diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d231ca1f0..7f9e12914d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,9 +8,38 @@ * AADFeatureRolloutPolicy * Fixed policy retrieval FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* AADGroup + * Only get Members & GroupAsMembers when a static group is defined. +* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneAccountProtectionPolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneAntivirusPolicyLinux + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneAntivirusPolicyMacOS + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneAppAndBrowserIsolationPolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneDeviceControlPolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneDiskEncryptionMacOS + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneDiskEncryptionWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneEndpointDetectionAndResponsePolicyLinux + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneEndpointDetectionAndResponsePolicyMacOS + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. +* IntuneSettingCatalogASRRulesPolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. * IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Fixing issue with the way the QrCodeImage property was exported and handled. * IntuneFirewallPolicyWindows10 + * Fixed creation of policy while it was found by name, now it updates existing policies correctly. * Fix export of properties that appear multiple times in subsections. * M365DSCDRGUtil * Improve settings catalog handling for nested objects. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 538b67f9f6..66474ddeba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -216,6 +216,7 @@ function Get-TargetResource } $MembersValues = $null + $result = @{} if ($Group.MembershipRuleProcessingState -ne 'On') { # Members @@ -237,6 +238,8 @@ function Get-TargetResource $GroupAsMembersValues += $member.AdditionalProperties.displayName } } + $result.Add('Members', $MembersValues) + $result.Add('GroupAsMembers', $GroupAsMembersValues) } # MemberOf @@ -273,15 +276,12 @@ function Get-TargetResource if ($assignedLicensesRequest.value.Length -gt 0) { $assignedLicensesValues = Get-M365DSCAzureADGroupLicenses -AssignedLicenses $assignedLicensesRequest.value - } - $result = @{ + $policySettings = @{ DisplayName = $Group.DisplayName Id = $Group.Id Owners = $OwnersValues - Members = $MembersValues - GroupAsMembers = $GroupAsMembersValues MemberOf = $MemberOfValues Description = $Group.Description GroupTypes = [System.String[]]$Group.GroupTypes @@ -303,6 +303,7 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + $result += $policySettings return $result } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index 096e29a19d..3410033562 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -129,34 +129,47 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - + #Retrieve policy general settings $templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1' - # Retrieve policy general settings - $policy = $null - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if ($PSBoundParameters.ContainsKey('Identity')) { - Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($policy.Length -gt 1) + { + throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($policy.Length -gt 1) + { + throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant" } } - if ($null -eq $policy) + if ([String]::IsNullOrEmpty($policy.Id)) { - Write-Verbose -Message "No Account Protection LAPS Policy with Name {$DisplayName} was found" - return $nullResult + Write-Verbose -Message "No Account Protection LAPS Policy with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Identity = $policy.Id - Write-Verbose "Found Account Protection LAPS Policy with Id {$Identity} and Name {$($policy.Name)}" + Write-Verbose -Message "An Account Protection LAPS Policy with Id {$Identity} and Name {$DisplayName} was found" [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` -DeviceManagementConfigurationPolicyId $Identity ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 index dbf21af696..62ba4b3e06 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 @@ -85,31 +85,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Account Protection Policy for Windows10 with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Account Protection Policy for Windows10 named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Account Protection Policy for Windows10 named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Account Protection Policy for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Account Protection Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 index cc250b27ab..05b2f19f2a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 @@ -192,31 +192,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Antivirus Policy for Linux with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for Linux named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Antivirus Policy for Linux named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Antivirus Policy for Linux with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Policy for Linux with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 index 30829e2aab..3898ab51c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 @@ -195,31 +195,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Antivirus Policy for macOS with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for macOS named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Antivirus Policy for macOS named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Antivirus Policy for macOS with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Policy for macOS with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 3ca3c511c6..0b437edb5e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -439,37 +439,46 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - $templateReferences = 'd948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1' - #Retrieve policy general settings - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if ($PSBoundParameters.ContainsKey('Identity')) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.TemplateReference.TemplateId -in $templateReferences + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity} was found" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" | Where-Object -FilterScript {$_.TemplateReference.TemplateId -in $templateReferences} + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for Windows10 Setting Catalog named $DisplayName exist in tenant" } } } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for Windows10 Setting Catalog named $DisplayName exist in tenant" + } + } - if ($null -eq $policy) + if ([String]::IsNullOrEmpty($policy.Id)) { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Name {$DisplayName}" - return $nullResult + Write-Verbose -Message "No Intune Antivirus Policy for Windows10 Setting Catalog with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Identity = $policy.Id - Write-Verbose -Message "An Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity} and Name {$DisplayName} was found." + Write-Verbose -Message "An Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity} and Name {$DisplayName} was found" #Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 index 6428046d92..fe61754bb4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 @@ -165,31 +165,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune App And Browser Isolation Policy for Windows10 with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune App And Browser Isolation Policy for Windows10 named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune App And Browser Isolation Policy for Windows10 named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune App And Browser Isolation Policy for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune App And Browser Isolation Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 index cefaba98a3..badc01c989 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 @@ -251,31 +251,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Device Control Policy for Windows10 with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Device Control Policy for Windows10 named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Device Control Policy for Windows10 named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Device Control Policy for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Device Control Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 index 282ecce2df..b7e9040f2d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 @@ -112,36 +112,44 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with Id {$Id}" - - if (-Not [string]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try { - $getValue = Get-MgBetaDeviceManagementIntent ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8' ` + $getValue = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Disk Encryption for macOS with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" | Where-Object -FilterScript {$_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8'} + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for macOS named $DisplayName exist in tenant" } } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with DisplayName {$DisplayName}" - return $nullResult + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" | Where-Object -FilterScript {$_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8'} + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for macOS named $DisplayName exist in tenant" + } } + + if ([String]::IsNullOrEmpty($getValue.Id)) + { + Write-Verbose -Message "No Intune Disk Encryption for macOS with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues + } + $Id = $getValue.Id - Write-Verbose -Message "An Intune Disk Encryption for macOS with Id {$Id} and DisplayName {$DisplayName} was found." + Write-Verbose -Message "An Intune Disk Encryption for macOS with Id {$Id} and Name {$DisplayName} was found" #Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementIntentSetting ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 index 5a3308a7f8..fbf056d14a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 @@ -352,32 +352,44 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - $templateReferenceId = '46ddfc50-d10f-4867-b852-9434254b3bff_1' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "No Intune Disk Encryption for Windows10 with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for Windows10 named $DisplayName exist in tenant" + } } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for Windows10 named $DisplayName exist in tenant" + } } + + if ([String]::IsNullOrEmpty($getValue.Id)) + { + Write-Verbose -Message "No Intune Disk Encryption for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues + } + $Id = $getValue.Id Write-Verbose -Message "An Intune Disk Encryption for Windows10 with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 index 9a7af96373..d7aac8dae5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 @@ -86,31 +86,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy Linux with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy Linux named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Endpoint Detection And Response Policy Linux named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy Linux with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy Linux with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 index 96d87c2a83..d3ebe0eef0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 @@ -86,31 +86,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy MacOS with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy MacOS named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple CA Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Endpoint Detection And Response Policy MacOS named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy MacOS with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy MacOS with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index f4dde4c6ff..175d7bd05f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -90,32 +90,45 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try { #Retrieve policy general settings - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if ($PSBoundParameters.ContainsKey('Identity')) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity} was found" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy MacOS named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy for Windows10 named $DisplayName exist in tenant" } } - if ($null -eq $policy) + if ([String]::IsNullOrEmpty($policy.Id)) { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Endpoint Detection And Response Policy for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Identity = $policy.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index b8bf713da7..bb1db762ab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -462,31 +462,42 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if ($PSBoundParameters.ContainsKey('Id')) { - Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Id {$Id}" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Intune Firewall Policy for Windows10 with Id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Firewall Policy for Windows10 named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple Intune Policies since displayname is not unique + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" + if ($getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + throw "Duplicate Intune Firewall Policy for Windows10 named $DisplayName exist in tenant" } } - #endregion - if ($null -eq $getValue) + + if ([String]::IsNullOrEmpty($getValue.Id)) { - Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Name {$DisplayName}." - return $nullResult + Write-Verbose -Message "No Intune Firewall Policy for Windows10 with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Id = $getValue.Id Write-Verbose -Message "An Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index 10f78935d9..3756cbe861 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -258,35 +258,46 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - $templateReferenceId = 'e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1' - #Retrieve policy general settings - $policy = $null - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if ($PSBoundParameters.ContainsKey('Identity')) { - Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$Identity} was found" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + Write-Verbose -Message 'PolicyID was specified' + try { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + } + catch + { + Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy with Id {$Identity} was found" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($policy.Length -gt 1) + { + throw "Duplicate Endpoint Protection Attack Surface Reduction Rules Policy named $DisplayName exist in tenant" + } + } + } + else + { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple CA Policies since displayname is not unique + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" + if ($policy.Length -gt 1) + { + throw "Duplicate Endpoint Protection Attack Surface Reduction Rules Policy named $DisplayName exist in tenant" } } - if ($null -eq $policy) + if ([String]::IsNullOrEmpty($policy.Id)) { - Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$DisplayName} was found" - return $nullResult + Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy with Name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } + $Identity = $policy.Id - Write-Verbose -Message "Found Endpoint Protection Attack Surface Reduction Rules Policy with Id {$Identity} and Name {$DisplayName)}." + Write-Verbose -Message "An Endpoint Protection Attack Surface Reduction Rules Policy with Id {$Identity} and Name {$DisplayName} was found" #Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting `