andikrueger
commented
11 months ago Could you please share your configuration for this resource?
Open titlerequired opened 11 months ago
andikrueger
commented
11 months ago Could you please share your configuration for this resource?
titlerequired
commented
11 months ago `# Generated with Microsoft365DSC version 1.23.712.1
param ( )
Configuration ExchangeOnline { param ( )
$OrganizationName = $ConfigurationData.NonNodeData.OrganizationName
Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.23.726.1'
Node localhost
{
EXOTransportRule "EXOTransportRule-Incident Rule"
{
ApplicationId = $ConfigurationData.NonNodeData.ApplicationId;
ApplyOME = $False;
AttachmentHasExecutableContent = $False;
AttachmentIsPasswordProtected = $False;
AttachmentIsUnsupported = $False;
AttachmentProcessingLimitExceeded = $False;
CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
DeleteMessage = $False;
Ensure = "Present";
ExceptIfAttachmentHasExecutableContent = $False;
ExceptIfAttachmentIsPasswordProtected = $False;
ExceptIfAttachmentIsUnsupported = $False;
ExceptIfAttachmentProcessingLimitExceeded = $False;
ExceptIfHasNoClassification = $False;
ExceptIfHasSenderOverride = $False;
From = @("email address");
GenerateIncidentReport = "email address";
HasNoClassification = $False;
HasSenderOverride = $False;
IncidentReportContent = @("Sender","Recipients","Subject","Cc","Bcc","Severity","Override","RuleDetections","FalsePositive","DataClassifications","IdMatch","AttachOriginalMail");
MessageContainsDataClassifications = "{id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}";
Mode = "Enforce";
ModerateMessageByManager = $False;
Name = "Incident Rule";
Priority = 2;
Quarantine = $False;
RecipientAddressType = "Resolved";
RemoveOME = $False;
RemoveOMEv2 = $False;
RemoveRMSAttachmentEncryption = $False;
RouteMessageOutboundRequireTls = $False;
RuleErrorAction = "Ignore";
RuleSubType = "None";
SenderAddressLocation = "Header";
StopRuleProcessing = $False;
TenantId = $OrganizationName;
}
}}
ExchangeOnline -ConfigurationData .\ConfigurationData.psd1 `
Details of the scenario you tried and the problem that is occurring
Creating a transport rule of incident type, with sensitive content (in this case UK National Insurance number) fails to deploy via DSC.
Verbose logs showing the problem
[2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Starting M365 DSC Configuration Deployment [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Environment to be deployed: ExchangeOnline [2023-08-02 16:19:44] - *** [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Switching to path: C:\DSC\Source\EXO\ExchangeOnline [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking for presence of specified environment [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking for presence of Microsoft365Dsc module and all required modules [2023-08-02 16:19:44] - [2023-08-02 16:19:44] - Checking Microsoft365Dsc version [2023-08-02 16:19:44] - Required version: 1.23.726.1 [2023-08-02 16:19:44] - Installed version: 1.23.726.1 [2023-08-02 16:19:44] - Correct version installed, continuing. [2023-08-02 16:19:44] - Checking Module Dependencies [2023-08-02 16:19:47] - Removing Outdated Module Dependencies Checking Microsoft.Graph.Authentication [2023-08-02 16:19:50] - Modules installed successfully! [2023-08-02 16:19:50] - [2023-08-02 16:19:50] - Running deployment of MOF file for environment 'ExchangeOnline' VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer DSC01 with user sid S-1-5-21-465688729-242061073-1727629817-1001. VERBOSE: [DSC01]: LCM: [ Start Set ] VERBOSE: [DSC01]: LCM: [ Start Resource ] [[EXOTransportRule]EXOTransportRule-Incident Rule] VERBOSE: [DSC01]: LCM: [ Start Test ] [[EXOTransportRule]EXOTransportRule-Incident Rule] VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Testing Transport Rule configuration for Incident Rule VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Getting Transport Rule configuration for Incident Rule VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule Incident Rule does not exist. VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Current Values: ApplicationId=* ApplyOME=False AttachmentHasExecutableContent=False AttachmentIsPasswordProtected=False AttachmentIsUnsupported=False AttachmentProcessingLimitExceeded=False CertificateThumbprint= DeleteMessage=False Ensure=Absent ExceptIfAttachmentHasExecutableContent=False ExceptIfAttachmentIsPasswordProtected=False ExceptIfAttachmentIsUnsupported=False ExceptIfAttachmentProcessingLimitExceeded=False ExceptIfHasNoClassification=False ExceptIfHasSenderOverride=False From=(M365DSCAlerts@
GenerateIncidentReport=
HasNoClassification=False
HasSenderOverride=False
IncidentReportContent=(Sender,Recipients,Subject,Cc,Bcc,Severity,Override,RuleDetections,FalsePositive,DataClassifications,IdMatch,AttachOriginalMail)
MessageContainsDataClassifications=({id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1,
maxCount:Infinity, minConfidence:Recommended, maxConfidence:100})
Mode=Enforce
ModerateMessageByManager=False
Name=Incident Rule
Priority=2
Quarantine=False
RecipientAddressType=Resolved
RemoveOME=False
RemoveOMEv2=False
RemoveRMSAttachmentEncryption=False
RouteMessageOutboundRequireTls=False
RuleErrorAction=Ignore
RuleSubType=None
SenderAddressLocation=Header
StopRuleProcessing=False
TenantId=
Verbose=True
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Target Values: ApplicationId=
ApplyOME=False
AttachmentHasExecutableContent=False
AttachmentIsPasswordProtected=False
AttachmentIsUnsupported=False
AttachmentProcessingLimitExceeded=False
CertificateThumbprint=
DeleteMessage=False
Ensure=Present
ExceptIfAttachmentHasExecutableContent=False
ExceptIfAttachmentIsPasswordProtected=False
ExceptIfAttachmentIsUnsupported=False
ExceptIfAttachmentProcessingLimitExceeded=False
ExceptIfHasNoClassification=False
ExceptIfHasSenderOverride=False
From=(M365DSCAlerts@
GenerateIncidentReport=
HasNoClassification=False
HasSenderOverride=False
IncidentReportContent=(Sender,Recipients,Subject,Cc,Bcc,Severity,Override,RuleDetections,FalsePositive,DataClassifications,IdMatch,AttachOriginalMail)
MessageContainsDataClassifications=({id:'U.K. National Insurance Number (NINO)', guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1,
maxCount:Infinity, minConfidence:Recommended, maxConfidence:100})
Mode=Enforce
ModerateMessageByManager=False
Name=Incident Rule
Priority=2
Quarantine=False
RecipientAddressType=Resolved
RemoveOME=False
RemoveOMEv2=False
RemoveRMSAttachmentEncryption=False
RouteMessageOutboundRequireTls=False
RuleErrorAction=Ignore
RuleSubType=None
SenderAddressLocation=Header
StopRuleProcessing=False
TenantId=***
Verbose=True
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Test-TargetResource returned False
VERBOSE: [DSC01]: LCM: [ End Test ] [[EXOTransportRule]EXOTransportRule-Incident Rule] in 16.8180 seconds.
VERBOSE: [DSC01]: LCM: [ Start Set ] [[EXOTransportRule]EXOTransportRule-Incident Rule]
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Setting Transport Rule configuration for Incident Rule
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Getting Transport Rule configuration for Incident Rule
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule Incident Rule does not exist.
VERBOSE: [DSC01]: [[EXOTransportRule]EXOTransportRule-Incident Rule] Transport Rule 'Incident Rule' does not exist but it should. Create and configure it.
Cannot process argument transformation on parameter 'MessageContainsDataClassifications'. Cannot convert the "{id:'U.K. National Insurance Number (NINO)',
guid:'16c07343-c26f-49d2-a987-3daf717e94cc', displayName:'U.K. National Insurance Number (NINO)', minCount:1, maxCount:Infinity, minConfidence:Recommended, maxConfidence:100}" value of type
"System.String" to type "System.Collections.Hashtable".
VERBOSE: [DSC01]: LCM: [ End Set ] [[EXOTransportRule]EXOTransportRule-Incident Rule] in 1.3900 seconds. The PowerShell DSC resource '[EXOTransportRule]EXOTransportRule-Incident Rule' with SourceInfo 'C:\DSC\Source\EXO\EXO-02-08-23-2-config.ps1::17::9::EXOTransportRule' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
VERBOSE: [DSC01]: LCM: [ End Set ] The SendConfigurationApply function did not succeed.
VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 19.219 seconds [2023-08-02 16:20:09] - [2023-08-02 16:20:09] - [2023-08-02 16:20:09] - **** [2023-08-02 16:20:09] - Deployment results [2023-08-02 16:20:09] - **** [2023-08-02 16:20:09] - MOF Deployment Succeeded!
Suggested solution to the issue
Unknown - issue relates to hashtable in the configuration being read as a string.
The operating system the target node is running
OsName : Microsoft Windows 10 Pro OsOperatingSystemSKU : 48 OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406 OsLanguage : en-US OsMuiLanguages : {en-US}
Version of the DSC module that was used ('dev' if using current dev branch)
1.23.726.1