Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneEndpointDetectionAndResponsePolicyWindows10: Cannot delete if Identity has a GUID from another tenant or random #4041

Closed
ricmestre opened this issue Dec 14, 2023 · 0 comments · Fixed by #4042 or #4074
Closed

IntuneEndpointDetectionAndResponsePolicyWindows10: Cannot delete if Identity has a GUID from another tenant or random #4041

ricmestre opened this issue Dec 14, 2023 · 0 comments · Fixed by #4042 or #4074

Comments

@ricmestre
Copy link
Contributor

ricmestre commented Dec 14, 2023
edited

Description of the issue

Exporting IntuneEndpointDetectionAndResponsePolicyWindows10 resources from one tenant and then creating them on a target tenant (while keeping Identity with the GUID of the source) tenant, works without issues just as updating does as well. However deleting the policy (Ensure = Absent) then fails with a Graph API issue, this is because it tries to delete the policy with the original Identity in the MOF from the source tenant instead of using the one from the target.

This was another problem I found out using my custom Test Harness pipeline.

Microsoft 365 DSC Version

1.23.1213.1

Which workloads are affected

other

The DSC configuration

IntuneEndpointDetectionAndResponsePolicyWindows10 "IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1"
        {
            Assignments          = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupDisplayName = 'DummyGroupExclude'
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupDisplayName = 'DummyGroupInclude'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
            );
            Credential           = $Credscredential;
            Description          = "Test";
            DisplayName          = "IntuneEndpointDetectionAndResponsePolicyWindows10_1";
            Ensure               = "Present";
            Identity             = "2ee49a1a-165a-4f08-8521-d5799ad578e3";
            samplesharing        = "0";
        }

Verbose logs showing the problem

VERBOSE: [REDACTED]:                            [[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1] No
Endpoint Detection And Response Policy with Id {c9a97b40-05d5-41d0-9295-fea90403ead2} was found
VERBOSE: [REDACTED]:                            [[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1]
Found Endpoint Detection And Response Policy with Id {9d5ba35b-a329-4e2d-aafd-53ccdef4a953} and displayName {IntuneEndpointDetectionAndResponsePolicyWindows10_1}
VERBOSE: [REDACTED]:                            [[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1]
Found Endpoint Protection Policy {IntuneEndpointDetectionAndResponsePolicyWindows10_1}
VERBOSE: [REDACTED]:                            [[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1]
Removing Endpoint Protection Policy {IntuneEndpointDetectionAndResponsePolicyWindows10_1}
[ResourceNotFound] : {
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: e4149828-f673-4325-a94b-04a5a0c5682c - Url: https://fef.msub07.manage.microsoft.com
/DeviceConfigV2/DCV2GraphService/de147310-ffff-8765-1108-121303070746/deviceManagement/configurationPolicies('c9a97b40-05d5-41d0-9295-fea90403ead2')?api-version=5023-08-14",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
    + CategoryInfo          : InvalidOperation: ({ DeviceManagem...2, IfMatch =  }:) [], CimException
    + FullyQualifiedErrorId : ResourceNotFound,Microsoft.Graph.Beta.PowerShell.Cmdlets.RemoveMgBetaDeviceManagementConfigurationPolicy_Delete
    + PSComputerName        : localhost

VERBOSE: [REDACTED]: LCM:  [ End    Set      ]  [[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1]  in
 2.5200 seconds.
The PowerShell DSC resource '[IntuneEndpointDetectionAndResponsePolicyWindows10]IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1' with SourceInfo
'C:\temp\dsc\IntuneEndpointDetectionAndResponsePolicyWindows10.ps1::34::9::IntuneEndpointDetectionAndResponsePolicyWindows10' threw one or more non-terminating errors while running the Set-TargetResource
functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: [REDACTED]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 89.816 seconds

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@ricmestre