Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneDeviceCompliancePolicyMacOS: Fails with conversion error if creating new policy with All Users assignment #2436

Closed
HardingChris opened this issue Oct 24, 2022 · 0 comments · Fixed by #2437
Closed

IntuneDeviceCompliancePolicyMacOS: Fails with conversion error if creating new policy with All Users assignment #2436

HardingChris opened this issue Oct 24, 2022 · 0 comments · Fixed by #2437
Labels
Bug Something isn't working Intune V1.22.1019.1 Version 1.22.1019.1

Comments

@HardingChris
Copy link

Details of the scenario you tried and the problem that is occurring

Exported IntuneDeviceCompliancePolicyMacOS using application id and certificate thumbprint. This resulted in the configuration ps1 script shown below.

It builds the MOF file successfully, but when trying to apply the MOF through DSC it errors if the device compliance policy isn't already present in the tenant (e.g. if someone has deleted it).

It will apply successfully and add the assignment if the policy already exists but the assignment is missing. It will also apply configuration that doesn't have the assignment defined in it and will create the policy without an assignment.

Error is:
Cannot process argument transformation on parameter 'Target'. Cannot convert the
"MSFT_DeviceManagementConfigurationPolicyAssignments" value of type
"Microsoft.Management.Infrastructure.CimInstance#MSFT_DeviceManagementConfigurationPolicyAssignments" to type
"System.Collections.Hashtable".
+ CategoryInfo : InvalidData: (:) [], CimException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Compare-M365DSCComplexObject
+ PSComputerName : localhost

Verbose logs showing the problem

Start-DscConfiguration -Path C:\Users\Chris\Documents\WindowsPowerShell\M365DSCExtracts\chrisclickconfig\chrisclick-Export-2022-10-20-11-40-26 -Verbose -Wait -Force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer DESKTOP-GMAIK4O with user sid .
VERBOSE: [DESKTOP-GMAIK4O]: LCM: [ Start Set ]
VERBOSE: [DESKTOP-GMAIK4O]: LCM: [ Start Resource ] [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2]
VERBOSE: [DESKTOP-GMAIK4O]: LCM: [ Start Test ] [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2]
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Applications} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Authentication} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.DeviceManagement} is available {1.13.0} VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.DeviceManagement.Administration} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.DeviceManagement.Enrolment} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Devices.CorporateManagement} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Groups} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of
{Microsoft.Graph.Identity.DirectoryManagement} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Identity.Governance} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Identity.SignIns} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Planner} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Teams} is available
{1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Users} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.Graph.Users.Actions} is available {1.13.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {Microsoft.PowerApps.Administration.PowerShell} is available {2.0.154}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {MicrosoftTeams} is available {4.8.0}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {MSCloudLoginAssistant} is available {1.0.96}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] New version of {ReverseDSC} is available {2.0.0.13}
VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] Testing configuration of Intune Device Compliance MacOS Policy {TEST-MacOS-DeviceCompliancePolicy} VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] Checking for the Intune Device Compliance MacOS Policy {TEST-MacOS-DeviceCompliancePolicy} VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] No MacOS Device Compliance Policy with displayName {TEST-MacOS-DeviceCompliancePolicy} was found VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] Current Values: AdvancedThreatProtectionRequiredSecurityLevel=Unavailable; ApplicationId=; Assignments=({dataType=#microsoft.graph.allLicensedUsersAssignmentTarget; deviceAndAppManagementAssignmentFilterType=none; deviceAndAppManagementAssignmentFilterId=; groupId=; collectionId=}); CertificateThumbprint=327cf1b99ceab028a57957cee206a6ffbfa0e732; Description=TEST MacOS Compliance Policy created by local DSC run; DeviceThreatProtectionEnabled=False; DeviceThreatProtectionRequiredSecurityLevel=Unavailable; DisplayName=TEST-MacOS-DeviceCompliancePolicy; Ensure=Absent; FirewallBlockAllIncoming=False; FirewallEnabled=True; FirewallEnableStealthMode=False; GatekeeperAllowedAppSource=notConfigured; ManagedIdentity=False; OsMinimumVersion=10.15.6; PasswordBlockSimple=False; PasswordRequired=True; PasswordRequiredType=DeviceDefault; StorageRequireEncryption=True; SystemIntegrityProtectionEnabled=True; TenantId=; Verbose=True VERBOSE: [DESKTOP-GMAIK4O]: [[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] Target Values:
AdvancedThreatProtectionRequiredSecurityLevel=Unavailable; ApplicationId=;
Assignments=({dataType=#microsoft.graph.allLicensedUsersAssignmentTarget; deviceAndAppManagementAssignmentFilterType=none;
deviceAndAppManagementAssignmentFilterId=; groupId=; collectionId=});
CertificateThumbprint=327cf1b99ceab028a57957cee206a6ffbfa0e732; Description=TEST MacOS Compliance Policy created by local DSC
run; DeviceThreatProtectionEnabled=False; DeviceThreatProtectionRequiredSecurityLevel=Unavailable;
DisplayName=TEST-MacOS-DeviceCompliancePolicy; Ensure=Present; FirewallBlockAllIncoming=False; FirewallEnabled=True;
FirewallEnableStealthMode=False; GatekeeperAllowedAppSource=notConfigured; ManagedIdentity=False; OsMinimumVersion=10.15.6;
PasswordBlockSimple=False; PasswordRequired=True; PasswordRequiredType=DeviceDefault; StorageRequireEncryption=True;
SystemIntegrityProtectionEnabled=True; TenantId=; Verbose=True
Cannot process argument transformation on parameter 'Target'. Cannot convert the
"MSFT_DeviceManagementConfigurationPolicyAssignments" value of type
"Microsoft.Management.Infrastructure.CimInstance#MSFT_DeviceManagementConfigurationPolicyAssignments" to type
"System.Collections.Hashtable".
+ CategoryInfo : InvalidData: (:) [], CimException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Compare-M365DSCComplexObject
+ PSComputerName : localhost

VERBOSE: [DESKTOP-GMAIK4O]:
[[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] Test-TargetResource returned False
VERBOSE: [DESKTOP-GMAIK4O]: LCM: [ End Test ]
[[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2] in 89.1120 seconds.
The PowerShell DSC resource '[IntuneDeviceCompliancePolicyMacOS]093c1999-d6db-4265-b04a-c32e7e79e0a2' with SourceInfo 'C:\User
s\Chris\Documents\WindowsPowerShell\M365DSCExtracts\chrisclickconfig\chrisclick-ExportedMacOS.ps1::18::9::IntuneDeviceComplian
cePolicyMacOS' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are
logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName : localhost

VERBOSE: [DESKTOP-GMAIK4O]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 89.898 seconds

Suggested solution to the issue

Error looks to be generated as part of the Test-TargetResource function in Microsoft365DSC/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 when it runs the following:

$testResult=Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# Generated with Microsoft365DSC version 1.22.1019.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
)

Configuration chrisclick-Export-2022-10-20-11-40-26
{
    param (
    )

    $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.22.1019.1'

    Node localhost
    {
        
        IntuneDeviceCompliancePolicyMacOS 093c1999-d6db-4265-b04a-c32e7e79e0a2
        {
            AdvancedThreatProtectionRequiredSecurityLevel = "unavailable";
            ApplicationId                                 = $ConfigurationData.NonNodeData.ApplicationId;
            Assignments                                   = 
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget'
            };
            CertificateThumbprint                         = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Description                                   = "TEST MacOS Compliance Policy created by local DSC run";
            DeviceThreatProtectionEnabled                 = $False;
            DeviceThreatProtectionRequiredSecurityLevel   = "unavailable";
            DisplayName                                   = "TEST-MacOS-DeviceCompliancePolicy";
            Ensure                                        = "Present";
            FirewallBlockAllIncoming                      = $False;
            FirewallEnabled                               = $True;
            FirewallEnableStealthMode                     = $False;
            GatekeeperAllowedAppSource                    = "notConfigured";
            Managedidentity                               = $False;
            OsMinimumVersion                              = "10.15.6";
            PasswordBlockSimple                           = $False;
            PasswordRequired                              = $True;
            PasswordRequiredType                          = "deviceDefault";
            StorageRequireEncryption                      = $True;
            SystemIntegrityProtectionEnabled              = $True;
            TenantId                                      = $ConfigurationData.NonNodeData.TenantId;
        }
        
    }
}

chrisclick-Export-2022-10-20-11-40-26 -ConfigurationData .\ConfigurationData.psd1

The operating system the target node is running

OsName : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage : en-GB
OsMuiLanguages : {en-GB, en-US}

Also occurs when running through Azure Pipeline on windows_latest agent image

Version of the DSC module that was used ('dev' if using current dev branch)

1.22.1019.1

Also occurs in 1.22.1012.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune V1.22.1019.1 Version 1.22.1019.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #2436 William-Francillette/Microsoft365DSC-1
2 participants
@andikrueger @HardingChris