From a4b467efbd034b3aad9f508ae9b17dd9d9e8ca75 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 16 Jan 2023 12:50:53 +0100 Subject: [PATCH 1/5] Fix #2731 --- CHANGELOG.md | 3 +++ .../MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b633d34bac..3f0d485405 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* IntuneDeviceConfigurationPolicyMacOS + * Corrected copy/paste issue while implementing previous fix. + FIXES [#2731](https://github.com/microsoft/Microsoft365DSC/issues/2731) * PlannerTask * Refactored to leverage the official cmdlets instead of using the legacy GraphHandlers. FIXES [#2767](https://github.com/microsoft/Microsoft365DSC/issues/2767) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 95e44d9e50..91a81327d4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -411,7 +411,7 @@ function Get-TargetResource SoftwareUpdatesEnforcedDelayInDays = $getValue.AdditionalProperties.softwareUpdatesEnforcedDelayInDays SpotlightBlockInternetResults = $getValue.AdditionalProperties.spotlightBlockInternetResults TouchIdTimeoutInHours = $getValue.AdditionalProperties.touchIdTimeoutInHours - UpdateDelayPolicy = $getValue.AdditionalProperties.updateDelayPolicy -split '-' + UpdateDelayPolicy = $getValue.AdditionalProperties.updateDelayPolicy -split ',' WallpaperModificationBlocked = $getValue.AdditionalProperties.wallpaperModificationBlocked Ensure = 'Present' Credential = $Credential From f908ca4c1f25481e761f34cd717f4d6548738d24 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 16 Jan 2023 13:54:41 +0100 Subject: [PATCH 2/5] Fixes #2768 --- CHANGELOG.md | 4 ++++ .../MSFT_IntuneAppConfigurationPolicy.psm1 | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f0d485405..e5fa42e5d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ # UNRELEASED +* IntuneAppConfigurationPolicy + * Fixes issue where the Test method fails when the policy does not exist yet + and the Assignments parameter is used. + FIXES [#2768](https://github.com/microsoft/Microsoft365DSC/issues/2768) * IntuneDeviceConfigurationPolicyMacOS * Corrected copy/paste issue while implementing previous fix. FIXES [#2731](https://github.com/microsoft/Microsoft365DSC/issues/2731) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index dea81d6658..e51ace00b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -66,19 +66,21 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters + $nullResult = @{ + DisplayName = $DisplayName + } $nullResult.Ensure = 'Absent' try { $configPolicy = Get-MgDeviceAppManagementTargetedManagedAppConfiguration -Filter "displayName eq '$DisplayName'" ` -ErrorAction Stop - if ($null -eq $configPolicy) { Write-Verbose -Message "No App Configuration Policy with displayName {$DisplayName} was found" return $nullResult } + Write-Verbose -Message "Found App Configuration Policy with displayName {$DisplayName}" $returnHashtable = @{ DisplayName = $configPolicy.DisplayName @@ -92,6 +94,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } + $returnAssignments = @() $returnAssignments += Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment -TargetedManagedAppConfigurationId $configPolicy.Id $assignmentResult = @() From 75d71dd11075ae08280ffdc205c4b67793b92440 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 16 Jan 2023 14:32:45 +0100 Subject: [PATCH 3/5] Fixes #2771 --- CHANGELOG.md | 6 + .../MSFT_IntuneAppConfigurationPolicy.psm1 | 5 +- .../MSFT_IntuneRoleDefinition.psm1 | 202 ++++++++---------- 3 files changed, 100 insertions(+), 113 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5fa42e5d6..9d3db3b561 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,12 @@ * IntuneDeviceConfigurationPolicyMacOS * Corrected copy/paste issue while implementing previous fix. FIXES [#2731](https://github.com/microsoft/Microsoft365DSC/issues/2731) +* IntuneRoleDefinition + * Fixes issue where the code did not check for the DisplayName when the ID could not + be found. + FIXES [#2771](https://github.com/microsoft/Microsoft365DSC/issues/2771) + * Updated logging logic to include more details and add Current/Target values in the + Test method. * PlannerTask * Refactored to leverage the official cmdlets instead of using the legacy GraphHandlers. FIXES [#2767](https://github.com/microsoft/Microsoft365DSC/issues/2767) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index e51ace00b0..bf9a60e112 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -49,7 +49,8 @@ function Get-TargetResource [Switch] $ManagedIdentity ) - Write-Verbose -Message "Checking for the Intune App Configuration Policy {$DisplayName}" + + Write-Verbose -Message "Getting configuration of Intune App Configuration Policy {$DisplayName}" $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' @@ -175,7 +176,7 @@ function Set-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Intune App Configuration Policy {$DisplayName}" + Write-Verbose -Message "Setting configuration of Intune App Configuration Policy {$DisplayName}" $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index 3ca8d09d8d..1e8391331a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -63,16 +63,11 @@ function Get-TargetResource ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'beta' - } - catch - { - Write-Verbose -Message ($_) - } + Write-Verbose -Message "Checking for the Intune Role Definition {$DisplayName}" + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -86,28 +81,35 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters + $nullResult = @{ + DisplayName = $DisplayName + } + $nullResult.Ensure = 'Absent' try { $getValue = $null - if($Id -match '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$') + if ($Id -match '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$') { $getValue = Get-MgDeviceManagementRoleDefinition -RoleDefinitionId $id -ErrorAction SilentlyContinue - if($null -ne $getValue){ + if ($null -ne $getValue) + { Write-Verbose -Message "Found something with id {$id}" } } - else + + if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" $Filter = "displayName eq '$DisplayName'" $getValue = Get-MgDeviceManagementRoleDefinition -Filter $Filter -ErrorAction SilentlyContinue - if($null -ne $getValue){ + if ($null -ne $getValue) + { Write-Verbose -Message "Found something with displayname {$DisplayName}" } - else{ + else + { Write-Verbose -Message "Nothing with displayname {$DisplayName} was found" return $nullResult } @@ -129,34 +131,20 @@ function Get-TargetResource } if ($getValue.RolePermissions) { - $results.Add("allowedResourceActions", $getValue.RolePermissions.ResourceActions.AllowedResourceActions) - $results.Add("notallowedResourceActions", $getValue.RolePermissions.ResourceActions.notAllowedResourceActions) + $results.Add('allowedResourceActions', $getValue.RolePermissions.ResourceActions.AllowedResourceActions) + $results.Add('notallowedResourceActions', $getValue.RolePermissions.ResourceActions.notAllowedResourceActions) } return [System.Collections.Hashtable] $results } catch { - try - { - Write-Verbose -Message $_ - $tenantIdValue = '' - if (-not [System.String]::IsNullOrEmpty($TenantId)) - { - $tenantIdValue = $TenantId - } - elseif ($null -ne $Credential) - { - $tenantIdValue = $Credential.UserName.Split('@')[1] - } - Add-M365DSCEvent -Message $_ -EntryType 'Error' ` - -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $tenantIdValue - } - catch - { - Write-Verbose -Message $_ - } + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + return $nullResult } } @@ -224,16 +212,11 @@ function Set-TargetResource $ManagedIdentity ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'beta' - } - catch - { - Write-Verbose -Message $_ - } + Write-Verbose -Message "Setting the Intune Role Definition {$DisplayName}" + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -259,65 +242,71 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating {$DisplayName}" - if($null -ne $roleScopeTagIds){ + Write-Verbose -Message "Creating Role Definition {$DisplayName}" + if ($null -ne $roleScopeTagIds) + { $ScopeRoleTags = @() - foreach($roleScopeTagId in $roleScopeTagIds){ + foreach ($roleScopeTagId in $roleScopeTagIds) + { $Tag = Get-MgDeviceManagementRoleScopeTag -RoleScopeTagId $roleScopeTagId -ErrorAction SilentlyContinue - if($null -ne $Tag){ + if ($null -ne $Tag) + { $ScopeRoleTags += $Tag.Id } } } $resourceActions = @{ - '@odata.type' = "microsoft.graph.resourceAction" - notAllowedResourceActions = $notAllowedResourceActions - allowedResourceActions = $allowedResourceActions - } + '@odata.type' = 'microsoft.graph.resourceAction' + notAllowedResourceActions = $notAllowedResourceActions + allowedResourceActions = $allowedResourceActions + } $rolepermission = @{ - '@odata.type' = "microsoft.graph.rolePermission" - resourceActions = @($resourceActions) + '@odata.type' = 'microsoft.graph.rolePermission' + resourceActions = @($resourceActions) } - $ScopeTagIds = $ScopeRoleTags + $ScopeTagIds = $ScopeRoleTags $CreateParameters = @{ - '@odata.type' = "#microsoft.graph.roleDefinition" - displayName = $DisplayName - description = $Description - rolePermissions = @($rolepermission) - roleScopeTagIds = $ScopeTagIds + '@odata.type' = '#microsoft.graph.roleDefinition' + displayName = $DisplayName + description = $Description + rolePermissions = @($rolepermission) + roleScopeTagIds = $ScopeTagIds } - $policy=New-MgDeviceManagementRoleDefinition -BodyParameter $CreateParameters + $policy = New-MgDeviceManagementRoleDefinition -BodyParameter $CreateParameters } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating {$DisplayName}" - if($null -ne $roleScopeTagIds){ + Write-Verbose -Message "Updating Role Definition {$DisplayName}" + if ($null -ne $roleScopeTagIds) + { $ScopeRoleTags = @() - foreach($roleScopeTagId in $roleScopeTagIds){ + foreach ($roleScopeTagId in $roleScopeTagIds) + { $Tag = Get-MgDeviceManagementRoleScopeTag -RoleScopeTagId $roleScopeTagId -ErrorAction SilentlyContinue - if($null -ne $Tag){ + if ($null -ne $Tag) + { $ScopeRoleTags += $Tag.Id } } } $resourceActions = @{ - '@odata.type' = "microsoft.graph.resourceAction" - notAllowedResourceActions = $notAllowedResourceActions - allowedResourceActions = $allowedResourceActions - } + '@odata.type' = 'microsoft.graph.resourceAction' + notAllowedResourceActions = $notAllowedResourceActions + allowedResourceActions = $allowedResourceActions + } $rolepermission = @{ - '@odata.type' = "microsoft.graph.rolePermission" - resourceActions = @($resourceActions) + '@odata.type' = 'microsoft.graph.rolePermission' + resourceActions = @($resourceActions) } $ScopeTagIds = $ScopeRoleTags $UpdateParameters = @{ - '@odata.type' = "#microsoft.graph.roleDefinition" - displayName = $DisplayName - description = $Description - rolePermissions = @($rolepermission) - roleScopeTagIds = $ScopeTagIds + '@odata.type' = '#microsoft.graph.roleDefinition' + displayName = $DisplayName + description = $Description + rolePermissions = @($rolepermission) + roleScopeTagIds = $ScopeTagIds } Update-MgDeviceManagementRoleDefinition -BodyParameter $UpdateParameters ` @@ -326,7 +315,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing {$DisplayName}" + Write-Verbose -Message "Removing Role Definition {$DisplayName}" Remove-MgDeviceManagementRoleDefinition -RoleDefinitionId $currentInstance.Id } } @@ -395,6 +384,8 @@ function Test-TargetResource $ManagedIdentity ) + Write-Verbose -Message "Testing the Intune Role Definition {$DisplayName}" + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -407,17 +398,19 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" - $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -eq "Absent") + if ($CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null @@ -501,12 +494,12 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceAndAppManagementRoleDefinition' ` - } + } if (-not $getValue) { [array]$getValue = Get-MgDeviceManagementRoleDefinition - -ErrorAction Stop + -ErrorAction Stop } $i = 1 $dscContent = '' @@ -520,10 +513,10 @@ function Export-TargetResource } foreach ($config in $getValue) { - $displayedKey=$config.id - if(-not [String]::IsNullOrEmpty($config.displayName)) + $displayedKey = $config.id + if (-not [String]::IsNullOrEmpty($config.displayName)) { - $displayedKey=$config.displayName + $displayedKey = $config.displayName } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ @@ -559,27 +552,14 @@ function Export-TargetResource } catch { - Write-Host $Global:M365DSCEmojiGreenCheckMark - try - { - Write-Verbose -Message $_ - $tenantIdValue = '' - if (-not [System.String]::IsNullOrEmpty($TenantId)) - { - $tenantIdValue = $TenantId - } - elseif ($null -ne $Credential) - { - $tenantIdValue = $Credential.UserName.Split('@')[1] - } - Add-M365DSCEvent -Message $_ -EntryType 'Error' ` - -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $tenantIdValue - } - catch - { - Write-Verbose -Message $_ - } + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + return '' } } From 536a6c2045f8ec464d9cbc05875f4521520e600a Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 16 Jan 2023 15:18:19 +0100 Subject: [PATCH 4/5] Fixes 2788 --- CHANGELOG.md | 4 ++++ ...eDeviceAndAppManagementAssignmentFilter.psm1 | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d3db3b561..7f4e64d6ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ * Fixes issue where the Test method fails when the policy does not exist yet and the Assignments parameter is used. FIXES [#2768](https://github.com/microsoft/Microsoft365DSC/issues/2768) +* IntuneDeviceAndAppManagementAssignmentFilter + * Fixes issue where the code did not check for the DisplayName when the ID could not + be found. + FIXES [#2788](https://github.com/microsoft/Microsoft365DSC/issues/2788) * IntuneDeviceConfigurationPolicyMacOS * Corrected copy/paste issue while implementing previous fix. FIXES [#2731](https://github.com/microsoft/Microsoft365DSC/issues/2731) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index fe900c3bee..12b4fbafca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -55,7 +55,7 @@ function Get-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Checking for the assignment filter {$DisplayName}" + Write-Verbose -Message "Getting the Intune Device and App Management Assignment Filter {$DisplayName}" $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` @@ -80,8 +80,10 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = @{ + DisplayName = $DisplayName + Ensure = 'Absent' + } try { @@ -89,7 +91,8 @@ function Get-TargetResource { $assignmentFilter = Get-MgDeviceManagementAssignmentFilter -DeviceAndAppManagementAssignmentFilterId $Identity -ErrorAction Stop } - elseif ($null -eq $assignmentFilter) + + if ($null -eq $assignmentFilter) { Write-Verbose -Message "No assignment filter with Identity {$Identity} was found." @@ -106,6 +109,7 @@ function Get-TargetResource } Write-Verbose -Message "Found assignment filter {$($assignmentFilter.displayName)}" + $returnHashtable = @{} $returnHashtable.Add('Identity', $assignmentFilter.Id) $returnHashtable.Add('DisplayName', $assignmentFilter.displayName) @@ -190,6 +194,8 @@ function Set-TargetResource $ManagedIdentity ) + Write-Verbose -Message "Setting the Intune Device and App Management Assignment Filter {$DisplayName}" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' @@ -294,6 +300,8 @@ function Test-TargetResource $ManagedIdentity ) + Write-Verbose -Message "Testing the Intune Device and App Management Assignment Filter {$DisplayName}" + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -394,6 +402,7 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } + foreach ($assignmentFilter in $assignmentFilters) { Write-Host " |---[$i/$($assignmentFilters.Count)] $($assignmentFilter.displayName)" -NoNewline From 685b8ba480b9f026db31a1a44fab58d1b154b7d9 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 16 Jan 2023 16:05:29 +0100 Subject: [PATCH 5/5] More improvements --- .../MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index 12b4fbafca..f7c59385dc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -89,13 +89,15 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Identity)) { - $assignmentFilter = Get-MgDeviceManagementAssignmentFilter -DeviceAndAppManagementAssignmentFilterId $Identity -ErrorAction Stop + Write-Verbose -Message "Checking if filter exists with identity {$Identity}." + $assignmentFilter = Get-MgDeviceManagementAssignmentFilter -DeviceAndAppManagementAssignmentFilterId $Identity -ErrorAction 'SilentlyContinue' } if ($null -eq $assignmentFilter) { Write-Verbose -Message "No assignment filter with Identity {$Identity} was found." + Write-Verbose -Message "Checking if filter exists with DisplayName {$DisplayName}." [array]$assignmentFilter = Get-MgDeviceManagementAssignmentFilter -All | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } if ($assignmentFilter.Length -gt 2) { @@ -325,6 +327,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Identity') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) `