DscConfig.M365

0.6.0

DSCResources/cAADConditionalAccessPolicy/cAADConditionalAccessPolicy.schema.psm1

                                configuration cAADConditionalAccessPolicy {

    param (

        [Parameter()]

        [hashtable[]]

        $Items,

        [Parameter()]

        [string]

        $TenantId,

        [Parameter()]

        [bool]

        $ManagedIdentity,

        [Parameter()]

        [pscredential]

        $Credential,

        [Parameter()]

        [string]

        $CertificateThumbprint,

        [Parameter()]

        [pscredential]

        $ApplicationSecret,

        [Parameter()]

        [string]

        $ApplicationId,

        [Parameter()]

        [string[]]

        $AccessTokens

)

<#

AADConditionalAccessPolicy [String] #ResourceName

{

    DisplayName = [string]

    [AccessTokens = [string[]]]

    [ApplicationEnforcedRestrictionsIsEnabled = [bool]]

    [ApplicationId = [string]]

    [ApplicationSecret = [PSCredential]]

    [ApplicationsFilter = [string]]

    [ApplicationsFilterMode = [string]{ exclude | include }]

    [AuthenticationContexts = [string[]]]

    [AuthenticationStrength = [string]]

    [BuiltInControls = [string[]]]

    [CertificateThumbprint = [string]]

    [ClientAppTypes = [string[]]]

    [CloudAppSecurityIsEnabled = [bool]]

    [CloudAppSecurityType = [string]]

    [Credential = [PSCredential]]

    [CustomAuthenticationFactors = [string[]]]

    [DependsOn = [string[]]]

    [DeviceFilterMode = [string]{ exclude | include }]

    [DeviceFilterRule = [string]]

    [DisableResilienceDefaultsIsEnabled = [bool]]

    [Ensure = [string]{ Absent | Present }]

    [ExcludeApplications = [string[]]]

    [ExcludeExternalTenantsMembers = [string[]]]

    [ExcludeExternalTenantsMembershipKind = [string]{  | all | enumerated | unknownFutureValue }]

    [ExcludeGroups = [string[]]]

    [ExcludeGuestOrExternalUserTypes = [string[]]{ b2bCollaborationGuest | b2bCollaborationMember | b2bDirectConnectUser | internalGuest | none | otherExternalUser | serviceProvider | unknownFutureValue }]

    [ExcludeLocations = [string[]]]

    [ExcludePlatforms = [string[]]]

    [ExcludeRoles = [string[]]]

    [ExcludeServicePrincipals = [string[]]]

    [ExcludeUsers = [string[]]]

    [GrantControlOperator = [string]{ AND | OR }]

    [Id = [string]]

    [IncludeApplications = [string[]]]

    [IncludeExternalTenantsMembers = [string[]]]

    [IncludeExternalTenantsMembershipKind = [string]{  | all | enumerated | unknownFutureValue }]

    [IncludeGroups = [string[]]]

    [IncludeGuestOrExternalUserTypes = [string[]]{ b2bCollaborationGuest | b2bCollaborationMember | b2bDirectConnectUser | internalGuest | none | otherExternalUser | serviceProvider | unknownFutureValue }]

    [IncludeLocations = [string[]]]

    [IncludePlatforms = [string[]]]

    [IncludeRoles = [string[]]]

    [IncludeServicePrincipals = [string[]]]

    [IncludeUserActions = [string[]]]

    [IncludeUsers = [string[]]]

    [InsiderRiskLevels = [string[]]{ elevated | minor | moderate | unknownFutureValue }]

    [ManagedIdentity = [bool]]

    [PersistentBrowserIsEnabled = [bool]]

    [PersistentBrowserMode = [string]{  | Always | Never }]

    [PsDscRunAsCredential = [PSCredential]]

    [ServicePrincipalFilterMode = [string]{ exclude | include }]

    [ServicePrincipalFilterRule = [string]]

    [SignInFrequencyInterval = [string]{ everyTime | timeBased | unknownFutureValue }]

    [SignInFrequencyIsEnabled = [bool]]

    [SignInFrequencyType = [string]{  | Days | Hours }]

    [SignInFrequencyValue = [UInt32]]

    [SignInRiskLevels = [string[]]]

    [State = [string]{ disabled | enabled | enabledForReportingButNotEnforced }]

    [TenantId = [string]]

    [TermsOfUse = [string]]

    [TransferMethods = [string]]

    [UserRiskLevels = [string[]]]

}

#>

    Import-DscResource -ModuleName PSDesiredStateConfiguration

    Import-DscResource -ModuleName Microsoft365DSC

    $dscResourceName = 'AADConditionalAccessPolicy'

    $param = $PSBoundParameters

    $param.Remove("InstanceName")

    $dscParameterKeys = 'DisplayName' -split ', '

        foreach ($item in $Items)

        {

            if (-not $item.ContainsKey('Ensure'))

            {

                $item.Ensure = 'Present'

            }

            if (-not $item.ContainsKey('TenantId') -and $param.ContainsKey('TenantId'))

            {

                $item.TenantId = $TenantId

            }

            if (-not $item.ContainsKey('ManagedIdentity') -and $param.ContainsKey('ManagedIdentity'))

            {

                $item.ManagedIdentity = $ManagedIdentity

            }

            if (-not $item.ContainsKey('Credential') -and $param.ContainsKey('Credential'))

            {

                $item.Credential = $Credential

            }

            if (-not $item.ContainsKey('CertificateThumbprint') -and $param.ContainsKey('CertificateThumbprint'))

            {

                $item.CertificateThumbprint = $CertificateThumbprint

            }

            if (-not $item.ContainsKey('ApplicationSecret') -and $param.ContainsKey('ApplicationSecret'))

            {

                $item.ApplicationSecret = $ApplicationSecret

            }

            if (-not $item.ContainsKey('ApplicationId') -and $param.ContainsKey('ApplicationId'))

            {

                $item.ApplicationId = $ApplicationId

            }

            if (-not $item.ContainsKey('AccessTokens') -and $param.ContainsKey('AccessTokens'))

            {

                $item.AccessTokens = $AccessTokens

            }

            $keyValues = foreach ($key in $dscParameterKeys)

        {

            $item.$key

        }

        $executionName = $keyValues -join '_'

        $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_'

        (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item)

    }

}