Closed ricmestre closed 1 month ago
Creating the policy with DSC results in TemplateReference tree to be completely empty and therefore the filter in Get-TargetResource cannot find the policy and the test fails so that's why it keeps creating new "vanilla" settings catalog policies.
Whereas if I create the same policy through the portal it's correctly populated
@ricmestre Got it, there was an Id
too much in the property name... Bit sad that Graph still accepts the request but creates a policy that's empty, without any message whatsoever. In my opinion that should throw in the backend, since the policy can't be mapped to a proper template, and not silently accept it.
Edit: Seems like that's an intended way... For example the Windows Firewall
profile for ConfigManager also has an empty template reference, but it will be fetched by technologies
and creationSource
. Please no more of this weird complex stuff, I soon can't take it anymore.
@fabientschanz I feel your pain, I've been having nightmares with these settings catalog policies for the past 2 years, every time I hear about them it gives me the heebie jeebies because after M365DSC deals with them I have to deal with another converter behind it I created to convert DSC to Markdown...
@FabienTschanz I feel your pain, I've been having nightmares with these settings catalog policies for the past 2 years, every time I hear about them it gives me the heebie jeebies because after M365DSC deals with them I have to deal with another converter behind it I created to convert DSC to Markdown...
I'd like to hear more about this converter from DSC to Markdown
I don't remember exactly right now the incantation but there's a cmdlet to export a config directly to Markdown, the issue is that it doesn't take care about nested CIM instances whereas mine does.
Short story, it's for a company so the code it's proprietary and I can't share it
Description of the issue
@FabienTschanz I did the tests on this one before they got merged but for some reason I can't get it working now, so I created one policy through the portal, exported it and then removed it through M365DSC without issues, but if I try to re-deploy it and test it afterwards it always says that it's not in desired state. After checking the portal again I don't see any AV exclusions in "Endpoint security | Antivirus" like it worked before but it's actually creating new Settings catalog policies in "Devices | Configuration" over and over again because the test returns false.
Microsoft 365 DSC Version
1.24.724.1
Which workloads are affected
Intune
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version