Closed Ruthhl3ss closed 4 months ago
I added these lines to the policy:
It looks like it deployed:
But, It throws this error:
Thanks.
It does set the setting:
But, why does it throw the error?
Thanks!
this is no longer needed. I solved this in a new version of MIcrosoft 365 Dsc.
Description of the issue
Hello,
I have an issue with adding Intune as a resource for Microsoft 365 DSC. I have used the whitepaper to set everything up. That all worked.
After that, I wanted to add Intune as a resource. So I did the following:
In the Data file I added a AppCredential for the workload "Intune" (Removed details for obvious reasons)
@{ AllNodes = @( @{ NodeName = 'localhost' CertificateFile = '.\DSCCertificate.cer' PsDscAllowPlainTextPassword = $true PsDscAllowDomainUser = $true } ) NonNodeData = @{ Environment = @{ Name = '' ShortName = '' TenantId = '..com' OrganizationName = '..com' } AppCredentials = @( @{ Workload = 'Exchange' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Office365' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'PowerPlatform' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'SecurityCompliance' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'SharePoint' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Teams' ApplicationId = '' CertThumbprint = '' } @{ Workload = 'Intune' ApplicationId = '' CertThumbprint = '' } )
Next, I added a folder in M365Config/0.0.1 called Intune and added these files:
Intune.psd1
`@{ RootModule = 'Intune.schema.psm1'
}`
Intune.schema.psm1
`Configuration Intune { param ( [Parameter()] [PSCredential] $Credential,
} `
In the M365Configuration.ps1, I added the credentials for Intune:
$intuneAppCreds = $ConfigurationData.NonNodeData.AppCredentials | Where-Object -FilterScript { $_.Workload -eq 'Intune' }
Intune 'Intune_Configuration' { Credential = $Credentials.Intune ApplicationId = $intuneAppCreds.ApplicationId TenantId = $ConfigurationData.NonNodeData.Environment.TenantId Thumbprint = $intuneAppCreds.CertThumbprint }
The build.ps1 file runs fine. It created the MOF file and it holds the Intune configuration data. So, it is compiling the Intune.psd1 and intune.schema.psm1 files. But when I run the deploy.ps1 it states that it can't logon to apply the configuration:
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] VERBOSE: [SANDBOXHOST-638]: LCM: [ Start Test ]
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] VERBOSE: [SANDBOXHOST-638]:
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] Testing configuration of Endpoint Protection Attack Surface Protection rules Policy {test} VERBOSE: [SANDBOXHOST-638]:
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {test} VERBOSE: [SANDBOXHOST-638]: LCM: [ End Test ]
[[IntuneASRRulesPolicyWindows10]myASRRulesPolicy::[Intune]Intune_Configuration] in 0.7500 seconds. PowerShell DSC resource MSFT_IntuneASRRulesPolicyWindows10 failed to execute Test-TargetResource functionality with error message: You must specify either the Credential or ApplicationId, TenantId and CertificateThumbprint parameters.
What did I not configure correctly?
Microsoft 365 DSC Version
1.24.313.1
Which workloads are affected
other
The DSC configuration
No response
Verbose logs showing the problem
No response
Environment Information + PowerShell Version
No response