AADConditionalAccessPolicy: Success but ExcludeUsers not getting updated

[grabery]

Details of the scenario you tried and the problem that is occurring

My DSC deployment is working just fine. But when I edit the "ExcludeUsers" of AADConditionalAccessPolicy Resource (remove value), it doesn't actually update on the policy and the user is still excluded. I get no error, the whole DSC-Configuration is running just fine (verbose) and does complete the "set" procedure. In the Azure Portal, I can see that "Modified Date" of the ConditionalAccessPolicy changed to the corresponding time, but the configuration did actually not change according to the new DSC-Configuration file, as described.

Btw. a colleague of mine noticed similar issues on SPO related settings.

Verbose logs showing the problem

none

Suggested solution to the issue

M365DSC should either log an error, or actually change the configuration as it is supposed to do :-)

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# insert configuration here

The operating system the target node is running

Version of the DSC module that was used ('dev' if using current dev branch)

1.22.601.1

[NikCharlebois]

Just want to make sure we understand the scenario. For example, you have a CAP with 2 excluded users, then you remove one of the 2 users from the config, and apply it. This user is never removed from the ExcludedUsers? We are not able to repro on our end for whatever reason. Thanks

[NikCharlebois]

I believe your issue may be linked to #2058 where there was an issue removing the last item from included or excluded properties.