Merge branch 'dev' into main

.azure-pipelines/ci-build.yml

@@ -59,6 +59,8 @@ jobs:
           Pack: ${{ parameters.Pack }}
           Sign: ${{ parameters.Sign }}
 
+      - template: ./common-templates/guardian-analyzer.yml
+
       - ${{ if and(eq(parameters.Pack, true), eq(parameters.Sign, true)) }}:
           - template: ./common-templates/esrp/codesign-nuget.yml
             parameters:

.azure-pipelines/common-templates/create-pr.yml

@@ -4,7 +4,7 @@
 parameters:
   - name: BaseBranch
     type: string
-    default: features/2.0
+    default: dev
   - name: TargetBranch
     type: string
     default: ""

.azure-pipelines/common-templates/guardian-analyzer.yml

@@ -0,0 +1,19 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+# Managed code static analysis (aka.ms/sdtvsts)
+# https://marketplace.visualstudio.com/items?itemName=securedevelopmentteam.vss-secure-development-tools
+
+steps:
+  - task: RoslynAnalyzers@3
+    displayName: 'Run Roslyn Analyzers'
+    inputs:
+      continueOnError: true
+      msBuildVersion: 17.0
+      msBuildArchitecture: amd64
+      msBuildCommandline: |
+        dotnet.exe build $(Build.SourcesDirectory)\src\Authentication /p:Platform="Any CPU" /p:Configuration="Release"
+      setupCommandlinePicker: 'vs2022'
+      policyName: 'M365'
+    env:
+      SYSTEM_ACCESSTOKEN: $(system.accesstoken)

.azure-pipelines/generation-templates/authentication-module.yml

@@ -60,3 +60,6 @@ steps:
           pwsh: true
           script: |
             . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -Pack -ArtifactsLocation $(Build.ArtifactStagingDirectory)
+
+  # Run analyzer after build & sign.
+  - template: ../common-templates/guardian-analyzer.yml

.azure-pipelines/generation-templates/meta-module.yml

@@ -22,6 +22,8 @@ steps:
       script: |
         $(System.DefaultWorkingDirectory)/tools/GenerateMetaModule.ps1
 
+  - template: ../common-templates/guardian-analyzer.yml
+
   - ${{ if eq(parameters.Sign, true) }}:
       - template: ../common-templates/esrp/codesign.yml
         parameters:

.azure-pipelines/generation-templates/workload-modules.yml

@@ -21,6 +21,8 @@ steps:
       script: |
         . $(System.DefaultWorkingDirectory)/tools/GenerateModules.ps1 -EnableSigning:$${{ parameters.Sign }} -Build -ExcludeExampleTemplates -ExcludeNotesSection
 
+  - template: ../common-templates/guardian-analyzer.yml
+
   - task: PowerShell@2
     displayName: Test Workload Modules
     enabled: false
@@ -30,6 +32,14 @@ steps:
       script: |
         . $(System.DefaultWorkingDirectory)/tools/GenerateModules.ps1 -SkipGeneration -Test
 
+  - task: PowerShell@2
+    displayName: Find Duplicate Commands
+    inputs:
+      targetType: inline
+      pwsh: true
+      script: |
+        . $(System.DefaultWorkingDirectory)/tools/PostGeneration/FindDuplicateCommand.ps1 -SourcePath "$(System.DefaultWorkingDirectory)/src/"
+
   - ${{ if eq(parameters.Sign, true) }}:
       - template: ../common-templates/esrp/strongname.yml
         parameters:

.github/policies/msgraph-sdk-powershell-branch-protection.yml

@@ -9,40 +9,44 @@ resource: repository
 configuration:
   branchProtectionRules:
 
-  - branchNamePattern: main
-    # This branch pattern applies to the following branches as of 06/12/2023 10:31:18:
-    # main
+  - branchNamePattern: dev
+    # This branch pattern applies to the following branches as of approximately 08/25/2023 14:07:25:
+    # dev
 
     # Specifies whether this branch can be deleted. boolean
     allowsDeletions: false
     # Specifies whether forced pushes are allowed on this branch. boolean
     allowsForcePushes: false
     # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean
-    dismissStaleReviews: false
+    dismissStaleReviews: true
     # Specifies whether admins can overwrite branch protection. boolean
     isAdminEnforced: false
     # Indicates whether "Require a pull request before merging" is enabled. boolean
     requiresPullRequestBeforeMerging: true
     # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required
     requiredApprovingReviewsCount: 1
     # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean
-    requireCodeOwnersReview: false
+    requireCodeOwnersReview: true
     # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines.
     requiresCommitSignatures: false
     # Are conversations required to be resolved before merging? boolean
-    requiresConversationResolution: false
+    requiresConversationResolution: true
     # Are merge commits prohibited from being pushed to this branch. boolean
     requiresLinearHistory: false
+    # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status
+    requiredStatusChecks:
+    - license/cla
+    - GitOps/AdvancedSecurity
     # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean
     requiresStrictStatusChecks: true
     # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush.
     restrictsPushes: false
     # Restrict who can dismiss pull request reviews. boolean
     restrictsReviewDismissals: false
 
-  - branchNamePattern: dev
-    # This branch pattern applies to the following branches as of 06/12/2023 10:31:18:
-    # dev
+  - branchNamePattern: features/[0-9]*
+    # This branch pattern applies to the following branches as of approximately 08/25/2023 14:07:25:
+    # features/2.0
 
     # Specifies whether this branch can be deleted. boolean
     allowsDeletions: false
@@ -61,22 +65,22 @@ configuration:
     # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines.
     requiresCommitSignatures: false
     # Are conversations required to be resolved before merging? boolean
-    requiresConversationResolution: false
+    requiresConversationResolution: true
     # Are merge commits prohibited from being pushed to this branch. boolean
     requiresLinearHistory: false
     # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status
     requiredStatusChecks:
-    - license/cla
+    - GitOps/AdvancedSecurity
     # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean
     requiresStrictStatusChecks: true
     # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush.
     restrictsPushes: false
     # Restrict who can dismiss pull request reviews. boolean
     restrictsReviewDismissals: false
 
-  - branchNamePattern: features/[0-9]*
-    # This branch pattern applies to the following branches as of 06/12/2023 10:31:18:
-    # features/2.0
+  - branchNamePattern: main
+    # This branch pattern applies to the following branches as of approximately 08/25/2023 14:07:25:
+    # main
 
     # Specifies whether this branch can be deleted. boolean
     allowsDeletions: false
@@ -91,18 +95,54 @@ configuration:
     # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required
     requiredApprovingReviewsCount: 1
     # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean
-    requireCodeOwnersReview: false
+    requireCodeOwnersReview: true
     # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines.
     requiresCommitSignatures: false
     # Are conversations required to be resolved before merging? boolean
-    requiresConversationResolution: false
+    requiresConversationResolution: true
     # Are merge commits prohibited from being pushed to this branch. boolean
     requiresLinearHistory: false
     # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status
     requiredStatusChecks:
+    - GitOps/AdvancedSecurity
     # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean
     requiresStrictStatusChecks: true
     # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush.
     restrictsPushes: false
     # Restrict who can dismiss pull request reviews. boolean
     restrictsReviewDismissals: false
+
+  - branchNamePattern: support/*
+    # This branch pattern applies to the following branches as of approximately 08/25/2023 14:07:25:
+    # support/1.x
+
+    # Specifies whether this branch can be deleted. boolean
+    allowsDeletions: false
+    # Specifies whether forced pushes are allowed on this branch. boolean
+    allowsForcePushes: false
+    # Specifies whether new commits pushed to the matching branches dismiss pull request review approvals. boolean
+    dismissStaleReviews: true
+    # Specifies whether admins can overwrite branch protection. boolean
+    isAdminEnforced: false
+    # Indicates whether "Require a pull request before merging" is enabled. boolean
+    requiresPullRequestBeforeMerging: true
+    # Specifies the number of pull request reviews before merging. int (0-6). Should be null/empty if PRs are not required
+    requiredApprovingReviewsCount: 1
+    # Require review from Code Owners. Requires requiredApprovingReviewsCount. boolean
+    requireCodeOwnersReview: true
+    # Are commits required to be signed. boolean. TODO: all contributors must have commit signing on local machines.
+    requiresCommitSignatures: false
+    # Are conversations required to be resolved before merging? boolean
+    requiresConversationResolution: true
+    # Are merge commits prohibited from being pushed to this branch. boolean
+    requiresLinearHistory: false
+    # Required status checks to pass before merging. Values can be any string, but if the value does not correspond to any existing status check, the status check will be stuck on pending for status since nothing exists to push an actual status
+    requiredStatusChecks:
+    - GitOps/AdvancedSecurity
+    # Require branches to be up to date before merging. Requires requiredStatusChecks. boolean
+    requiresStrictStatusChecks: true
+    # Indicates whether there are restrictions on who can push. boolean. Should be set with whoCanPush.
+    restrictsPushes: false
+    # Restrict who can dismiss pull request reviews. boolean
+    restrictsReviewDismissals: false
+

config/ModuleMetadata.json

@@ -3,7 +3,7 @@
   "authors": "Microsoft",
   "copyright": "© Microsoft Corporation. All rights reserved.",
   "description": "Microsoft Graph PowerShell module",
-  "iconUri": "https://raw.githubusercontent.com/microsoftgraph/msgraph-sdk-powershell/features/2.0/docs/images/graph_color256.png",
+  "iconUri": "https://raw.githubusercontent.com/microsoftgraph/msgraph-sdk-powershell/dev/docs/images/graph_color256.png",
   "licenseUri": "https://aka.ms/devservicesagreement",
   "owners": "Microsoft",
   "projectUri": "https://github.com/microsoftgraph/msgraph-sdk-powershell",
@@ -27,15 +27,15 @@
   "versions": {
     "authentication": {
       "prerelease": "",
-      "version": "2.3.0"
+      "version": "2.5.0"
     },
     "beta": {
       "prerelease": "",
-      "version": "2.3.0"
+      "version": "2.5.0"
     },
     "v1.0": {
       "prerelease": "",
-      "version": "2.3.0"
+      "version": "2.5.0"
     }
   }
 }

config/ModulesMapping.jsonc

@@ -9,7 +9,7 @@
   "Devices.CloudPrint": "^print\\.",
   "Devices.CorporateManagement": "^deviceAppManagement\\.|^officeConfiguration\\.|^users.mobileAppIntentAndState$|^users.mobileAppTroubleshootingEvent$|^users.windowsInformationProtectionDeviceRegistration$|^users.managedAppRegistration$|^users.managedDevice$|^users.deviceManagementTroubleshootingEvent$|^users.deviceEnrollmentConfiguration$",
   "Devices.ServiceAnnouncement": "^admin.serviceAnnouncement$|^admin.Actions$|^admin.Functions$",
-  "DeviceManagement": "^deviceManagement.(deviceCompliancePolicy.*|deviceManagementConfigurationPolicy.*|deviceManagementCompliancePolicy.*|deviceManagementConfigurationSettingDefinition.*|deviceConfiguration.*|managedDevice.*|managementCondition.*|microsoftTunnel.*|userExperienceAnalytics.*|windowsInformationProtection.*|deviceManagement|deviceManagement(DerivedCredentialSettings|Intent|ResourceAccessProfileBase|Script|SettingCategory|SettingDefinition|Template|TroubleshootingEvent)|androidForWork(AppConfigurationSchema|Settings)|androidManagedStore(AccountEnterpriseSettings|AppConfigurationSchema)|deviceAndAppManagementAssignmentFilter|deviceCategory|advancedThreatProtectionOnboardingStateSummary|dataSharingConsent|detectedApp|deviceHealthScript|deviceShellScript|embeddedSIMActivationCodePool|groupPolicyConfiguration|macOSSoftwareUpdateAccountSummary|mobileAppTroubleshootingEvent|notificationMessageTemplate|remoteActionAudit|softwareUpdateStatusSummary|windowsMalwareInformation)$|^admin.edge$|^deviceManagement.monitoring$|^users.ListCloudPCs$",
+  "DeviceManagement": "^deviceManagement.(deviceCompliancePolicy.*|deviceManagementConfigurationPolicy.*|deviceManagementCompliancePolicy.*|deviceManagementConfigurationSettingDefinition.*|deviceConfiguration.*|managedDevice.*|managementCondition.*|microsoftTunnel.*|userExperienceAnalytics.*|windowsInformationProtection.*|deviceManagement|deviceManagement(DerivedCredentialSettings|Intent|ResourceAccessProfileBase|Script|SettingCategory|SettingDefinition|Template|TroubleshootingEvent)|androidForWork(AppConfigurationSchema|Settings)|androidManagedStore(AccountEnterpriseSettings|AppConfigurationSchema)|deviceAndAppManagementAssignmentFilter|deviceCategory|advancedThreatProtectionOnboardingStateSummary|dataSharingConsent|detectedApp|deviceHealthScript|deviceShellScript|embeddedSIMActivationCodePool|groupPolicyConfiguration|macOSSoftwareUpdateAccountSummary|mobileAppTroubleshootingEvent|notificationMessageTemplate|remoteActionAudit|softwareUpdateStatusSummary|windowsMalwareInformation|windowsQualityUpdateProfile)$|^admin.edge$|^deviceManagement.monitoring$|^users.ListCloudPCs$",
   "DeviceManagement.Administration": "^deviceManagement.(virtualEndpoint.*|.*Partner.*|.*Certificate.*|.*role.*|deviceManagement(DomainJoinConnector|ExchangeConnector|ExchangeOnPremisesPolicy)|groupPolicy(Category|Definition|DefinitionFile|MigrationReport|ObjectFile|UploadedDefinitionFile)|auditEvent|cartToClassAssociation|comanagementEligibleDevice|deviceAndAppManagementRoleAssignment|intuneBrandingProfile|iosUpdateDeviceStatus|mobileThreatDefenseConnector|ndesConnector|resourceOperation|restrictedAppsViolation|termsAndConditions)",
   "DeviceManagement.Enrollment": "^deviceManagement.(.*Enrollment.*|.*Autopilot.*|.*depOnboarding.*|importedDeviceIdentity|onPremisesConditionalAccessSettings|windowsFeatureUpdateProfile)$|^roleManagement.roleManagement$|^roleManagement.rbacApplicationMultiple$",
   "DeviceManagement.Actions": "^deviceManagement.Actions$",
@@ -19,9 +19,9 @@
   "Files": "^drives\\.|^shares\\.|^users.drive$|^groups.drive$",
   "Financials": "^financials\\.",
   "Groups": "^groups.group$|^groups.directoryObject$|^groups.conversation$|^groups.endpoint$|^groups.extension$|^groups.groupLifecyclePolicy$|^groups.resourceSpecificPermissionGrant$|^groups.profilePhoto$|^groups.conversationThread$|^groupLifecyclePolicies\\.|^users.group$|^groups.directorySetting$|^groups.Actions$|^groups.Functions$|^groupSettings\\.|^groups.groupSetting$|^groupSettingTemplates\\.",
-  "Identity.DirectoryManagement": "^administrativeUnits\\.|^contacts\\.|^devices\\.|^domains\\.|^directoryRoles\\.|^directoryRoleTemplates\\.|^directorySettingTemplates\\.|^settings\\.|^subscribedSkus\\.|^contracts\\.|^directory\\.|^users.scopedRoleMembership$|^organization.organization$|^organization.organizationalBranding$|^organization.organizationSettings$|^organization.Actions$|^organization.extension$|^tenantRelationships.Actions$|admin.peopleAdminSettings$",
+  "Identity.DirectoryManagement": "^administrativeUnits\\.|^contacts\\.|^devices\\.|^domains\\.|^directoryRoles\\.|^directoryRoleTemplates\\.|^directorySettingTemplates\\.|^settings\\.|^subscribedSkus\\.|^contracts\\.|^directory\\.|^users.scopedRoleMembership$|^organization.organization$|^organization.organizationalBranding$|^organization.organizationSettings$|^organization.Actions$|^organization.extension$|^tenantRelationships.Actions$|admin.peopleAdminSettings$|^organization\\.partnerInformation$",
   "Identity.Governance": "^accessReviews\\.|^businessFlowTemplates\\.|^programs\\.|^programControls\\.|^programControlTypes\\.|^privilegedRoles\\.|^privilegedRoleAssignments\\.|^privilegedRoleAssignmentRequests\\.|^privilegedApproval\\.|^privilegedOperationEvents\\.|^privilegedAccess\\.|^agreements\\.|^users.agreementAcceptance$|^identityGovernance\\.|^roleManagement.rbacApplication$|^roleManagement.Functions$|roleManagement.Actions$",
-  "Identity.SignIns": "^organization.certificateBasedAuthConfiguration$|^invitations\\.|^identityProviders\\.|^oauth2PermissionGrants\\.|^identityProtection\\.|^dataPolicyOperations\\.|^identity\\.|^trustFramework\\.|^informationProtection\\.|^policies\\.|^users.authentication$|^users.informationProtection$|^policies.tokenLifetimePolicy$|^policies.tokenIssuancePolicy$|^policies.homeRealmDiscoveryPolicy$|^policies.claimsMappingPolicy$",
+  "Identity.SignIns": "^organization.certificateBasedAuthConfiguration$|^invitations\\.|^identityProviders\\.|^oauth2PermissionGrants\\.|^identityProtection\\.|^dataPolicyOperations\\.|^identity\\.|^trustFramework\\.|^informationProtection\\.|^policies\\.|^users.authentication$|^users.informationProtection$|^tenantRelationships.multiTenantOrganization$",
   "Identity.Partner": "^tenantRelationships.delegatedAdminRelationship$|^tenantRelationships.delegatedAdminCustomer$",
   "Mail": "^users.inferenceClassification$|^users.mailFolder$|^users.message$",
   "ManagedTenants": "^tenantRelationships.managedTenant$",
@@ -33,7 +33,7 @@
   "SchemaExtensions": "^schemaExtensions\\.",
   "Search": "^search\\.|^external\\.",
   "Security": "^security\\.|^users.security$",
-  "Sites": "^sites.site$|^sites.itemAnalytics$|^sites.columnDefinition$|^sites.contentType$|^sites.drive$|^sites.list$|^sites.sitePage$|^sites.permission$|^sites.store$|^users.site$|^groups.site$|^sites.Functions$|^sites.Actions$|^sites.richLongRunningOperation$|^termStore.sets.ListChildren$|^admin.sharepoint$",
+  "Sites": "^sites.baseSitePage$|^sites.site$|^sites.itemAnalytics$|^sites.columnDefinition$|^sites.contentType$|^sites.drive$|^sites.list$|^sites.sitePage$|^sites.permission$|^sites.store$|^users.site$|^groups.site$|^sites.Functions$|^sites.Actions$|^sites.richLongRunningOperation$|^termStore.sets.ListChildren$|^admin.sharepoint$",
   "Teams": "^teams\\.|^chats\\.|^users.chat$|^appCatalogs.teamsApp$|^users.userTeamwork$|^teamwork\\.|^users.team$|^groups.team$",
   "Users": "^users.user$|^users.directoryObject$|^users.licenseDetails$|^users.mailboxSettings|^users.notification$|^users.outlookUser$|^users.profilePhoto$|^users.userSettings$|^users.extension$|^users.oAuth2PermissionGrant$|^users.todo$|^users.itemInsights$|^users.servicePrincipal$",
   "Users.Actions": "^users.Actions$",