Microsoft365DSC – April 2025 Major Release (version 1.25.402.1)¶
As defined by our Breaking Changes Policy, twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 2nd 2025, will include several breaking changes and will be labeled version 1.25.402.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2025 Major release.
AADPasswordRuleSettings - Updated the BannedPasswordCheckOnPremisesMode Accepted Values (5966)¶
To reflect and align with a change in the associated API, we are changing the possible value of the BannedPasswordCheckOnPremisesMode property from Enforced to Enforce. Existing configuration that use this resource, should check for that property and make sure that if the value is specified as Enforced, that it gets updated to Enforce.
EXOArcConfig - Removed Identity Parameter (#5917)¶
This change removes the Identity property from the resource. The reason for this change is that the property is a tenant wide setting and always set to 'default'. To fix configuration files that define this parameter, simply find the EXOArcConfig entry and remove the Identity parameter entirely.
EXOMailTips - Removed Resource (5773)¶
The EXOMailTups resource conflicted with the Mail tips related properties in the EXOOrganizationConfig resource. Because of this, it was removed to avoid conflicts. To fix configuration files, simply remove the EXOMailTips instance and ensure the settings you were initially setting via this resource and correctly specified as part fo the EXOOrganizationConfig resource.
IntuneAccountProtectionLocalUserGroupMembershipPolicy - Removed the add_replace Deprecated Action (#5790)¶
In the IntuneAccountProtectionLocalUserGroupMembershipPolicy resource, the property LocalUserGroupCollection defines a list of accepted actions to be performed on the users' collection. This breaking change removes the deprecated add_replace action from the list of accepted value. To fix you configuration, simply make sure you replace all add_replace actions by one of the accepted value: add_update, remove_update or add_restrict.
IntuneSecurityBaselineMicrosoftEdge - Remove Deprecated auth_schemes Parameter (#5789)¶
The auth_schemes paremeter has been marked as deprecated for the past few releases and is now being removed from the IntuneSecurityBaselineMicrosoftEdge resource. To fix configuration files that are using this parameter, simply remove it from the file and recompile your MOF file.
Microsoft365DSC whitepaper¶
With this release of Microsoft365DSC, the code used in the Microsoft365DSC whitepaper also includes a breaking change: The framework used in the whitepaper is using the M365DSC.CompositeResources module, that contains composite resources for each workload of Microsoft365DSC. These composite resources are generated using our Composite Resource Generator (CRG).
The composite resources module assumes a certain data file structure, for which an example is generated by the CRG and included in the M365DSC.CompositeResources module as well.
When the CRG was created, the decision was made to rename the resources that allowed multiple objects into their plural for, e.g. ConditionalAccessPolicy would become ConditionalAccessPolicies, since you can add multiple policies. There was no technical reason, just better readability.
As it turns out, this choice has created more challenges than benefits. Converting all resources consistently and predictable is a challenge. And code that has to do the opposite (plural to singular name) is even more challenging. That is why we decided to remove this conversion and revert back to the original M365DSC resource naming.
How to fix¶
When you switch to v1.25.402.1 or later of Microsoft365DSC, you have rename the resources in your data files to their singular, original names (without the workload prefix) or else the unit tests in the pipelines will fail. Check out the original naming here. For example: ConditionalAccessPolicies should be renamed to ConditionalAccessPolicy, since the original resource name is AADConditionalAccessPolicy.
