Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Conditional Access disableResilienceDefaults #5567

Closed
wants to merge 2 commits into from
+22 −2
Closed

Add Conditional Access disableResilienceDefaults #5567

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a0e1bce
Add disableResilienceDefaults
Dec 17, 2024
c98071b
Merge branch 'Dev' into Dev
BuehlerSimon Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
* AADApplication
* Added support for Oauth2PermissionScopes.
* Fixes comparison issue for permissions.
* AADConditionalAccessPolicy
* Add disableResilienceDefaults
* TeamsMeetingPolicy
* FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550)
* MISC
Expand Down
20 changes: 19 additions & 1 deletion ...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,10 @@ function Get-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$disableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -706,6 +710,8 @@ function Get-TargetResource
SignInFrequencyInterval = $SignInFrequencyIntervalValue
#no translation needed
PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
#no translation needed
disableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled
#make false if undefined, true if true
PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
#no translation needed
Expand Down Expand Up @@ -929,6 +935,10 @@ function Set-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$disableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -1735,7 +1745,7 @@ function Set-TargetResource
$NewParameters.Add('grantControls', $GrantControls)
}

if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled)
if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $disableResilienceDefaultsIsEnabled)
{
Write-Verbose -Message 'Set-Targetresource: process session controls'
$sessioncontrols = $null
Expand Down Expand Up @@ -1802,6 +1812,10 @@ function Set-TargetResource
$sessioncontrols.persistentBrowser.isEnabled = $true
$sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
}
if ($disableResilienceDefaultsIsEnabled)
{
$sessioncontrols.Add('disableResilienceDefaults', $true)
}
$NewParameters.Add('sessionControls', $sessioncontrols)
#add SessionControls to the parameter list
}
Expand Down Expand Up @@ -2087,6 +2101,10 @@ function Test-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$disableResilienceDefaults,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down
2 changes: 1 addition & 1 deletion ...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Specifies, whether sign-in frequency is enforced by the Policy.")] Boolean SignInFrequencyIsEnabled;
[Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}] String SignInFrequencyInterval;
[Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
[Write, Description("Specifies, if disableResilienceDefaults is enabled.")] Boolean disableResilienceDefaultsIsEnabled;
[Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
[Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
[Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
Expand All @@ -60,4 +61,3 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Write, Description("Access token used for authentication.")] String AccessTokens[];
};