Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Conditional Access disableResilienceDefaults #5586

Open
wants to merge 8 commits into
base: Dev
Choose a base branch
from
Open

Add Conditional Access disableResilienceDefaults #5586

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a0e1bce
Add disableResilienceDefaults
Dec 17, 2024
c98071b
Merge branch 'Dev' into Dev
BuehlerSimon Dec 18, 2024
8b97e77
Merge branch 'Dev' into disableResilienceDefaults
BuehlerSimon Dec 20, 2024
211438f
Rename disableResilienceDefaults parameter to DisableResilienceDefaul…
Dec 20, 2024
f52f6a0
Update docs to include DisableResilienceDefaultsIsEnabled
Dec 20, 2024
cd2e3c6
Add DisableResilienceDefaultsIsEnabled to schema
Dec 20, 2024
d707fd7
Add DisableResilienceDefaultsIsEnabled unit test
Dec 20, 2024
e242734
Merge branch 'dev' into disableResilienceDefaults
Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Change log for Microsoft365DSC

# UNRELEASED
* AADConditionalAccessPolicy
* Add disableResilienceDefaults

# 1.24.1218.1

* AADApplication
Expand Down
20 changes: 19 additions & 1 deletion ...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,10 @@ function Get-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$DisableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -706,6 +710,8 @@ function Get-TargetResource
SignInFrequencyInterval = $SignInFrequencyIntervalValue
#no translation needed
PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
#no translation needed
DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled
#make false if undefined, true if true
PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
#no translation needed
Expand Down Expand Up @@ -929,6 +935,10 @@ function Set-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$DisableResilienceDefaultsIsEnabled,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down Expand Up @@ -1735,7 +1745,7 @@ function Set-TargetResource
$NewParameters.Add('grantControls', $GrantControls)
}

if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled)
if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled)
{
Write-Verbose -Message 'Set-Targetresource: process session controls'
$sessioncontrols = $null
Expand Down Expand Up @@ -1802,6 +1812,10 @@ function Set-TargetResource
$sessioncontrols.persistentBrowser.isEnabled = $true
$sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
}
if ($DisableResilienceDefaultsIsEnabled)
{
$sessioncontrols.Add('disableResilienceDefaults', $true)
}
$NewParameters.Add('sessionControls', $sessioncontrols)
#add SessionControls to the parameter list
}
Expand Down Expand Up @@ -2087,6 +2101,10 @@ function Test-TargetResource
[System.Boolean]
$PersistentBrowserIsEnabled,

[Parameter()]
[System.Boolean]
$disableResilienceDefaults,

[Parameter()]
[System.String]
$TermsOfUse,
Expand Down
2 changes: 1 addition & 1 deletion ...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}] String SignInFrequencyInterval;
[Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
[Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
[Write, Description("Specifies, if DisableResilienceDefaults is enabled.")] Boolean DisableResilienceDefaultsIsEnabled;
[Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
[Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
[Write, Description("Authentication context class references.")] String AuthenticationContexts[];
Expand All @@ -60,4 +61,3 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Write, Description("Access token used for authentication.")] String AccessTokens[];
};

5 changes: 5 additions & 0 deletions Modules/Microsoft365DSC/SchemaDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3522,6 +3522,11 @@
"Name": "PersistentBrowserMode",
"Option": "Write"
},
{
"CIMType": "Boolean",
"Name": "DisableResilienceDefaultsIsEnabled",
"Option": "Write"
},
{
"CIMType": "String",
"Name": "AuthenticationStrength",
Expand Down
4 changes: 4 additions & 0 deletions Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -178,6 +179,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -450,6 +452,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest')
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down Expand Up @@ -615,6 +618,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
IncludeUsers = 'All'
PersistentBrowserIsEnabled = $True
PersistentBrowserMode = 'Always'
DisableResilienceDefaultsIsEnabled = $True
SignInFrequencyIsEnabled = $True
SignInFrequencyType = 'Days'
SignInFrequencyValue = 5
Expand Down
1 change: 1 addition & 0 deletions docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
| **SignInFrequencyInterval** | Write | String | Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue. | `timeBased`, `everyTime`, `unknownFutureValue` |
| **PersistentBrowserIsEnabled** | Write | Boolean | Specifies, whether Browser Persistence is controlled by the Policy. | |
| **PersistentBrowserMode** | Write | String | Specifies, what Browser Persistence control is enforced by the Policy. | `Always`, `Never`, `` |
| **DisableResilienceDefaultsIsEnabled** | Write | Boolean | Specifies, if DisableResilienceDefaults is enabled. | |
| **AuthenticationStrength** | Write | String | Name of the associated authentication strength policy. | |
| **TransferMethods** | Write | String | Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'. | |
| **AuthenticationContexts** | Write | StringArray[] | Authentication context class references. | |
Expand Down