Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneDeviceControlPolicyWindows10: Error, Count Of List of Setting Values 3, does not meet bound requirements. #5086

Closed
CovidtheDog2024 opened this issue Sep 23, 2024 · 1 comment · Fixed by #5141
Closed

IntuneDeviceControlPolicyWindows10: Error, Count Of List of Setting Values 3, does not meet bound requirements. #5086

CovidtheDog2024 opened this issue Sep 23, 2024 · 1 comment · Fixed by #5141

Comments

@CovidtheDog2024
Copy link

Description of the issue

Resource: IntuneDeviceControlPolicyWindows10
Encounter this error during import when the DEVICE CONTROL is more than one.
Error Detail: Count Of List of Setting Values 3, does not meet bound requirements. Expected count would be 1 and 1

Microsoft 365 DSC Version

1.24.904.1

Which workloads are affected

Intune

The DSC configuration

Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.904.1'

    Node localhost
    {
        IntuneDeviceControlPolicyWindows10 "IntuneDeviceControlPolicyWindows10-[DeviceAllUSB"
        {
            Assignments          = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupDisplayName = 'IntuneDevice'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = '40855b83-24ad-41b5-86c2-19b5c5c1f7f7'
                }
            );
            Credential           = $Credscredential;
            Description          = "";
            DisplayName          = "[DeviceAllUSB";
            Ensure               = "Present";
            Id                   = "9942f6a6-41c1-4fe4-8b76-xxxxxxxxxx";
            PolicyRule           = @(
                MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{
                    IncludedIdList_GroupId = '537a807f-d023-4b5e-xxxx-xxxxxxxxx'
                    Entry = @(
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '0'
                            Type = 'deny'
                            AccessMask = @(
                                '1'
                                '2'
                                '4'
                            )
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '3'
                            Type = 'auditdenied'
                            AccessMask = @(
                                '4'
                                '2'
                                '1'
                            )
                        }
                    )
                    Name = 'AllUSBDeny'
                }
                MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{
                    IncludedIdList_GroupId = '275b13e0-6e91-41bf-9900-xxxxxxxxxxxx'
                    Entry = @(
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '0'
                            Type = 'allow'
                            AccessMask = @('1')
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '2'
                            Type = 'auditallowed'
                            AccessMask = @('1')
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '0'
                            Type = 'deny'
                            AccessMask = @(
                                '2'
                                '4'
                            )
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '3'
                            Type = 'auditdenied'
                            AccessMask = @(
                                '2'
                                '4'
                            )
                        }
                    )
                    Name = 'AllCDROMReadOnly'
                }
                MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule{
                    IncludedIdList_GroupId = 'd488365e-7905-411b-a7e9-xxxxxxxxxxx'
                    Entry = @(
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '0'
                            Type = 'allow'
                            AccessMask = @('1')
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '2'
                            Type = 'auditallowed'
                            AccessMask = @('1')
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '0'
                            Type = 'deny'
                            AccessMask = @(
                                '2'
                                '4'
                            )
                        }
                        MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry{
                            Options = '3'
                            Type = 'auditdenied'
                            AccessMask = @(
                                '2'
                                '4'
                            )
                        }
                    )
                    Name = 'AllWPDReadOnly'
                }
            );
            RoleScopeTagIds      = @("0");
        }
    }
}

Verbose logs showing the problem

VERBOSE: [MYPC]:                            [[IntuneDeviceControlPolicyWindows10]IntuneDeviceControlPolicyWindows10-[DeviceAllUSB] Creating an Intune Device Control Policy for Windows10 with Name {[DeviceAllUSB}
[BadRequest] : {
  "_version": 3,
  "Message": "device_vendor_msft_defender_configuration_devicecontrol_policyrules_{ruleid}_ruledata: Count Of List of Setting Values 3, does not meet bound requirements. Expected count would be 1 and  1 - Operation ID (for customer support): 
00000000-0000-0000-0000-000000000000 - Activity ID: c10354e8-179e-48f8-88d8-b3f2f5b76d97 - Url: 
https://fef.msuc02.manage.microsoft.com/DeviceConfigV2/DCV2GraphService/de147310-ffff-4773-0607-092320494497/deviceManagement/configurationPolicies?api-version=5024-04-01",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
    + CategoryInfo          : InvalidOperation: ({ Headers = , b...urationPolicy }:) [], CimException
    + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementConfigurationPolicy_Create
    + PSComputerName        : localhost
 
VERBOSE: [MYPC]: LCM:  [ End    Set      ]  [[IntuneDeviceControlPolicyWindows10]IntuneDeviceControlPolicyWindows10-[DeviceAllUSB]  in 4.4650 seconds.
The PowerShell DSC resource '[IntuneDeviceControlPolicyWindows10]IntuneDeviceControlPolicyWindows10-[DeviceAllUSB' with SourceInfo 'C:\tmp\IntuneDeviceControlPolicyWindows10\M365TenantConfig.ps1::34::9::IntuneDeviceControlPolicyWindows10' threw one or 
more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [MYPC]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Key   : PSVersion
Value : 5.1.22621.4111
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.22621.4111
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion
@FabienTschanz
Copy link
Contributor

Issue acknowledged. Currently waiting for #5056 to be merged since it contains quite some changes to the underlying logic. @NikCharlebois If you have the chance, please have a look at the open PRs. Thank you.

@FabienTschanz FabienTschanz mentioned this issue Oct 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix handling of one-property elements in the Settings Catalog FabienTschanz/Microsoft365DSC
2 participants
@FabienTschanz @CovidtheDog2024