DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $Comment, [Parameter()] [System.String] $ApplySensitivityLabel, [Parameter()] [System.String[]] $ExchangeSender, [Parameter()] [System.String[]] $ExchangeSenderException, [Parameter()] [System.String[]] $ExchangeSenderMemberOf, [Parameter()] [System.String[]] $ExchangeSenderMemberOfException, [Parameter()] [System.String[]] $ExchangeLocation, [Parameter()] [System.String[]] $AddExchangeLocation, [Parameter()] [System.String[]] $RemoveExchangeLocation, [Parameter()] [System.String] [ValidateSet('Enable', 'Disable', 'TestWithNotifications', 'TestWithoutNotifications')] $Mode, [Parameter()] [System.String[]] $OneDriveLocation, [Parameter()] [System.String[]] $AddOneDriveLocation, [Parameter()] [System.String[]] $RemoveOneDriveLocation, [Parameter()] [System.String[]] $OneDriveLocationException, [Parameter()] [System.String[]] $AddOneDriveLocationException, [Parameter()] [System.String[]] $RemoveOneDriveLocationException, [Parameter()] [System.Int32] [ValidateRange(0,2)] $Priority, [Parameter()] [System.String[]] $SharePointLocation, [Parameter()] [System.String[]] $SharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocationException, [Parameter()] [System.String[]] $RemoveSharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocation, [Parameter()] [System.String[]] $RemoveSharePointLocation, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] $Credential ) Write-Verbose -Message "Getting configuration of Auto sensitivity Label Policy for $Name" if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` -SkipModuleReload $true } else { $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters } #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", "" $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' try { try { # There is a bug with the Get-AutoSensitivityLabelPolicy where if you get by Identity, the priority is an invalid number. # Threfore we get it by name. $policy = Get-AutoSensitivityLabelPolicy | Where-Object -FilterScript {$_.Name -eq $Name} } catch { throw $_ } if ($null -eq $policy) { Write-Verbose -Message "Auto Sensitivity label policy $($Name) does not exist." return $nullReturn } else { Write-Verbose "Found existing Auto Sensitivity label policy $($Name)" $result = @{ Name = $policy.Name Comment = $policy.Comment ApplySensitivityLabel = $policy.ApplySensitivityLabel Credential = $Credential Ensure = 'Present' ExchangeSender = $policy.ExchangeSender ExchangeSenderException = $policy.ExchangeSenderException ExchangeSenderMemberOf = $policy.ExchangeSenderMemberOf ExchangeSenderMemberOfException = $policy.ExchangeSenderMemberOfException ExchangeLocation = $policy.ExchangeLocation AddExchangeLocation = $policy.AddExchangeLocation RemoveExchangeLocation = $policy.RemoveExchangeLocation Mode = $policy.Mode OneDriveLocation = $policy.OneDriveLocation AddOneDriveLocation = $policy.AddOneDriveLocation RemoveOneDriveLocation = $policy.RemoveOneDriveLocation OneDriveLocationException = $policy.OneDriveLocationException AddOneDriveLocationException = $policy.AddOneDriveLocationException RemoveOneDriveLocationException = $policy.RemoveOneDriveLocationException Priority = $policy.Priority SharePointLocation = $policy.SharePointLocation SharePointLocationException = $policy.SharePointLocationException AddSharePointLocationException = $policy.AddSharePointLocationException RemoveSharePointLocationException = $policy.RemoveSharePointLocationException AddSharePointLocation = $policy.AddSharePointLocation RemoveSharePointLocation = $policy.RemoveSharePointLocation } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result } } catch { try { Write-Verbose -Message $_ $tenantIdValue = "" if (-not [System.String]::IsNullOrEmpty($TenantId)) { $tenantIdValue = $TenantId } elseif ($null -ne $Credential) { $tenantIdValue = $Credential.UserName.Split('@')[1] } Add-M365DSCEvent -Message $_ -EntryType 'Error' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` -TenantId $tenantIdValue } catch { Write-Verbose -Message $_ } return $nullReturn } } function Set-TargetResource { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $Comment, [Parameter()] [System.String] $ApplySensitivityLabel, [Parameter()] [System.String[]] $ExchangeSender, [Parameter()] [System.String[]] $ExchangeSenderException, [Parameter()] [System.String[]] $ExchangeSenderMemberOf, [Parameter()] [System.String[]] $ExchangeSenderMemberOfException, [Parameter()] [System.String[]] $ExchangeLocation, [Parameter()] [System.String[]] $AddExchangeLocation, [Parameter()] [System.String[]] $RemoveExchangeLocation, [Parameter()] [System.String] [ValidateSet('Enable', 'Disable', 'TestWithNotifications', 'TestWithoutNotifications')] $Mode, [Parameter()] [System.String[]] $OneDriveLocation, [Parameter()] [System.String[]] $AddOneDriveLocation, [Parameter()] [System.String[]] $RemoveOneDriveLocation, [Parameter()] [System.String[]] $OneDriveLocationException, [Parameter()] [System.String[]] $AddOneDriveLocationException, [Parameter()] [System.String[]] $RemoveOneDriveLocationException, [Parameter()] [System.Int32] [ValidateRange(0,2)] $Priority, [Parameter()] [System.String[]] $SharePointLocation, [Parameter()] [System.String[]] $SharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocationException, [Parameter()] [System.String[]] $RemoveSharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocation, [Parameter()] [System.String[]] $RemoveSharePointLocation, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] $Credential ) Write-Verbose -Message "Setting configuration of Sensitivity label policy for $Name" #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", "" $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters $CurrentPolicy = Get-TargetResource @PSBoundParameters if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters #Remove parameters not used in New-LabelPolicy $CreationParams.Remove("Credential") | Out-Null $CreationParams.Remove("Ensure") | Out-Null $CreationParams.Remove("AddExchangeLocation") | Out-Null $CreationParams.Remove("AddOneDriveLocation") | Out-Null $CreationParams.Remove("AddOneDriveLocationException") | Out-Null $CreationParams.Remove("AddSharePointLocation") | Out-Null $CreationParams.Remove("AddSharePointLocationException") | Out-Null $CreationParams.Remove("RemoveExchangeLocation") | Out-Null $CreationParams.Remove("RemoveOneDriveLocation") | Out-Null $CreationParams.Remove("RemoveOneDriveLocationException") | Out-Null $CreationParams.Remove("RemoveSharePointLocation") | Out-Null $CreationParams.Remove("RemoveSharePointLocationException") | Out-Null Write-Verbose "Creating new Auto Sensitivity label policy $Name." try { New-AutoSensitivityLabelPolicy @CreationParams } catch { Write-Warning "New-AutoSensitivityLabelPolicy is not available in tenant $($Credential.UserName.Split('@')[0])" } try { Start-Sleep 5 $SetParams = $PSBoundParameters #Remove unused parameters for Set-Label cmdlet $SetParams.Remove("Credential") | Out-Null $SetParams.Remove("Ensure") | Out-Null $SetParams.Remove("Name") | Out-Null $SetParams.Remove("ExchangeLocationException") | Out-Null $SetParams.Remove("ExchangeLocation") | Out-Null $SetParams.Remove("OneDriveLocation") | Out-Null $SetParams.Remove("OneDriveLocationException") | Out-Null $SetParams.Remove("SharePointLocation") | Out-Null $SetParams.Remove("SharePointLocationException") | Out-Null Set-AutoSensitivityLabelPolicy @SetParams -Identity $Name } catch { Write-Warning "Set-AutoSensitivityLabelPolicy is not available in tenant $($Credential.UserName.Split('@')[0])" } } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $SetParams = $PSBoundParameters #Remove unused parameters for Set-Label cmdlet $SetParams.Remove("Credential") | Out-Null $SetParams.Remove("Ensure") | Out-Null $SetParams.Remove("Name") | Out-Null $SetParams.Remove("ExchangeLocationException") | Out-Null $SetParams.Remove("ExchangeLocation") | Out-Null $SetParams.Remove("OneDriveLocation") | Out-Null $SetParams.Remove("OneDriveLocationException") | Out-Null $SetParams.Remove("SharePointLocation") | Out-Null $SetParams.Remove("SharePointLocationException") | Out-Null try { Set-AutoSensitivityLabelPolicy @SetParams -Identity $Name } catch { Write-Warning "Set-AutoSensitivityLabelPolicy is not available in tenant $($Credential.UserName.Split('@')[0])" } } elseif (('Absent' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { # If the label exists and it shouldn't, simply remove it;Need to force deletoion Write-Verbose -Message "Deleting Auto Sensitivity label policy $Name." try { Remove-AutoSensitivityLabelPolicy -Identity $Name -Confirm:$false } catch { Write-Warning "Remove-AutoSensitivityLabelPolicy is not available in tenant $($Credential.UserName.Split('@')[0])" } } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.String] $Name, [Parameter()] [System.String] $Comment, [Parameter()] [System.String] $ApplySensitivityLabel, [Parameter()] [System.String[]] $ExchangeSender, [Parameter()] [System.String[]] $ExchangeSenderException, [Parameter()] [System.String[]] $ExchangeSenderMemberOf, [Parameter()] [System.String[]] $ExchangeSenderMemberOfException, [Parameter()] [System.String[]] $ExchangeLocation, [Parameter()] [System.String[]] $AddExchangeLocation, [Parameter()] [System.String[]] $RemoveExchangeLocation, [Parameter()] [System.String] [ValidateSet('Enable', 'Disable', 'TestWithNotifications', 'TestWithoutNotifications')] $Mode, [Parameter()] [System.String[]] $OneDriveLocation, [Parameter()] [System.String[]] $AddOneDriveLocation, [Parameter()] [System.String[]] $RemoveOneDriveLocation, [Parameter()] [System.String[]] $OneDriveLocationException, [Parameter()] [System.String[]] $AddOneDriveLocationException, [Parameter()] [System.String[]] $RemoveOneDriveLocationException, [Parameter()] [System.Int32] [ValidateRange(0,2)] $Priority, [Parameter()] [System.String[]] $SharePointLocation, [Parameter()] [System.String[]] $SharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocationException, [Parameter()] [System.String[]] $RemoveSharePointLocationException, [Parameter()] [System.String[]] $AddSharePointLocation, [Parameter()] [System.String[]] $RemoveSharePointLocation, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] $Credential ) #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", "" $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion Write-Verbose -Message "Testing configuration of Sensitivity label for $Name" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = $PSBoundParameters if ($null -ne $RemoveExchangeLocation -or $null -ne $AddExchangeLocation -or $null -ne $ExchangeLocation) { $configData = New-PolicyData -configData $ExchangeLocation -currentData $CurrentValues.ExchangeLocation ` -removedData $RemoveExchangeLocation -additionalData $AddExchangeLocation if ($null -ne $configData) { $ValuesToCheck["ExchangeLocation"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocation ` -and $null -ne $RemoveExchangeLocation) { #last entry removed so trigger drift return $false } } if ($null -ne $RemoveExchangeLocationException -or $null -ne $AddExchangeLocationException -or $null -ne $ExchangeLocationException) { $configData = New-PolicyData -configData $ExchangeLocationException -currentData $CurrentValues.ExchangeLocationException ` -removedData $RemoveExchangeLocationException -additionalData $AddExchangeLocationException if ($null -ne $configData) { $ValuesToCheck["ExchangeLocationException"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocationException ` -and $null -ne $RemoveExchangeLocationException) { #last entry removed so trigger drift return $false } } if ($null -ne $RemoveSharePointLocation -or $null -ne $AddSharePointLocation -or $null -ne $SharePointLocation) { $configData = New-PolicyData -configData $SharePointLocation -currentData $CurrentValues.SharePointLocation ` -removedData $RemoveSharePointLocation -additionalData $AddSharePointLocation if ($null -ne $configData) { $ValuesToCheck["SharePointLocation"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.SharePointLocation ` -and $null -ne $SharePointLocation) { #last entry removed so trigger drift return $false } } if ($null -ne $RemoveSharePointLocationException -or $null -ne $AddSharePointLocationException -or $null -ne $SharePointLocationException) { $configData = New-PolicyData -configData $SharePointLocationException -currentData $CurrentValues.SharePointLocationException ` -removedData $RemoveSharePointLocationException -additionalData $AddSharePointLocationException if ($null -ne $configData) { $ValuesToCheck["SharePointLocationException"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.SharePointLocationException ` -and $null -ne $RemoveSharePointLocationException) { #last entry removed so trigger drift return $false } } if ($null -ne $RemoveOneDriveLocation -or $null -ne $AddOneDriveLocation -or $null -ne $OneDriveLocation) { $configData = New-PolicyData -configData $OneDriveLocation -currentData $CurrentValues.OneDriveLocation ` -removedData $RemoveOneDriveLocation -additionalData $AddOneDriveLocation if ($null -ne $configData) { $ValuesToCheck["OneDriveLocation"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.OneDriveLocation ` -and $null -ne $OneDriveLocation) { #last entry removed so trigger drift return $false } } if ($null -ne $RemoveOneDriveLocationException -or $null -ne $AddOneDriveLocationException -or $null -ne $OneDriveLocationException) { $configData = New-PolicyData -configData $OneDriveLocationException -currentData $CurrentValues.OneDriveLocationException ` -removedData $RemoveOneDriveLocationException -additionalData $AddOneDriveLocationException if ($null -ne $configData) { $ValuesToCheck["OneDriveLocationException"] = $configData } if ($null -eq $configData -and $null -ne $CurrentValues.OneDriveLocationException ` -and $null -ne $RemoveOneDriveLocationException) { #last entry removed so trigger drift return $false } } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $ValuesToCheck ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" return $TestResult } function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] param ( [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] $Credential ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` -SkipModuleReload $true #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", "" $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion try { [array]$policies = Get-AutoSensitivityLabelPolicy -ErrorAction Stop $dscContent = "" $i = 1 if ($policies.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } else { Write-Host "`r`n" -NoNewline } foreach ($policy in $policies) { Write-Host " |---[$i/$($policies.Count)] $($policy.Name)" -NoNewline $Params = @{ Name = $policy.Name Credential = $Credential } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential Write-Host $Global:M365DSCEmojiGreenCheckMark $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName $i++ } } catch { Write-Host $Global:M365DSCEmojiRedX try { Write-Verbose -Message $_ $tenantIdValue = "" if (-not [System.String]::IsNullOrEmpty($TenantId)) { $tenantIdValue = $TenantId } elseif ($null -ne $Credential) { $tenantIdValue = $Credential.UserName.Split('@')[1] } Add-M365DSCEvent -Message $_ -EntryType 'Error' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` -TenantId $tenantIdValue } catch { Write-Verbose -Message $_ } return "" } return $dscContent } function New-PolicyData { [CmdletBinding()] [OutputType([System.Collections.ArrayList])] param( [Parameter ()] $configData, [Parameter ()] $currentData, [Parameter ()] $removedData, [Parameter ()] $additionalData ) [System.Collections.ArrayList]$desiredData = @() foreach ($currItem in $currentData) { if (!$desiredData.Contains($currItem)) { $desiredData.add($currItem) | Out-Null } } foreach ($currItem in $configData) { if (!$desiredData.Contains("$curritem")) { $desiredData.add($currItem) | Out-Null } } foreach ($currItem in $removedData) { $desiredData.remove($currItem) | Out-Null } foreach ($currItem in $additionalData) { if (!$desiredData.Contains("$curritem")) { $desiredData.add($currItem) | Out-Null } } return $desiredData } Export-ModuleMember -Function *-TargetResource |