microsoft · NikCharlebois · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025
@@ -1,6 +1,16 @@
 # Change log for Microsoft365DSC
 
-# 1.25.219.1
+# UNRELEASED
+
+* EXOCalendarProcessing
+  * Changed the Get-TargetResource logic to return UPN instead of id.
+* EXODistributionGroup
+  * Fixed the ability to set members.
+* SCPolicyConfig
+  * Handle default values in the Get-TargetResource function.
+  * Added support for the FileCopiedToCloudFullUrlEnabled property.
+
+# 1.25.219.2
 
 * AADAccessReviewPolicy
   * Missing AccessReview permission for Application Read access

@@ -270,7 +270,7 @@ function Get-TargetResource
         }
 
         $result = @{
-            Identity                             = $calendarProc.Identity
+            Identity                             = $Identity
             AddAdditionalResponse                = $calendarProc.AddAdditionalResponse
             AdditionalResponse                   = $calendarProc.AdditionalResponse
             AddNewRequestsTentatively            = $calendarProc.AddNewRequestsTentatively
@@ -906,7 +906,7 @@ function Export-TargetResource
                 $Global:M365DSCExportResourceInstancesCount++
             }
 
-            Write-Host "    |---[$i/$($mailboxes.Count)] $($mailbox.Identity.Split('-')[0])" -NoNewline
+            Write-Host "    |---[$i/$($mailboxes.Count)] $($mailbox.UserPrincipalName)" -NoNewline
             $Params = @{
                 Identity              = $mailbox.UserPrincipalName
                 Credential            = $Credential

@@ -708,7 +708,41 @@ function Set-TargetResource
         }
         $currentParameters.Remove('OrganizationalUnit') | Out-Null
         $currentParameters.Remove('Type') | Out-Null
-        $currentParameters.Remove('Members') | Out-Null
+
+        # Members
+        if ($null -ne $Members)
+        {
+            $membersDiff = Compare-Object -ReferenceObject $currentDistributionGroup.Members -DifferenceObject $Members
+            $membersToAdd = @()
+            $membersToRemove = @()
+            foreach ($difference in $membersDiff)
+            {
+                if ($difference.SideIndicator -eq '=>')
+                {
+                    $membersToAdd += $difference.InputObject
+                }
+                elseif ($difference.SideIndicator -eq '<=')
+                {
+                    $membersToRemove += $difference.InputObject
+                }
+            }
+
+            foreach ($member in $membersToAdd)
+            {
+                Write-Verbose -Message "Adding member {$member}"
+                Add-DistributionGroupMember -Identity $Identity -Member $member -BypassSecurityGroupManagerCheck
+            }
+            foreach ($member in $membersToRemove)
+            {
+                Write-Verbose -Message "Removing member {$member}"
+                Remove-DistributionGroupMember -Identity $Identity `
+                                            -Member $member `
+                                            -BypassSecurityGroupManagerCheck `
+                                            -Confirm:$false
+            }
+            $currentParameters.Remove('Members') | Out-Null
+        }
+
 
         if ($EmailAddresses.Length -gt 0)
         {

@@ -61,6 +61,10 @@ function Get-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $EvidenceStoreSettings,
 
+        [Parameter()]
+        [System.Boolean]
+        $FileCopiedToCloudFullUrlEnabled,
+
         [Parameter()]
         [System.Boolean]
         $IncludePredefinedUnallowedBluetoothApps,
@@ -177,19 +181,28 @@ function Get-TargetResource
         $DlpNetworkShareGroupsObject = ConvertFrom-Json $instance.DlpNetworkShareGroups
 
         # AdvancedClassificationEnabled
-        $AdvancedClassificationEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value)
+        $AdvancedClassificationEnabledValue = $false # default value
+        $valueToParse =($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
+        {
+            $AdvancedClassificationEnabledValue = [Boolean]::Parse($valueToParse)
+        }
 
         # BandwidthLimitEnabled
-        $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value
-        $parsedValue = $null
-        if ($null -ne $toBeParsed)
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value
+        $BandwidthLimitEnabledValue = $true #default value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
         {
-            $parsedValue = [Boolean]::Parse($toBeParsed)
+            $BandwidthLimitEnabledValue = [Boolean]::Parse($valueToParse)
         }
-        $BandwidthLimitEnabledValue = $parsedValue
 
         # DailyBandwidthLimitInMB
-        $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value
+        $DailyBandwidthLimitInMBValue = 1000 # default value
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
+        {
+            $DailyBandwidthLimitInMBValue = [UInt32]$valueToParse
+        }
 
         # PathExclusion
         $PathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'PathExclusion' }).Value
@@ -198,7 +211,12 @@ function Get-TargetResource
         $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacPathExclusion' }).Value
 
         # MacDefaultPathExclusionsEnabled
-        $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value)
+        $MacDefaultPathExclusionsEnabledValue = $true # default value
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
+        {
+            $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse($valueToParse)
+        }
 
         #EvidenceStoreSettings
         $entry = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'EvidenceStoreSettings' }
@@ -214,7 +232,12 @@ function Get-TargetResource
         }
 
         # NetworkPathEnforcementEnabled
-        $NetworkPathEnforcementEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value)
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value
+        $NetworkPathEnforcementEnabledValue = $false # default value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
+        {
+            $NetworkPathEnforcementEnabledValue = [Boolean]::Parse($valueToParse)
+        }
 
         # NetworkPathExclusion
         $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathExclusion' }).Value
@@ -267,13 +290,12 @@ function Get-TargetResource
         }
 
         # IncludePredefinedUnallowedBluetoothApps
-        $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value
-        $parsedValue = $null
-        if ($null -ne $toBeParsed)
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value
+        $IncludePredefinedUnallowedBluetoothAppsValue = $true # default value
+        if (-not [System.String]::IsNullOrEMpty($valueToParse))
         {
-            $parsedValue = [Boolean]::Parse($toBeParsed)
+            $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]::Parse($valueToParse)
         }
-        $IncludePredefinedUnallowedBluetoothAppsValue = $parsedValue
 
         # UnallowedBluetoothApp
         $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBluetoothApp' })
@@ -352,10 +374,20 @@ function Get-TargetResource
             }
 
             # serverDlpEnabled
-            $serverDlpEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value)
+            $serverDlpEnabledValue = $false #default value
+            $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value
+            if (-not [System.String]::IsNullOrEmpty($valueToParse))
+            {
+                $serverDlpEnabledValue = [Boolean]::Parse($valueToParse)
+            }
 
             # AuditFileActivity
-            $AuditFileActivityValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value)
+            $AuditFileActivityValue = $false # default value
+            $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value
+            if (-not [System.String]::IsNullOrEmpty($valueToParse))
+            {
+                $AuditFileActivityValue = [Boolean]::Parse($valueToParse)
+            }
 
             # VPNSettings
             $entity = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'VPNSettings' }
@@ -454,10 +486,26 @@ function Get-TargetResource
             }
         }
 
+        #EnableLabelCoauthValue
+        $EnableLabelCoauthValue = $false # default value
+        if (-not [System.String]::IsNullOrEmpty($instance.EnableLabelCoauth))
+        {
+            $EnableLabelCoauthValue = $instance.EnableLabelCoauth
+        }
+
+        #FileCopiedToCloudFullUrlEnabledValue
+        $FileCopiedToCloudFullUrlEnabledValue = $false
+        $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'FileCopiedToCloudFullUrlEnabled' }).Value
+        if (-not [System.String]::IsNullOrEmpty($valueToParse))
+        {
+            $FileCopiedToCloudFullUrlEnabledValue = [Boolean]::Parse($valueToParse)
+        }
+
         $results = @{
             IsSingleInstance                        = 'Yes'
             AdvancedClassificationEnabled           = $AdvancedClassificationEnabledValue
             BandwidthLimitEnabled                   = $BandwidthLimitEnabledValue
+            FileCopiedToCloudFullUrlEnabled         = $FileCopiedToCloudFullUrlEnabledValue
             DailyBandwidthLimitInMB                 = $DailyBandwidthLimitInMBValue
             PathExclusion                           = $PathExclusionValue
             MacPathExclusion                        = $MacPathExclusionValue
@@ -482,7 +530,7 @@ function Get-TargetResource
             DLPRemovableMediaGroups                 = $DLPRemovableMediaGroupsValue
             DLPNetworkShareGroups                   = $DlpNetworkShareGroupsValue
             VPNSettings                             = $VPNSettingsValue
-            EnableLabelCoauth                       = $instance.EnableLabelCoauth
+            EnableLabelCoauth                       = $EnableLabelCoauthValue
             EnableSpoAipMigration                   = $instance.EnableSpoAipMigration
             QuarantineParameters                    = $QuarantineParametersValue
             Credential                              = $Credential
@@ -569,6 +617,10 @@ function Set-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $EvidenceStoreSettings,
 
+        [Parameter()]
+        [System.Boolean]
+        $FileCopiedToCloudFullUrlEnabled,
+
         [Parameter()]
         [System.Boolean]
         $IncludePredefinedUnallowedBluetoothApps,
@@ -1092,6 +1144,10 @@ function Test-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance[]]
         $EvidenceStoreSettings,
 
+        [Parameter()]
+        [System.Boolean]
+        $FileCopiedToCloudFullUrlEnabled,
+
         [Parameter()]
         [System.Boolean]
         $IncludePredefinedUnallowedBluetoothApps,

@@ -135,25 +135,26 @@ class MSFT_PolicyConfigQuarantineParameters
 class MSFT_SCPolicyConfig : OMI_BaseResource
 {
     [Key, Description("Accepted value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
-    [Write, Description("TBD")] Boolean AdvancedClassificationEnabled;
-    [Write, Description("TBD")] Boolean AuditFileActivity;
-    [Write, Description("TBD")] Boolean BandwidthLimitEnabled;
+    [Write, Description("Default value is false.")] Boolean AdvancedClassificationEnabled;
+    [Write, Description("Default value is false.")] Boolean AuditFileActivity;
+    [Write, Description("Default value is true.")] Boolean BandwidthLimitEnabled;
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigBusinessJustificationList")] String BusinessJustificationList[];
-    [Write, Description("TBD")] String CloudAppMode;
+    [Write, Description("Default value is Off.")] String CloudAppMode;
     [Write, Description("TBD")] String CloudAppRestrictionList[];
-    [Write, Description("TBD")] UInt32 CustomBusinessJustificationNotification;
-    [Write, Description("TBD")] UInt32 DailyBandwidthLimitInMB;
+    [Write, Description("Default value is 0.")] UInt32 CustomBusinessJustificationNotification;
+    [Write, Description("Default value is 1000")] UInt32 DailyBandwidthLimitInMB;
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPAppGroups")] String DLPAppGroups[];
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPNetworkShareGroups")] String DLPNetworkShareGroups[];
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPPrinterGroups")] String DLPPrinterGroups[];
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPRemovableMediaGroups")] String DLPRemovableMediaGroups[];
-    [Write, Description("TBD")] Boolean IncludePredefinedUnallowedBluetoothApps;
-    [Write, Description("TBD")] Boolean MacDefaultPathExclusionsEnabled;
+    [Write, Description("Default value is true.")] Boolean IncludePredefinedUnallowedBluetoothApps;
+    [Write, Description("Default value is true.")] Boolean MacDefaultPathExclusionsEnabled;
     [Write, Description("TBD")] String MacPathExclusion[];
-    [Write, Description("TBD")] Boolean NetworkPathEnforcementEnabled;
+    [Write, Description("Default value is false.")] Boolean NetworkPathEnforcementEnabled;
     [Write, Description("TBD")] String NetworkPathExclusion;
     [Write, Description("TBD")] String PathExclusion[];
-    [Write, Description("TBD")] Boolean serverDlpEnabled;
+    [Write, Description("Default value is false")] Boolean serverDlpEnabled;
+    [Write, Description("Default value is false")] Boolean FileCopiedToCloudFullUrlEnabled;
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigEvidenceStoreSettings")] String EvidenceStoreSettings;
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPSiteGroups")] String SiteGroups[];
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigApp")] String UnallowedApp[];
@@ -162,8 +163,8 @@ class MSFT_SCPolicyConfig : OMI_BaseResource
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigApp")] String UnallowedBrowser[];
     [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigQuarantineParameters")] String QuarantineParameters;
     [Write, Description("TBD")] String VPNSettings[];
-    [Write, Description("TBD")] Boolean EnableLabelCoauth;
-    [Write, Description("TBD")] Boolean EnableSpoAipMigration;
+    [Write, Description("The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false.")] Boolean EnableLabelCoauth;
+    [Write, Description("The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive.")] Boolean EnableSpoAipMigration;
     [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
     [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;

@@ -81,7 +81,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     CloudAppMode                            = "Block";
                     CloudAppRestrictionList                 = @("contoso.net","contoso.com");
                     CustomBusinessJustificationNotification = 3;
-                    DailyBandwidthLimitInMB                 = 0;
+                    DailyBandwidthLimitInMB                 = 1000;
                     DLPAppGroups                            = @(
                         (New-CiMInstance -ClassName MSFT_PolicyConfigDLPAppGroups -Property @{
                             Name        = 'Maracas'
@@ -253,7 +253,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     CloudAppMode                            = "Block";
                     CloudAppRestrictionList                 = @("contoso.net","contoso.com");
                     CustomBusinessJustificationNotification = 3;
-                    DailyBandwidthLimitInMB                 = 0;
+                    DailyBandwidthLimitInMB                 = 1000;
                     DLPAppGroups                            = @(
                         (New-CiMInstance -ClassName MSFT_PolicyConfigDLPAppGroups -Property @{
                             Name        = 'Maracas'