Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager: Cannot be deployed #3966

Closed
ricmestre opened this issue Nov 29, 2023 · 0 comments · Fixed by #4907 or #4923
Closed

IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager: Cannot be deployed #3966

ricmestre opened this issue Nov 29, 2023 · 0 comments · Fixed by #4907 or #4923
Labels
Bug Something isn't working Intune V1.23.1122.1 Version 1.23.1122.1

Comments

@ricmestre
Copy link
Contributor

Description of the issue

I created a policy manually in Intune admin portal, I then proceeded to export it without issues, after that I compiled the blueprint and changed the MOF to delete the policy which it does but trying to re-create the policy results in the following error message:

[[IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager]IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager-IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1] Creating new
Endpoint Protection Policy {IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1}
A hash table can only be added to another hash table.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : AddHashTableToNonHashTable
    + PSComputerName        : localhost

[] : The request is invalid.
    + CategoryInfo          : InvalidOperation: ({ body = Micros...urationPolicy }:) [], CimException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementConfigurationPolicy_Create
    + PSComputerName        : localhost

Microsoft 365 DSC Version

1.23.1122.1

Which workloads are affected

other

The DSC configuration

# Generated with Microsoft365DSC version 1.23.1122.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
    [parameter()]
    [System.Management.Automation.PSCredential]
    $Credential
)

Configuration IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager
{
    param (
        [parameter()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    if ($null -eq $Credential)
    {
        <# Credentials #>
        $Credscredential = Get-Credential -Message "Credentials"

    }
    else
    {
        $CredsCredential = $Credential
    }

    $OrganizationName = $CredsCredential.UserName.Split('@')[1]

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.23.1122.1'

    Node localhost
    {
        IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager "IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager-IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1"
        {
            Assignments                                                                = @();
            blockabuseofexploitedvulnerablesigneddrivers                               = "warn";
            blockadobereaderfromcreatingchildprocesses                                 = "block";
            blockallofficeapplicationsfromcreatingchildprocesses                       = "block";
            blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem          = "block";
            blockexecutablecontentfromemailclientandwebmail                            = "audit";
            blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = "block";
            blockexecutionofpotentiallyobfuscatedscripts                               = "block";
            blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent          = "block";
            blockofficeapplicationsfromcreatingexecutablecontent                       = "block";
            blockofficeapplicationsfrominjectingcodeintootherprocesses                 = "block";
            blockofficecommunicationappfromcreatingchildprocesses                      = "block";
            blockpersistencethroughwmieventsubscription                                = "block";
            blockprocesscreationsfrompsexecandwmicommands                              = "block";
            blockuntrustedunsignedprocessesthatrunfromusb                              = "block";
            blockwin32apicallsfromofficemacros                                         = "block";
            Credential                                                                 = $Credscredential;
            Description                                                                = "";
            DisplayName                                                                = "IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1";
            Ensure                                                                     = "Present";
            Identity                                                                   = "e056608c-8ae3-4798-89a1-fe82764c6a1a";
            useadvancedprotectionagainstransomware                                     = "block";
        }
    }
}

IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager -ConfigurationData .\ConfigurationData.psd1 -Credential $Credential

Verbose logs showing the problem

[[IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager]IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager-IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1] Creating new
Endpoint Protection Policy {IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager_1}
A hash table can only be added to another hash table.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : AddHashTableToNonHashTable
    + PSComputerName        : localhost

[] : The request is invalid.
    + CategoryInfo          : InvalidOperation: ({ body = Micros...urationPolicy }:) [], CimException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementConfigurationPolicy_Create
    + PSComputerName        : localhost

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working Intune V1.23.1122.1 Version 1.23.1122.1
Projects
None yet
2 participants