From 435b0bb81cd0acd20fdec0f193534ce77208e344 Mon Sep 17 00:00:00 2001
From: ketumbra <80352736+ketumbra@users.noreply.github.com>
Date: Mon, 15 Jul 2024 15:10:33 +0200
Subject: [PATCH] correct location of generated cert

The DSC scripts assume the certificate (specified by thumbprint) is in the localmachine store, not current user.
Corrections to help output regarding use of both CertificatePath and CreateSelfSigned params.
---
 Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
index 7ad66b8d6b..6556d4ab09 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
@@ -1246,7 +1246,7 @@ If specified, a new secret will be created for the application. -CreateNewSecret
 The path to the certificate to be uploaded for the app registration. If using with -CreateSelfSignedCertificate - a file with this name will be created and uploaded (file must not exist). Otherwise the file must already exist. Cannot be used with -CreateNewSecret simultaneously.
 
 .Parameter CreateSelfSignedCertificate
-If specified, a self-signed certificate will be created for the application. -CreateSelfSignedCertificate or -CertificatePath can be used, not both.
+If specified, a self-signed certificate will be created for the application.
 
 .Parameter AdminConsent
 If specified, admin consent will be granted for the application.
@@ -1430,7 +1430,7 @@ function Update-M365DSCAzureAdApplication
                 }
                 else
                 {
-                    # Neither CertificatePath and CreateSelfSignedCertificate are specified.
+                    # Neither CertificatePath nor CreateSelfSignedCertificate are specified.
                     Write-LogEntry -Message 'Certificate is specified as Type, but neither the CertificatePath or CreateSelfSignedCertificate parameters are specified.' -Type Error
                     return
                 }
@@ -1714,7 +1714,7 @@ function Update-M365DSCAzureAdApplication
                     if ($CreateSelfSignedCertificate)
                     {
                         Write-LogEntry '    CreateSelfSignedCertificate specified, generating new Self Signed Certificate'
-                        $cerCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\CurrentUser\My' `
+                        $cerCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\LocalMachine\My' `
                             -Subject "CN=$ApplicationName" `
                             -KeySpec Signature `
                             -NotAfter $endDate `