Microsoft365DSC
diff --git a/‎CHANGELOG.md‎
Lines changed: 42 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1‎
Lines changed: 10 additions & 0 deletions b/‎Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1‎
Lines changed: 562 additions & 8 deletions b/‎Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1‎
Lines changed: 562 additions & 8 deletions
diff --git a/‎Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof‎
Lines changed: 50 additions & 8 deletions b/‎Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof‎
Lines changed: 50 additions & 8 deletions
diff --git a/‎Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1‎
Lines changed: 79 additions & 97 deletions b/‎Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1‎
Lines changed: 79 additions & 97 deletions
diff --git a/‎Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1‎
Lines changed: 1 addition & 1 deletion b/‎Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1‎
Lines changed: 1 addition & 1 deletion
@@ -1,5 +1,44 @@
 # Change log for Microsoft365DSC
 
+# 1.26.211.1
+
+* AADUser
+  * Fixed an export issue where a user was deleted during a long-running job.
+    FIXES [#5703](https://github.com/microsoft/Microsoft365DSC/issues/5703)
+* IntuneRoleAssignment
+  * Fixed an issue where properties were omitted during Set and testing
+    did not work with display names.
+    FIXES [#6881](https://github.com/microsoft/Microsoft365DSC/issues/6881)
+* FabricAdmintenantsettings
+  * Refreshed the property list.
+   FIXES [#6866](https://github.com/microsoft/Microsoft365DSC/issues/6866)
+* O365OrgSettings
+  * Changed how errors are handled to fail instead of returning false drifts.
+   FIXES [#6787](https://github.com/microsoft/Microsoft365DSC/issues/6787)
+* O365SearchAndIntelligenceConfiguration
+  * Expanded try/catch logic to cover all code paths in Get.
+    FIXES [#6788](https://github.com/microsoft/Microsoft365DSC/issues/6788)
+* SPOSearchManagedProperty
+  * Fixed an issue when connecting to the SPO AdminUrl.
+    FIXES [#6787](https://github.com/microsoft/Microsoft365DSC/issues/6787)
+* TeamsDialInConferencingTenantSettings
+  * Fixed an issue where the properties `MigrateServiceNumbersOnCrossForestMove`
+    and `UseUniqueConferenceIds` were not rendered correctly in the
+    documentation
+    FIXES [#6890](https://github.com/microsoft/Microsoft365DSC/issues/6890)
+* M365DSCUtil
+  * Fixed an issue during module update where `Install-PSResource` throws
+    an error if the module was installed in Windows PowerShell but the
+    update attempt was performed in PowerShell 7.
+  * Fixed an issue where `Export-M365DSCConfiguration` would stop
+    exporting resources after an error on Azure DevOps & GitHub.
+    FIXES [#6862](https://github.com/microsoft/Microsoft365DSC/issues/6862)
+* M365DSCPermissions
+  * Fixed an issue when selecting a property for the result.
+    FIXES [#6882](https://github.com/microsoft/Microsoft365DSC/issues/6882)
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.1.58.
+
 # 1.26.128.1
 
 * EXOMailboxFolderPermission
@@ -19,6 +58,9 @@
 * O365OrgSettings
   * Fixed an issue where comparing empty app installation options failed.
     FIXES [#6812](https://github.com/microsoft/Microsoft365DSC/issues/6812)
+* SCSecurityFilter
+  * Fixed an issue where connecting to the service was not possible.
+    FIXES [#6798](https://github.com/microsoft/Microsoft365DSC/issues/6798)
 * SPOTenantSettings
   * Fixing the empty array casting for AllowSelectSGsInODBListInTenant,
     DenySelectSGsInODBListInTenant,DenySelectSecurityGroupsInSPSitesList
 
@@ -224,6 +224,15 @@ function Get-TargetResource
         )
         $batchResponse = Invoke-M365DSCGraphBatchRequest -Requests $batchRequests
 
+        # If the user was deleted in the meantime, then return an empty hashtable
+        # This only happens during Export because we cache the user objects
+        # During normal Get or Test, we would have already returned $nullReturn above
+        if ($null -ne $Script:exportedInstance -and $batchResponse.status -contains '404')
+        {
+            Write-Verbose -Message "The specified user was deleted in the meantime."
+            return @{}
+        }
+
         Write-Verbose -Message "Found User $($UserPrincipalName)"
         $currentLicenseAssignment = @()
         $skus = ($batchResponse | Where-Object -FilterScript { $_.id -eq 'License' }).body.value
@@ -979,6 +988,7 @@ function Export-TargetResource
             All         = [switch]$true
             Property    = $Script:propertiesToRetrieve
             ErrorAction = 'Stop'
+            Sort        = 'UserPrincipalName'
         }
         $queryTypes = @{
             'eq'         = @('assignedPlans/any(a:a/capabilityStatus)',
 
@@ -147,19 +147,19 @@ function Get-TargetResource
             }
         }
 
-        $ResourceScopesDisplayNames = @()
-        foreach ($ResourceScope in $getValue.ResourceScopes)
+        $resourceScopesDisplayNamesValue = @()
+        foreach ($resourceScope in $getValue.ResourceScopes)
         {
-            $group = Get-MgGroup -GroupId $ResourceScope -ErrorAction SilentlyContinue
+            $group = Get-MgGroup -GroupId $resourceScope -ErrorAction SilentlyContinue
             if ($null -eq $group)
             {
-                Write-Warning -Message "Could not find group with Id {$ResourceScope} when retrieving resource scope display names"
+                Write-Warning -Message "Could not find group with Id {$resourceScope} when retrieving resource scope display names"
                 continue
             }
-            $ResourceScopesDisplayNames += $group.DisplayName
+            $resourceScopesDisplayNamesValue += $group.DisplayName
         }
 
-        $MembersDisplayNames = @()
+        $membersDisplayNamesValue = @()
         foreach ($tempMember in $getValue.Members)
         {
             $group = Get-MgGroup -GroupId $tempMember -ErrorAction SilentlyContinue
@@ -168,7 +168,7 @@ function Get-TargetResource
                 Write-Warning -Message "Could not find group with Id {$tempMember} when retrieving member display names"
                 continue
             }
-            $MembersDisplayNames += $group.DisplayName
+            $membersDisplayNamesValue += $group.DisplayName
         }
 
         $scopeTypeValue = $null
@@ -181,10 +181,10 @@ function Get-TargetResource
             Description                = $getValue.Description
             DisplayName                = $getValue.DisplayName
             ResourceScopes             = $getValue.ResourceScopes
-            ResourceScopesDisplayNames = $ResourceScopesDisplayNames
+            ResourceScopesDisplayNames = $resourceScopesDisplayNamesValue
             ScopeType                  = $scopeTypeValue
             Members                    = $getValue.Members
-            MembersDisplayNames        = $MembersDisplayNames
+            MembersDisplayNames        = $membersDisplayNamesValue
             RoleDefinition             = $RoleDefinition
             RoleDefinitionDisplayName  = $RoleDefinitionDisplayName
             Ensure                     = 'Present'
@@ -308,76 +308,93 @@ function Set-TargetResource
 
     if ($RoleDefinition -notmatch '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$' -or $RoleDefinition -eq '00000000-0000-0000-0000-000000000000')
     {
-        [string]$roleDefinition = $null
+        $RoleDefinition = $null
         $filter = "DisplayName eq '$($RoleDefinitionDisplayName -replace "'", "''")'"
         $roleDefinitionId = Get-MgDeviceManagementRoleDefinition -All -Filter $filter -ErrorAction SilentlyContinue
         if ($null -ne $roleDefinitionId)
         {
-            $roleDefinition = $roleDefinitionId.Id
+            $RoleDefinition = $roleDefinitionId.Id
         }
         else
         {
             Write-Verbose -Message "No role definition with DisplayName {$RoleDefinitionDisplayName} was found"
         }
     }
 
-    [array]$members = @()
-    foreach ($membersDisplayName in $MembersDisplayNames)
+    [array]$membersValue = @()
+    if ($PSBoundParameters.ContainsKey('MembersDisplayNames'))
     {
-        $filter = "displayName eq '$($membersDisplayName -replace "'", "''")'"
-        $memberId = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
-        if ($null -ne $memberId)
+        foreach ($membersDisplayName in $MembersDisplayNames)
         {
-            if ($members -notcontains $memberId.Id)
+            $filter = "displayName eq '$($membersDisplayName -replace "'", "''")'"
+            $memberId = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
+            if ($null -ne $memberId)
             {
-                $members += $memberId.Id
+                if ($membersValue -notcontains $memberId.Id)
+                {
+                    $membersValue += $memberId.Id
+                }
+            }
+            else
+            {
+                Write-Verbose -Message "No member of type group with DisplayName {$membersDisplayName} was found"
             }
         }
-        else
-        {
-            Write-Verbose -Message "No member of type group with DisplayName {$membersDisplayName} was found"
-        }
+    }
+    else
+    {
+        $membersValue = $Members
     }
 
-    [array]$resourceScopes = @()
-    foreach ($resourceScopesDisplayName in $ResourceScopesDisplayNames)
+    [array]$resourceScopesValue = @()
+    if ($PSBoundParameters.ContainsKey('ResourceScopesDisplayNames'))
     {
-        $filter = "DisplayName eq '$($resourceScopesDisplayName -replace "'", "''")'"
-        $resourceScopeId = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
-        if ($null -ne $resourceScopeId)
+        foreach ($resourceScopesDisplayName in $ResourceScopesDisplayNames)
         {
-            if ($ResourceScopes -notcontains $resourceScopeId.Id)
+            $filter = "DisplayName eq '$($resourceScopesDisplayName -replace "'", "''")'"
+            $resourceScopeId = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
+            if ($null -ne $resourceScopeId)
             {
-                $ResourceScopes += $resourceScopeId.Id
+                if ($resourceScopesValue -notcontains $resourceScopeId.Id)
+                {
+                    $resourceScopesValue += $resourceScopeId.Id
+                }
+            }
+            else
+            {
+                Write-Verbose -Message "No resource scope of type group with DisplayName {$resourceScopesDisplayName} was found"
             }
         }
-        else
-        {
-            Write-Verbose -Message "No resource scope of type group with DisplayName {$ResourceScopesDisplayName} was found"
-        }
     }
+    else
+    {
+        $resourceScopesValue = $ResourceScopes
+    }
+
+    $scopeTypeValue = $ScopeType
     if ($ScopeType -match 'AllDevices|AllLicensedUsers|AllDevicesAndLicensedUsers')
     {
-        $ResourceScopes = $null
+        $resourceScopesValue = $null
     }
     else
     {
-        $ScopeType = 'resourceScope'
-        $ResourceScopes = $resourceScopes
+        $scopeTypeValue = 'resourceScope'
     }
+
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
         Write-Verbose -Message "Creating an Intune Role Assignment with DisplayName {$DisplayName}"
 
         $CreateParameters = @{
             description                 = $Description
             displayName                 = $DisplayName
-            resourceScopes              = $ResourceScopes
-            scopeType                   = $ScopeType
-            members                     = $Members
+            resourceScopes              = $resourceScopesValue
+            scopeType                   = $scopeTypeValue
+            members                     = $membersValue
             '@odata.type'               = '#microsoft.graph.deviceAndAppManagementRoleAssignment'
-            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
+            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$RoleDefinition')"
         }
+
         $null = New-MgBetaDeviceManagementRoleAssignment -BodyParameter $CreateParameters
     }
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
@@ -387,14 +404,15 @@ function Set-TargetResource
         $UpdateParameters = @{
             description                 = $Description
             displayName                 = $DisplayName
-            resourceScopes              = $ResourceScopes
-            scopeType                   = $ScopeType
-            members                     = $Members
+            resourceScopes              = $resourceScopesValue
+            scopeType                   = $scopeTypeValue
+            members                     = $membersValue
             '@odata.type'               = '#microsoft.graph.deviceAndAppManagementRoleAssignment'
-            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
+            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$RoleDefinition')"
         }
 
-        Update-MgBetaDeviceManagementRoleAssignment -BodyParameter $UpdateParameters `
+        $null = Update-MgBetaDeviceManagementRoleAssignment `
+            -BodyParameter $UpdateParameters `
             -DeviceAndAppManagementRoleAssignmentId $currentInstance.Id
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
@@ -493,57 +511,6 @@ function Test-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
-    if (-not ($RoleDefinition -match '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$'))
-    {
-        [string]$roleDefinition = $null
-        $filter = "displayName eq '$($RoleDefinitionDisplayName -replace "'", "''")'"
-        $roleDefinitionId = Get-MgDeviceManagementRoleDefinition -All -Filter $filter -ErrorAction SilentlyContinue
-        if ($null -ne $roleDefinitionId)
-        {
-            $roleDefinition = $roleDefinitionId.Id
-            $PSBoundParameters.RoleDefinition = $roleDefinition
-        }
-        else
-        {
-            Write-Verbose -Message "No role definition with DisplayName {$RoleDefinitionDisplayName} was found"
-        }
-    }
-
-    foreach ($membersDisplayName in $MembersDisplayNames)
-    {
-        $filter = "DisplayName eq '$($MembersDisplayName -replace "'", "''")'"
-        $newMember = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
-        if ($null -ne $newMember)
-        {
-            if ($Members -notcontains $newMember.Id)
-            {
-                $Members += $newMember.Id
-            }
-        }
-        else
-        {
-            Write-Verbose -Message "No member of type group with DisplayName {$membersDisplayName} was found"
-        }
-    }
-    $PSBoundParameters.Members = $Members
-
-    foreach ($resourceScopesDisplayName in $ResourceScopesDisplayNames)
-    {
-        $filter = "displayName eq '$($resourceScopesDisplayName -replace "'", "''")'"
-        $newResourceScope = Get-MgGroup -Filter $filter -ErrorAction SilentlyContinue
-        if ($null -ne $newResourceScope)
-        {
-            if ($ResourceScopes -notcontains $newResourceScope.Id)
-            {
-                $ResourceScopes += $newResourceScope.Id
-            }
-        }
-        else
-        {
-            Write-Verbose -Message "No resource scope of type group with DisplayName {$ResourceScopesDisplayName} was found"
-        }
-    }
-    $PSBoundParameters.ResourceScopes = $ResourceScopes
 
     $compareParameters = Get-CompareParameters
     $result = Test-M365DSCTargetResource -DesiredValues $PSBoundParameters `
@@ -700,7 +667,22 @@ function Get-CompareParameters
     param()
 
     return @{
-        ExcludedProperties = @('ResourceScopesDisplayNames', 'MembersDisplayNames')
+        PostProcessing = {
+            param($DesiredValues, $CurrentValues, $ValuesToCheck, $ignore)
+            if ($DesiredValues.ContainsKey('MembersDisplayNames'))
+            {
+                $ValuesToCheck.Remove('Members') | Out-Null
+            }
+            if ($DesiredValues.ContainsKey('ResourceScopesDisplayNames'))
+            {
+                $ValuesToCheck.Remove('ResourceScopes') | Out-Null
+            }
+            if ($DesiredValues.ContainsKey('RoleDefinitionDisplayName'))
+            {
+                $ValuesToCheck.Remove('RoleDefinition') | Out-Null
+            }
+            return [System.Tuple[Hashtable, Hashtable, Hashtable]]::new($DesiredValues, $CurrentValues, $ValuesToCheck)
+        }
     }
 }
 
 
@@ -60,7 +60,7 @@ function Get-TargetResource
         $AccessTokens
     )
 
-    Write-Verbose -Message "Setting configuration of Office 365 Group $DisplayName"
+    Write-Verbose -Message "Getting configuration of Office 365 Group $DisplayName"
 
     try
     {
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ function Get-TargetResource`
`60`	`60`	`$AccessTokens`
`61`	`61`	`)`
`62`	`62`
`63`		`- Write-Verbose -Message "Setting configuration of Office 365 Group $DisplayName"`
	`63`	`+ Write-Verbose -Message "Getting configuration of Office 365 Group $DisplayName"`
`64`	`64`
`65`	`65`	`try`
`66`	`66`	`{`