diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d38eee5b6..1987c08d26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,6 +67,8 @@ * Initial release. * IntuneFirewallRulesPolicyWindows10ConfigMgr * Initial release. +* IntuneMobileAppConfigurationPolicyIOS + * Initial release. * SCPolicyConfig * Fixed an issue extracting empty groups properties. * TeamsUpdateManagementPolicy @@ -100,13 +102,6 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) -* IntuneDeviceConfigurationCustomPolicyWindows10 - * Fixed issue where `Value`, from `OmaSettings`, could not be compared - correctly if it was boolean and set to `$False` - FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Remove changed property name from export. - FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) * IntuneSecurityBaselineMicrosoftEdge * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 new file mode 100644 index 0000000000..435b3082f5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 @@ -0,0 +1,770 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region Intune resource parameters + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, + + [Parameter()] + [System.String] + $encodedSettingXml, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosMobileAppConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Mobile App Configuration Policy for iOS with Id {$id} was found" + return $nullResult + } + + Write-Verbose -Message "An Intune Mobile App Configuration Policy for iOS with Id {$id} and DisplayName {$DisplayName} was found" + + #need to convert dictionary object into a hashtable array so we can work with it + $complexSettings = @() + foreach ($setting in $getValue.AdditionalProperties.settings) + { + $mySettings = @{} + $mySettings.Add('appConfigKey', $setting['appConfigKey']) + $mySettings.Add('appConfigKeyType', $setting['appConfigKeyType']) + $mySettings.Add('appConfigKeyValue', $setting['appConfigKeyValue']) + + if ($mySettings.values.Where({$null -ne $_}).count -gt 0) + { + $complexSettings += $mySettings + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + targetedMobileApps = $getValue.TargetedMobileApps + settings = $complexSettings #$getValue.AdditionalProperties.settings + encodedSettingXml = $getValue.AdditionalProperties.encodedSettingXml + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + + } + + $assignmentsValues = Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -ManagedDeviceMobileAppConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region Intune resource parameters + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, + + [Parameter()] + [System.String] + $encodedSettingXml, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('AccessTokens') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('Verbose') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceAppManagementMobileAppConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceAppManagementMobileAppConfiguration @UpdateParameters ` + -ManagedDeviceMobileAppConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mobileAppConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region Intune resource parameters + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, + + [Parameter()] + [System.String] + $encodedSettingXml, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + foreach ($key in $PSBoundParameters.Keys) + { + if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') + { + $CIMArraySource = @() + $CIMArrayTarget = @() + $CIMArraySource += $PSBoundParameters[$key] + $CIMArrayTarget += $CurrentValues.$key + if ($CIMArraySource.count -ne $CIMArrayTarget.count) + { + Write-Verbose -Message "Configuration drift:Number of items does not match: Source=$($CIMArraySource.count) Target=$($CIMArrayTarget.count)" + $testResult = $false + break + } + $i = 0 + foreach ($item in $CIMArraySource ) + { + $testResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $CIMArraySource[$i]) ` + -Target ($CIMArrayTarget[$i]) + $i++ + if (-Not $testResult) + { + $testResult = $false + break + } + } + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + $ValuesToCheck.Remove('Id') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosMobileAppConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.settings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.settings ` + -CIMInstanceName 'MSFT_appConfigurationSettingItem' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.settings = $complexTypeStringResult + } + else + { + $Results.Remove('settings') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + if ($Results.settings) + { + $isCIMArray = $false + if ($Results.settings.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'settings' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + + + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'encodedSettingXml' + 'settings' + ) + + $results = @{'@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof new file mode 100644 index 0000000000..e35b7bfd7e Binary files /dev/null and b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md new file mode 100644 index 0000000000..d18bcd36ae --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md @@ -0,0 +1,6 @@ + +# IntuneMobileAppConfigurationPolicyIOS + +## Description + +This resource configures an Intune Managed Device Mobile App Configuration Policy for iOS Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json new file mode 100644 index 0000000000..520b5bcd32 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneMobileAppConfigurationPolicyIOS", + "description": "This resource configures an Intune Managed Device Mobile App Configuration Policy for iOS Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, +{ + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 new file mode 100644 index 0000000000..80d6ca10e7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 @@ -0,0 +1,47 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Present"; + settings = @( + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey1' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'KeyValue1' + } + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey2' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'keyValue2' + } + ); + targetedMobileApps = @("06131066-8adf-42a9-86aa-e4b59e27da5d"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 new file mode 100644 index 0000000000..860a8c9732 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Present"; + settings = @( + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey1' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'KeyValue1 updated' #updated property + } + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey2' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'keyValue2' + } + ); + targetedMobileApps = @("06131066-8adf-42a9-86aa-e4b59e27da5d"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 new file mode 100644 index 0000000000..6e04d55179 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 new file mode 100644 index 0000000000..b5c34c57f6 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 @@ -0,0 +1,281 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneMobileAppConfigurationPolicyIOS' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the iOS Mobile App Configuration Policy doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceAppManagementMobileAppConfiguration' -Exactly 1 + } + } + + Context -Name 'When the iOS Mobile App Configuration Policy already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + targetedMobileApps = "{FakeStringValue}" + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file