From 19ec4d58568d2337ed021b54158371f14925a58a Mon Sep 17 00:00:00 2001
From: Nik Charlebois <nik_charlebois@hotmail.com>
Date: Fri, 1 Nov 2024 12:20:17 -0400
Subject: [PATCH] SCInsiderRiskPolicy - Updates

---
 CHANGELOG.md                                  |  3 ++
 .../MSFT_SCInsiderRiskPolicy.psm1             | 43 ++++++++++++++++++-
 .../MSFT_SCInsiderRiskPolicy.schema.mof       |  3 ++
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9d8ecf03bc..c81516ac05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -120,6 +120,9 @@
     breaking the DSCParser process. The impact of this breaking the parsing
     process is important enough to justify an out-of-band breaking change of
     this resource.
+* SCInsiderRiskPolicy
+  * Added support for property MDATPTriageStatus.
+  * Added support for GPUUtilizationLimit and CPUUtilizationLimit.
 * SCPolicyConfig
   * Initial release.
 * SCSensitivityLabel
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1
index baac85f2b7..9f887882f9 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1
@@ -676,6 +676,18 @@ function Get-TargetResource
         [System.Boolean]
         $RetainSeverityAfterTriage,
 
+        [Parameter()]
+        [System.String[]]
+        $MDATPTriageStatus,
+
+        [Parameter()]
+        [System.UInt32]
+        $CPUUtilizationLimit,
+
+        [Parameter()]
+        [System.UInt32]
+        $GPUUtilizationLimit,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -761,6 +773,8 @@ function Get-TargetResource
                 RecordingTimeframePostEventInSec = $SessionRecordingSettings.RecordingTimeframePostEventInSec
                 BandwidthCapInMb                 = $SessionRecordingSettings.BandwidthCapInMb
                 OfflineRecordingStorageLimitInMb = $SessionRecordingSettings.OfflineRecordingStorageLimitInMb
+                GPUUtilizationLimit              = $SessionRecordingSettings.GPUUtilizationLimit
+                CPUUtilizationLimit              = $SessionRecordingSettings.CPUUtilizationLimit
             }
             $results += $forensicSettingsHash
         }
@@ -800,6 +814,7 @@ function Get-TargetResource
                 RaiseAuditAlert                               = $RaiseAuditAlertValue
                 FileVolCutoffLimits                           = $tenantSettings.IntelligentDetections.FileVolCutoffLimits
                 AlertVolume                                   = $tenantSettings.IntelligentDetections.AlertVolume
+                MDATPTriageStatus                             = $tenantSettings.IntelligentDetections.MDATPTriageStatus
                 AnomalyDetections                             = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'AnomalyDetections'}).Enabled
                 CopyToPersonalCloud                           = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToPersonalCloud'}).Enabled
                 CopyToUSB                                     = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToUSB'}).Enabled
@@ -1713,6 +1728,18 @@ function Set-TargetResource
         [System.Boolean]
         $RetainSeverityAfterTriage,
 
+        [Parameter()]
+        [System.String[]]
+        $MDATPTriageStatus,
+
+        [Parameter()]
+        [System.UInt32]
+        $CPUUtilizationLimit,
+
+        [Parameter()]
+        [System.UInt32]
+        $GPUUtilizationLimit,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -1817,7 +1844,7 @@ function Set-TargetResource
 
     # Tenant Settings
     $featureSettingsValue = "{`"Anonymization`":$($Anonymization.ToString().ToLower()), `"DLPUserRiskSync`":$($DLPUserRiskSync.ToString().ToLower()), `"OptInIRMDataExport`":$($OptInIRMDataExport.ToString().ToLower()), `"RaiseAuditAlert`":$($RaiseAuditAlert.ToString().ToLower()), `"EnableTeam`":$($EnableTeam.ToString().ToLower())}"
-    $intelligentDetectionValue = "{`"FileVolCutoffLimits`":`"$($FileVolCutoffLimits)`", `"AlertVolume`":`"$($AlertVolume)`"}"
+    $intelligentDetectionValue = "{`"FileVolCutoffLimits`":`"$($FileVolCutoffLimits)`", `"AlertVolume`":`"$($AlertVolume)`", `"MDATPTriageStatus`": `"$($MDATPTriageStatus)`"}"
 
 
     $tenantSettingsValue = "{`"Region`":`"WW`", `"FeatureSettings`":$($featureSettingsValue), " + `
@@ -1859,7 +1886,7 @@ function Set-TargetResource
 
         if ($InsiderRiskScenario -eq 'SessionRecordingSetting')
         {
-            $sessionRecordingValues = "{`"RecordingMode`":`"EventDriven`", `"RecordingTimeframePreEventInSec`":$($RecordingTimeframePreEventInSec),`"RecordingTimeframePostEventInSec`":$($RecordingTimeframePostEventInSec),`"BandwidthCapInMb`":$($BandwidthCapInMb),`"OfflineRecordingStorageLimitInMb`":$($OfflineRecordingStorageLimitInMb),`"ClipDeletionEnabled`":$($ClipDeletionEnabled.ToString().ToLower()),`"Enabled`":$($SessionRecordingEnabled.ToString().ToLower()),`"FpsNumerator`":0,`"FpsDenominator`":0}"
+            $sessionRecordingValues = "{`"RecordingMode`":`"EventDriven`", `"RecordingTimeframePreEventInSec`":$($RecordingTimeframePreEventInSec),`"RecordingTimeframePostEventInSec`":$($RecordingTimeframePostEventInSec),`"BandwidthCapInMb`":$($BandwidthCapInMb),`"OfflineRecordingStorageLimitInMb`":$($OfflineRecordingStorageLimitInMb),`"ClipDeletionEnabled`":$($ClipDeletionEnabled.ToString().ToLower()),`"Enabled`":$($SessionRecordingEnabled.ToString().ToLower()),`"FpsNumerator`":0,`"FpsDenominator`":0, `"GPUUtilizationLimit`": $($GPUUtilizationLimit), `"CPUUtilizationLimit`": $($CPUUtilizationLimit)}"
             Write-Verbose -Message 'Updating Session Recording Settings'
             Set-InsiderRiskPolicy -Identity $Name -SessionRecordingSettings $sessionRecordingValues | Out-Null
         }
@@ -2558,6 +2585,18 @@ function Test-TargetResource
         [System.Boolean]
         $RetainSeverityAfterTriage,
 
+        [Parameter()]
+        [System.String[]]
+        $MDATPTriageStatus,
+
+        [Parameter()]
+        [System.UInt32]
+        $CPUUtilizationLimit,
+
+        [Parameter()]
+        [System.UInt32]
+        $GPUUtilizationLimit,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof
index dccbecd928..af9a3b71e8 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof
@@ -169,6 +169,9 @@ class MSFT_SCInsiderRiskPolicy : OMI_BaseResource
     [Write, Description("Official documentation to come.")] Boolean RetainSeverityAfterTriage;
     [Write, Description("Official documentation to come.")] UInt32 LookbackTimeSpan;
     [Write, Description("Official documentation to come.")] UInt32 ProfileInScopeTimeSpan;
+    [Write, Description("Official documentation to come.")] UInt32 GPUUtilizationLimit;
+    [Write, Description("Official documentation to come.")] UInt32 CPUUtilizationLimit;
+    [Write, Description("Official documentation to come.")] String MDATPTriageStatus;
     [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure;
     [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;