IntuneDeviceEnrollmentPlatformRestriction not applying any configuration despite showing as successful

[ath3rs]

Details of the scenario you tried and the problem that is occurring

When running a .ps1 file in a pipeline with the IntuneDeviceEnrollmentPlatformRestriction resource, all jobs complete successfully with no errors but the changes do not take affect within the tenant it is being ran against.
I have followed the example found here and amended Android, iOS and Windows mobile devices to be blocked. Also Windows Personal Device Enrollment Blocked.
These are currently set as allow within the tenant, but I don't see anything change once the pipeline has been 'successfully' ran.
Other configurations have successfully ran against the tenant, so I know that the pipeline can successfully connect.
I have taken a manual approach and successfully applied the configuration through both MS Graph and PowerShell using Update-MgDeviceManagementDeviceEnrollmentConfiguration

Verbose logs showing the problem

N/A

Suggested solution to the issue

Is it possible that this way of doing things is no longer valid and there is now a new way to deploy the code?

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Microsoft365 DSC - IntuneDeviceEnrollmentPlatformRestriction

insert configuration here

Configuration ConfigureMicrosoft365
{

param
()


Import-DscResource -ModuleName Microsoft365DSC

node localhost
{   
    IntuneDeviceEnrollmentPlatformRestriction Default_Device_Enrollment_Platform_Restriction
    {
        AndroidOSMaximumVersion                      = "";
        AndroidOSMinimumVersion                      = "";
        AndroidPersonalDeviceEnrollmentBlocked       = $False;
        AndroidPlatformBlocked                       = $True;
        Description                                  = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.";
        DisplayName                                  = "All users and all devices";
        Ensure                                       = "Present";
        iOSOSMaximumVersion                          = "";
        iOSOSMinimumVersion                          = "";
        iOSPersonalDeviceEnrollmentBlocked           = $False;
        iOSPlatformBlocked                           = $True;
        MacPersonalDeviceEnrollmentBlocked           = $False;
        MacPlatformBlocked                           = $False;
        WindowsMobileOSMaximumVersion                = "";
        MacOSMinimumVersion                          = "";
        MacOSMaximumVersion                          = "";
        WindowsMobileOSMinimumVersion                = "";
        WindowsMobilePersonalDeviceEnrollmentBlocked = $False;
        WindowsMobilePlatformBlocked                 = $True;
        WindowsOSMaximumVersion                      = "";
        WindowsOSMinimumVersion                      = "";
        WindowsPersonalDeviceEnrollmentBlocked       = $True;
        WindowsPlatformBlocked                       = $False;
        ApplicationId                                = $env:applicationID;
        TenantId                                     = $env:tenantID;
        CertificateThumbprint                        = $env:certificateThumbprint;
    }
}

}

The operating system the target node is running

Version of the DSC module that was used ('dev' if using current dev branch)

Microsoft365DSC = '1.22.921.1'

Appreciate any help I can get on this,
Cheers

[andikrueger]

Could you share the verbose log of your pipeline?

[ath3rs]

Configuration Job verbose log.txt

Logs as requested, thanks

[andikrueger]

I reviewed the verbose log and was not able to see any error messages there.

Could you do an update to the latest Version of M365DSC to verify, if this might be an issue with the Graph PowerShell Modules used?

[William-Francillette]

Working on this issue - Tested and can see the resource running Set-TargetResource but not updating the Intune policy

[William-Francillette]

This is gonna be a breaking change as the current resource is using v1.0 and Intune is now using the Beta
I also will be using an embedded CIM instead of the split parameters currently used to be more conformed to the doc:
https://learn.microsoft.com/en-us/graph/api/intune-onboarding-deviceenrollmentplatformrestrictionsconfiguration-create?view=graph-rest-beta

[andikrueger]

@William-Francillette Is there any chance to provide a fix without a breaking change? We just had the breaking change release and the next one is going to be in April...

[William-Francillette]

Morning @andikrueger
Sure, I'll release both - first will be the breaking change as I already progressed on it and next I'll check if I can remediate the issue on the current one

[William-Francillette]

Both PR pushed
The non breaking resource will only return the default device restriction policy and can't update Android Enterprise restrictions due to the API v1.0

The breaking change resource uses the beta API and supports all features of the policy