Open titlerequired opened 11 months ago
Could you please share your configuration for this resource?
`# Generated with Microsoft365DSC version 1.23.712.1
param ( )
Configuration ExchangeOnline { param ( )
$OrganizationName = $ConfigurationData.NonNodeData.OrganizationName
Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.23.726.1'
Node localhost
{
EXOTransportRule "EXOTransportRule-Incident Rule"
{
ApplicationId = $ConfigurationData.NonNodeData.ApplicationId;
ApplyOME = $False;
AttachmentHasExecutableContent = $False;
AttachmentIsPasswordProtected = $False;
AttachmentIsUnsupported = $False;
AttachmentProcessingLimitExceeded = $False;
CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
DeleteMessage = $False;
Ensure = "Present";
ExceptIfAttachmentHasExecutableContent = $False;
ExceptIfAttachmentIsPasswordProtected = $False;
ExceptIfAttachmentIsUnsupported = $False;
ExceptIfAttachmentProcessingLimitExceeded = $False;
ExceptIfHasNoClassification = $False;
ExceptIfHasSenderOverride = $False;
From = @("email address");
GenerateIncidentReport = "email address";
HasNoClassification = $False;
HasSenderOverride = $False;
IncidentReportContent = @("Sender","Recipients","Subject","Cc","Bcc","Severity","Override","RuleDetections","FalsePositive","DataClassifications","IdMatch","AttachOriginalMail");
MessageContainsDataClassifications = "{id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}";
Mode = "Enforce";
ModerateMessageByManager = $False;
Name = "Incident Rule";
Priority = 2;
Quarantine = $False;
RecipientAddressType = "Resolved";
RemoveOME = $False;
RemoveOMEv2 = $False;
RemoveRMSAttachmentEncryption = $False;
RouteMessageOutboundRequireTls = $False;
RuleErrorAction = "Ignore";
RuleSubType = "None";
SenderAddressLocation = "Header";
StopRuleProcessing = $False;
TenantId = $OrganizationName;
}
}
}
ExchangeOnline -ConfigurationData .\ConfigurationData.psd1 `
Details of the scenario you tried and the problem that is occurring
Creating a transport rule of incident type, with sensitive content (in this case UK National Insurance number) fails to deploy via DSC.
Verbose logs showing the problem
[2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Starting M365 DSC Configuration Deployment [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Environment to be deployed: ExchangeOnline [2023-08-02 16:19:44] - *** [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Switching to path: C:\DSC\Source\EXO\ExchangeOnline [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking for presence of specified environment [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking for presence of Microsoft365Dsc module and all required modules [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking Microsoft365Dsc version [2023-08-02 16:19:44] - Required version: 1.23.726.1 [2023-08-02 16:19:44] - Installed version: 1.23.726.1 [2023-08-02 16:19:44] - Correct version installed, continuing. [2023-08-02 16:19:44] - Checking Module Dependencies [2023-08-02 16:19:47] - Removing Outdated Module Dependencies Checking Microsoft.Graph.Authentication [2023-08-02 16:19:50] - Modules installed successfully! [2023-08-02 16:19:50] - [2023-08-02 16:19:50] - Running deployment of MOF file for environment 'ExchangeOnline' VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer DSC01 with user sid S-1-5-21-465688729-242061073-1727629817-1001. VERBOSE: [DSC01]: LCM: [ Start Set ] VERBOSE: [DSC01]: LCM: [ Start Resource ] [[EXOTransportRule]EXOTransportRule-Incident Rule] VERBOSE: [DSC01]: LCM: [ Start Test ] [[EXOTransportRule]EXOTransportRule-Incident Rule] VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Testing Transport Rule configuration for Incident Rule VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Getting Transport Rule configuration for Incident Rule VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule Incident Rule does not exist. VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Current Values: ApplicationId=* ApplyOME=False AttachmentHasExecutableContent=False AttachmentIsPasswordProtected=False AttachmentIsUnsupported=False AttachmentProcessingLimitExceeded=False CertificateThumbprint= DeleteMessage=False Ensure=Absent ExceptIfAttachmentHasExecutableContent=False ExceptIfAttachmentIsPasswordProtected=False ExceptIfAttachmentIsUnsupported=False ExceptIfAttachmentProcessingLimitExceeded=False ExceptIfHasNoClassification=False ExceptIfHasSenderOverride=False From=(M365DSCAlerts@
GenerateIncidentReport=
HasNoClassification=False
HasSenderOverride=False
IncidentReportContent=(Sender,Recipients,Subject,Cc,Bcc,Severity,Override,RuleDetections,FalsePositive,DataClassifications,IdMatch,AttachOriginalMail)
MessageContainsDataClassifications=({id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1,
maxCount:Infinity, minConfidence:Recommended, maxConfidence:100})
Mode=Enforce
ModerateMessageByManager=False
Name=Incident Rule
Priority=2
Quarantine=False
RecipientAddressType=Resolved
RemoveOME=False
RemoveOMEv2=False
RemoveRMSAttachmentEncryption=False
RouteMessageOutboundRequireTls=False
RuleErrorAction=Ignore
RuleSubType=None
SenderAddressLocation=Header
StopRuleProcessing=False
TenantId=
Verbose=True
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Target Values: ApplicationId=
ApplyOME=False
AttachmentHasExecutableContent=False
AttachmentIsPasswordProtected=False
AttachmentIsUnsupported=False
AttachmentProcessingLimitExceeded=False
CertificateThumbprint=
DeleteMessage=False
Ensure=Present
ExceptIfAttachmentHasExecutableContent=False
ExceptIfAttachmentIsPasswordProtected=False
ExceptIfAttachmentIsUnsupported=False
ExceptIfAttachmentProcessingLimitExceeded=False
ExceptIfHasNoClassification=False
ExceptIfHasSenderOverride=False
From=(M365DSCAlerts@
GenerateIncidentReport=
HasNoClassification=False
HasSenderOverride=False
IncidentReportContent=(Sender,Recipients,Subject,Cc,Bcc,Severity,Override,RuleDetections,FalsePositive,DataClassifications,IdMatch,AttachOriginalMail)
MessageContainsDataClassifications=({id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1,
maxCount:Infinity, minConfidence:Recommended, maxConfidence:100})
Mode=Enforce
ModerateMessageByManager=False
Name=Incident Rule
Priority=2
Quarantine=False
RecipientAddressType=Resolved
RemoveOME=False
RemoveOMEv2=False
RemoveRMSAttachmentEncryption=False
RouteMessageOutboundRequireTls=False
RuleErrorAction=Ignore
RuleSubType=None
SenderAddressLocation=Header
StopRuleProcessing=False
TenantId=***
Verbose=True
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Test-TargetResource returned False
VERBOSE: [DSC01]: LCM: [ End Test ] [[EXOTransportRule]EXOTransportRule-Incident Rule] in 16.8180 seconds.
VERBOSE: [DSC01]: LCM: [ Start Set ] [[EXOTransportRule]EXOTransportRule-Incident Rule]
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Setting Transport Rule configuration for Incident Rule
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Getting Transport Rule configuration for Incident Rule
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule Incident Rule does not exist.
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule 'Incident Rule' does not exist but it should. Create and configure it.
Cannot process argument transformation on parameter 'MessageContainsDataClassifications'. Cannot convert the "{id:'U.K. National Insurance Number (NINO)',
guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}" value of type
"System.String" to type "System.Collections.Hashtable".
VERBOSE: [DSC01]: LCM: [ End Set ] [[EXOTransportRule]EXOTransportRule-Incident Rule] in 1.3900 seconds. The PowerShell DSC resource '[EXOTransportRule]EXOTransportRule-Incident Rule' with SourceInfo 'C:\DSC\Source\EXO\EXO-02-08-23-2-config.ps1::17::9::EXOTransportRule' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
VERBOSE: [DSC01]: LCM: [ End Set ] The SendConfigurationApply function did not succeed.
VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 19.219 seconds [2023-08-02 16:20:09] - [2023-08-02 16:20:09] - [2023-08-02 16:20:09] - **** [2023-08-02 16:20:09] - Deployment results [2023-08-02 16:20:09] - **** [2023-08-02 16:20:09] - MOF Deployment Succeeded!
Suggested solution to the issue
Unknown - issue relates to hashtable in the configuration being read as a string.
The operating system the target node is running
OsName : Microsoft Windows 10 Pro OsOperatingSystemSKU : 48 OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406 OsLanguage : en-US OsMuiLanguages : {en-US}
Version of the DSC module that was used ('dev' if using current dev branch)
1.23.726.1