cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

3.1.1 fixes

Browse Source 
Fix issue with getting user information calling the ME API with full ODATA info
This commit is contained in:
Mikael Karlsson
2021-06-16 12:14:01 +10:00
parent 18533494b2
commit a495b0f0df
11 changed files with 525 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Core.psm1
View File

@@ -1159,7 +1159,7 @@ function Add-ViewItem
if($global:PermissionScope -notcontains $scope) { $global:PermissionScope += $scope } if($global:PermissionScope -notcontains $scope) { $global:PermissionScope += $scope }
} }
foreach($required in @("openid","profile","email","User.ReadWrite.All","Group.ReadWrite.All")) #,"https://management.azure.com/user_impersonation") ) foreach($required in @("openid","profile","email","User.ReadWrite.All","Group.ReadWrite.All","RoleManagement.Read.Directory")) #,"https://management.azure.com/user_impersonation") )
{ {
if($required -in $global:PermissionScope) { continue } if($required -in $global:PermissionScope) { continue }
$global:PermissionScope += $required $global:PermissionScope += $required

23
Documentation/ObjectInfo/#microsoft.graph.deviceEnrollmentLimitConfiguration.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"dataType": 8,
"booleanActions": 0,
"category": "SettingDetails.deviceLimit"
},
{
"nameResourceKey": "SettingDetails.deviceLimit",
"descriptionResourceKey": "",
"entityKey": "limit",
"dataType": 14,
"booleanActions": 0,
"category": "SettingDetails.deviceLimit"
},
{
"nameResourceKey": "TableHeaders.priority",
"descriptionResourceKey": "",
"entityKey": "priority",
"dataType": 14,
"booleanActions": 0,
"category": "SettingDetails.deviceLimit"
}
]

417
Documentation/ObjectInfo/#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration.json Normal file
View File

@@ -0,0 +1,417 @@
[
{
"dataType": 8,
"booleanActions": 0,
"nameResourceKey": "Devices.androidWorkProfile"
},
{
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "androidForWorkRestriction",
"dataType": 6,
"booleanActions": 0,
"category": "",
"complexOptions": [
{
"nameResourceKey": "TableHeaders.platform",
"descriptionResourceKey": "",
"entityKey": "platformBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Children": {
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "",
"dataType": 5,
"booleanActions": 0,
"category": "",
"Condition": {
"Expressions": [
{
"property": "platformBlocked",
"value": false
}
]
},
"complexOptions": [
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.versions",
"descriptionResourceKey": "",
"entityKey": ".",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "osMinimumVersion"
},
{
"property": "osMaximumVersion"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "osMinimumVersion"
}
},
{
"metadata": {
"entityKey": "osMaximumVersion"
}
}
]
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.personal",
"descriptionResourceKey": "",
"entityKey": "personalDeviceEnrollmentBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings"
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.blockManufacturersHeader",
"descriptionResourceKey": "",
"entityKey": "blockedManufacturers",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "blockedManufacturers"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "unusedForSingleItems"
}
}
]
}
]
}
}
]
},
{
"dataType": 8,
"booleanActions": 0,
"nameResourceKey": "Devices.android"
},
{
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "androidRestriction",
"dataType": 6,
"booleanActions": 0,
"category": "",
"complexOptions": [
{
"nameResourceKey": "TableHeaders.platform",
"descriptionResourceKey": "",
"entityKey": "platformBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Children": {
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "",
"dataType": 5,
"booleanActions": 0,
"category": "",
"Condition": {
"Expressions": [
{
"property": "platformBlocked",
"value": false
}
]
},
"complexOptions": [
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.versions",
"descriptionResourceKey": "",
"entityKey": ".",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "osMinimumVersion"
},
{
"property": "osMaximumVersion"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "osMinimumVersion"
}
},
{
"metadata": {
"entityKey": "osMaximumVersion"
}
}
]
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.personal",
"descriptionResourceKey": "",
"entityKey": "personalDeviceEnrollmentBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings"
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.blockManufacturersHeader",
"descriptionResourceKey": "",
"entityKey": "blockedManufacturers",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "blockedManufacturers"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "unusedForSingleItems"
}
}
]
}
]
}
}
]
},
{
"dataType": 8,
"booleanActions": 0,
"nameResourceKey": "Devices.iOS"
},
{
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "iosRestriction",
"dataType": 6,
"booleanActions": 0,
"category": "",
"complexOptions": [
{
"nameResourceKey": "TableHeaders.platform",
"descriptionResourceKey": "",
"entityKey": "platformBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Children": {
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "",
"dataType": 5,
"booleanActions": 0,
"category": "",
"Condition": {
"Expressions": [
{
"property": "platformBlocked",
"value": false
}
]
},
"complexOptions": [
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.versions",
"descriptionResourceKey": "",
"entityKey": ".",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "osMinimumVersion"
},
{
"property": "osMaximumVersion"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "osMinimumVersion"
}
},
{
"metadata": {
"entityKey": "osMaximumVersion"
}
}
]
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.personal",
"descriptionResourceKey": "",
"entityKey": "personalDeviceEnrollmentBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings"
}
]
}
}
]
},
{
"dataType": 8,
"booleanActions": 0,
"nameResourceKey": "Devices.mac"
},
{
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "macRestriction",
"dataType": 6,
"booleanActions": 0,
"category": "",
"complexOptions": [
{
"nameResourceKey": "TableHeaders.platform",
"descriptionResourceKey": "",
"entityKey": "platformBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Children": {
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "",
"dataType": 5,
"booleanActions": 0,
"category": "",
"Condition": {
"Expressions": [
{
"property": "platformBlocked",
"value": false
}
]
},
"complexOptions": [
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.personal",
"descriptionResourceKey": "",
"entityKey": "personalDeviceEnrollmentBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings"
}
]
}
}
]
},
{
"dataType": 8,
"booleanActions": 0,
"nameResourceKey": "Devices.windows"
},
{
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "windowsRestriction",
"dataType": 6,
"booleanActions": 0,
"category": "",
"complexOptions": [
{
"nameResourceKey": "TableHeaders.platform",
"descriptionResourceKey": "",
"entityKey": "platformBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Children": {
"nameResourceKey": "",
"descriptionResourceKey": "",
"entityKey": "",
"dataType": 5,
"booleanActions": 0,
"category": "",
"Condition": {
"Expressions": [
{
"property": "platformBlocked",
"value": false
}
]
},
"complexOptions": [
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.versions",
"descriptionResourceKey": "",
"entityKey": ".",
"dataType": 21,
"separator": "-",
"category": "EnrollmentRestrictions.DeviceType.platformSettings",
"Condition": {
"type": "and",
"Expressions": [
{
"property": "osMinimumVersion"
},
{
"property": "osMaximumVersion"
}
]
},
"Columns": [
{
"metadata": {
"entityKey": "osMinimumVersion"
}
},
{
"metadata": {
"entityKey": "osMaximumVersion"
}
}
]
},
{
"nameResourceKey": "EnrollmentRestrictions.DeviceType.personal",
"descriptionResourceKey": "",
"entityKey": "personalDeviceEnrollmentBlocked",
"dataType": 0,
"booleanActions": 100,
"category": "EnrollmentRestrictions.DeviceType.platformSettings"
}
]
}
}
]
}
]

BIN
Documentation/Strings-en.json
View File

Binary file not shown.

BIN
Documentation/Strings-sv.json
View File

Binary file not shown.

38
Extensions/Compare.psm1
View File

@@ -168,18 +168,18 @@ function Invoke-CompareObjects
} }
function Set-ColumnVisibility function Set-ColumnVisibility
{ {
param($show) param($showCategory = $false, $showSubCategory = $false)
$colTmp = $global:dgCompareInfo.Columns | Where { $_.Binding.Path.Path -eq "Category" } $colTmp = $global:dgCompareInfo.Columns | Where { $_.Binding.Path.Path -eq "Category" }
if($colTmp) if($colTmp)
{ {
$colTmp.Visibility = (?: ($show -eq $true) "Visible" "Collapsed") $colTmp.Visibility = (?: ($showCategory -eq $true) "Visible" "Collapsed")
} }
$colTmp = $global:dgCompareInfo.Columns | Where { $_.Binding.Path.Path -eq "SubCategory" } $colTmp = $global:dgCompareInfo.Columns | Where { $_.Binding.Path.Path -eq "SubCategory" }
if($colTmp) if($colTmp)
{ {
$colTmp.Visibility = (?: ($show -eq $true) "Visible" "Collapsed") $colTmp.Visibility = (?: ($showSubCategory -eq $true) "Visible" "Collapsed")
} }
} }
@@ -265,11 +265,25 @@ function Compare-ObjectsBasedonProperty
} }
} }
function Get-CompareCustomColumnsDoc
{
param($objInfo)
if($objInfo.Object.'@OData.Type' -eq "#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration")
{
Set-ColumnVisibility $true $true
}
else
{
Set-ColumnVisibility $true $false
}
}
function Compare-ObjectsBasedonDocumentation function Compare-ObjectsBasedonDocumentation
{ {
param($obj1, $obj2) param($obj1, $obj2)
Set-ColumnVisibility $true Get-CompareCustomColumnsDoc $obj
# ToDo: set this based on configuration value # ToDo: set this based on configuration value
$script:assignmentOutput = "simpleFullCompare" $script:assignmentOutput = "simpleFullCompare"
@@ -353,25 +367,25 @@ function Compare-ObjectsBasedonDocumentation
{ {
foreach ($prop in $docObj1.Settings) foreach ($prop in $docObj1.Settings)
{ {
if(($prop.EntityKey) -in $addedProperties) { continue } if(($prop.EntityKey + $prop.Category + $prop.SubCategory) -in $addedProperties) { continue }
$addedProperties += $prop.EntityKey $addedProperties += ($prop.EntityKey + $prop.Category + $prop.SubCategory)
$val1 = $prop.$settingsValue $val1 = $prop.$settingsValue
$prop2 = $docObj2.Settings | Where { $_.EntityKey -eq $prop.EntityKey } $prop2 = $docObj2.Settings | Where { $_.EntityKey -eq $prop.EntityKey -and $_.Category -eq $prop.Category -and $_.SubCategory -eq $prop.SubCategory }
$val2 = $prop2.$settingsValue $val2 = $prop2.$settingsValue
Add-CompareProperty $prop.Name $val1 $val2 $prop.Category Add-CompareProperty $prop.Name $val1 $val2 $prop.Category $prop.SubCategory
} }
# These objects are defined only on Object 2. They will be last in the table # These objects are defined only on Object 2. They will be last in the table
foreach ($prop in $docObj2.Settings) foreach ($prop in $docObj2.Settings)
{ {
if(($prop.EntityKey) -in $addedProperties) { continue } if(($prop.EntityKey + $prop.Category + $prop.SubCategory) -in $addedProperties) { continue }
$addedProperties += $prop.EntityKey $addedProperties += ($prop.EntityKey + $prop.Category + $prop.SubCategory)
$val2 = $prop.$settingsValue $val2 = $prop.$settingsValue
$prop2 = $docObj1.Settings | Where { $_.EntityKey -eq $prop.EntityKey } $prop2 = $docObj1.Settings | Where { $_.EntityKey -eq $prop.EntityKey -and $_.Category -eq $prop.Category -and $_.SubCategory -eq $prop.SubCategory }
$val1 = $prop2.$settingsValue $val1 = $prop2.$settingsValue
Add-CompareProperty $prop.Name $val1 $val2 $prop.Category Add-CompareProperty $prop.Name $val1 $val2 $prop.Category $prop.SubCategory
} }
} }

35
Extensions/Documentation.psm1
View File

@@ -207,7 +207,7 @@ function Get-ObjectDocumentation
elseif($type -eq "#microsoft.graph.deviceManagementIntent") elseif($type -eq "#microsoft.graph.deviceManagementIntent")
{ {
Invoke-TranslateIntentObject $obj $objectType | Out-Null Invoke-TranslateIntentObject $obj $objectType | Out-Null
$properties = @("Name","Value","Category","RawValue","Description") $properties = @("Name","Value","Category","RawValue","SettingId","Description")
} }
#endregion #endregion
#region Administrative Templates #region Administrative Templates
@@ -1586,10 +1586,10 @@ function Invoke-VerifyCondition
return $false return $false
} }
if(!$expression.value) if($expression.value -eq $null)
{ {
# Value not specified. Check that property exists # Value not specified. Check if the property is set
$tmpRet = $tmpProp -ne $null $tmpRet = $tmpProp.Value -ne $null
} }
elseif($expression.operator -eq "ne") elseif($expression.operator -eq "ne")
{ {
@@ -1644,7 +1644,11 @@ function Invoke-TranslateSection
#if($prop.enabled -eq $false -and $objInfo.ShowDisabled -ne $true) { continue } #if($prop.enabled -eq $false -and $objInfo.ShowDisabled -ne $true) { continue }
if((Invoke-VerifyCondition $obj $prop $objInfo) -eq $false) { continue } if((Invoke-VerifyCondition $obj $prop $objInfo) -eq $false)
{
Write-LogDebug "Condition returned false: $(($prop.Condition | ConvertTo-Json -Depth 10 -Compress))" 2
continue
}
$obj = Get-CustomPropertyObject $obj $prop $obj = Get-CustomPropertyObject $obj $prop
@@ -1779,10 +1783,11 @@ function Invoke-TranslateSection
$value = Get-LanguageString $prop.entityKey $value = Get-LanguageString $prop.entityKey
} }
elseif(($prop.allowMissing -ne $true) -and elseif(($prop.allowMissing -ne $true) -and
($prop.entityKey -ne ".") -and
(-not ($obj.PSObject.Properties | Where Name -eq $prop.entityKey)) -and (-not ($obj.PSObject.Properties | Where Name -eq $prop.entityKey)) -and
(-not ($obj.PSObject.Properties | Where Name -eq "$($prop.entityKey)@odata.navigationLink"))) (-not ($obj.PSObject.Properties | Where Name -eq "$($prop.entityKey)@odata.navigationLink")))
{ {
if($prop.enabled -eq $true) if($prop.enabled -ne $false)
{ {
Write-Log "Property with EntityKey $($prop.entityKey) is missing. Property will not be added!" 2 Write-Log "Property with EntityKey $($prop.entityKey) is missing. Property will not be added!" 2
} }
@@ -2508,7 +2513,14 @@ function Invoke-TranslateTable
{ {
param($obj, $prop) param($obj, $prop)
$propValue = $obj."$($prop.entityKey)" if($prop.entityKey -eq ".")
{
$propValue = $obj
}
else
{
$propValue = $obj."$($prop.entityKey)"
}
$items = @() $items = @()
foreach($item in $propValue) foreach($item in $propValue)
@@ -2535,7 +2547,14 @@ function Invoke-TranslateTable
$itemValues += (?? $item."$($column.metadata.entityKey)" $obj."$($column.metadata.entityKey)") $itemValues += (?? $item."$($column.metadata.entityKey)" $obj."$($column.metadata.entityKey)")
} }
} }
$items += $itemValues -join $script:propertySeparator if($prop.separator)
{
$items += $itemValues -join $prop.separator
}
else
{
$items += $itemValues -join $script:propertySeparator
}
} }
if($items.Count -gt 0) if($items.Count -gt 0)

4
Extensions/EndpointManager.psm1
View File

@@ -275,6 +275,7 @@ function Invoke-InitializeModule
AssignmentsType = "deviceManagementScriptAssignments" AssignmentsType = "deviceManagementScriptAssignments"
Icon="CustomAttributes" Icon="CustomAttributes"
GroupId = "CustomAttributes" # MacOS Settings GroupId = "CustomAttributes" # MacOS Settings
DetailExtension = { Add-ScriptExtensions @args }
}) })
Add-ViewItem (New-Object PSObject -Property @{ Add-ViewItem (New-Object PSObject -Property @{
@@ -1045,7 +1046,8 @@ function Invoke-DownloadScript
$dlgSave.FileName = $obj.FileName $dlgSave.FileName = $obj.FileName
if($dlgSave.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK -and $dlgSave.Filename) if($dlgSave.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK -and $dlgSave.Filename)
{ {
[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($obj.scriptContent)) | Out-File $dlgSave.Filename -Force # Changed to WriteAllBytes to get rid of BOM characters from Custom Attribute file
[IO.File]::WriteAllBytes($dlgSave.FileName, ([System.Convert]::FromBase64String($obj.scriptContent)))
} }
} }
} }

9
Extensions/MSALAuthentication.psm1
View File

@@ -103,7 +103,7 @@ function Get-MSALUserInfo
if($global:MSALToken) if($global:MSALToken)
{ {
Write-Log "Get current user" Write-Log "Get current user"
$tmpMe = MSGraph\Invoke-GraphRequest -Url "ME" -SkipAuthentication $tmpMe = MSGraph\Invoke-GraphRequest -Url "ME" -SkipAuthentication -ODataMetadata "Skip"
if($tmpMe.creationType -ne "Invitation") if($tmpMe.creationType -ne "Invitation")
{ {
### Only get user info from home tenant ### Only get user info from home tenant
@@ -114,7 +114,7 @@ function Get-MSALUserInfo
} }
Write-Log "Get organization info" Write-Log "Get organization info"
$global:Organization = (MSGraph\Invoke-GraphRequest -Url "Organization" -SkipAuthentication).Value $global:Organization = (MSGraph\Invoke-GraphRequest -Url "Organization" -SkipAuthentication -ODataMetadata "Skip").Value
} }
else else
{ {
@@ -993,7 +993,7 @@ function Get-MSALProfileEllipse
{ {
$initials = "$($global:me.givenName[0])$($global:me.surname[0])".ToUpper() $initials = "$($global:me.givenName[0])$($global:me.surname[0])".ToUpper()
} }
else elseif($global:me.userPrincipalName)
{ {
$initials = "$($global:me.userPrincipalName[0])".ToUpper() $initials = "$($global:me.userPrincipalName[0])".ToUpper()
} }
@@ -1340,7 +1340,8 @@ function Show-MSALDecodedToken {
{ {
if(-not $script:aadRoles) if(-not $script:aadRoles)
{ {
$script:aadRoles =(Invoke-GraphRequest -url "/directoryRoles?`$select=roleTemplateId,displayName" -ODataMetadata "minimal").value # This will fail if RoleManagement.Read.Directory permission is not granted. Use -NoError to hide any problems
$script:aadRoles = (Invoke-GraphRequest -url "/directoryRoles?`$select=roleTemplateId,displayName" -ODataMetadata "minimal" -Noerror).value
} }
$wids = @() $wids = @()
foreach($wid in $tokenData.Payload."$($prop.Name)") foreach($wid in $tokenData.Payload."$($prop.Name)")

18
ReleaseNotes.md
View File

@@ -1,5 +1,23 @@
# Release Notes # Release Notes
## 3.1.1 - 2021-06-16
**New features**
- Download script for Custom Attribute
- Documentation
- Added support for additional objects (Enrollment restrictions)
**Fixes**
- Failed to get user information during logon. Something was changed in Graph that caused calling ME with full ODATA to fail.
- Added RoleManagement.Read.Directory as a default required permission.
**NOTE:** This will most likely cause a consent prompt
- Some additional minor fixes
## 3.1.0 - 2021-06-08 ## 3.1.0 - 2021-06-08
**Breaking Changes** **Breaking Changes**

1
Xaml/CompareForm.xaml
View File

@@ -90,6 +90,7 @@
<DataGrid.Columns> <DataGrid.Columns>
<DataGridTextColumn Header="Property" Binding="{Binding PropertyName}" IsReadOnly="True" Width="Auto" /> <DataGridTextColumn Header="Property" Binding="{Binding PropertyName}" IsReadOnly="True" Width="Auto" />
<DataGridTextColumn Header="Category" Binding="{Binding Category}" IsReadOnly="True" Width="Auto" /> <DataGridTextColumn Header="Category" Binding="{Binding Category}" IsReadOnly="True" Width="Auto" />
<DataGridTextColumn Header="SubCategory" Binding="{Binding SubCategory}" IsReadOnly="True" Width="Auto" />
<DataGridTextColumn Header="Intune Object" Binding="{Binding Object1Value}" IsReadOnly="True" Width="1*" /> <DataGridTextColumn Header="Intune Object" Binding="{Binding Object1Value}" IsReadOnly="True" Width="1*" />
<DataGridTextColumn Header="Backup Object" Binding="{Binding Object2Value}" IsReadOnly="True" Width="1*" /> <DataGridTextColumn Header="Backup Object" Binding="{Binding Object2Value}" IsReadOnly="True" Width="1*" />
</DataGrid.Columns> </DataGrid.Columns>