cnotin
diff --git a/‎src/Teams/beta/custom/RscConfigurationSynthesizer.cs‎
Lines changed: 47 additions & 22 deletions b/‎src/Teams/beta/custom/RscConfigurationSynthesizer.cs‎
Lines changed: 47 additions & 22 deletions
diff --git a/‎src/Teams/beta/custom/SetMgBetaChatRscConfiguration_Update.cs‎
Lines changed: 39 additions & 9 deletions b/‎src/Teams/beta/custom/SetMgBetaChatRscConfiguration_Update.cs‎
Lines changed: 39 additions & 9 deletions
@@ -84,33 +84,54 @@ internal MicrosoftGraphRscConfiguration ConvertToChatRscConfiguration(
 
             if (teamsAppSettings.IsChatResourceSpecificConsentEnabled == true)
             {
-                if (assignedPermissionGrantPoliciesApplicableToChatScope.Any())
-                {
-                    this.LogVerbose(
-                        "Chat RSC is enabled in Teams App Settings and chat scoped permission grant policies are enabled. Not a supported scenario.",
-                        eventListener);
-                    microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
-                }
-                else
-                {
-                    this.LogVerbose("Chat RSC is enabled in Teams App Settings.", eventListener);
-                    microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
-                }
+                this.LogVerbose("Chat RSC is enabled in Teams App Settings.", eventListener);
+                microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
             }
             else if (assignedPermissionGrantPoliciesApplicableToChatScope.Any())
             {
-                if (assignedPermissionGrantPoliciesApplicableToChatScope.Any(pgp => !string.Equals(
-                        pgp.ManagePermissionGrantsForOwnedResourcePrefixedId,
-                        RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForChats,
-                        StringComparison.OrdinalIgnoreCase)))
+                int interestingPermissionGrantPolicyCount = assignedPermissionGrantPoliciesApplicableToChatScope.Count();
+
+                if (interestingPermissionGrantPolicyCount > 1)
                 {
-                    this.LogVerbose("Unknown chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
+                    this.LogVerbose("Multiple chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
                     microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
                 }
+                else if (interestingPermissionGrantPolicyCount == 0)
+                {
+                    microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.DisabledForAllApps;
+                }
                 else
                 {
-                    this.LogVerbose("Authorization policy contains permission grant policy for chat RSC preapprovals.", eventListener);
-                    microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
+                    MGTeamsInternalPermissionGrantPolicy interestingPermissionGrantPolicy =
+                        assignedPermissionGrantPoliciesApplicableToChatScope.Single();
+
+                    if (string.Equals(
+                        interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
+                        RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForChats,
+                        StringComparison.OrdinalIgnoreCase))
+                    {
+                        this.LogVerbose("Authorization policy contains permission grant policy for all chat RSC applications.", eventListener);
+                        microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
+                    }
+                    else if (string.Equals(
+                        interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
+                        RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForChats,
+                        StringComparison.OrdinalIgnoreCase))
+                    {
+                        microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
+                    }
+                    else if (string.Equals(
+                        interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
+                        RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForChats,
+                        StringComparison.OrdinalIgnoreCase))
+                    {
+                        microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.ManagedByMicrosoft;
+                    }
+                    else
+                    {
+                        this.LogVerbose("Unknown chat scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
+                        microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.Custom;
+                    }
                 }
             }
             else
@@ -169,7 +190,6 @@ internal IMicrosoftGraphRscConfiguration ConvertToTeamRscConfiguration(
             }
             else if (interestingPermissionGrantPolicyCount == 0)
             {
-                this.LogVerbose("Team scope RSC is disabled.", eventListener);
                 microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.DisabledForAllApps;
             }
             else
@@ -180,17 +200,22 @@ internal IMicrosoftGraphRscConfiguration ConvertToTeamRscConfiguration(
                         RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForTeams,
                         StringComparison.OrdinalIgnoreCase))
                 {
-                    this.LogVerbose("Authorization policy contains permission grant policy for all application permissions for teams.", eventListener);
                     microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForAllApps;
                 }
                 else if (string.Equals(
                         RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForPreapprovedAppsForTeams,
                         StringComparison.OrdinalIgnoreCase))
                 {
-                    this.LogVerbose("Authorization policy contains permission grant policy for team RSC preapprovals.", eventListener);
                     microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly;
                 }
+                else if (string.Equals(
+                        interestingPermissionGrantPolicy.ManagePermissionGrantsForOwnedResourcePrefixedId,
+                        RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForTeams,
+                        StringComparison.OrdinalIgnoreCase))
+                {
                     microsoftGraphRscConfiguration.State = MicrosoftGraphRscConfigurationState.ManagedByMicrosoft;
+                }
                 else
                 {
                     this.LogVerbose("Unknown group scoped permission grant policies are enabled. Not a supported scenario.", eventListener);
 
@@ -291,6 +291,16 @@ await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
                     }
                     else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForPreApprovedAppsOnly)
                     {
+                        // Disable chat RSC Teams Setting.
+                        await this.Client.UpdateTeamsAppSettings(
+                            isChatResourceSpecificConsentEnabled: false,
+                            eventListener: this,
+                            sender: Pipeline);
+
+                        WriteVerbose($"Disabled Chat RSC Teams setting.");
+
+                        if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
+
                         // Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
                         // Microsoft created.policy enabling pre-approvals.
                         IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
@@ -306,7 +316,9 @@ await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
                         WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
 
                         if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
-
+                    }
+                    else if (this.State == MicrosoftGraphRscConfigurationState.ManagedByMicrosoft)
+                    {
                         // Disable chat RSC Teams Setting.
                         await this.Client.UpdateTeamsAppSettings(
                             isChatResourceSpecificConsentEnabled: false,
@@ -316,30 +328,48 @@ await this.Client.UpdateTeamsAppSettings(
                         WriteVerbose($"Disabled Chat RSC Teams setting.");
 
                         if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
+
+                        // Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
+                        // Microsoft created.policy enabling pre-approvals.
+                        IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
+                            .Except(
+                                assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
+                                StringComparer.OrdinalIgnoreCase)
+                            .Union(new string[] { RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyManagedByMicrosoftForChats }, StringComparer.OrdinalIgnoreCase);
+                        await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
+                            updatedPermissionGrantPolicies,
+                            this,
+                            Pipeline);
+
+                        WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
+
+                        if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
                     }
                     else if (this.State == MicrosoftGraphRscConfigurationState.EnabledForAllApps)
                     {
-                        // Enable chat RSC Teams Setting.
+                        // Disable chat RSC Teams Setting.
                         await this.Client.UpdateTeamsAppSettings(
-                            isChatResourceSpecificConsentEnabled: true,
+                            isChatResourceSpecificConsentEnabled: false,
                             eventListener: this,
                             sender: Pipeline);
 
-                        WriteVerbose($"Enabled Chat RSC Teams setting.");
+                        WriteVerbose($"Disabled Chat RSC Teams setting.");
 
                         if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
 
-                        // Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope.
-                        IEnumerable<string> existingPermissionGrantPoliciesExceptChatScopePolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
+                        // Remove all permission grant policies assigned to default user role permissions which are relevant to chat scope and add
+                        // Microsoft created.policy enabling permissions for all apps.
+                        IEnumerable<string> updatedPermissionGrantPolicies = authorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
                             .Except(
                                 assignedPermissionGrantPoliciesApplicableToChatScope.Select(p => p.ManagePermissionGrantsForOwnedResourcePrefixedId),
-                                StringComparer.OrdinalIgnoreCase);
+                                StringComparer.OrdinalIgnoreCase)
+                            .Union(new string[] { RscConfigurationSynthesizer.MicrosoftCreatedPermissionGrantPolicyEnabledForAllAppsForChats }, StringComparer.OrdinalIgnoreCase);
                         await this.Client.UpdateDefaultUserRolePermissionGrantPoliciesAssigned(
-                            existingPermissionGrantPoliciesExceptChatScopePolicies,
+                            updatedPermissionGrantPolicies,
                             this,
                             Pipeline);
 
-                        WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", existingPermissionGrantPoliciesExceptChatScopePolicies)}'.");
+                        WriteVerbose($"Updated permission grant policies assigned to default user role: '{string.Join(", ", updatedPermissionGrantPolicies)}'.");
 
                         if (((Microsoft.Graph.Beta.PowerShell.Runtime.IEventListener)this).Token.IsCancellationRequested) { return; }
                     }