Skip to content

Commit

Permalink
Merge pull request #5307 from NikCharlebois/InsiderRiskLevels
Browse files Browse the repository at this point in the history
AADConditionalAccessPolicy - Added Support for InsiderRiskLevels
  • Loading branch information
NikCharlebois authored Oct 31, 2024
2 parents 41c799a + 6d34336 commit 34e405e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 3 deletions.
7 changes: 4 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* Initial release.
* AADConditionalAccessPolicy
* FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282)
* Added support for InsiderRiskLevels.
* AADCustomSecurityAttributeDefinition
* Fixed missing permissions in settings.json
* AADEnrichedAuditLogs
Expand Down Expand Up @@ -130,12 +131,12 @@
properly with their respective parent setting.
* MISC
* Fixed references to graph.microsoft.com with dynamic domain name based on target cloud.
Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup,
AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10,
Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup,
AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10,
IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy,
IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10,
IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10,
IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets,
IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets,
IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil
* Exponential performance improvements by reducing complexity and roundtrips.
* DEPENDENCIES
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,10 @@ function Get-TargetResource
[System.String]
$TransferMethods,

[Parameter()]
[System.String]
$InsiderRiskLevels,

#generic
[Parameter()]
[ValidateSet('Present', 'Absent')]
Expand Down Expand Up @@ -709,6 +713,7 @@ function Get-TargetResource
TransferMethods = [System.String]$Policy.Conditions.AuthenticationFlows.TransferMethods
#Standard part
TermsOfUse = $termOfUseName
InsiderRiskLevels = $Policy.Conditions.InsiderRiskLevels
Ensure = 'Present'
Credential = $Credential
ApplicationSecret = $ApplicationSecret
Expand Down Expand Up @@ -943,6 +948,10 @@ function Set-TargetResource
[System.String]
$TransferMethods,

[Parameter()]
[System.String]
$InsiderRiskLevels,

#generic
[Parameter()]
[ValidateSet('Present', 'Absent')]
Expand Down Expand Up @@ -1577,6 +1586,11 @@ function Set-TargetResource
}
}

if ($null -ne $InsiderRiskLevels)
{
$conditions.Add("insiderRiskLevels", $InsiderRiskLevels)
}

Write-Verbose -Message 'Set-Targetresource: process risk levels and app types'
Write-Verbose -Message "Set-Targetresource: UserRiskLevels: $UserRiskLevels"
If ($currentParameters.ContainsKey('UserRiskLevels'))
Expand Down Expand Up @@ -2044,6 +2058,10 @@ function Test-TargetResource
[System.String]
$TransferMethods,

[Parameter()]
[System.String]
$InsiderRiskLevels,

#generic
[Parameter()]
[ValidateSet('Present', 'Absent')]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
[Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
[Write, Description("Authentication context class references.")] String AuthenticationContexts[];
[Write, Description("Insider risk levels conditions.")] String InsiderRiskLevels;
[Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
Expand Down

0 comments on commit 34e405e

Please sign in to comment.