Merge pull request #4067 from NikCharlebois/Various-Intune-Related-Fixes

Various Intune Related Fixes

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1

@@ -326,7 +326,7 @@ function Test-TargetResource
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
 
-    if ($null -ne $CurrentValues.CustomSettings -and $null -ne $CustomSettings)
+    if ($null -ne $CurrentValues.CustomSettings -and $CurrentValues.CustomSettings.Length -gt 0 -and $null -ne $CustomSettings)
     {
         $value = Test-M365DSCAppConfigurationPolicyCustomSetting -Current $CurrentValues.CustomSettings -Desired $CustomSettings
         if ($value -eq $false)

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1

@@ -246,8 +246,9 @@ function Get-TargetResource
         if ($null -eq $policyInfo)
         {
             Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}"
-            $policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -Filter "displayName eq '$DisplayName'" -ExpandProperty Apps, assignments `
-                -ErrorAction Stop
+            $policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments `
+                -ErrorAction Stop -All:$true
+            $policyInfo = $policyInfoArray | Where-Object -FilterScript {$_.displayName -eq $DisplayName}
         }
         if ($null -eq $policyInfo)
         {
@@ -628,10 +629,6 @@ function Set-TargetResource
                 }
             }
         }
-        else
-        {
-            #write-host 'value' $param 'not specified'
-        }
     }
 
     # handle complex parameters - manually for now
@@ -992,29 +989,22 @@ function Test-TargetResource
             Write-Verbose -Message ('Unspecified Parameter in Config: ' + $param + '  Current Value Will be retained: ' + $CurrentValues.$param)
         }
     }
-
+    Write-Verbose -Message "Starting Assignments Check"
     # handle complex parameters - manually for now
     if ($PSBoundParameters.keys -contains 'Assignments' )
     {
         $targetvalues.add('Assignments', $psboundparameters.Assignments)
     }
-    else
-    {
-        Write-Verbose -Message 'Unspecified Parameter in Config: Assignments - Current Value is:' $CurrentValues.Assignments `
-            "`r`nNOTE: Assignments interacts with other values - not specifying may lead to unexpected output"
-    }
 
+    Write-Verbose -Message "Starting Exluded Groups Check"
     if ($PSBoundParameters.keys -contains 'ExcludedGroups' )
     {
         $targetvalues.add('ExcludedGroups', $psboundparameters.ExcludedGroups)
     }
-    else
-    {
-        Write-Verbose -Message 'Unspecified Parameter in Config: ExcludedGroups - Current Value is:' $CurrentValues.ExcludedGroups `
-            "`r`nNOTE: ExcludedGroups interacts with other values - not specifying may lead to unexpected output"
-    }
 
     # set the apps values
+    Write-Verbose -Message "AppGroupType: $AppGroupType"
+    Write-Verbose -Message "apps: $apps"
     $AppsHash = set-AppsHash -AppGroupType $AppGroupType -apps $apps
     $targetvalues.add('Apps', $AppsHash.Apps)
     $targetvalues.add('AppGroupType', $AppsHash.AppGroupType)
@@ -1285,12 +1275,8 @@ function Set-ManagedBrowserValues
     # edge - edge, true, empty id strings
     # any app - not configured, false, empty strings
     # unmanaged browser not configured, true, strings must not be empty
-
-    Write-Host 'Setting Managed Browser Properties'
-
     if (!$ManagedBrowserToOpenLinksRequired)
     {
-        Write-Host 'Setting Managed Browser to Any App'
         $ManagedBrowser = 'notConfigured'
         $ManagedBrowserToOpenLinksRequired = $false
         $CustomBrowserDisplayName = ''
@@ -1301,15 +1287,13 @@ function Set-ManagedBrowserValues
     {
         if (($CustomBrowserDisplayName -ne '') -and ($CustomBrowserPackageId -ne ''))
         {
-            Write-Host 'Setting Managed Browser to Custom Browser'
             $ManagedBrowser = 'notConfigured'
             $ManagedBrowserToOpenLinksRequired = $true
             $CustomBrowserDisplayName = $CustomBrowserDisplayName
             $CustomBrowserPackageId = $CustomBrowserPackageId
         }
         else
         {
-            Write-Host 'Setting Managed Browser to Microsoft Edge'
             $ManagedBrowser = 'microsoftEdge'
             $ManagedBrowserToOpenLinksRequired = $true
             $CustomBrowserDisplayName = ''

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1

@@ -725,7 +725,16 @@ function Set-TargetResource
         {
             if (-not [String]::IsNullOrEmpty($createParameters.$duration))
             {
-                $createParameters.$duration = [TimeSpan]::parse($createParameters.$duration)
+                Write-Verbose -Message "Parsing {$($createParameters.$duration)} into TimeSpan"
+                if ($createParameters.$duration.startswith('P'))
+                {
+                    $timespan = [System.Xml.XmlConvert]::ToTimeSpan($createParameters.$duration)
+                }
+                else
+                {
+                    $timespan = [TimeSpan]$createParameters.$duration
+                }
+                $createParameters.$duration = $timespan
             }
         }
         $myExemptedAppProtocols = @()

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1

@@ -176,8 +176,10 @@ function Get-TargetResource
     try
     {
         #Retrieve policy general settings
-        $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop
-
+        if (-not [System.String]::IsNullOrEmpty($Identity))
+        {
+            $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop
+        }
         if ($null -eq $policy)
         {
             Write-Verbose -Message "No Endpoint Protection Policy {id: '$Identity'} was found"
@@ -957,7 +959,10 @@ function Get-IntuneSettingCatalogPolicySetting
             -SettingValueName $settingValueName `
             -SettingValueType $settingValueType `
             -SettingValueTemplateId $settingValueTemplateId
-        $settingInstance += ($settingValue)
+        if ($null -ne $settingValue)
+        {
+            $settingInstance += [Hashtable]$settingValue
+        }
 
         $settingInstances += @{
             '@odata.type'     = '#microsoft.graph.deviceManagementConfigurationSetting'

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1

@@ -363,7 +363,7 @@ function Set-TargetResource
 
         if ($policy.id)
         {
-            Update-MgDeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
+            Update-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
                 -Targets $assignmentsHash `
                 -Repository 'deviceManagement/deviceConfigurations'
         }

Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1

@@ -203,7 +203,7 @@ function Test-TargetResource
             Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
         }
 
-        $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0
+        $result = ($instances.Length - $DSCConvertedInstances.Length) -eq 0
 
         if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
         {

Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1

@@ -18,7 +18,7 @@ Configuration Example
         {
             DisplayName                                            = 'test'
             deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
-            WindowsHelloForBusinessBlocked                         = $true
+            WindowsHelloForBusinessBlocked                         = $false
             PinMinimumLength                                       = 5
             PinSpecialCharactersUsage                              = 'required'
             Ensure                                                 = 'Present'

Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1

@@ -18,7 +18,7 @@ Configuration Example
         {
             DisplayName                                            = 'test'
             deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
-            WindowsHelloForBusinessBlocked                         = $true
+            WindowsHelloForBusinessBlocked                         = $false
             PinMinimumLength                                       = 10 # Updated Property
             PinSpecialCharactersUsage                              = 'required'
             Ensure                                                 = 'Present'

Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1

@@ -60,7 +60,7 @@
                 {
                     DisplayName                                            = 'test'
                     deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
-                    WindowsHelloForBusinessBlocked                         = $true
+                    WindowsHelloForBusinessBlocked                         = $false
                     PinMinimumLength                                       = 5
                     PinSpecialCharactersUsage                              = 'required'
                     Ensure                                                 = 'Present'
@@ -308,7 +308,7 @@
                     ManagedEmailProfileRequired                 = $True
                     Ensure                                      = 'Present'
                     Credential                                  = $Credscredential
-        
+
                 }
                 IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS'
                 {
@@ -412,7 +412,7 @@
                                         {
                                             Name = 'hosted_app'
                                         }
-        
+
                                         MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair
                                         {
                                             Name = 'user_script'
@@ -446,7 +446,7 @@
                                     Id                          = '14c48993-35af-4b77-a4f8-12de917b1bb9'
                                     odataType                   = '#microsoft.graph.groupPolicyPresentationValueDecimal'
                                 }
-        
+
                                 MSFT_IntuneGroupPolicyDefinitionValuePresentationValue
                                 {
                                     presentationDefinitionId    = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b'
@@ -455,7 +455,7 @@
                                     Id                          = '4d654df9-6826-470f-af4e-d37491663c76'
                                     odataType                   = '#microsoft.graph.groupPolicyPresentationValueDecimal'
                                 }
-        
+
                                 MSFT_IntuneGroupPolicyDefinitionValuePresentationValue
                                 {
                                     presentationDefinitionId    = '6900e752-4bc3-463b-9fc8-36d78c77bc3e'