Skip to content

Commit

Permalink
Merge pull request microsoft#3990 from MKlingner/fix/mandatory_Identity
Browse files Browse the repository at this point in the history
Fixed Schema Validation with parameter Identity from IntuneSettingCatalogASRRulesPolicyWindows10
  • Loading branch information
NikCharlebois authored Feb 5, 2024
2 parents 005a070 + a70caa4 commit 8b78553
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 16 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,10 @@
* IntuneAntivirusPolicyWindows10SettingCatalog
* Fix condition in Test-TargetResource to check if resource was removed or not
FIXES [#3958](https://github.com/microsoft/Microsoft365DSC/issues/3958)
* IntuneSettingCatalogASRRulesPolicyWindows10
* Fixed Schema Validation
* Fixed Import with unknown ID of Policy and Assignments by using DisplayName
FIXES [#3961](https://github.com/microsoft/Microsoft365DSC/issues/3961)
* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10
* Fix typo in assignment cmdlet
FIXES [#3996](https://github.com/microsoft/Microsoft365DSC/issues/3996)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,12 @@ function Get-TargetResource
if ($null -eq $policy)
{
Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found"
$policy = Get-MgBetaDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue
$policy = Get-MgBetaDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" }

if ($policy.Count -gt 1)
{
throw "Multiple Endpoint Protection Attack Surface Protection rules Policies with DisplayName '{$DisplayName}' were found!"
}
}

if ($null -eq $policy)
Expand Down Expand Up @@ -239,18 +244,14 @@ function Get-TargetResource
}
}

$returnAssignments = @()
$returnAssignments += Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $policy.Id
$assignmentResult = @()
foreach ($assignmentEntry in $returnAssignments)
$returnAssignments = Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $policy.Id
if ($returnAssignments.Count -gt 0)
{
$assignmentValue = @{
dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString()
deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
groupId = $assignmentEntry.Target.AdditionalProperties.groupId
}
$assignmentResult += $assignmentValue
$assignmentResult = ConvertFrom-IntunePolicyAssignment -Assignments $returnAssignments
}
else
{
$assignmentResult = @()
}
$returnHashtable.Add('Assignments', $assignmentResult)

Expand Down Expand Up @@ -490,8 +491,9 @@ function Set-TargetResource
}
if ($policy.id)
{
$intuneAssignments = [Hashtable[]] (ConvertTo-IntunePolicyAssignment -Assignments $assignmentsHash)
Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
-Targets $assignmentsHash
-Targets ([Array]($intuneAssignments.target))
}
#endregion
}
Expand All @@ -509,7 +511,7 @@ function Set-TargetResource
#write-verbose -message ($settings|convertto-json -Depth 20)

Update-IntuneDeviceConfigurationPolicy `
-DeviceConfigurationPolicyId $Identity `
-DeviceConfigurationPolicyId $currentPolicy.Identity `
-Name $DisplayName `
-Description $Description `
-TemplateReferenceId $templateReferenceId `
Expand All @@ -523,8 +525,9 @@ function Set-TargetResource
{
$assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
}
Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $Identity `
-Targets $assignmentsHash
$intuneAssignments = [Hashtable[]] (ConvertTo-IntunePolicyAssignment -Assignments $assignmentsHash)
Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentPolicy.Identity `
-Targets ([Array]($intuneAssignments.target))
#endregion
}
elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present')
Expand Down Expand Up @@ -752,6 +755,19 @@ function Test-TargetResource
$sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source
$testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment
}
#GroupDisplayName Assignment
if (-not [String]::IsNullOrEmpty($assignment.groupDisplayName))
{
$source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.groupDisplayName -eq $assignment.groupDisplayName }
if (-not $source)
{
Write-Verbose -Message "Configuration drift: groupDisplayName {$($assignment.groupDisplayName)} not found"
$testResult = $false
break
}
$sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source
$testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment
}
#AllDevices/AllUsers assignment
else
{
Expand Down
4 changes: 4 additions & 0 deletions Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -1309,6 +1309,10 @@ function Update-DeviceConfigurationPolicyAssignment
foreach ($target in $targets)
{
$formattedTarget = @{"@odata.type" = $target.dataType}
if(-not $formattedTarget."@odata.type" -and $target."@odata.type")
{
$formattedTarget."@odata.type" = $target."@odata.type"
}
if ($target.groupId)
{
$formattedTarget.Add('groupId',$target.groupId)
Expand Down

0 comments on commit 8b78553

Please sign in to comment.