search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.58k stars 496 forks source link

IntuneAppProtectionPolicyiOS not applying #5193

Open PavolVonSekule opened 5 days ago

PavolVonSekule commented 5 days ago

Description of the issue

Hi, we are having issues with res IntuneAppProtectionPolicyiOS, Start-DSC doesn't apply attributes, or if policy deleted, it's not getting created. Please advise, thanks.

Microsoft 365 DSC Version

1.24.1002.1

Which workloads are affected

Intune

The DSC configuration

instance of MSFT_IntuneAppProtectionPolicyiOS as $MSFT_IntuneAppProtectionPolicyiOS1ref { FilterOpenInToOnlyManagedApps = False; MinimumPinLength = 6; AllowedInboundDataTransferSources = "allApps"; AppActionIfIosDeviceModelNotAllowed = "block"; Description = "Policy direkt bei Intune angelegt wird NICHT von AirWatch aus gesteuert gueltig fuer iOS iPadOS Geraete"; Identity = "iOS App Protection Policy"; Assignments = { "492c910b-e4c0-476d-a863-1f7327b189ea" }; DisplayName = "iOS App Protection Policy"; DisableProtectionOfManagedOutboundOpenInData = False; TenantId = "bankenit00003681e11.onmicrosoft.com"; PinRequired = True; ManagedIdentity = False; AllowedOutboundDataTransferDestinations = "allApps"; MaximumPinRetries = 5; AppDataEncryptionType = "whenDeviceLocked"; DisableAppPinIfDevicePinIsSet = False; ProtectInboundDataFromUnknownSources = False; OrganizationalCredentialsRequired = False; ManagedBrowserToOpenLinksRequired = False; ExemptedAppProtocols = { "Default:skype", "app-settings:", "calshow:", "itms:", "itmss:", "itms-apps:", "itms-appss:", "itms-services:" }; PeriodOfflineBeforeWipeIsEnforced = "90.00:00:00"; Ensure = "Present"; AppActionIfDeviceComplianceRequired = "block"; SimplePinBlocked = True; ManagedBrowser = "notConfigured"; ExcludedGroups = { }; ResourceID = "[IntuneAppProtectionPolicyiOS]Container-105-15946db7-0c43-4db6-8f06-965968a0dfa7"; PinCharacterSet = "numeric"; AllowedOutboundClipboardSharingLevel = "allApps"; AllowedDataStorageLocations = { "localStorage", "oneDriveForBusiness", "sharePoint" }; ApplicationId = "ba427897-c07f-414c-8236-51dfd731b6ea"; PrintBlocked = False; PeriodBeforePinReset = "00:00:00"; AllowedOutboundClipboardSharingExceptionLength = 0; DeviceComplianceRequired = True; DataBackupBlocked = True; ContactSyncBlocked = False; CertificateThumbprint = "AAAA"; FaceIdBlocked = False; ModuleVersion = "1.24.1002.1"; SourceInfo = "::631::3::IntuneAppProtectionPolicyiOS"; NotificationRestriction = "allow"; AppActionIfMaximumPinRetriesExceeded = "block"; ModuleName = "Microsoft365DSC"; PeriodOfflineBeforeAccessCheck = "12:00:00"; SaveAsBlocked = True; PeriodOnlineBeforeAccessCheck = "00:05:00"; FingerprintBlocked = False;

ConfigurationName = "MainConfig";

};

Verbose logs showing the problem

[ModelValidationFailure] : Must specify valid information for parsing in the string.

Cannot bind argument to parameter 'IosManagedAppProtectionId' because it is an empty string.

Cannot bind argument to parameter 'IosManagedAppProtectionId' because it is an empty string.

VERBOSE: [MACHINE1]: LCM: [ End Set ] [[IntuneAppProtectionPolicyiOS]Container-105-15946db7-0c43-4db6-8f06-965968a0dfa7] in 1.0980 seconds. The PowerShell DSC resource '[IntuneAppProtectionPolicyiOS]Container-105-15946db7-0c43-4db6-8f06-965968a0dfa7' with SourceInfo '::631::3::IntuneAppProtectionPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

EventData JobId {F284EF29-8BBC-11EF-BA4A-001DD8C91D89} ComponentName LCM ErrorId 0x1 ErrorDetail The SendConfigurationApply function did not succeed. ResourceId [IntuneAppProtectionPolicyiOS]Container-105-15946db7-0c43-4db6-8f06-965968a0dfa7 SourceInfo ::631::3::IntuneAppProtectionPolicyiOS ErrorMessage The PowerShell DSC resource '[IntuneAppProtectionPolicyiOS]Container-105-15946db7-0c43-4db6-8f06-965968a0dfa7' with SourceInfo '::631::3::IntuneAppProtectionPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.

Environment Information + PowerShell Version

OsName : Microsoft Windows Server 2019 Standard OsOperatingSystemSKU : StandardServerEdition OsArchitecture : 64-bit WindowsVersion : 1809 WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434 OsLanguage : en-US OsMuiLanguages : {en-US, de-DE}

Key : PSVersion Value : 5.1.17763.6414 Name : PSVersion

Key : PSEdition Value : Desktop Name : PSEdition

Key : PSCompatibleVersions Value : {1.0, 2.0, 3.0, 4.0...} Name : PSCompatibleVersions

Key : BuildVersion Value : 10.0.17763.6414 Name : BuildVersion

Key : CLRVersion Value : 4.0.30319.42000 Name : CLRVersion

Key : WSManStackVersion Value : 3.0 Name : WSManStackVersion

Key : PSRemotingProtocolVersion Value : 2.3 Name : PSRemotingProtocolVersion

Key : SerializationVersion Value : 1.1.0.1 Name : SerializationVersion

FabienTschanz commented 4 days ago

How did you get the DSC configuration? That doesn't look right, there shouldn't be something like instance of ..., it should be IntuneAppProtectionPolicyiOS "<Name", followed by all the content. Please run an export of the configuration and check with the export.

PavolVonSekule commented 3 days ago

Hi Fabien, we are compiling custom configs/MOFs from our own database. I will get the PS1 config and get back to you

FabienTschanz commented 3 days ago

Ahh I see. Thank you, that would be great 👍