IntuneAppConfigurationPolicy doesn't actually handle Any app settings #5566
Comments
|
Working on this. |
|
PR in to mostly fix this Module will now detect drift when Apps are changed, and is able to correctly recreate the policy when deleted. There seems to be a problem with MgGraph that means for now, 'update' will not work. Added verbose message for now, left code that should do the 'update' commented out. Issue has been reported here: #5671 and here https://feedbackportal.microsoft.com/feedback/idea/c0940cc8-d7da-ef11-95f6-0022484d7a88 |
dannyKBjj
added a commit
to dannyKBjj/Microsoft365DSC
that referenced
this issue
Jan 26, 2025
Mostly fixes issue microsoft#5566 where the applications part of the policy was completely ignored. Module will now detect drift when Apps are changed, and is able to correctly recreate the policy when deleted. There seems to be a problem with MgGraph that means for now, 'update' will not work. Added verbose message for now, left code that should do the 'update' commented out. Issue has been reported here: microsoft#5671 and here https://feedbackportal.microsoft.com/feedback/idea/c0940cc8-d7da-ef11-95f6-0022484d7a88
dannyKBjj
added a commit
to dannyKBjj/Microsoft365DSC
that referenced
this issue
Jan 26, 2025
Have added a number of missing properties for the resource and added test/create support for 'Applications' Unfortunately unable to fix 'update' due to what looks like an MgGraph issue. Added a verbose message to the code to warn the user.. reported here: microsoft#5671 and here: https://feedbackportal.microsoft.com/feedback/idea/c0940cc8-d7da-ef11-95f6-0022484d7a88 Similarly the module cannot support the 'Application Catalogue Settings' either. I can find them in Graph explorer but the related cmdlet doesn't work and cannot retrieve using invoke-mgGraph either. Issue reported here https://feedbackportal.microsoft.com/feedback/idea/f77feb49-11dc-ef11-95f6-0022484d7a88 and here microsoft#5672
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the issue
Create an AppConfigurations>Managed Apps policy
In the 'basic' settings select a public app (I used Zoom, but any will do)
Skip Settings Catalogue
Configure Custom Settings .e.g:
mandatory:choice:EnforceLoginWithMicrosoft = 1
mandatory:choice:DisableLoginWithEmail = 1
Save the policy
Exporting using Export-M365DSCConfiguration -Components @("IntuneAppConfigurationPolicy")
Expected:
Applications are exported from the 'basics' settings
Actual:
Only the custom settings are exported. Not the application these settings apply to (so not a lot of good really).
I dove into this a bit deeper and it seems that the missing information cannot be pulled with the Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration used by the DSC Resource in question.
The actual applications can be retrieved with the Get-MgBetaDeviceAppManagementTargetedManagedAppConfigurationApp cmdlet. Had a look at fixing the module, and got as far as fixing Export- and Test- using this , however I cannot get Update-MgBetaDeviceAppManagementTargetedManagedAppConfigurationApp to work and the documentation is not helpful, so raising this an an issue.
Screenshot of policy attached. Yellow highlighted section not exporting:
Microsoft 365 DSC Version
1.24.1127.1
Which workloads are affected
Intune
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version
The text was updated successfully, but these errors were encountered: