Skip to content

IntuneEndpointDetectionAndResponsePolicyWindows10: Throws exception if blob is empty #5246

@ricmestre

Description

@ricmestre

Description of the issue

@FabienTschanz Your commit b48abe0 is now causing an exception if blob is empty, we have a policy in our tenant where the configuration type is not set and therefore the blob is empty as well, so if I try to export and then apply that to another tenant it causes the exception [0] to be thrown.

It's arguable if you should be allowed to have a policy without configuration type, the thing is that is still possible through Intune admin portal, but even if you don't agree that should be possible, see [1] where this is not mentioned anywhere so I kind of agree, BUT you must not throw an exception if you set the type to auto from connector which never has a blob assigned so the condition must be changed to factor this in.

Additionally you need to change $($DSCParams.ConfigurationType) in the exception line since $DSCParams is empty.

[0] https://github.com/microsoft/Microsoft365DSC/blame/76cbfa8d2be39fbe6cef5cd5e69f75d84b077a17/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1#L296
[1] https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy

Microsoft 365 DSC Version

1.24.1016.1

Which workloads are affected

Intune

The DSC configuration

    IntuneEndpointDetectionAndResponsePolicyWindows10 "IntuneEndpointDetectionAndResponsePolicyWindows10-IntuneEndpointDetectionAndResponsePolicyWindows10_1"
    {
        Assignments          = @();
        ConfigurationType    = "autofromconnector";
        Credential           = $Credscredential;
        Description          = "";
        DisplayName          = "IntuneEndpointDetectionAndResponsePolicyWindows10_1";
        Ensure               = "Present";
        Identity             = "83e155d5-f1f3-4ef9-9027-16cc24b22ae8";
        RoleScopeTagIds      = @("0");
        SampleSharing        = "1";
    }

Verbose logs showing the problem

PowerShell DSC resource MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10 failed to execute Set-TargetResource functionality with error message: ConfigurationBlob is required for configurationType ''

  • CategoryInfo : InvalidOperation: (:) [], CimException
  • FullyQualifiedErrorId : ProviderOperationExecutionFailure
  • PSComputerName : localhost

Environment Information + PowerShell Version

Win11/PS5.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions