diff --git a/CHANGELOG.md b/CHANGELOG.md index e246aece2c..f3e992541e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Add support to decrypt encrypted OmaSettings and export them in plaintext FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) +* IntuneDeviceEnrollmentPlatformRestriction + * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly + FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Fix issue when trying to remove policy and Identity is set to a random GUID or from another tenant diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 40e5fe25fe..99eb5b034f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -274,14 +274,7 @@ function Set-TargetResource #endregion $currentCategory = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('Verbose') | Out-Null + $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $PSBoundParameters.Remove('Identity') | Out-Null if ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Absent') @@ -326,10 +319,10 @@ function Set-TargetResource } $PSBoundParameters.add('@odata.type', $policyType) - Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) + #Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) $policy = New-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` - -BodyParameter $PSBoundParameters + -BodyParameter ([hashtable]$PSBoundParameters) #Assignments from DefaultPolicy are not editable and will raise an alert if ($policy.Id -notlike '*_DefaultPlatformRestrictions') @@ -384,9 +377,9 @@ function Set-TargetResource $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } $PSBoundParameters.add('@odata.type', $policyType) - Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) + #Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` - -BodyParameter $PSBoundParameters ` + -BodyParameter ([hashtable]$PSBoundParameters) ` -DeviceEnrollmentConfigurationId $Identity #Assignments from DefaultPolicy are not editable and will raise an alert @@ -517,7 +510,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false @@ -547,11 +540,8 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Identity') | Out-Null $ValuesToCheck.Remove('WindowsMobileRestriction') | Out-Null #Convert any DateTime to String diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index ff01ef6f85..605ad7f2fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -591,12 +591,6 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Id') | Out-Null - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index ca9bef9034..7859f4063d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -207,7 +207,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false + Test-TargetResource @testParams| Should -Be $false } It 'Should remove the restriction from the Set method' {