MSEndpointMgr / Intune

Microsoft Intune scripts
MIT License
657 stars 245 forks source link

Get-IntuneManagedDeviceBitLockerKeyPresence.ps1 failing #36

Open Rocketcandy opened 3 years ago

Rocketcandy commented 3 years ago

https://github.com/MSEndpointMgr/Intune/blob/master/Security/Get-IntuneManagedDeviceBitLockerKeyPresence.ps1

The GraphAPI has had a change so there are a couple of things I had to change to fix this. Should I submit my changes below: Line 175 should be this: $TokenExpireMins = (([datetime]$Headers["ExpiresOn"]).ToUniversalTime() - $UTCDateTime).Minutes It wasn't converting ExpiresOn to UTC time so any comparison that happened would end up in the past.

Line 335: $BitLockerRecoveryKeys = Invoke-MSGraphOperation -Get -APIVersion "Beta" -Resource "informationProtection/bitlocker/recoveryKeys?`$select=id,createdDateTime,deviceId" -Headers $AuthenticationHeader -Verbose:$VerbosePreference

used to have the -Resource start as just bitlocker/ needed to add in informationProtection/bitlocker

After changing those it works again.

patthew commented 2 years ago

Wish I'd checked the issues before I spent an hour trying to figure out why my token was expired! I resolved by changing line 315 to: "ExpiresOn" = $AccessToken.ExpiresOn.UtcDateTime

Line 335 seems to work as of this date, but now I'm curious to try your version

adelamora-vtsf commented 1 year ago

I cannot use this script, it returns errors on both getting the auth token, and retrieving data. At first I get this error: See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

When I modify the script to provide a client secret, I then get this error:

VERBOSE: GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys?$select=id,createdDateTime,deviceId VERBOSE: Existing token found but has expired, requesting a new token WARNING: Unhandled error occurred in function. Error message: You cannot call a method on a null-valued expression. VERBOSE: GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=operatingSystem eq 'Windows'&select=azureADDeviceId&$select=deviceName,id,azureADDeviceId VERBOSE: Existing token found but has expired, requesting a new token WARNING: Unhandled error occurred in function. Error message: You cannot call a method on a null-valued expression.