Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/IntuneSecurityBaselineMicrosoftEdge: Not deploying correctly #5378

Closed
ricmestre opened this issue Nov 11, 2024 · 3 comments · Fixed by #5382 or #5397
Closed

IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/IntuneSecurityBaselineMicrosoftEdge: Not deploying correctly #5378

ricmestre opened this issue Nov 11, 2024 · 3 comments · Fixed by #5382 or #5397

Comments

@ricmestre
Copy link
Contributor

ricmestre commented Nov 11, 2024
edited
Loading

Description of the issue

I had tests that worked correctly but on latest version they're not anymore, these 2 resources deploy without errors but looking at the verbose logs looks like not all properties are being sent in the request and then Test-DscConfiguration then returns false. Check the 2 attached configuration for both these resources, and the properties that seem to be missing from the request, even though most likely there are more missing but I didn't bother to check.

IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy-IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy_1 -> PasswordAgeDays_AAD
IntuneSecurityBaselineMicrosoftEdge-IntuneSecurityBaselineMicrosoftEdge_1 -> authschemes, MicrosoftEdge_HTTPAuthentication_AuthSchemes

Additionally I also have 5 IntuneDeviceConfigurationCustomPolicyWindows10 policies and one of them somehow stopped working for some random reason, this is super frustrating.

Microsoft 365 DSC Version

1.24.1106.3

Which workloads are affected

Intune

The DSC configuration

IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy-IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy_1"
        {
            AdministratorAccountName = "Administrator";
            ApplicationId            = $IntuneApplicationId;
            Assignments              = @(
                MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                    groupDisplayName = 'DummyGroupExclude'
                }
                MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    deviceAndAppManagementAssignmentFilterType = 'include'
                    deviceAndAppManagementAssignmentFilterId = 'd10a0779-7e0b-496f-81a2-f098aa09675f'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                    groupDisplayName = 'DummyGroupInclude'
                }
            );
            BackupDirectory          = 1;
            CertificateThumbprint    = $IntuneCertThumbprint;
            Description              = "My revised description";
            DisplayName              = "IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy_1";
            Ensure                   = "Present";
            Identity                 = "cf9b4992-e9cb-4ba0-b657-54977e65cf3a";
            PasswordAgeDays_AAD      = 20;
            TenantId                 = $OrganizationName;
        }
-------------------------------------------------------------------------------------------------------------------------
        IntuneSecurityBaselineMicrosoftEdge "IntuneSecurityBaselineMicrosoftEdge-IntuneSecurityBaselineMicrosoftEdge_1"
        {
            ApplicationId                                           = $IntuneApplicationId;
            Assignments                                             = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupDisplayName = 'DummyGroupExclude'
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    groupId = '053dc89a-be83-411a-bad3-909904b7239e'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    groupDisplayName = 'DummyGroupInclude'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'b0b8fd3f-af2a-453b-be57-80182d599f02'
                }
            );
            authschemes                                             = "ntlm,negotiate";
            BasicAuthOverHttpEnabled                                = "0";
            BrowserLegacyExtensionPointsBlockingEnabled             = "1";
            CertificateThumbprint                                   = $IntuneCertThumbprint;
            Description                                             = "IntuneSecurityBaselineMicrosoftEdge_1";
            DisplayName                                             = "IntuneSecurityBaselineMicrosoftEdge_1";
            EdgeEnhanceImagesEnabled                                = "0";
            Ensure                                                  = "Present";
            ExtensionInstallBlocklist                               = "1";
            ExtensionInstallBlocklistDesc                           = @("*");
            Id                                                      = "4c45142a-87b4-4b36-8680-217c0e694780";
            InsecurePrivateNetworkRequestsAllowed                   = "0";
            InternetExplorerIntegrationReloadInIEModeAllowed        = "0";
            InternetExplorerIntegrationZoneIdentifierMhtFileAllowed = "0";
            InternetExplorerModeToolbarButtonEnabled                = "0";
            MicrosoftEdge_HTTPAuthentication_AuthSchemes            = "1";
            NativeMessagingUserLevelHosts                           = "0";
            PreventSmartScreenPromptOverride                        = "1";
            PreventSmartScreenPromptOverrideForFiles                = "1";
            RoleScopeTagIds                                         = @("0");
            SharedArrayBufferUnrestrictedAccessAllowed              = "0";
            SitePerProcess                                          = "1";
            SmartScreenEnabled                                      = "1";
            SmartScreenPuaEnabled                                   = "1";
            SSLErrorOverrideAllowed                                 = "0";
            TenantId                                                = $OrganizationName;
            TyposquattingCheckerEnabled                             = "1";
            WebSQLAccess                                            = "0";
        }

Verbose logs showing the problem

N/A

Environment Information + PowerShell Version

Win11/PS5.1
@ricmestre
Copy link
Contributor Author

@FabienTschanz Could you please check this?

@FabienTschanz
Copy link
Contributor

@ricmestre On it. I'm confused because the first resource works with my test script but not with the DSC module...

@FabienTschanz
Copy link
Contributor

Got the first problem (same as before, upper vs lower-case property naming...). Now tackling the second one, this one seems more complicated.

@FabienTschanz FabienTschanz mentioned this issue Nov 11, 2024
Merged
@ykuijs ykuijs mentioned this issue Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@FabienTschanz @ricmestre