search

microsoft / Intune-PowerShell-SDK

Native PowerShell support for invoking Microsoft Intune Graph API to enable IT Pro scenario automation.
MIT License
313 stars 77 forks source link

Error on New-MgDeviceManagementDeviceEnrollmentConfiguration #140

Closed LostLogic closed 1 year ago

LostLogic commented 1 year ago

I've been trying (and failing) to create a new Windows Hello for Business policy with the New-MgDeviceManagementDeviceEnrollmentConfiguration cmdlet.

Command #1:

$json = '{
        "@odata.type": "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
        "displayName": "Display Name value",
        "description": "Description value",
        "priority": 8,
        "version": 7,
        "pinMinimumLength": 0,
        "pinMaximumLength": 0,
        "pinUppercaseCharactersUsage": "required",
        "pinLowercaseCharactersUsage": "required",
        "pinSpecialCharactersUsage": "required",
        "state": "enabled",
        "securityDeviceRequired": true,
        "unlockWithBiometricsEnabled": true,
        "remotePassportEnabled": true,
        "pinPreviousBlockCount": 5,
        "pinExpirationInDays": 3,
        "enhancedBiometricsState": "enabled"
      }'

Command #2

New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $json

      $windowsHelloForBusiness = @{
        "@odata.type"= "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration"
        "pinMinimumLength" = 0
        "pinMaximumLength" = 0
        "pinUppercaseCharactersUsage" = "required"
        "pinLowercaseCharactersUsage" = "required"
        "pinSpecialCharactersUsage" = "required"
        "state" = "enabled"
        "securityDeviceRequired" = $true
        "unlockWithBiometricsEnabled" = $true
        "remotePassportEnabled" = $true
        "pinPreviousBlockCount" = 5
        "pinExpirationInDays" = 3
        "enhancedBiometricsState" = "enabled"
      }

New-MgDeviceManagementDeviceEnrollmentConfiguration -DisplayName "Display Name value" -Description "Description value" -Priority 8 -Version 7 -AdditionalProperties $windowsHelloForBusiness

Both commands return the same error:

New-MgDeviceManagementDeviceEnrollmentConfiguration_CreateExpanded: {
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 8bdd2bed-4e53-4725-9fb5-572f56631984 - Url: https://fef.msub06.manage.microsoft.com/StatelessOnboardingService/deviceManagement/deviceEnrollmentConfigurations?api-version=2022-12-05",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}

I'm authenticated with DeviceManagementServiceConfig.ReadWrite.All and DeviceManagementConfiguration.ReadWrite.All, so it shouldn't be a permission issue. I'm also able to return the already configured default Windows Hello for Business policy with Get-MgDeviceManagementDeviceEnrollmentConfiguration | Where-object -Property Description -like -Value "*Windows Hello*"

Am I doing something wrong, or have I hit a bug somewhere?

Edit: Fix formatting in post

The licensing level of my tenant is E3.

LostLogic commented 1 year ago

Wrong Git repo, sorry