Merge branch 'Dev' into ref/migrate-laps-setting-catalog

FabienTschanz · Jun 26, 2024 · 8e845ed · 8e845ed
2 parents 335c47a + f01a57f
commit 8e845ed
Show file tree

Hide file tree

Showing 10 changed files with 426 additions and 56 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,16 +8,18 @@
   * Migrate to new settings catalog cmdlets.
 * IntuneDeviceManagementComplianceSettings
   * Initial Release.
+* IntuneDeviceRemediation
+  * Fix invalid assignment export and import.  
+    FIXES [#4726](https://github.com/microsoft/Microsoft365DSC/issues/4726)
 * M365DSCDRGUtil
   * Fixes an issue with the settings catalog property generation.
-* M365DSCUtil
-  * Fixes an issue where the comparison with null-valued desired value throws an error.
-* DEPENDENCIES
-  * Updated MSCloudLoginAssistant to version 1.1.18
-* M365DSCDRGUtil
   * Add `collectionId` export to `ConvertFrom-IntunePolicyAssignment`
   * Add handling for Intune assignments in `Compare-M365DSCComplexObject`
   * Fix issue with target handling in `Update-DeviceConfigurationPolicyAssignment`
+* M365DSCUtil
+  * Fixes an issue where the comparison with null-valued desired value throws an error.
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.1.18 
 * M365DSCResourceGenerator
   * Update CimInstance comparison template
 * MISC

diff --git a/...crosoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 b/...crosoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1
@@ -228,18 +228,33 @@ function Get-TargetResource
             AccessTokens                = $AccessTokens
             #endregion
         }
+
         $assignmentsValues = Get-MgBetaDeviceManagementDeviceHealthScriptAssignment -DeviceHealthScriptId $Id
         $assignmentResult = @()
-        foreach ($assignmentEntry in $AssignmentsValues)
+        foreach ($assignment in $assignmentsValues)
         {
-            $assignmentValue = @{
-                dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
-                deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)
-                    {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()})
-                deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
-                groupId = $assignmentEntry.Target.AdditionalProperties.groupId
+            if (-not [System.String]::IsNullOrEmpty($assignment.RunSchedule.AdditionalProperties.time))
+            {
+                $time = Get-Date -Format 'HH:mm:ss' -Date $assignment.RunSchedule.AdditionalProperties.time
+            }
+            else
+            {
+                $time = $null
+            }
+
+            $assignmentResult += @{
+                RunRemediationScript = $assignment.RunRemediationScript
+                RunSchedule = @{
+                    DataType = $assignment.RunSchedule.AdditionalProperties.'@odata.type'
+                    Date = $assignment.RunSchedule.AdditionalProperties.date
+                    Interval = $assignment.RunSchedule.Interval
+                    Time = $time
+                    UseUtc = $assignment.RunSchedule.AdditionalProperties.useUtc
+                }
+                Assignment = (ConvertFrom-IntunePolicyAssignment `
+                    -IncludeDeviceFilter:$true `
+                    -Assignments $assignment) | Select-Object -First 1
             }
-            $assignmentResult += $assignmentValue
         }
         $results.Add('Assignments', $assignmentResult)
 
@@ -397,14 +412,43 @@ function Set-TargetResource
         $assignmentsHash = @()
         foreach ($assignment in $Assignments)
         {
-            $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+            $assignmentTarget = ConvertTo-IntunePolicyAssignment -Assignments $assignment.Assignment
+            $runSchedule = $null
+            if ($null -ne $assignment.RunSchedule.DataType) {
+                $runSchedule = @{
+                    '@odata.type' = $assignment.RunSchedule.DataType
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Date))
+                {
+                    $runSchedule.Add('date', $assignment.RunSchedule.Date)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Interval))
+                {
+                    $runSchedule.Add('interval', $assignment.RunSchedule.Interval)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Time))
+                {
+                    $runSchedule.Add('time', $assignment.RunSchedule.Time)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.UseUtc))
+                {
+                    $runSchedule.Add('useUtc', $assignment.RunSchedule.UseUtc)
+                }
+            }
+            $assignmentsHash += @{
+                runRemediationScript = $assignment.RunRemediationScript
+                runSchedule = $runSchedule
+                target = $assignmentTarget.target
+            }
         }
 
-        if ($policy.id)
+        if ($policy.Id)
         {
-            Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
-                -Targets $assignmentsHash `
-                -Repository 'deviceManagement/deviceHealthScripts'
+            $uri = "/beta/deviceManagement/deviceHealthScripts/$($policy.Id)/assign"
+            $body = @{
+                deviceHealthScriptAssignments = $assignmentsHash
+            } | ConvertTo-Json -Depth 20
+            Invoke-MgGraphRequest -Method POST -Uri $uri -Body $body -ErrorAction Stop 4> $null
         }
         #endregion
     }
@@ -433,15 +477,44 @@ function Set-TargetResource
         Update-MgBetaDeviceManagementDeviceHealthScript  `
             -DeviceHealthScriptId $currentInstance.Id `
             -BodyParameter $UpdateParameters
+
         $assignmentsHash = @()
         foreach ($assignment in $Assignments)
         {
-            $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+            $assignmentTarget = ConvertTo-IntunePolicyAssignment -Assignments $assignment.Assignment
+            $runSchedule = $null
+            if ($null -ne $assignment.RunSchedule.DataType) {
+                $runSchedule = @{
+                    '@odata.type' = $assignment.RunSchedule.DataType
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Date))
+                {
+                    $runSchedule.Add('date', $assignment.RunSchedule.Date)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Interval))
+                {
+                    $runSchedule.Add('interval', $assignment.RunSchedule.Interval)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.Time))
+                {
+                    $runSchedule.Add('time', $assignment.RunSchedule.Time)
+                }
+                if (-not [string]::IsNullOrEmpty($assignment.RunSchedule.UseUtc))
+                {
+                    $runSchedule.Add('useUtc', $assignment.RunSchedule.UseUtc)
+                }
+            }
+            $assignmentsHash += @{
+                runRemediationScript = $assignment.RunRemediationScript
+                runSchedule = $runSchedule
+                target = $assignmentTarget.target
+            }
         }
-        Update-DeviceConfigurationPolicyAssignment `
-            -DeviceConfigurationPolicyId $currentInstance.id `
-            -Targets $assignmentsHash `
-            -Repository 'deviceManagement/deviceHealthScripts'
+        $uri = "/beta/deviceManagement/deviceHealthScripts/$($currentInstance.Id)/assign"
+        $body = @{
+            deviceHealthScriptAssignments = $assignmentsHash
+        } | ConvertTo-Json -Depth 20
+        Invoke-MgGraphRequest -Method POST -Uri $uri -Body $body -ErrorAction Stop 4> $null
         #endregion
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
@@ -582,27 +655,23 @@ function Test-TargetResource
     {
         $source = $PSBoundParameters.$key
         $target = $CurrentValues.$key
-        if ($source.getType().Name -like '*CimInstance*')
+        if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*')
         {
             $testResult = Compare-M365DSCComplexObject `
                 -Source ($source) `
                 -Target ($target)
 
-            if (-Not $testResult)
+            if (-not $testResult)
             {
-                $testResult = $false
                 break
             }
 
             $ValuesToCheck.Remove($key) | Out-Null
         }
     }
 
-    $ValuesToCheck.remove('Id') | Out-Null
-    $ValuesToCheck.Remove('Credential') | Out-Null
-    $ValuesToCheck.Remove('ApplicationId') | Out-Null
-    $ValuesToCheck.Remove('TenantId') | Out-Null
-    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
+    $ValuesToCheck.Remove('Id') | Out-Null
+    $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
@@ -755,8 +824,24 @@ function Export-TargetResource
             }
             if ($Results.Assignments)
             {
-                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
-                if ($complexTypeStringResult)
+                $complexMapping = @(
+                    @{
+                        Name = 'RunSchedule'
+                        CimInstanceName = 'IntuneDeviceRemediationRunSchedule'
+                        IsRequired = $false
+                    }
+                    @{
+                        Name = 'Assignment'
+                        CimInstanceName = 'DeviceManagementConfigurationPolicyAssignments'
+                        IsRequired = $true
+                    }
+                )
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.Assignments `
+                    -CIMInstanceName 'MSFT_IntuneDeviceRemediationPolicyAssignments' `
+                    -ComplexTypeMapping $complexMapping
+
+                if (-not [string]::IsNullOrEmpty($complexTypeStringResult))
                 {
                     $Results.Assignments = $complexTypeStringResult
                 }
@@ -780,7 +865,10 @@ function Export-TargetResource
             }
             if ($Results.Assignments)
             {
-                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true
+                $currentDSCBlock = (Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true).Replace("''", "'")
+                $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "Assignment = '\r\n                ", "Assignment = ")
+                $currentDSCBlock = $currentDSCBlock.Replace("RunSchedule = '", "RunSchedule = ").Replace("}'", "}")
+                $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "\r\n            '", "")
             }
 
             $dscContent += $currentDSCBlock

diff --git a/...t365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.schema.mof b/...t365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.schema.mof
@@ -8,7 +8,26 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments
     [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
     [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
 };
-[ClassVersion("1.0.0")]
+
+[ClassVersion("1.0.0.0")]
+class MSFT_IntuneDeviceRemediationRunSchedule
+{
+    [Write, Description("The type of the schedule."), ValueMap{"#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"}, Values{"#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"}] String dataType;
+    [Write, Description("The date when to run the schedule. Only applicable when the odataType is a run once schedule. Format: 2024-01-01")] String Date;
+    [Write, Description("The interval of the schedule. Must be 1 in case of a run once schedule.")] UInt32 Interval;
+    [Write, Description("The time when to run the schedule. Only applicable when the dataType is not an hourly schedule. Format: 01:00:00")] String Time;
+    [Write, Description("If to use UTC as the time source. Only applicable when the dataType is not an hourly schedule.")] Boolean UseUtc;
+};
+
+[ClassVersion("1.0.0.0")]
+class MSFT_IntuneDeviceRemediationPolicyAssignments
+{
+    [Write, Description("If the remediation script should be run.")] Boolean RunRemediationScript;
+    [Write, Description("The run schedule of the remediation."), EmbeddedInstance("MSFT_IntuneDeviceRemediationRunSchedule")] String RunSchedule;
+    [Write, Description("Represents the assignment of the schedule."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignment;
+};
+
+[ClassVersion("1.0.0.0")]
 class MSFT_MicrosoftGraphDeviceHealthScriptParameter
 {
     [Write, Description("Whether Apply DefaultValue When Not Assigned")] Boolean ApplyDefaultValueWhenNotAssigned;
@@ -35,8 +54,8 @@ class MSFT_IntuneDeviceRemediation : OMI_BaseResource
     [Write, Description("Indicate whether PowerShell script(s) should run as 32-bit")] Boolean RunAs32Bit;
     [Write, Description("Indicates the type of execution context. Possible values are: system, user."), ValueMap{"system","user"}, Values{"system","user"}] String RunAsAccount;
     [Key, Description("The unique identifier for an entity. Read-only.")] String Id;
-    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
-    [Write, Description("Present ensures the policy exists, absent ensures it is removed.")] string Ensure;
+    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_IntuneDeviceRemediationPolicyAssignments")] String Assignments[];
+    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
     [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;

diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceRemediation/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceRemediation/1-Create.ps1
@@ -16,9 +16,20 @@ Configuration Example
         IntuneDeviceRemediation 'ConfigureDeviceRemediation'
         {
             Assignments              = @(
-                MSFT_DeviceManagementConfigurationPolicyAssignments{
-                    deviceAndAppManagementAssignmentFilterType = 'none'
-                    dataType = '#microsoft.graph.allDevicesAssignmentTarget'
+                MSFT_IntuneDeviceRemediationPolicyAssignments{
+                    RunSchedule = MSFT_IntuneDeviceRemediationRunSchedule{
+                        Date = '2024-01-01'
+                        Time = '01:00:00'
+                        Interval = 1
+                        DataType = '#microsoft.graph.deviceHealthScriptRunOnceSchedule'
+                        UseUtc = $False
+                    }
+                    RunRemediationScript = $False
+                    Assignment = MSFT_DeviceManagementConfigurationPolicyAssignments{
+                        deviceAndAppManagementAssignmentFilterType = 'none'
+                        dataType = '#microsoft.graph.groupAssignmentTarget'
+                        groupId = '11111111-1111-1111-1111-111111111111'
+                    }
                 }
             );
             Credential               = $Credscredential

diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceRemediation/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceRemediation/2-Update.ps1
@@ -16,9 +16,20 @@ Configuration Example
         IntuneDeviceRemediation 'ConfigureDeviceRemediation'
         {
             Assignments              = @(
-                MSFT_DeviceManagementConfigurationPolicyAssignments{
-                    deviceAndAppManagementAssignmentFilterType = 'none'
-                    dataType = '#microsoft.graph.allDevicesAssignmentTarget'
+                MSFT_IntuneDeviceRemediationPolicyAssignments{
+                    RunSchedule = MSFT_IntuneDeviceRemediationRunSchedule{
+                        Date = '2024-01-01'
+                        Time = '01:00:00'
+                        Interval = 1
+                        DataType = '#microsoft.graph.deviceHealthScriptRunOnceSchedule'
+                        UseUtc = $False
+                    }
+                    RunRemediationScript = $False
+                    Assignment = MSFT_DeviceManagementConfigurationPolicyAssignments{
+                        deviceAndAppManagementAssignmentFilterType = 'none'
+                        dataType = '#microsoft.graph.groupAssignmentTarget'
+                        groupId = '11111111-1111-1111-1111-111111111111'
+                    }
                 }
             );
             Credential               = $Credscredential

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
@@ -1167,7 +1167,7 @@ function ConvertTo-IntunePolicyAssignment
         }
     }
 
-    return $assignmentResult
+    return ,$assignmentResult
 }
 
 function Compare-M365DSCIntunePolicyAssignment

diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json
@@ -29349,6 +29349,56 @@
                            }
                        ]
     },
+    {
+        "ClassName":  "MSFT_IntuneDeviceRemediationRunSchedule",
+        "Parameters":  [
+                           {
+                               "CIMType":  "String",
+                               "Name":  "dataType",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "Date",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "UInt32",
+                               "Name":  "Interval",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "Time",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "UseUtc",
+                               "Option":  "Write"
+                           }
+                       ]
+    },
+    {
+        "ClassName":  "MSFT_IntuneDeviceRemediationPolicyAssignments",
+        "Parameters":  [
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "RunRemediationScript",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_IntuneDeviceRemediationRunSchedule",
+                               "Name":  "RunSchedule",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_DeviceManagementConfigurationPolicyAssignments",
+                               "Name":  "Assignment",
+                               "Option":  "Write"
+                           }
+                       ]
+    },
     {
         "ClassName":  "MSFT_MicrosoftGraphDeviceHealthScriptParameter",
         "Parameters":  [
@@ -29453,7 +29503,7 @@
                                "Option":  "Key"
                            },
                            {
-                               "CIMType":  "MSFT_DeviceManagementConfigurationPolicyAssignments[]",
+                               "CIMType":  "MSFT_IntuneDeviceRemediationPolicyAssignments[]",
                                "Name":  "Assignments",
                                "Option":  "Write"
                            },
-Original file line number
+Diff line change
@@ Expand Up / @@ -1167,7 +1167,7 @@ function ConvertTo-IntunePolicyAssignment @@
             }
         }
-        return $assignmentResult
+        return ,$assignmentResult
     }
     function Compare-M365DSCIntunePolicyAssignment
@@ Expand Down @@