MSFT_AADAuthorizationPolicy: Missing available settings

[techthoughts2]

Details of the scenario you tried and the problem that is occurring

I would like to use this resource to configure Tenant settings such as:

AllowedToCreateTenants
AllowedToReadBitlockerKeysForOwnedDevice

These settings are part of the DefaultUserRolePermissions.

However, while these settings are available to be set in the PowerShell SDK, they are not available to be set via this resource.

Verbose logs showing the problem

$a = Get-MgPolicyAuthorizationPolicy

$a.DefaultUserRolePermissions | fl

AllowedToCreateApps                      : True
AllowedToCreateSecurityGroups            : True
AllowedToCreateTenants                   : False
AllowedToReadBitlockerKeysForOwnedDevice : True
AllowedToReadOtherUsers                  : True
PermissionGrantPoliciesAssigned          : {ManagePermissionGrantsForSelf.microsoft-user-default-legacy}
AdditionalProperties                     : {}

Suggested solution to the issue

Add the following options to be set for this resource:

AllowedToCreateTenants
AllowedToReadBitlockerKeysForOwnedDevice

Update-MgBetaPolicyAuthorizationPolicy supports updating these two settings under the DefaultUserRolePermissions.

This change would be made here:
https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1

The DSC configuration that is used to reproduce the issue (as detailed as possible)

N/A - it is not possible to set the two settings via DSC at this time.

The operating system the target node is running

N/A - it is not possible to set the two settings via DSC at this time.

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.719.1