[BUG] V2.3.0 - Auditing not being added to commits

[gmenziesint]

``Describe the bug
The Audit functionality isn't adding the UPNs of users that are making changes, I can see the individual commits performed by users when looking at the overall commit but it isn't being individually added for each user.

To Reproduce
Steps to reproduce the behavior: Provided a copy of our pipeline to replicate this issue under Run type

Expected behavior
Expectation that user UPNs will be added to changes that are committed.

Screenshots
If applicable, add screenshots to help explain your problem.

Ignore the in-progress it did complete it just hasn't visually updated yet it seems.

Run type (please complete the following information):

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
  none
schedules:
  - cron: '0 */6 * * *'
    displayName: "Every 6 hours"
    branches:
      include:
      - main
    always: true

pool:
  vmImage: ubuntu-latest

jobs:
  - job: backup_document
    displayName: Backup Intune configuration
    pool:
      vmImage: ubuntu-latest
    continueOnError: false
    steps:
    - checkout: self
      persistCredentials: true
    
#Remove existing prod-backup directory
    - task: Bash@3
      displayName: Remove existing prod-backup directory
      inputs:
        targetType: 'inline'
        script: |
          rm -rfv "$(Build.SourcesDirectory)/prod-backup"
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: false
        
# Install IntuneCD
# https://github.com/almenscorner/IntuneCD
    - task: Bash@3
      displayName: Install IntuneCD Package V2.3.0
      inputs:
        targetType: 'inline'
        script: |
          pip3 install IntuneCD==2.3.0
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: true

# Backup the latest configuration, using the current directory
    - task: Bash@3
      displayName: IntuneCD backup Start
      inputs:
        targetType: 'inline'
        script: |
          mkdir -p "$(Build.SourcesDirectory)/prod-backup"
          IntuneCD-startbackup \
          --mode=1 \
          --path "$(Build.SourcesDirectory)/prod-backup" \
          --exclude ConditionalAccess \
          --ignore-omasettings \
          --append-id \
          --autopilot \
          --audit
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: true
      env:
        TENANT_NAME: $(TENANT_NAME)
        CLIENT_ID: $(CLIENT_ID)
        CLIENT_SECRET: $(CLIENT_SECRET)
        
# Set git settings
    - task: Bash@3
      displayName: Configure Git Global Settings
      inputs:
        targetType: 'inline'
        script: |
          git config user.name $(USER_NAME)
          git config user.email $(USER_EMAIL)
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: true
# Commit changes and push to Azure DevOps repo
    - task: Bash@3
      displayName: Commit changes to Azure DevOps repo
      name: commitAndsetVariable
      inputs:
        targetType: 'inline'
        script: |
          DATEF=`date +%Y.%m.%d`
          git add --all
          # modified files in folder prod-backup
          var=$(git diff --name-only --staged -- prod-backup)
          echo "##vso[task.setVariable variable=CHANGE_DETECTED;isOutput=true;]$var"
          git commit -m "Intune config backup $DATEF"
          git push origin HEAD:main
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: false
        
# Create markdown documentation
    - task: Bash@3
      displayName: Generate markdown document
      inputs:
        targetType: 'inline'
        script: |
          if [ ! -z "$(commitAndsetVariable.CHANGE_DETECTED)" ]
          then
            INTRO="Intune backup and documentation generated at $(Build.Repository.Uri) <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
            IntuneCD-startdocumentation \
                --path="$(Build.SourcesDirectory)/prod-backup" \
                --outpath="$(Build.SourcesDirectory)/prod-as-built.md" \
                --tenantname=$TENANT_NAME \
                --intro="$INTRO" \
                #--split=Y
          else
            echo "no configuration backup change detected in the last commit, documentation will not be created"
          fi
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: true
      env:
        TENANT_NAME: $(TENANT_NAME)

# Commit changes and push to repo
    - task: Bash@3
      displayName: Commit changes
      inputs:
        targetType: 'inline'
        script: |
          DATEF=`date +%Y.%m.%d`
          git add --all
          git commit -m "Intune config as-built $DATEF"
          git push origin HEAD:main
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: false

  - job: tag
    displayName: Tag repo
    dependsOn: backup_document
    condition: and(succeeded(), ne(dependencies.backup_document.outputs['commitAndsetVariable.CHANGE_DETECTED'], ''))
    pool:
      vmImage: ubuntu-latest
    continueOnError: false
    steps:
    - checkout: self
      persistCredentials: true

# Set git global settings
    - task: Bash@3
      displayName: Configure Git
      inputs:
        targetType: 'inline'
        script: |
          git config user.name $(USER_NAME)
          git config user.email $(USER_EMAIL)
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: true

    - task: Bash@3
      displayName: Pull origin
      inputs:
        targetType: 'inline'
        script: |
          git pull origin main
        workingDirectory: '$(Build.SourcesDirectory)'
        failOnStderr: false

    - task: PowerShell@2
      displayName: Git tag
      inputs:
        targetType: 'inline'
        script: |
          # change in configuration backup folder detected, create TAG
          $DATEF= Get-Date -format "yyyy-MM-dd_THH-mm"
          git tag -a "v$DATEF" -m "Microsoft Intune configuration snapshot $DATEF"
          git push origin "v$DATEF" *> $null # even status information goes to stderr :(
        failOnStderr: true
        pwsh: false
        workingDirectory: '$(Build.SourcesDirectory)'

  - job: publish
    displayName: Publish as-built artifacts
    dependsOn: tag
    condition: and(succeeded(), ne(dependencies.backup_document.outputs['commitAndsetVariable.CHANGE_DETECTED'], ''))
    pool:
      vmImage: ubuntu-latest
    continueOnError: false
    steps:
    - checkout: self
      persistCredentials: true

Additional context
Add any other context about the problem here.

Secondary to this but wanted to flag it the --autopilot argument fails when using true or True with 2.3.0 and doesn't require anything set similar to other arguments but that isn't documented in the changes or in the documentation from what I can see.

[almenscorner]

What is the time between a user making a change and the backup running with --audit?

You are right about the change in the --autopilot argument being missed in the documentation and release notes, I must have missed that in the refactoring. I will update the docs!

[gmenziesint]

The app protection policies I sent the screenshots for don't show as being edited but a user as the modified time is the same so not sure what's going on there.

Another example is an application that was uploaded at 11:30 that superseded another app but was missed at a 13:10 ish run of the Backup.

Thanks for updating the docs :)

Oddly I made a change to check this and the commit for it has been added -

[almenscorner]

An example in my env, I edited a app protection policy, ran a backup and got this commit:

[gmenziesint]

I might just leave it running over the weekend and report back and go from there.

[almenscorner]

Another example is an application that was uploaded at 11:30 that superseded another app but was missed at a 13:10 ish run of the Backup.

When you say missed, do you mean it was not included in the backup at all?

[gmenziesint]

Another example is an application that was uploaded at 11:30 that superseded another app but was missed at a 13:10 ish run of the Backup.

When you say missed, do you mean it was not included in the backup at all?

Sorry I meant the individual commit assigned to a user was missed.

[almenscorner]

Alright, you can run with --verbose to see what authors from the audit logs are found during a run

[almenscorner]

I found why Application information was not audited, the path was incorrect when it tried to add a new file during the audit processing, a new beta with a fix is pushing now, try this version and see if that fixes it: pip3 install IntuneCD==2.3.1b1

[gmenziesint]

I found why Application information was not audited, the path was incorrect when it tried to add a new file during the audit processing, a new beta with a fix is pushing now, try this version and see if that fixes it: pip3 install IntuneCD==2.3.1b1

Great thanks will test it over the next few days and let you know

[gmenziesint]

Seems to be working now and I can see the commits again, thank you!