Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneDeviceEnrollmentPlatformRestriction not working with newer MSGraph #3730

Closed
ricmestre opened this issue Sep 29, 2023 · 6 comments · Fixed by #4054 or #4074
Closed

IntuneDeviceEnrollmentPlatformRestriction not working with newer MSGraph #3730

ricmestre opened this issue Sep 29, 2023 · 6 comments · Fixed by #4054 or #4074
Labels
Bug Something isn't working Intune V1.23.927.1 Version 1.23.927.1

Comments

@ricmestre
Copy link
Contributor

Description of the issue

Not sure on which version of MSGraph this stopped working but now IntuneDeviceEnrollmentPlatformRestriction doesn't work, trying to update the default policy in the tenant (All users and all devices) gives an error message about not being able to cast the value when running cmdlet Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration.

Microsoft 365 DSC Version

1.23.927.1

Which workloads are affected

other

The DSC configuration

Configuration ConfigureMicrosoft365
{
    Import-DscResource -ModuleName Microsoft365DSC

    $IntuneApplicationId = "REDACTED"
    $IntuneCertThumbprint = "REDACTED"
    $OrganizationName = "REDACTED.onmicrosoft.com"

    Node localhost
    {
        IntuneDeviceEnrollmentPlatformRestriction "IntuneDeviceEnrollmentPlatformRestriction-All users and all devices"
        {
            AndroidForWorkRestriction         = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            AndroidRestriction                = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            ApplicationId                     = $IntuneApplicationId;
            Assignments                       = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
dataType = '#microsoft.graph.allDevicesAssignmentTarget'
deviceAndAppManagementAssignmentFilterType = 'none'
}
);
            CertificateThumbprint             = $IntuneCertThumbprint;
            Description                       = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.";
            DeviceEnrollmentConfigurationType = "platformRestrictions";
            DisplayName                       = "All users and all devices";
            Ensure                            = "Present";
            Identity                          = "REDACTED_DefaultPlatformRestrictions";
            IosRestriction                    = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            MacOSRestriction                  = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            MacRestriction                    = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            TenantId                          = $OrganizationName;
            WindowsHomeSkuRestriction         = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
            WindowsRestriction                = MSFT_DeviceEnrollmentPlatformRestriction{
PlatformBlocked = $False
PersonalDeviceEnrollmentBlocked = $False
};
        }
    }
}

Verbose logs showing the problem

[...]

Cannot process argument transformation on parameter 'BodyParameter'. Cannot convert value "System.Management.Automation.PSBoundParametersDictionary" to type "Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceEnrollmentConfiguration". Error: "Specified cast is not valid."
+ CategoryInfo          : InvalidData: (:) [], CimException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration
+ PSComputerName        : localhost

The PowerShell DSC resource '[IntuneDeviceEnrollmentPlatformRestriction]IntuneDeviceEnrollmentPlatformRestriction-All users and all devices' with SourceInfo 'C:\users\REDACTED\Documents\IntuneDeviceEnrollmentPlatformRestriction.ps1::16::9::IntuneDeviceEnrollmentPlatformRestriction' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
+ CategoryInfo          : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName        : localhost 
                                                                                                                                                                                                                                                                                                                                                                                              The SendConfigurationApply function did not succeed.
+ CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName        : localhost

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise                                                                                                                                                             OsOperatingSystemSKU : EnterpriseEdition                                                                                                                                                                           OsArchitecture       : 64-bit                                                                                                                                                                                      WindowsVersion       : 2009                                                                                                                                                                                        WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250                                                                                                                                                     OsLanguage           : en-US                                                                                                                                                                                       OsMuiLanguages       : {en-US, pt-PT}                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
                                                                                                                                                                                                                                                                                                                                                               Name                           Value                                                                                                                                                                               ----                           -----                                                                                                                                                                               PSVersion                      5.1.22621.1778                                                                                                                                                                      PSEdition                      Desktop                                                                                                                                                                             PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                             BuildVersion                   10.0.22621.1778                                                                                                                                                                     CLRVersion                     4.0.30319.42000                                                                                                                                                                     WSManStackVersion              3.0                                                                                                                                                                                 PSRemotingProtocolVersion      2.3                                                                                                                                                                                 SerializationVersion           1.1.0.1
@andikrueger andikrueger added Bug Something isn't working Intune V1.23.927.1 Version 1.23.927.1 labels Oct 6, 2023
@Cyanic-Cloud
Copy link

Cyanic-Cloud commented Dec 11, 2023
edited
Loading

Also having the same issue here running version: 1.23.1206.1

image

A few additional parameters when creating via the GUI
image

image

DSC Config thats failing to deploy:

    IntuneDeviceEnrollmentPlatformRestriction "IntuneDeviceEnrollmentPlatformRestriction-Default Windows Device Enrolment Restriction"
    {
        ApplicationId                     = $ApplicationId;
        Assignments                       = @();
        CertificateThumbprint             = $Thumbprint;
        Description                       = "";
        DeviceEnrollmentConfigurationType = "singlePlatformRestriction";
        DisplayName                       = "Baseline - Default Windows Device Enrolment Restriction";
        Ensure                            = "Present";
        Identity                          = "a515871f-57c9-4f13-8d0e-22114eb46e74_SinglePlatformRestriction";
        TenantId                          = $TenantId;
        WindowsRestriction                = MSFT_DeviceEnrollmentPlatformRestriction {
            PlatformBlocked                 = $False
            PersonalDeviceEnrollmentBlocked = $True
        };
    }

@Cyanic-Cloud
Copy link

@William-Francillette can you work your magic here? haha

@William-Francillette
Copy link
Contributor

was an easy fix

Merged
@Cyanic-Cloud
Copy link

Policy now deploys without issue but failing ConfigurationDrift based on the Identity not being set like the baseline . . . .

<ConfigurationDrift Source="MSFT_IntuneDeviceEnrollmentPlatformRestriction">
    <ParametersNotInDesiredState>
        <Param Name="Identity"><CurrentValue>27f78254-c1dd-4ffb-8e4b-b799a6d8d0e2_SinglePlatformRestriction</CurrentValue><DesiredValue>a515871f-57c9-4f13-8d0e-22114eb46e74_SinglePlatformRestriction</DesiredValue></Param>
    </ParametersNotInDesiredState>

@ricmestre
Copy link
Contributor Author

@Cyanic-Cloud I've commented on William's PR, that drift is being reported since Test-TargetResource is removing the parameter Id instead of Identity so Identity gets compared and you get the drift.

@Cyanic-Cloud
Copy link

Thanks @ricmestre

@NikCharlebois NikCharlebois mentioned this issue Dec 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune V1.23.927.1 Version 1.23.927.1
Projects
None yet
Milestone
No milestone
4 participants
@andikrueger @William-Francillette @Cyanic-Cloud @ricmestre