IntuneDeviceAndAppManagementAssignmentFilter: Cannot create iOS filters because ValidateSet is incorrect

[sachabruttin]

Description of the issue

Exporting IntuneDeviceAndAppManagementAssignmentFilter for an IOS filter generate this configuration:

IntuneDeviceAndAppManagementAssignmentFilter "IntuneDeviceAndAppManagementAssignmentFilter-Test"
{
    ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
    CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
    Description           = "";
    DisplayName           = "Tes";
    Ensure                = "Present";
    Identity              = "afe84783-523a-4eff-9216-0befe53d70bc";
    Platform              = "iOSMobileApplicationManagement";
    Rule                  = "(app.deviceManagementType -eq `"Managed`")";
    TenantId              = $OrganizationName;
}

The Platform value is not accepted by when building the MOF file and gives this error:

Microsoft365DSC\IntuneDeviceAndAppManagementAssignmentFilter : At least one of the values 'iOSMobileApplicationManagement' is not supported or valid for property 'Platform' on class
'IntuneDeviceAndAppManagementAssignmentFilter'. Please specify only supported values:
android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown.

Changing the Platform value to iOS allow to build the MOF but then the deplyoment will gives this error:

New-MgBetaDeviceManagementAssignmentFilter : {
  "_version": 3,
  "Message": "5003:Validation error. Invalid assignment filter rule: (app.deviceManagementType -eq \"Managed\"). Fix the rule and try again. - Operation ID (for customer support):
00000000-0000-0000-0000-000000000000 - Activity ID: 5f44e60b-14de-4264-8e96-3c645b6253c1 - Url:
https://fef.msub06.manage.microsoft.com/GnT/StatelessPayloadLinkingService/8d87088f-ffff-0353-1210-121509433816/deviceManagement/assignmentFilters?api-version=5023-03-21",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
Status: 400 (BadRequest)
ErrorCode: BadRequest
Date: 2023-12-19T10:17:36
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 824ade18-b202-487b-aea2-bd0da6ab2275
client-request-id             : 5f44e60b-14de-4264-8e96-3c645b6253c1
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"FR1PEPF0000079B"}}
Date                          : Tue, 19 Dec 2023 10:17:36 GMT
At line:1 char:1
+ New-MgBetaDeviceManagementAssignmentFilter `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ body = Micros...ignmentFilter }:<>f__AnonymousType243`1) [New-MgBetaDevic..._CreateExpanded], Exception
    + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementAssignmentFilter_CreateExpanded

The following PowerShell scripts works well:

$DisplayName = 'Test'
$Description = ''
$Platform = 'iOSMobileApplicationManagement'
$Rule = "(app.deviceManagementType -eq `"Managed`")"

New-MgBetaDeviceManagementAssignmentFilter `
            -DisplayName $DisplayName `
            -Description $Description `
            -Platform $Platform `
            -Rule $Rule | Out-Null

Microsoft 365 DSC Version

1.23.1213.1

Which workloads are affected

other

The DSC configuration

IntuneDeviceAndAppManagementAssignmentFilter "IntuneDeviceAndAppManagementAssignmentFilter-Test"
{
    ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
    CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
    Description           = "";
    DisplayName           = "Tes";
    Ensure                = "Present";
    Identity              = "afe84783-523a-4eff-9216-0befe53d70bc";
    Platform              = "iOSMobileApplicationManagement";
    Rule                  = "(app.deviceManagementType -eq `"Managed`")";
    TenantId              = $OrganizationName;
}

Verbose logs showing the problem

Microsoft365DSC\IntuneDeviceAndAppManagementAssignmentFilter : At least one of the values 'iOSMobileApplicationManagement' is not supported or valid for property 'Platform' on class
'IntuneDeviceAndAppManagementAssignmentFilter'. Please specify only supported values:
android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown.

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

[ricmestre]

@sachabruttin iOSMobileApplicationManagement is currently not valid as Platform and I'll open a PR to fix that, but you also cannot just change it to iOS since the Rule you defined doesn't apply to that Platform.