Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneDeviceEnrollmentPlatformRestriction: Test-TargetResource returns false on versions >1.23.510.1 #3407

Closed
Adamvg opened this issue Jun 22, 2023 · 0 comments · Fixed by #3416 or #3430
Closed

IntuneDeviceEnrollmentPlatformRestriction: Test-TargetResource returns false on versions >1.23.510.1 #3407

Adamvg opened this issue Jun 22, 2023 · 0 comments · Fixed by #3416 or #3430
Labels
Intune V1.23.510.1 Version 1.23.510.1

Comments

@Adamvg
Copy link
Contributor

Adamvg commented Jun 22, 2023
edited

Details of the scenario you tried and the problem that is occurring

When managing IntuneDeviceEnrollmentPlatformRestriction, on module versions greater than 1.23.510.1 the Test-TargetResource returns false - it should be true.

Setting the properties still works as expected, but every run will set it (rather than only in case of config drift/change) because the test function doesn't return true.

Verbose logs showing the problem

1.23.614.1:

VERBOSE: [fv-az804-154]: LCM:  [ Start  Set      ]
VERBOSE: [fv-az804-154]: LCM:  [ Start  Resource ]  
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction]
VERBOSE: [fv-az804-154]: LCM:  [ Start  Test     ]  
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction]
VERBOSE: [fv-az804-154]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Testing configuration of 
Device Enrollment Platform Restriction {All users and all devices}
VERBOSE: [fv-az804-154]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Checking for the Intune 
Device Enrollment Restriction {All users and all devices}
VERBOSE: [fv-az804-154]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Found Device Enrollment 
Platform Restriction with Name {All users and all devices}
VERBOSE: [fv-az804-154]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Configuration drift - 
Complex object: {Target is null}
VERBOSE: [fv-az804-154]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Test-TargetResource 
returned False

1.23.510.1:

VERBOSE: [fv-az876-32]: LCM:  [ Start  Set      ]
VERBOSE: [fv-az876-32]: LCM:  [ Start  Resource ]  
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction]
VERBOSE: [fv-az876-32]: LCM:  [ Start  Test     ]  
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction]
VERBOSE: [fv-az876-32]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Testing configuration of 
Device Enrollment Platform Restriction {All users and all devices}
VERBOSE: [fv-az876-32]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Checking for the Intune 
Device Enrollment Restriction {All users and all devices}
VERBOSE: [fv-az876-32]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Found Device Enrollment 
Platform Restriction with Name {All users and all devices}
VERBOSE: [fv-az876-32]:                            
[[IntuneDeviceEnrollmentPlatformRestriction]Default_Device_Enrollment_Platform_Restriction] Test-TargetResource 
returned True

Suggested solution to the issue

There were some changes to prevent sending windows mobile data to the api - perhaps this has broken the test function? https://github.com/microsoft/Microsoft365DSC/blob/9777ebc0fc0506edea3ec7f8042edfb7db4d24f9/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1

The DSC configuration that is used to reproduce the issue (as detailed as possible)

        IntuneDeviceEnrollmentPlatformRestriction Default_Device_Enrollment_Platform_Restriction
        {
            Assignments                       = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.allDevicesAssignmentTarget'
                });
            Description                       = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.";
            DeviceEnrollmentConfigurationType = "platformRestrictions";
            DisplayName                       = "All users and all devices";
            Ensure                            = "Present";
            Identity                          = $env:DefaultDeviceEnrollmentPlatformRestrictionId;
            AndroidForWorkRestriction         = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $True
                personalDeviceEnrollmentBlocked = $False
            };
            AndroidRestriction                = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $True
                personalDeviceEnrollmentBlocked = $False
            };
            IosRestriction                    = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $True
                personalDeviceEnrollmentBlocked = $False
            };
            MacOSRestriction                  = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $False
                personalDeviceEnrollmentBlocked = $False
            };
            MacRestriction                    = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $False
                personalDeviceEnrollmentBlocked = $False
            };
            WindowsHomeSkuRestriction         = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $False
                personalDeviceEnrollmentBlocked = $True
            };
            WindowsMobileRestriction          = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $True
                personalDeviceEnrollmentBlocked = $False
            };
            WindowsRestriction                = MSFT_DeviceEnrollmentPlatformRestriction{
                platformBlocked = $False
                personalDeviceEnrollmentBlocked = $True
            };
            ApplicationId         = $env:applicationID;
            TenantId              = $env:tenantID;
            CertificateThumbprint = $env:certificateThumbprint;
        }

The operating system the target node is running

Tested on Azure DevOps windows-2022 runner, and the below

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}

Version of the DSC module that was used ('dev' if using current dev branch)

Broken on 1.23.614.1, 1.23.607.1, 1.23.524.1 and 1.23.517.1
Working on 1.23.510.1
@NikCharlebois NikCharlebois added Intune V1.23.510.1 Version 1.23.510.1 labels Jun 23, 2023
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jun 26, 2023
@NikCharlebois
FIXES microsoft#3407
0d84f58
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jun 26, 2023
@NikCharlebois
FIXES microsoft#3407
9ee61e8
@NikCharlebois NikCharlebois mentioned this issue Jun 26, 2023
Merged
NikCharlebois added a commit that referenced this issue Jun 26, 2023
@NikCharlebois
Merge pull request #3416 from NikCharlebois/Fixes-#3407
5505c22 
Fixes #3407
@NikCharlebois NikCharlebois mentioned this issue Jun 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Intune V1.23.510.1 Version 1.23.510.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #3407 NikCharlebois/Microsoft365DSC
Release 1.23.628.1 NikCharlebois/Microsoft365DSC
2 participants
@NikCharlebois @Adamvg