Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneExploitProtectionPolicyWindows10SettingCatalog: Cannot update exploitprotectionsettings after deployment or delete policy #3962

Closed
ricmestre opened this issue Nov 29, 2023 · 0 comments · Fixed by #4365 or #4387
Closed

IntuneExploitProtectionPolicyWindows10SettingCatalog: Cannot update exploitprotectionsettings after deployment or delete policy #3962

ricmestre opened this issue Nov 29, 2023 · 0 comments · Fixed by #4365 or #4387
Labels
Bug Something isn't working Intune V1.23.1122.1 Version 1.23.1122.1

Comments

@ricmestre
Copy link
Contributor

Description of the issue

Having an existing export I was able to import into another tenant without issues, but trying to change the XML inside exploitprotectionsettings will then try to update the policy and no errors are returned, nevertheless the XML in the policy is actually never updated and of course Test-DSCConfiguration reports that resource is in non-desired state.

Furthermore, if I try to remove the policy it also results in yet another problem:

[ResourceNotFound] : {                                                                                                                                                                                               "_version": 3,                                                                                                                                                                                                     "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 5c375cff-9cf7-4d59-b83a-7aae8f2c7591 - Url: https://fef.msub07.manage.microsoft.com /DeviceConfigV2/DCV2GraphService/de147310-ffff-6437-1134-112301274862/deviceManagement/configurationPolicies('130539f6-2be7-4dbc-a58e-ed638cadb186')?api-version=5023-08-14",                                        "CustomApiErrorPhrase": "",                                                                                                                                                                                        "RetryAfter": null,                                                                                                                                                                                                "ErrorSourceService": "",                                                                                                                                                                                          "HttpHeaders": "{}"                                                                                                                                                                                              }                                                                                                                                                                                                                      + CategoryInfo          : InvalidOperation: ({ DeviceManagem...6, IfMatch =  }:) [], CimException                                                                                                                  + FullyQualifiedErrorId : ResourceNotFound,Microsoft.Graph.Beta.PowerShell.Cmdlets.RemoveMgBetaDeviceManagementConfigurationPolicy_Delete                                                                          + PSComputerName        : localhost

Microsoft 365 DSC Version

1.23.1122.1

Which workloads are affected

other

The DSC configuration

# Generated with Microsoft365DSC version 1.23.1122.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
    [parameter()]
    [System.Management.Automation.PSCredential]
    $Credential
)

Configuration IntuneExploitProtectionPolicyWindows10SettingCatalog
{
    param (
        [parameter()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    if ($null -eq $Credential)
    {
        <# Credentials #>
        $Credscredential = Get-Credential -Message "Credentials"

    }
    else
    {
        $CredsCredential = $Credential
    }

    $OrganizationName = $CredsCredential.UserName.Split('@')[1]

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.23.1122.1'

    Node localhost
    {
        IntuneExploitProtectionPolicyWindows10SettingCatalog "IntuneExploitProtectionPolicyWindows10SettingCatalog-IntuneExploitProtectionPolicyWindows10SettingCatalog_1"
        {
            Assignments                    = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
            );
            Credential                        = $CredsCredential;
            disallowexploitprotectionoverride = "1";
            DisplayName                       = "IntuneExploitProtectionPolicyWindows10SettingCatalog_1";
            Ensure                            = "Present";
            exploitprotectionsettings         = "<?xml version=`"1.0`" encoding=`"UTF-8`"?>
<MitigationPolicy>
  <AppConfig Executable=`"AcroRd32.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"AcroRd32Info.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"clview.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"cnfnot32.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"excel.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"excelcnv.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ExtExport.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"graph.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ie4uinit.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ieinstal.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ielowutil.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ieUnatt.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"iexplore.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"lync.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msaccess.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"mscorsvw.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"msfeedssync.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"mshta.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msoadfsb.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msoasb.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msohtmed.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msosrec.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msoxmled.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"mspub.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"msqry32.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"MsSense.exe`">
    <StrictHandle Enable=`"true`" />
    <SEHOP Enable=`"true`" TelemetryOnly=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"ngen.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"ngentask.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"onenote.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"onenotem.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"orgchart.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"outlook.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"powerpnt.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"PresentationHost.exe`">
    <DEP Enable=`"true`" EmulateAtlThunks=`"false`" />
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" BottomUp=`"true`" HighEntropy=`"true`" />
    <SEHOP Enable=`"true`" TelemetryOnly=`"false`" />
    <Heap TerminateOnError=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"PrintDialog.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"RdrCEF.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"RdrServicesUpdater.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"runtimebroker.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"scanost.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"scanpst.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"sdxhelper.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"selfcert.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"setlang.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"SystemSettings.exe`">
    <ExtensionPoints DisableExtensionPoints=`"true`" />
  </AppConfig>
  <AppConfig Executable=`"winword.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
  <AppConfig Executable=`"wordconv.exe`">
    <ASLR ForceRelocateImages=`"true`" RequireInfo=`"false`" />
  </AppConfig>
</MitigationPolicy>"
            Identity                          = "130539f6-2be7-4dbc-a58e-ed638cadb186";
        }
    }
}

IntuneExploitProtectionPolicyWindows10SettingCatalog -ConfigurationData .\ConfigurationData.psd1 -Credential $Credential

Verbose logs showing the problem

N/A

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, pt-PT}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2428
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2428
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune V1.23.1122.1 Version 1.23.1122.1
Projects
None yet
Milestone
No milestone
2 participants
@andikrueger @ricmestre