search

microsoftgraph / msgraph-sdk-powershell

Powershell SDK for Microsoft Graph
https://www.powershellgallery.com/packages/Microsoft.Graph
Other
702 stars 168 forks source link

Error on New-MgDeviceManagementDeviceEnrollmentConfiguration #1914

Closed LostLogic closed 1 year ago

LostLogic commented 1 year ago

I've been trying (and failing) to create a new Windows Hello for Business policy with the New-MgDeviceManagementDeviceEnrollmentConfiguration cmdlet.

Command 1:

$json = '{
        "@odata.type": "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
        "displayName": "Display Name value",
        "description": "Description value",
        "priority": 8,
        "version": 7,
        "pinMinimumLength": 0,
        "pinMaximumLength": 0,
        "pinUppercaseCharactersUsage": "required",
        "pinLowercaseCharactersUsage": "required",
        "pinSpecialCharactersUsage": "required",
        "state": "enabled",
        "securityDeviceRequired": true,
        "unlockWithBiometricsEnabled": true,
        "remotePassportEnabled": true,
        "pinPreviousBlockCount": 5,
        "pinExpirationInDays": 3,
        "enhancedBiometricsState": "enabled"
      }'

Command 2

New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $json

      $windowsHelloForBusiness = @{
        "@odata.type"= "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration"
        "pinMinimumLength" = 0
        "pinMaximumLength" = 0
        "pinUppercaseCharactersUsage" = "required"
        "pinLowercaseCharactersUsage" = "required"
        "pinSpecialCharactersUsage" = "required"
        "state" = "enabled"
        "securityDeviceRequired" = $true
        "unlockWithBiometricsEnabled" = $true
        "remotePassportEnabled" = $true
        "pinPreviousBlockCount" = 5
        "pinExpirationInDays" = 3
        "enhancedBiometricsState" = "enabled"
      }

New-MgDeviceManagementDeviceEnrollmentConfiguration -DisplayName "Display Name value" -Description "Description value" -Priority 8 -Version 7 -AdditionalProperties $windowsHelloForBusiness

Both commands return the same error:

New-MgDeviceManagementDeviceEnrollmentConfiguration_CreateExpanded: {
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 8bdd2bed-4e53-4725-9fb5-572f56631984 - Url: https://fef.msub06.manage.microsoft.com/StatelessOnboardingService/deviceManagement/deviceEnrollmentConfigurations?api-version=2022-12-05",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}

I'm authenticated with DeviceManagementServiceConfig.ReadWrite.All and DeviceManagementConfiguration.ReadWrite.All, so it shouldn't be a permission issue. I'm also able to return the already configured default Windows Hello for Business policy with Get-MgDeviceManagementDeviceEnrollmentConfiguration | Where-object -Property Description -like -Value "*Windows Hello*"

Am I doing something wrong, or have I hit a bug somewhere?

The licensing level of my tenant is E3.

Edit: Fix formatting in post due to hash sign referencing other issues which was not my intent

peombwa commented 1 year ago

Thanks for following up on this.

Running the command -Debug points to this being a service error. You've already consented to the required permissions and the command sending the correct request body as shown at Create deviceEnrollmentWindowsHelloForBusinessConfiguration. The same can also be reproduced in Graph Explorer.

Please open a ticket/question at https://developer.microsoft.com/en-us/graph/support as this is a service issue. Rember to include the requestId and date of the affected request in your ticket/question. See Microsoft Graph PowerShell module troubleshooting guide for details on how to retrieve the requestId and date.

Repro Steps:

$Body = @{
  "@odata.type" = "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration"
  "displayName" = "Display Name value"
  "description" = "Description value"
  "priority" = 8
  "version" = 7
  "pinMinimumLength" = 0
  "pinMaximumLength" = 0
  "pinUppercaseCharactersUsage" = "required"
  "pinLowercaseCharactersUsage" = "required"
  "pinSpecialCharactersUsage" = "required"
  "state" = "enabled"
  "securityDeviceRequired" = $true
  "unlockWithBiometricsEnabled" = $true
  "remotePassportEnabled" = $true
  "pinPreviousBlockCount" = 5
  "pinExpirationInDays" = 3
  "enhancedBiometricsState" = "enabled"
}

New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $Body -Debug

This repository is intended for issues related to the functionality of the module. We may not be the best place to answer some queries that are tied to the functionality of the API.

LostLogic commented 1 year ago

I'll follow up with MS Graph support directly and report back once they've come back to me. Thanks Peter

ghost commented 1 year ago

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.