`%s=_5&d}1<SyW3>hr3neZ_TUCr13IF2-V|)=f7-#kJKFtYvyO zQZ$QbR|g%QH0oJp*mbPu(c)UJj~cO7CdLe_?p