Merge branch 'microsoft:Dev' into andikrueger/issue3454_1

microsoft · Jul 26, 2023 · f4c37c1 · f4c37c1
2 parents 2f1b562 + bde0e4b
commit f4c37c1
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,7 +10,8 @@
     FIXES [#3454](https://github.com/microsoft/Microsoft365DSC/issues/3454)
 
 # 1.23.719.1
-
+* AADCrossTenant
+  * Added Automatic Consent for inbound and Outbound trust settings
 * EXOSharedMailbox
   * Added capability to change the PrimarySMTPAddress of a Shared Mailbox
 * SPOExternalUserExpireInDays

diff --git a/...AccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1 b/...AccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1
@@ -28,6 +28,10 @@ function Get-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -79,7 +83,7 @@ function Get-TargetResource
         $nullResult.Ensure = 'Absent'
 
         $getValue = Get-MgBetaPolicyCrossTenantAccessPolicyPartner -CrossTenantAccessPolicyConfigurationPartnerTenantId $PartnerTenantId `
-                        -ErrorAction SilentlyContinue
+            -ErrorAction SilentlyContinue
 
         if ($null -eq $getValue)
         {
@@ -104,24 +108,29 @@ function Get-TargetResource
         {
             $B2BDirectConnectOutboundValue = $getValue.B2BDirectConnectOutbound
         }
+        if ($null -ne $getValue.AutomaticUserConsentSettings)
+        {
+            $AutomaticUserConsentSettingsValue = $getValue.AutomaticUserConsentSettings
+        }
         if ($null -ne $getValue.InboundTrust)
         {
             $InboundTrustValue = $getValue.InboundTrust
         }
         $results = @{
-            PartnerTenantId          = $getValue.TenantId
-            B2BCollaborationInbound  = $B2BCollaborationInboundValue
-            B2BCollaborationOutbound = $B2BCollaborationOutboundValue
-            B2BDirectConnectInbound  = $B2BDirectConnectInboundValue
-            B2BDirectConnectOutbound = $B2BDirectConnectOutboundValue
-            InboundTrust             = $InboundTrustValue
-            Ensure                   = 'Present'
-            Credential               = $Credential
-            ApplicationId            = $ApplicationId
-            TenantId                 = $TenantId
-            ApplicationSecret        = $ApplicationSecret
-            CertificateThumbprint    = $CertificateThumbprint
-            ManagedIdentity          = $ManagedIdentity.IsPresent
+            PartnerTenantId              = $getValue.TenantId
+            B2BCollaborationInbound      = $B2BCollaborationInboundValue
+            B2BCollaborationOutbound     = $B2BCollaborationOutboundValue
+            B2BDirectConnectInbound      = $B2BDirectConnectInboundValue
+            B2BDirectConnectOutbound     = $B2BDirectConnectOutboundValue
+            AutomaticUserConsentSettings = $AutomaticUserConsentSettingsValue
+            InboundTrust                 = $InboundTrustValue
+            Ensure                       = 'Present'
+            Credential                   = $Credential
+            ApplicationId                = $ApplicationId
+            TenantId                     = $TenantId
+            ApplicationSecret            = $ApplicationSecret
+            CertificateThumbprint        = $CertificateThumbprint
+            ManagedIdentity              = $ManagedIdentity.IsPresent
         }
 
         return [System.Collections.Hashtable] $results
@@ -163,6 +172,9 @@ function Set-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $B2BDirectConnectOutbound,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
         [Parameter()]
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
@@ -212,13 +224,13 @@ function Set-TargetResource
     $currentInstance = Get-TargetResource @PSBoundParameters
 
     $OperationParams = ([Hashtable]$PSBoundParameters).Clone()
-    $OperationParams.Remove("Credential") | Out-Null
-    $OperationParams.Remove("ManagedIdentity") | Out-Null
-    $OperationParams.Remove("ApplicationId") | Out-Null
-    $OperationParams.Remove("TenantId") | Out-Null
-    $OperationParams.Remove("CertificateThumbprint") | Out-Null
-    $OperationParams.Remove("ApplicationSecret") | Out-Null
-    $OperationParams.Remove("Ensure") | Out-Null
+    $OperationParams.Remove('Credential') | Out-Null
+    $OperationParams.Remove('ManagedIdentity') | Out-Null
+    $OperationParams.Remove('ApplicationId') | Out-Null
+    $OperationParams.Remove('TenantId') | Out-Null
+    $OperationParams.Remove('CertificateThumbprint') | Out-Null
+    $OperationParams.Remove('ApplicationSecret') | Out-Null
+    $OperationParams.Remove('Ensure') | Out-Null
 
     if ($null -ne $OperationParams.B2BCollaborationInbound)
     {
@@ -240,6 +252,10 @@ function Set-TargetResource
         $OperationParams.B2BDirectConnectOutbound = (Get-M365DSCAADCrossTenantAccessPolicyB2BSetting -Setting $OperationParams.B2BDirectConnectOutbound)
         $OperationParams.B2BDirectConnectOutbound = (Update-M365DSCSettingUserIdFromUPN -Setting $OperationParams.B2BDirectConnectOutbound)
     }
+    if ($null -ne $OperationParams.AutomaticUserConsentSettings)
+    {
+        $OperationParams.AutomaticUserConsentSettings = (Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings -Setting $OperationParams.AutomaticUserConsentSettings)
+    }
     if ($null -ne $OperationParams.InboundTrust)
     {
         $OperationParams.InboundTrust = (Get-M365DSCAADCrossTenantAccessPolicyInboundTrust -Setting $OperationParams.InboundTrust)
@@ -297,6 +313,10 @@ function Test-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $InboundTrust,
 
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance]
+        $AutomaticUserConsentSettings,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -477,6 +497,10 @@ function Export-TargetResource
             {
                 $Results.B2BDirectConnectOutbound = Get-M365DSCAADCrossTenantAccessPolicyB2BSettingAsString -Setting $Results.B2BDirectConnectOutbound
             }
+            if ($null -ne $Results.AutomaticUserConsentSettings)
+            {
+                $Results.AutomaticUserConsentSettings = Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString -Setting $Results.AutomaticUserConsentSettings
+            }
             if ($null -ne $Results.InboundTrust)
             {
                 $Results.InboundTrust = Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString -Setting $Results.InboundTrust
@@ -508,6 +532,11 @@ function Export-TargetResource
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
                     -ParameterName 'B2BDirectConnectOutbound'
             }
+            if ($null -ne $Results.AutomaticUserConsentSettings)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
+                    -ParameterName 'AutomaticUserConsentSettings'
+            }
             if ($null -ne $Results.InboundTrust)
             {
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
@@ -702,13 +731,58 @@ function Get-M365DSCAADCrossTenantAccessPolicyB2BSetting
     }
     #endregion
     $results = @{
-        Applications = $applications
+        Applications   = $applications
         UsersAndGroups = $usersAndGroups
     }
 
     return $results
 }
 
+function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param(
+        [Parameter(Mandatory = $true)]
+        [System.Object]
+        $Setting
+    )
+
+    $result = @{
+        InboundAllowed  = $Setting.InboundAllowed
+        OutboundAllowed = $Setting.OutboundAllowed
+    }
+
+    return $result
+}
+
+function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString
+{
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param(
+        [Parameter(Mandatory = $true)]
+        $Setting
+    )
+
+    $StringContent = $null
+    if ($null -ne $Setting.InboundAllowed -or $null -ne $Setting.OutboundAllowed)
+    {
+        $StringContent = "MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings {`r`n"
+        if ($null -ne $Setting.InboundAllowed)
+        {
+            $StringContent += "                InboundAllowed           = `$" + $Setting.InboundAllowed.ToString() + "`r`n"
+        }
+       if ($null -ne $Setting.OutboundAllowed)
+        {
+            $StringContent += "                OutboundAllowed          = `$" + $Setting.OutboundAllowed.ToString() + "`r`n"
+        }
+        $StringContent += "            }`r`n"
+    }
+
+    return $StringContent
+}
+
 function Get-M365DSCAADCrossTenantAccessPolicyInboundTrust
 {
     [CmdletBinding()]
@@ -739,7 +813,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString
 
     $StringContent = $null
     if ($null -ne $Setting.IsCompliantDeviceAccepted -or $null -ne $Setting.IsHybridAzureADJoinedDeviceAccepted -or `
-        $null -ne $Setting.IsMfaAccepted)
+            $null -ne $Setting.IsMfaAccepted)
     {
         $StringContent = "MSFT_AADCrossTenantAccessPolicyInboundTrust {`r`n"
         if ($null -ne $Setting.IsCompliantDeviceAccepted)

diff --git a/...PolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.schema.mof b/...PolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.schema.mof
@@ -19,6 +19,13 @@ class MSFT_AADCrossTenantAccessPolicyB2BSetting
     [Write, Description("The list of users and groups targeted with your cross-tenant access policy."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyTargetConfiguration")] String UsersAndGroups;
 };
 
+[ClassVersion("1.0.0")]
+class MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings
+{
+    [Write, Description("Specifies whether you want to automatically trust Inbound invitations..")] Boolean InboundAllowed;
+    [Write, Description("Specifies whether you want to automatically trust Outbound invitations.")] Boolean OutboundAllowed;
+};
+
 [ClassVersion("1.0.0")]
 class MSFT_AADCrossTenantAccessPolicyInboundTrust
 {
@@ -35,6 +42,7 @@ class MSFT_AADCrossTenantAccessPolicyConfigurationPartner : OMI_BaseResource
     [Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BCollaborationOutbound;
     [Write, Description("Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectInbound;
     [Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectOutbound;
+    [Write, Description("Determines the partner-specific configuration for accepting trust claims from other tenant invitations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings")] String AutomaticUserConsentSettings;
     [Write, Description("Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyInboundTrust")] String InboundTrust;
     [Write, Description("Specify if the policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;

diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md
@@ -9,6 +9,7 @@
 | **B2BCollaborationOutbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. | |
 | **B2BDirectConnectInbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. | |
 | **B2BDirectConnectOutbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. | |
+| **AutomaticUserConsentSettings** | Write | MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings | Determines the partner-specific configuration for accepting trust claims from other tenant invitations. | |
 | **InboundTrust** | Write | MSFT_AADCrossTenantAccessPolicyInboundTrust | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. | |
 | **Ensure** | Write | String | Specify if the policy should exist or not. | `Present`, `Absent` |
 | **Credential** | Write | PSCredential | Credentials of the Admin | |
@@ -45,6 +46,15 @@
 | **Applications** | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of applications targeted with your cross-tenant access policy. | |
 | **UsersAndGroups** | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of users and groups targeted with your cross-tenant access policy. | |
 
+### MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **InboundAllowed** | Write | Boolean | Specifies whether you want to automatically trust Inbound invitations.. | |
+| **OutboundAllowed** | Write | Boolean | Specifies whether you want to automatically trust Outbound invitations. | |
+
 ### MSFT_AADCrossTenantAccessPolicyInboundTrust
 
 #### Parameters