From 119b8024f48e7c14a1acf3a93a54dea73c942b50 Mon Sep 17 00:00:00 2001
From: William-francillette <william.francillette@outlook.com>
Date: Mon, 27 Nov 2023 19:48:54 +0000
Subject: [PATCH 1/3] fix IntuneAntivirusPolicyWindows10SettingCatalog

---
 CHANGELOG.md                                  |  3 ++
 ...ntivirusPolicyWindows10SettingCatalog.psm1 | 44 +++++++++++++++++--
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbca59ee92..8514205238 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 # UNRELEASED
 
+* IntuneAntivirusPolicyWindows10SettingCatalog
+  * Skipped settingValueTemplateReference and settingInstanceTemplateReference for severethreats, highseveritythreats, moderateseveritythreats, lowseveritythreats as per API requirements observed in the Intune portal
+  FIXES [#3818](https://github.com/microsoft/Microsoft365DSC/issues/3818)
 * DEPENDENCIES
   * Updated Microsoft.Graph to version 2.10.0.
   * Updated MSCloudLoginAssistant to version 1.1.0.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
index 6f371209c3..0c383ef33f 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
@@ -1590,7 +1590,7 @@ function New-IntuneDeviceConfigurationPolicy
             'settings'          = $Settings
         }
         $body = $policy | ConvertTo-Json -Depth 20
-        Write-Verbose -Message $body
+        #Write-Verbose -Message $body
         Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop
 
     }
@@ -1602,6 +1602,7 @@ function New-IntuneDeviceConfigurationPolicy
             -TenantId $TenantId `
             -Credential $Credential
 
+        #write-verbose ($_ | out-string)
         return $null
     }
 }
@@ -1819,6 +1820,11 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
             $setting.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting')
 
             $includeValueReference = $true
+            $includeSettingInstanceReference = $true
+            $doNotIncludesettingInstanceReferenceKeys = @(
+                'highseveritythreats'
+                'lowseveritythreats'
+            )
             $noValueReferenceKeys = @(
                 'excludedpaths'
                 'excludedprocesses'
@@ -1828,9 +1834,14 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
             {
                 $includeValueReference = $false
             }
+            if ($originalKey -in $doNotIncludesettingInstanceReferenceKeys)
+            {
+                $includeSettingInstanceReference = $false
+            }
             $myFormattedSetting = Format-M365DSCParamsToSettingInstance -DSCParams @{$settingKey = $DSCParams."$originalKey" } `
                 -TemplateSetting $templateSetting `
-                -IncludeSettingValueTemplateId $includeValueReference
+                -IncludeSettingValueTemplateId $includeValueReference `
+                -IncludeSettingInstanceTemplateId $includeSettingInstanceReference
 
             $setting.add('settingInstance', $myFormattedSetting)
             $settings += $setting
@@ -1871,9 +1882,36 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
                 -FilterScript { $_.settingDefinitionId -like "*$key" }
             if ($templateValue)
             {
+                $includeValueReference = $true
+                $includeSettingInstanceReference = $true
+                $doNotIncludesettingInstanceReferenceKeys = @(
+                    'highseveritythreats'
+                    'lowseveritythreats'
+                    'moderateseveritythreats'
+                    'severethreats'
+                )
+                $noValueReferenceKeys = @(
+                    'excludedpaths'
+                    'excludedprocesses'
+                    'excludedextensions'
+                    'highseveritythreats'
+                    'lowseveritythreats'
+                    'moderateseveritythreats'
+                    'severethreats'
+                )
+                if ($key -in $noValueReferenceKeys)
+                {
+                    $includeValueReference = $false
+                }
+                if ($key -in $doNotIncludesettingInstanceReferenceKeys)
+                {
+                    $includeSettingInstanceReference = $false
+                }
                 $groupSettingCollectionValueChild = Format-M365DSCParamsToSettingInstance `
                     -DSCParams @{$key = $DSCParams."$key" } `
-                    -TemplateSetting $templateValue
+                    -TemplateSetting $templateValue `
+                    -IncludeSettingValueTemplateId $includeValueReference `
+                    -IncludeSettingInstanceTemplateId $includeSettingInstanceReference
 
                 $groupSettingCollectionValueChildren += $groupSettingCollectionValueChild
             }

From f18abeb5699ca7fb1026cfb4974f5d2161d192f6 Mon Sep 17 00:00:00 2001
From: William-francillette <william.francillette@outlook.com>
Date: Tue, 28 Nov 2023 10:22:48 +0000
Subject: [PATCH 2/3] fix policy removal

---
 .../MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
index 0c383ef33f..cd9aacadb5 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
@@ -910,8 +910,8 @@ function Set-TargetResource
     }
     elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Removing Endpoint Protection Policy {$currentPolicy.DisplayName}"
-        Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity
+        Write-Verbose -Message "Removing Endpoint Protection Policy {$($currentPolicy.DisplayName)}"
+        Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentPolicy.Identity
     }
 }
 

From 1559a96bbda293878b226dfc744cfb95277e85ec Mon Sep 17 00:00:00 2001
From: William-francillette <william.francillette@outlook.com>
Date: Wed, 29 Nov 2023 09:45:13 +0000
Subject: [PATCH 3/3] restrict policy scope in export - fix3955

---
 .../MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
index cd9aacadb5..76d31bcbf7 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1
@@ -1418,11 +1418,12 @@ function Export-TargetResource
     try
     {
         $templateFamily = 'endpointSecurityAntivirus'
+        $templateReferences = "d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"
         [array]$policies = Get-MgBetaDeviceManagementConfigurationPolicy `
             -ErrorAction Stop `
             -All:$true `
             -Filter $Filter
-        $policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateFamily -eq $templateFamily }
+        $policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateFamily -eq $templateFamily -and $_.TemplateReference.TemplateId -in $templateReferences }
 
         if ($policies.Length -eq 0)
         {