Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled: Missing Assignments property #2932

Closed
ricmestre opened this issue Feb 23, 2023 · 9 comments · Fixed by #4055 or #4074
Closed

IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled: Missing Assignments property #2932

ricmestre opened this issue Feb 23, 2023 · 9 comments · Fixed by #4055 or #4074
Labels
Enhancement New feature or request Intune Pending Information V1.23.222.1 Version 1.23.222.1

Comments

@ricmestre
Copy link
Contributor

Details of the scenario you tried and the problem that is occurring

IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled is missing Assignments property, not due to a bug but rather just not being implemented

Suggested solution to the issue

Add Assignments property to this DSC resource

The DSC configuration that is used to reproduce the issue (as detailed as possible)

        IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled d99c78b7-dacb-426b-8df6-9bd9cf8fc21f
        {
            AzureRightsManagementServicesAllowed   = $False;
            Credential                             = $Credscredential;
            Description                            = "Windows 10/11 - Information Protection - General";
            DisplayName                            = "Windows 10/11 - Information Protection - General";
            EnforcementLevel                       = "encryptAuditAndBlock";
            Ensure                                 = "Present";
            EnterpriseDomain                       = "$OrganizationName";
            EnterpriseIPRangesAreAuthoritative     = $False;
            EnterpriseProxyServersAreAuthoritative = $False;
            IconsVisible                           = $True;
            Id                                     = "M_2f22744b-a099-4c3e-a235-4f168bbeb8b4";
            IndexingEncryptedStoresOrItemsBlocked  = $False;
            ProtectedApps                          = @(
                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'iexplore.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'IE11'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'onedrive.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Microsoft OneDrive'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'notepad.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Notepad'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'mspaint.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Microsoft Paint'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'mstsc.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Microsoft Remote Desktop'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'teams.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Microsoft Teams'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    BinaryVersionLow = '*'
                    Description = '*'
                    odataType = '#microsoft.graph.windowsInformationProtectionDesktopApp'
                    BinaryName = 'msip.viewer.exe'
                    BinaryVersionHigh = '*'
                    Denied = $False
                    PublisherName = 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = '*'
                    DisplayName = 'Microsoft Azure Information Protection'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.MicrosoftEdge'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.MicrosoftEdge'
                    DisplayName = 'Microsoft Edge'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.People'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.People'
                    DisplayName = 'Microsoft People'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Office.Word'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Office.Word'
                    DisplayName = 'Word Mobile'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Office.Excel'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Office.Excel'
                    DisplayName = 'Excel Mobile'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Office.PowerPoint'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Office.PowerPoint'
                    DisplayName = 'PowerPoint Mobile'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Microsoftskydrive'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Microsoftskydrive'
                    DisplayName = 'OneDrive App'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Office.OneNote'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Office.OneNote'
                    DisplayName = 'OneNote'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'microsoft.windowscommunicationsapps'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'microsoft.windowscommunicationsapps'
                    DisplayName = 'Mail and Calendar for Windows 10'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Windows.Photos'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Windows.Photos'
                    DisplayName = 'Microsoft Photos'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.ZuneMusic'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.ZuneMusic'
                    DisplayName = 'Groove Music'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.ZuneVideo'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.ZuneVideo'
                    DisplayName = 'Microsoft Movies and TV'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.Messaging'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.Messaging'
                    DisplayName = 'Microsoft Messaging'
                }

                MSFT_MicrosoftGraphwindowsInformationProtectionApp{
                    Description = 'Microsoft.CompanyPortal'
                    odataType = '#microsoft.graph.windowsInformationProtectionStoreApp'
                    Denied = $False
                    PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
                    ProductName = 'Microsoft.CompanyPortal'
                    DisplayName = 'Company Portal'
                }
            );
            ProtectionUnderLockConfigRequired      = $False;
            RevokeOnUnenrollDisabled               = $False;
        }

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.222.1
@andikrueger andikrueger added Bug Something isn't working Intune V1.23.222.1 Version 1.23.222.1 labels Feb 23, 2023
@NikCharlebois NikCharlebois added Enhancement New feature or request and removed Bug Something isn't working labels Mar 27, 2023
@NikCharlebois
Copy link
Collaborator

@William-Francillette is this something you think you'd be able to pickup? If not I can work on it no problem. Thanks

@ricmestre
Copy link
Contributor Author

@William-Francillette Any news on this one? Thank you!

@William-Francillette
Copy link
Contributor

Had a quick look but couldn't find the assignment in the sdk but will need to investigate further
We may have to use the rest api for that

@ricmestre
Copy link
Contributor Author

Just checked and also cannot find the corresponding assignments cmdlets, though they are available in Microsoft.Graph.Intune but we shouldn't use that package.

Here's the REST API doc:
https://learn.microsoft.com/en-us/graph/api/intune-mam-windowsinformationprotection-assign?view=graph-rest-beta

@NikCharlebois
Copy link
Collaborator

@triplanedave, any insights on this?

@andikrueger
Copy link
Collaborator

andikrueger commented Sep 21, 2023
edited
Loading

@triplanedave Do you have any update on this? This would be highly appreciated.

//cc @peombwa

@andikrueger
Copy link
Collaborator

@ricmestre Any chance to confirm if this is still an issue? Thanks!

@ricmestre
Copy link
Contributor Author

@andikrueger Unfortunately this is still not solved yet.

@William-Francillette
Copy link
Contributor

working on this issue

Merged
@NikCharlebois NikCharlebois mentioned this issue Dec 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement New feature or request Intune Pending Information V1.23.222.1 Version 1.23.222.1
Projects
None yet
Milestone
No milestone
4 participants
@NikCharlebois @andikrueger @William-Francillette @ricmestre