Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneDeviceConfigurationPolicyMacOS: Cannot deploy #3539

Closed
ricmestre opened this issue Aug 2, 2023 · 0 comments · Fixed by #4099 or #4101
Closed

IntuneDeviceConfigurationPolicyMacOS: Cannot deploy #3539

ricmestre opened this issue Aug 2, 2023 · 0 comments · Fixed by #4099 or #4101
Labels
Bug Something isn't working Intune

Comments

@ricmestre
Copy link
Contributor

Details of the scenario you tried and the problem that is occurring

After extracting a policy of type IntuneDeviceConfigurationPolicyMacOS from one tenant and applying it to another it givens the error message below. In fact using the example file 1-ConfigureIntuneDeviceConfigurationPolicyMacOS.ps1 from the project gives exactly the same problem, so that's the one I'm sharing here.

Verbose logs showing the problem

[ModelValidationFailure] : An unexpected 'StartArray' node was found when reading from the JSON reader. A 'PrimitiveValue' node was expected. Error found near: ice                          restriction","@odata.type":"#microsoft.management.services.api.macOSGeneralDeviceConfiguration"} <---
	+ CategoryInfo          : InvalidOperation: ({ body = Micros...Configuration }:) [], CimException
	+ FullyQualifiedErrorId: ModelValidationFailure,Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementDeviceConfiguration_Create
        + PSComputerName        : localhost

Suggested solution to the issue

It looks like almost all of the properties of this resource should be sent nested inside of AdditionalProperties, instead they are being sent as main and independent properties of their own which the backend receives as JSON and doesn't know how to parse them.

That being said the solution would be to send those properties inside AdditionalProperties

The DSC configuration that is used to reproduce the issue (as detailed as possible)

<#
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
#>

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $credsGlobalAdmin
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy'
        {
            Id                                              = '01fc772e-a2ef-4c33-8b57-29b7aa5243cb'
            DisplayName                                     = 'MacOS device restriction'
            AddingGameCenterFriendsBlocked                  = $True
            AirDropBlocked                                  = $False
            AppleWatchBlockAutoUnlock                       = $False
            Assignments                                     = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments {
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType                                   = '#microsoft.graph.groupAssignmentTarget'
                    groupId                                    = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments {
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType                                   = '#microsoft.graph.groupAssignmentTarget'
                    groupId                                    = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20'
                })
            CameraBlocked                                   = $False
            ClassroomAppBlockRemoteScreenObservation        = $False
            ClassroomAppForceUnpromptedScreenObservation    = $False
            ClassroomForceAutomaticallyJoinClasses          = $False
            ClassroomForceRequestPermissionToLeaveClasses   = $False
            ClassroomForceUnpromptedAppAndDeviceLock        = $False
            CompliantAppListType                            = 'appsNotInListCompliant'
            CompliantAppsList                               = @(
                MSFT_MicrosoftGraphapplistitemMacOS {
                    name      = 'appname2'
                    publisher = 'publisher'
                    appId     = 'bundle'
                }
            )
            ContentCachingBlocked                           = $False
            DefinitionLookupBlocked                         = $True
            EmailInDomainSuffixes                           = @()
            EraseContentAndSettingsBlocked                  = $False
            GameCenterBlocked                               = $False
            ICloudBlockActivityContinuation                 = $False
            ICloudBlockAddressBook                          = $False
            ICloudBlockBookmarks                            = $False
            ICloudBlockCalendar                             = $False
            ICloudBlockDocumentSync                         = $False
            ICloudBlockMail                                 = $False
            ICloudBlockNotes                                = $False
            ICloudBlockPhotoLibrary                         = $False
            ICloudBlockReminders                            = $False
            ICloudDesktopAndDocumentsBlocked                = $False
            ICloudPrivateRelayBlocked                       = $False
            ITunesBlockFileSharing                          = $False
            ITunesBlockMusicService                         = $False
            KeyboardBlockDictation                          = $False
            KeychainBlockCloudSync                          = $False
            MultiplayerGamingBlocked                        = $False
            PasswordBlockAirDropSharing                     = $False
            PasswordBlockAutoFill                           = $False
            PasswordBlockFingerprintUnlock                  = $False
            PasswordBlockModification                       = $False
            PasswordBlockProximityRequests                  = $False
            PasswordBlockSimple                             = $False
            PasswordRequired                                = $False
            PasswordRequiredType                            = 'deviceDefault'
            PrivacyAccessControls                           = @(
                MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem {
                    displayName                  = 'test'
                    identifier                   = 'test45'
                    identifierType               = 'path'
                    codeRequirement              = 'test'
                    blockCamera                  = $True
                    speechRecognition            = 'notConfigured'
                    accessibility                = 'notConfigured'
                    addressBook                  = 'enabled'
                    calendar                     = 'notConfigured'
                    reminders                    = 'notConfigured'
                    photos                       = 'notConfigured'
                    mediaLibrary                 = 'notConfigured'
                    fileProviderPresence         = 'notConfigured'
                    systemPolicyAllFiles         = 'notConfigured'
                    systemPolicySystemAdminFiles = 'notConfigured'
                    systemPolicyDesktopFolder    = 'notConfigured'
                    systemPolicyDocumentsFolder  = 'notConfigured'
                    systemPolicyDownloadsFolder  = 'notConfigured'
                    systemPolicyNetworkVolumes   = 'notConfigured'
                    systemPolicyRemovableVolumes = 'notConfigured'
                    postEvent                    = 'notConfigured'
                }
            )
            SafariBlockAutofill                             = $False
            ScreenCaptureBlocked                            = $False
            SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30
            SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30
            SoftwareUpdateNonOSDeferredInstallDelayInDays   = 30
            SoftwareUpdatesEnforcedDelayInDays              = 30
            SpotlightBlockInternetResults                   = $False
            UpdateDelayPolicy                               = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility')
            WallpaperModificationBlocked                    = $False
            Ensure                                          = 'Present'
            Credential                                      = $credsGlobalAdmin
        }
    }
}

The operating system the target node is running

OsName : Microsoft Windows 10 Enterprise OsOperatingSystemSKU : EnterpriseEdition OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406 OsLanguage : en-US OsMuiLanguages : {en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.726.1
@andikrueger andikrueger added Bug Something isn't working Intune labels Aug 3, 2023
@ricmestre ricmestre mentioned this issue Oct 26, 2023
Open
This was referenced Dec 29, 2023
Closed
Merged
NikCharlebois added a commit that referenced this issue Dec 29, 2023
@NikCharlebois
Merge pull request #4099 from ricmestre/fix3539
d8b153a 
IntuneDeviceConfigurationPolicyMacOS: Fix resource deployment, fix #3539
@NikCharlebois NikCharlebois mentioned this issue Dec 29, 2023
Merged
This was referenced Jan 1, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune
Projects
None yet
Milestone
No milestone
2 participants
@andikrueger @ricmestre