Skip to content

Commit

Permalink
Merge pull request #3952 from William-Francillette/fix3818
Browse files Browse the repository at this point in the history
PR: IntuneAntivirusPolicyWindows10SettingCatalog Fixes 3818 and 3955
  • Loading branch information
ykuijs authored Nov 29, 2023
2 parents 288e17f + 488c910 commit f44ba30
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 6 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

# UNRELEASED

* IntuneAntivirusPolicyWindows10SettingCatalog
* Skipped settingValueTemplateReference and settingInstanceTemplateReference for severethreats, highseveritythreats, moderateseveritythreats, lowseveritythreats as per API requirements observed in the Intune portal
FIXES [#3818](https://github.com/microsoft/Microsoft365DSC/issues/3818)
FIXES [#3955](https://github.com/microsoft/Microsoft365DSC/issues/3955)
* AADRoleSetting
* Export sorted by DisplayName for better comparison
* Enable Filter property to be used on export
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -910,8 +910,8 @@ function Set-TargetResource
}
elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing Endpoint Protection Policy {$currentPolicy.DisplayName}"
Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity
Write-Verbose -Message "Removing Endpoint Protection Policy {$($currentPolicy.DisplayName)}"
Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentPolicy.Identity
}
}

Expand Down Expand Up @@ -1418,11 +1418,12 @@ function Export-TargetResource
try
{
$templateFamily = 'endpointSecurityAntivirus'
$templateReferences = "d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"
[array]$policies = Get-MgBetaDeviceManagementConfigurationPolicy `
-ErrorAction Stop `
-All:$true `
-Filter $Filter
$policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateFamily -eq $templateFamily }
$policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateFamily -eq $templateFamily -and $_.TemplateReference.TemplateId -in $templateReferences }

if ($policies.Length -eq 0)
{
Expand Down Expand Up @@ -1590,7 +1591,7 @@ function New-IntuneDeviceConfigurationPolicy
'settings' = $Settings
}
$body = $policy | ConvertTo-Json -Depth 20
Write-Verbose -Message $body
#Write-Verbose -Message $body
Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop

}
Expand All @@ -1602,6 +1603,7 @@ function New-IntuneDeviceConfigurationPolicy
-TenantId $TenantId `
-Credential $Credential

#write-verbose ($_ | out-string)
return $null
}
}
Expand Down Expand Up @@ -1819,6 +1821,11 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
$setting.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting')

$includeValueReference = $true
$includeSettingInstanceReference = $true
$doNotIncludesettingInstanceReferenceKeys = @(
'highseveritythreats'
'lowseveritythreats'
)
$noValueReferenceKeys = @(
'excludedpaths'
'excludedprocesses'
Expand All @@ -1828,9 +1835,14 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
{
$includeValueReference = $false
}
if ($originalKey -in $doNotIncludesettingInstanceReferenceKeys)
{
$includeSettingInstanceReference = $false
}
$myFormattedSetting = Format-M365DSCParamsToSettingInstance -DSCParams @{$settingKey = $DSCParams."$originalKey" } `
-TemplateSetting $templateSetting `
-IncludeSettingValueTemplateId $includeValueReference
-IncludeSettingValueTemplateId $includeValueReference `
-IncludeSettingInstanceTemplateId $includeSettingInstanceReference

$setting.add('settingInstance', $myFormattedSetting)
$settings += $setting
Expand Down Expand Up @@ -1871,9 +1883,36 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
-FilterScript { $_.settingDefinitionId -like "*$key" }
if ($templateValue)
{
$includeValueReference = $true
$includeSettingInstanceReference = $true
$doNotIncludesettingInstanceReferenceKeys = @(
'highseveritythreats'
'lowseveritythreats'
'moderateseveritythreats'
'severethreats'
)
$noValueReferenceKeys = @(
'excludedpaths'
'excludedprocesses'
'excludedextensions'
'highseveritythreats'
'lowseveritythreats'
'moderateseveritythreats'
'severethreats'
)
if ($key -in $noValueReferenceKeys)
{
$includeValueReference = $false
}
if ($key -in $doNotIncludesettingInstanceReferenceKeys)
{
$includeSettingInstanceReference = $false
}
$groupSettingCollectionValueChild = Format-M365DSCParamsToSettingInstance `
-DSCParams @{$key = $DSCParams."$key" } `
-TemplateSetting $templateValue
-TemplateSetting $templateValue `
-IncludeSettingValueTemplateId $includeValueReference `
-IncludeSettingInstanceTemplateId $includeSettingInstanceReference

$groupSettingCollectionValueChildren += $groupSettingCollectionValueChild
}
Expand Down

0 comments on commit f44ba30

Please sign in to comment.