IntuneAntivirusPolicyWindows10SettingCatalog: After policy removal fails Test-DSCConfiguration and stays in non-desired state

[ricmestre]

Description of the issue

After deploying IntuneAntivirusPolicyWindows10SettingCatalog I was able to change some settings and confirm with Test-DSCConfiguration that it was in desired state, however trying to remove it by changing Ensure to "Absent" it removes the policy but then the test fails and stays in non-desired state.

It gets worse in that if I change Ensure back to "Present" and re-deploy the policy it will create it, but if I try once again with Ensure set to "Absent" this time it doesn't even remove the policy, but gives error message below and the only way to remove it this time is manually going to the Intune portal and remove it there or through the CLI using msgraph sdk.

[ResourceNotFound] : {
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: a459fed5-9f64-4a9e-904e-339f3351a5f7 - Url: https://fef.msub07.manage.microsoft.com
/DeviceConfigV2/DCV2GraphService/de147310-ffff-0609-1134-112301273686/deviceManagement/configurationPolicies('9a64d906-adc6-4c20-b2ee-e341703c6a19')?api-version=5023-08-14",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
    + CategoryInfo          : InvalidOperation: ({ DeviceManagem...9, IfMatch =  }:) [], CimException
    + FullyQualifiedErrorId : ResourceNotFound,Microsoft.Graph.Beta.PowerShell.Cmdlets.RemoveMgBetaDeviceManagementConfigurationPolicy_Delete
    + PSComputerName        : localhost

Microsoft 365 DSC Version

1.23.1122.1

Which workloads are affected

other

The DSC configuration

IntuneAntivirusPolicyWindows10SettingCatalog "IntuneAntivirusPolicyWindows10SettingCatalog-MDE - Microsoft Defender AUDIT ONLY"
        {
            allowarchivescanning                = "1";
            allowbehaviormonitoring             = "1";
            allowcloudprotection                = "1";
            allowemailscanning                  = "1";
            allowfullscanonmappednetworkdrives  = "1";
            allowfullscanremovabledrivescanning = "1";
            allowintrusionpreventionsystem      = "1";
            allowioavprotection                 = "1";
            allowonaccessprotection             = "1";
            allowrealtimemonitoring             = "1";
            allowscanningnetworkfiles           = "1";
            allowscriptscanning                 = "1";
            allowuseruiaccess                   = "0";
            Assignments                         = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
            );
            avgcpuloadfactor                    = 30;
            checkforsignaturesbeforerunningscan = "1";
            cloudblocklevel                     = "0";
            Credential                          = $Credscredential;
            Description                         = "No blocks being applied. Useful for new deployments or migrations.";
            disablecatchupfullscan              = "1";
            disablecatchupquickscan             = "1";
            DisplayName                         = "MDE - Microsoft Defender AUDIT ONLY";
            enablelowcpupriority                = "1";
            enablenetworkprotection             = "2";
            Ensure                              = "Absent";
            highseveritythreats                 = "allow";
            Identity                            = "9a64d906-adc6-4c20-b2ee-e341703c6a19";
            lowseveritythreats                  = "allow";
            moderateseveritythreats             = "allow";
            puaprotection                       = "2";
            realtimescandirection               = "0";
            scanparameter                       = "2";
            severethreats                       = "allow";
            submitsamplesconsent                = "1";
            templateId                          = "804339ad-1553-4478-a742-138fb5807418_1";
        }

Verbose logs showing the problem

Already shown above

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

[ricmestre]

The Graph issue seems to have been some service problem in my tenant since it's not giving me that any longer and I have a fix to pass the test after the resource is deleted, will send out a PR shortly.