Merge pull request #5780 from NikCharlebois/ADOSecurityPolicy-Fix

ADOSecurityPolicy - Fix Default Value Parsing
microsoft · Feb 14, 2025 · 1629431 · 1629431
2 parents 7bc4f37 + 52add86
commit 1629431
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,9 @@
 * AADRoleEligibilityScheduleRequest
   * Reduce call count when reconciling object type
     FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621)
+* ADOSecurityPolicy
+  * Fixes an issue where the resource threw an error trying to parse the default
+    values.
 * M365DSCUtil
   * Add M365DSC prefix to `Remove-EmptyValue`.
     FIXES [#3861](https://github.com/microsoft/Microsoft365DSC/issues/3861)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1
@@ -91,27 +91,59 @@ function Get-TargetResource
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowOAuthAuthentication?defaultValue"
         $DisallowOAuthAuthenticationValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($DisallowOAuthAuthenticationValue))
+        {
+            $DisallowOAuthAuthenticationValue = $true
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowSecureShell?defaultValue"
         $DisallowSecureShellValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($DisallowSecureShellValue))
+        {
+            $DisallowSecureShellValue = $false
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.LogAuditEvents?defaultValue"
         $LogAuditEventsValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($LogAuditEventsValue))
+        {
+            $LogAuditEventsValue = $false
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowAnonymousAccess?defaultValue"
         $AllowAnonymousAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($AllowAnonymousAccessValue))
+        {
+            $AllowAnonymousAccessValue = $false
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.ArtifactsExternalPackageProtectionToken?defaultValue"
         $ArtifactsExternalPackageProtectionTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($ArtifactsExternalPackageProtectionTokenValue))
+        {
+            $ArtifactsExternalPackageProtectionTokenValue = $true
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.EnforceAADConditionalAccess?defaultValue"
         $EnforceAADConditionalAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($EnforceAADConditionalAccessValue))
+        {
+            $EnforceAADConditionalAccessValue = $false
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowTeamAdminsInvitationsAccessToken?defaultValue"
         $AllowTeamAdminsInvitationsAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($AllowTeamAdminsInvitationsAccessTokenValue))
+        {
+            $AllowTeamAdminsInvitationsAccessTokenValue = $true
+        }
 
         $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowRequestAccessToken?defaultValue"
         $AllowRequestAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value
+        if ([System.String]::IsNullOrEmpty($AllowRequestAccessTokenValue))
+        {
+            $AllowRequestAccessTokenValue = $true
+        }
 
         $results = @{
             OrganizationName                        = $OrganizationName

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
@@ -3960,6 +3960,7 @@ function Get-M365DSCExportContentForResource
             $partialContent = Convert-DSCStringParamToVariable -DSCBlock $partialContent `
                 -ParameterName 'ApplicationId'
         }
+        $partialContent = $partialContent.Replace('`$Credscredential;', '$Credscredential;')
     }
     else
     {
-Original file line number
+Diff line change
@@ Expand Up / @@ -3960,6 +3960,7 @@ function Get-M365DSCExportContentForResource @@
                 $partialContent = Convert-DSCStringParamToVariable -DSCBlock $partialContent `
                     -ParameterName 'ApplicationId'
             }
+            $partialContent = $partialContent.Replace('`$Credscredential;', '$Credscredential;')
         }
         else
         {
@@ Expand Down @@