fix firewall rules interfaceTypes parameter to support multiple values

CHANGELOG.md

@@ -42,6 +42,7 @@
   * Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
 * IntuneDeviceConfigurationEndpointProtectionPolicyWindows10
   * Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
+  * Fixed an issue with the parameter InterfaceTypes from firewallrules defined as a string instead of string[]
 * M365DSCDRGUtil
   * Added support for groupDisplayName to all devices and all users groups
 * AADApplication

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1

@@ -1305,7 +1305,7 @@ function Get-TargetResource
             $myfirewallRules.Add('FilePath', $currentfirewallRules.filePath)
             if ($null -ne $currentfirewallRules.interfaceTypes)
             {
-                $myfirewallRules.Add('InterfaceTypes', $currentfirewallRules.interfaceTypes.toString())
+                $myfirewallRules.Add('InterfaceTypes', $currentfirewallRules.interfaceTypes.toString() -split ',')
             }
             $myfirewallRules.Add('LocalAddressRanges', $currentfirewallRules.localAddressRanges)
             $myfirewallRules.Add('LocalPortRanges', $currentfirewallRules.localPortRanges)
@@ -3704,6 +3704,19 @@ function Set-TargetResource
                 $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key
             }
         }
+        if ($CreateParameters.FirewallRules.count -gt 0)
+        {
+            $intuneFirewallRules = @()
+            foreach ($firewallRule in $CreateParameters.FirewallRules)
+            {
+                if ($firewallRule.interfaceTypes -gt 1)
+                {
+                    $firewallRule.interfaceTypes = $firewallRule.interfaceTypes -join ','
+                }
+                $intuneFirewallRules += $firewallRule
+            }
+            $CreateParameters.FirewallRules = $intuneFirewallRules
+        }
         #region resource generator code
         $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration')
         $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters
@@ -3739,6 +3752,19 @@ function Set-TargetResource
                 $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key
             }
         }
+        if ($UpdateParameters.FirewallRules.count -gt 0)
+        {
+            $intuneFirewallRules = @()
+            foreach ($firewallRule in $UpdateParameters.FirewallRules)
+            {
+                if ($firewallRule.interfaceTypes -gt 1)
+                {
+                    $firewallRule.interfaceTypes = $firewallRule.interfaceTypes -join ','
+                }
+                $intuneFirewallRules += $firewallRule
+            }
+            $UpdateParameters.FirewallRules = $intuneFirewallRules
+        }
         #region resource generator code
         $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration')
         Update-MgBetaDeviceManagementDeviceConfiguration  `

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.schema.mof

@@ -92,7 +92,7 @@ class MSFT_MicrosoftGraphWindowsFirewallRule
     [Write, Description("The display name of the rule. Does not need to be unique.")] String DisplayName;
     [Write, Description("Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. Possible values are: notConfigured, blocked, allowed."), ValueMap{"notConfigured","blocked","allowed"}, Values{"notConfigured","blocked","allowed"}] String EdgeTraversal;
     [Write, Description("The full file path of an app that's affected by the firewall rule.")] String FilePath;
-    [Write, Description("The interface types of the rule. Possible values are: notConfigured, remoteAccess, wireless, lan."), ValueMap{"notConfigured","remoteAccess","wireless","lan"}, Values{"notConfigured","remoteAccess","wireless","lan"}] String InterfaceTypes;
+    [Write, Description("The interface types of the rule. Possible values are: notConfigured, remoteAccess, wireless, lan."), ValueMap{"notConfigured","remoteAccess","wireless","lan"}, Values{"notConfigured","remoteAccess","wireless","lan"}] String InterfaceTypes[];
     [Write, Description("List of local addresses covered by the rule. Default is any address. Valid tokens include:'' indicates any local address. If present, this must be the only token included.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of 'start address - end address' with no spaces included.An IPv6 address range in the format of 'start address - end address' with no spaces included.")] String LocalAddressRanges[];
     [Write, Description("List of local port ranges. For example, '100-120', '200', '300-320'. If not specified, the default is All.")] String LocalPortRanges[];
     [Write, Description("Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.")] String LocalUserAuthorizations;