Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Conditional Access disableResilienceDefaults #5586

Merged
merged 11 commits into from
Jan 15, 2025
8 changes: 5 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

* AADAuthenticationRequirement
* Changed Export logic to extract instances from all users.
* AADConditionalAccessPolicy
* Add disableResilienceDefaults
* AADOrganizationCertificateBasedAuthConfiguration
* Fixed the primary key of the resource.
FIXES [#5523](https://github.com/microsoft/Microsoft365DSC/issues/5523)
Expand All @@ -24,11 +26,11 @@
* Fixes comparison issue for permissions.
* EXOTransportRule
* Fixes issue extracting arrays in Get-TargetResource.
* FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575)
FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575)
* TeamsMeetingPolicy
* Adds support for additional Copilot setting value.
* FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573)
* FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550)
FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573)
FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550)
* MISC
* Fixed the Fabric web request to use basic parsing.
* Reset only necessary authentication context.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,10 @@ function Get-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$DisableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -706,6 +710,8 @@ function Get-TargetResource
SignInFrequencyInterval = $SignInFrequencyIntervalValue
#no translation needed
PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
#no translation needed
DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled
#make false if undefined, true if true
PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
#no translation needed
Expand Down Expand Up @@ -929,6 +935,10 @@ function Set-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$DisableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -1735,7 +1745,7 @@ function Set-TargetResource
$NewParameters.Add('grantControls', $GrantControls)
}

if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled)
if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled)
{
Write-Verbose -Message 'Set-Targetresource: process session controls'
$sessioncontrols = $null
Expand Down Expand Up @@ -1802,6 +1812,10 @@ function Set-TargetResource
$sessioncontrols.persistentBrowser.isEnabled = $true
$sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
}
if ($DisableResilienceDefaultsIsEnabled)
{
$sessioncontrols.Add('disableResilienceDefaults', $true)
}
$NewParameters.Add('sessionControls', $sessioncontrols)
#add SessionControls to the parameter list
}
Expand Down Expand Up @@ -2087,6 +2101,10 @@ function Test-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$disableResilienceDefaults,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}] String SignInFrequencyInterval;
[Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
[Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
[Write, Description("Specifies, if DisableResilienceDefaults is enabled.")] Boolean DisableResilienceDefaultsIsEnabled;
[Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
[Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
[Write, Description("Authentication context class references.")] String AuthenticationContexts[];
Expand All @@ -60,4 +61,3 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Write, Description("Access token used for authentication.")] String AccessTokens[];
};

5 changes: 5 additions & 0 deletions Modules/Microsoft365DSC/SchemaDefinition.json
Original file line number Diff line number Diff line change
Expand Up @@ -3522,6 +3522,11 @@
"Name": "PersistentBrowserMode",
"Option": "Write"
},
{
"CIMType": "Boolean",
"Name": "DisableResilienceDefaultsIsEnabled",
"Option": "Write"
},
{
"CIMType": "String",
"Name": "AuthenticationStrength",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -178,6 +179,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -450,6 +452,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -615,6 +618,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeUsers = 'All'
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
| **SignInFrequencyInterval** | Write | String | Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue. | `timeBased`, `everyTime`, `unknownFutureValue` |
| **PersistentBrowserIsEnabled** | Write | Boolean | Specifies, whether Browser Persistence is controlled by the Policy. | |
| **PersistentBrowserMode** | Write | String | Specifies, what Browser Persistence control is enforced by the Policy. | `Always`, `Never`, `` |
| **DisableResilienceDefaultsIsEnabled** | Write | Boolean | Specifies, if DisableResilienceDefaults is enabled. | |
| **AuthenticationStrength** | Write | String | Name of the associated authentication strength policy. | |
| **TransferMethods** | Write | String | Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'. | |
| **AuthenticationContexts** | Write | StringArray[] | Authentication context class references. | |
Expand Down
Loading