Adding Intune as a resource from the Whitepaper configuration

[Ruthhl3ss]

Description of the issue

Hello,

I have an issue with adding Intune as a resource for Microsoft 365 DSC. I have used the whitepaper to set everything up. That all worked.

After that, I wanted to add Intune as a resource. So I did the following:

In the Data file I added a AppCredential for the workload "Intune" (Removed details for obvious reasons)

@{ AllNodes = @( @{ NodeName = 'localhost' CertificateFile = '.\DSCCertificate.cer' PsDscAllowPlainTextPassword = $true PsDscAllowDomainUser = $true } ) NonNodeData = @{ Environment = @{ Name = '' ShortName = '' TenantId = '..com' OrganizationName = '..com' } AppCredentials = @( @{ Workload = 'Exchange' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Office365' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'PowerPlatform' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'SecurityCompliance' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'SharePoint' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Teams' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Intune' ApplicationId = '' CertThumbprint = '' } )

Next, I added a folder in M365Config/0.0.1 called Intune and added these files:

Intune.psd1

`@{ RootModule = 'Intune.schema.psm1'

ModuleVersion        = '0.0.1'

GUID                 = '20bXXXXX-075b-4881-ba20-53b3b7a9aca8'

Author               = 'Yorick Kuijs'

CompanyName          = 'Microsoft'

Copyright            = 'Copyright to Microsoft Corporation. All rights reserved.'

#RequiredModules      = @(
#    @{ ModuleName = 'xPSDesiredStateConfiguration'; ModuleVersion = '8.4.0.0' }
#)

DscResourcesToExport = @('Intune')

}`

Intune.schema.psm1

`Configuration Intune { param ( [Parameter()] [PSCredential] $Credential,

    [Parameter()]
    [System.String]
    $ApplicationId,

    [Parameter()]
    [System.String]
    $TenantId,

    [Parameter()]
    [System.String]
    $Thumbprint
)

Import-DscResource -ModuleName Microsoft365DSC

$paramCount = ($PSBoundParameters.GetEnumerator() | Where-Object -FilterScript { $_.Key -in 'ApplicationId', 'TenantId', 'Thumbprint' }).Count
if ($paramCount -gt 0 -and $paramCount -lt 3)
{
    throw "Please specify ApplicationId, TenantId and Thumbprint"
}

IntuneASRRulesPolicyWindows10 'myASRRulesPolicy'
{
    DisplayName                                     = 'test'
    AdditionalGuardedFolders                        = @()
    AdobeReaderLaunchChildProcess                   = 'auditMode'
    AdvancedRansomewareProtectionType               = 'enable'
    Assignments                                     = @()
    AttackSurfaceReductionExcludedPaths             = @('c:\Novo')
    BlockPersistenceThroughWmiType                  = 'auditMode'
    Description                                     = ''
    EmailContentExecutionType                       = 'auditMode'
    GuardedFoldersAllowedAppPaths                   = @()
    GuardMyFoldersType                              = 'enable'
    OfficeAppsExecutableContentCreationOrLaunchType = 'block'
    OfficeAppsLaunchChildProcessType                = 'auditMode'
    OfficeAppsOtherProcessInjectionType             = 'block'
    OfficeCommunicationAppsLaunchChildProcess       = 'auditMode'
    OfficeMacroCodeAllowWin32ImportsType            = 'block'
    PreventCredentialStealingType                   = 'enable'
    ProcessCreationType                             = 'userDefined' # Updated Property
    ScriptDownloadedPayloadExecutionType            = 'block'
    ScriptObfuscatedMacroCodeType                   = 'block'
    UntrustedExecutableType                         = 'block'
    UntrustedUSBProcessType                         = 'block'
    Ensure                                          = 'Present'
}

} `

In the M365Configuration.ps1, I added the credentials for Intune:

$intuneAppCreds = $ConfigurationData.NonNodeData.AppCredentials | Where-Object -FilterScript { $_.Workload -eq 'Intune' }

Intune 'Intune_Configuration' { Credential = $Credentials.Intune ApplicationId = $intuneAppCreds.ApplicationId TenantId = $ConfigurationData.NonNodeData.Environment.TenantId Thumbprint = $intuneAppCreds.CertThumbprint }

The build.ps1 file runs fine. It created the MOF file and it holds the Intune configuration data. So, it is compiling the Intune.psd1 and intune.schema.psm1 files. But when I run the deploy.ps1 it states that it can't logon to apply the configuration:

[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] VERBOSE: [SANDBOXHOST-638]: LCM: [ Start Test ]
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] VERBOSE: [SANDBOXHOST-638]:
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] Testing configuration of Endpoint Protection Attack Surface Protection rules Policy {test} VERBOSE: [SANDBOXHOST-638]:
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {test} VERBOSE: [SANDBOXHOST-638]: LCM: [ End Test ]
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] in 0.7500 seconds. PowerShell DSC resource MSFT_IntuneASRRulesPolicyWindows10 failed to execute Test-TargetResource functionality with error message: You must specify either the Credential or ApplicationId, TenantId and CertificateThumbprint parameters.

• CategoryInfo : InvalidOperation: (:) [], CimException
• FullyQualifiedErrorId : ProviderOperationExecutionFailure
• PSComputerName : localhost

What did I not configure correctly?

Microsoft 365 DSC Version

1.24.313.1

Which workloads are affected

other

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response

[Ruthhl3ss]

I added these lines to the policy:

It looks like it deployed:

But, It throws this error:

Thanks.

[Ruthhl3ss]

It does set the setting:

But, why does it throw the error?

Thanks!

[Ruthhl3ss]

this is no longer needed. I solved this in a new version of MIcrosoft 365 Dsc.