We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IntuneAppProtectionPolicyiOS is unable to enforce 'inclusion' and 'exclusion' groups. In some circumstances it will cause an error
To replicate the issue:
Expected: assignment is recreated Actual: assignment is not recreated, no error occurs. Test-DscConfiguration still shows 'true'
Code will completely fail if you do this:
Expected: assignment are recreated Actual: error message copied below (verbose logs section).
1.25.212.2
Intune
# Generated with Microsoft365DSC version 1.25.212.2 # For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC param ( ) Configuration M365TenantConfig { param ( ) $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.25.212.2' Node localhost { IntuneAppProtectionPolicyiOS "IntuneAppProtectionPolicyiOS-test-AppProtectionIOS" { AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera","photoLibrary"); AllowedDataStorageLocations = @(); AllowedInboundDataTransferSources = "allApps"; AllowedOutboundClipboardSharingExceptionLength = 0; AllowedOutboundClipboardSharingLevel = "managedAppsWithPasteIn"; AllowedOutboundDataTransferDestinations = "allApps"; AllowWidgetContentSync = $True; AppActionIfDeviceComplianceRequired = "block"; AppActionIfIosDeviceModelNotAllowed = "block"; AppActionIfMaximumPinRetriesExceeded = "block"; AppDataEncryptionType = "whenDeviceLocked"; AppGroupType = "allApps"; ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; Apps = @("--.liquidtext-pdf","ch.unique.moments","cloud.myq.roger","co.fellow.app","co.lumenati.cinebody","co.mural.ios","co.spaceconnect.app","co.switch.switch","com.365rm.365pay","com.achievers.native.achievers","com.adobe.adobe-reader","com.aegismobility.fleetsafer","com.akumina.exp","com.align.assetscanforintune","com.appian.tempo.intune","com.arlanto.atomedge","com.asana.asana","com.avalution.catalystportalmobile","com.bluejeansnet.blue-jeans","com.boardbooks.boardbooks","com.box.mdmios","com.branchfire.ia4c.office365","com.breezy.intune.ios","com.brother.nbs.buddyboard","com.buildingrobotics.comfy","com.cbrain.f2-manager.intune","com.cbrain.intune.f2touchapp","com.celltrust.securelinegen2.securelinegen2-intune","com.cerby.mobile","com.cisco.jabberimintune","com.cisco.squared.intune","com.civi.heydanforintune","com.condecosoftware.condeco","com.dealcloud.mobileapp","com.dooray.intune","com.egnyte.intune.egnyte","com.eprintitsaas.mobile","com.esri.indoors.intune","com.factset.mobile","com.freshworks.freshservice.intune","com.fuze.fuzeappmdm","com.getmeetio.meetio-enterprise","com.globalrelay.gr-app-im","com.goodnotesapp.x","com.groupkom.evalarm","com.hcss.mobile.appstore","com.hcss.plans","com.hibob.hibob","com.hp.mobileconnecter.intune","com.iaipl.dfintune","com.imanage.work3intune","com.inax.ixarma.2","com.inboxzero.zeropro","com.inboxzero.zeroprointune","com.incorta.mobile.bestbuy","com.indegene.omnipresenceprodapp","com.inkscreen.captor.intune","com.intapp.pma","com.isec7.med","com.isec7.med.intune","com.keepassium.intune","com.klaxoon.app.intune","com.kofax.power.pdf","com.leapxpert.leap.work.intune","com.lexisnexis.newsdesk","com.lrs.vpsxprint.intune","com.lumapps.intune","com.m-files.mfms.m-files","com.mackeyllc.mackeyrms","com.manageengine.apm.intune","com.mangospring.engage","com.mangospring.myportal","com.mazrica.senses","com.meetingdecisions.decisions","com.mentorcliq.app.ios","com.mfbtech.align.intune","com.microsoft.azure","com.microsoft.bing.halseyassistant","com.microsoft.copilot","com.microsoft.designer","com.microsoft.dynamics","com.microsoft.dynamics.invoice","com.microsoft.dynamics.iphone.moca","com.microsoft.dynamics.iphone.moca.fieldservices","com.microsoft.dynamics.iphone.moca.sales","com.microsoft.loop","com.microsoft.lync2013.iphone","com.microsoft.mobile.polymer","com.microsoft.msapps","com.microsoft.msedge","com.microsoft.o365shdmobileapp","com.microsoft.office.excel","com.microsoft.office.outlook","com.microsoft.office.powerpoint","com.microsoft.office.word","com.microsoft.officelens","com.microsoft.officemobile","com.microsoft.onenote","com.microsoft.plannermobile","com.microsoft.powerbimobile","com.microsoft.procsimo","com.microsoft.ramobile","com.microsoft.rdc.ios","com.microsoft.rms-sharing","com.microsoft.scmx","com.microsoft.sharepoint","com.microsoft.shiftr","com.microsoft.skydrive","com.microsoft.skype.teams","com.microsoft.splists","com.microsoft.to-do","com.microsoft.whiteboard","com.microsoft.workfolders","com.mobilehelix.link.intune","com.moveinsync.ets","com.moviuscorp.multilineintune","com.myitops.asiapp.msint","com.penlink.penpoint","com.pervasent.boardpapers","com.pervasent.boardpapers.intune","com.pervasent.teampapers.intune","com.pkware.smartcrypt.intune","com.printeron.print","com.printeron.printeron.microsoft","com.qlik.qliksense.mobile","com.recruitment.exchange","com.rework.app.enterprise","com.ricohspaces.app","com.ringcentral.intune","com.seismic.doccenterintune","com.servicenow.intune.fulfiller","com.servicenow.intune.requestor","com.shafersystems.notate.intune","com.sharefile.mobile.intune","com.singletrack.singletrack-mobile-for-intune","com.slack.slackintune","com.socialchorus.jfac.ios.appstore","com.stratospherix.enterpriseit","com.strsoftware.aventxmobile","com.synchrotab.intune","com.tableausoftware.tableau.intune","com.talent.exchange","com.varicent.varicent","com.vbrick.rev","com.veradocs.ios.appstore.intune","com.voltage.securemail","com.wonderush.gethownow","de.provectus.securecontacts22","dk.proactive.intraactiveapp","io.beakon","io.island.island","jp.co.cegb.archxtractforstore","jp.co.hitachi-solutions.hibun.hibundp","net.box.boxnet","nl.msi.ibabspro.it","no.bldngai.mybldng","nz.co.beweb.speakingemail","public.hearsaysocial.hearsay-messages-for-microsoft","se.evoko.naso.mobile","sg.com.trustedservices.bvassistant","sg.com.trustedsource.boardvision","uk.co.applymobile.idenprotect-for-intune","us.zoom.videomeetings4intune","wefwef","za.co.onlineintelligence.mobile.ciims"); Assignments = @("All Users","testInclude"); BlockDataIngestionIntoOrganizationDocuments = $False; CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; ContactSyncBlocked = $False; CustomBrowserProtocol = ""; CustomDialerAppProtocol = ""; DataBackupBlocked = $False; DeployedAppCount = 165; Description = ""; DeviceComplianceRequired = $True; DialerRestrictionLevel = "allApps"; DisableAppPinIfDevicePinIsSet = $False; DisableProtectionOfManagedOutboundOpenInData = $False; DisplayName = "test-AppProtectionIOS"; Ensure = "Present"; ExcludedGroups = @("testExclude"); ExemptedAppProtocols = @("Default:skype;app-settings;calshow;itms;itmss;itms-apps;itms-appss;itms-services;"); ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); FaceIdBlocked = $False; FilterOpenInToOnlyManagedApps = $False; FingerprintBlocked = $False; Identity = "T_1ccce8ef-2ac2-4ea4-ac1d-12e630ae70b1"; IsAssigned = $True; ManagedBrowser = "notConfigured"; ManagedBrowserToOpenLinksRequired = $False; ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*","http://*.powerapps.com/*","http://*.powerapps.us/*","http://*.powerbi.com/*","http://*.service-now.com/*","http://*.sharepoint-df.com/*","http://*.sharepoint.com/*","http://*.yammer.com/*","http://*.zoom.us/*","http://*collab.apps.mil/l/*","http://*devspaces.skype.com/l/*","http://*teams-fl.microsoft.com/l/*","http://*teams.live.com/l/*","http://*teams.microsoft.com/l/*","http://*teams.microsoft.us/l/*","http://app.powerbi.cn/*","http://app.powerbi.de/*","http://app.powerbigov.us/*","http://msit.microsoftstream.com/video/*","http://tasks.office.com/*","http://to-do.microsoft.com/sharing*","http://web.microsoftstream.com/video/*","http://zoom.us/*","https://*.appsplatform.us/*","https://*.onedrive.com/*","https://*.powerapps.cn/*","https://*.powerapps.com/*","https://*.powerapps.us/*","https://*.powerbi.com/*","https://*.service-now.com/*","https://*.sharepoint-df.com/*","https://*.sharepoint.com/*","https://*.yammer.com/*","https://*.zoom.us/*","https://*collab.apps.mil/l/*","https://*devspaces.skype.com/l/*","https://*teams-fl.microsoft.com/l/*","https://*teams.live.com/l/*","https://*teams.microsoft.com/l/*","https://*teams.microsoft.us/l/*","https://app.powerbi.cn/*","https://app.powerbi.de/*","https://app.powerbigov.us/*","https://msit.microsoftstream.com/video/*","https://tasks.office.com/*","https://to-do.microsoft.com/sharing*","https://web.microsoftstream.com/video/*","https://zoom.us/*"); MaximumAllowedDeviceThreatLevel = "notConfigured"; MaximumPinRetries = 5; MaximumRequiredOsVersion = ""; MaximumWarningOsVersion = ""; MaximumWipeOsVersion = ""; MessagingRedirectAppUrlScheme = ""; MinimumPinLength = 4; MinimumWarningSdkVersion = ""; MobileThreatDefenseRemediationAction = "block"; NotificationRestriction = "allow"; OrganizationalCredentialsRequired = $False; PeriodBeforePinReset = "00:00:00"; PeriodOfflineBeforeAccessCheck = "1.00:00:00"; PeriodOfflineBeforeWipeIsEnforced = "90.00:00:00"; PeriodOnlineBeforeAccessCheck = "00:30:00"; PinCharacterSet = "numeric"; PinRequired = $True; PinRequiredInsteadOfBiometricTimeout = "00:30:00"; PreviousPinBlockCount = 0; PrintBlocked = $False; ProtectedMessagingRedirectAppType = "anyApp"; ProtectInboundDataFromUnknownSources = $False; SaveAsBlocked = $False; SimplePinBlocked = $False; TargetedAppManagementLevels = @("unspecified"); TenantId = $OrganizationName; thirdPartyKeyboardsBlocked = $False; } } } M365TenantConfig -ConfigurationData .\ConfigurationData.psd1
[InternalServerError] : { "_version": 3, "Message": "An internal server error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: a1097029-6de1-4d27-ab8d-4cc907563a5f - Url: https://fef.msub06.manage.microsoft.com/MAMAdmin_2501/MAMAdminFEService/deviceAppManagement/iosManagedAppProtections('T_55fefa12-ff1a-4ad7-b668-900d1c4507c0')?api-version=5024-02-26", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}" } + CategoryInfo : InvalidOperation: ({ IosManagedApp...AppProtection }:) [], CimException + FullyQualifiedErrorId : InternalServerError,Microsoft.Graph.Beta.PowerShell.Cmdlets.UpdateMgBetaDeviceAppManagementiOSManagedAppProtection_Update + PSComputerName : localhost The PowerShell DSC resource '[IntuneAppProtectionPolicyiOS]IntuneAppProtectionPolicyiOS-Dynamics365-test-recreated' with SourceInfo 'C:\dsc-AssignmentsBug-IOS\M365TenantConfig.ps1::17::9::IntuneAppProtectionPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. + CategoryInfo : InvalidOperation: (:) [], CimException + FullyQualifiedErrorId : NonTerminatingErrorFromProvider + PSComputerName : localhost [InternalServerError] : { "_version": 3, "Message": "An internal server error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: fa963e2d-9725-4d55-ab02-6ffff4bfa9d8 - Url: https://fef.msub06.manage.microsoft.com/MAMAdmin_2501/MAMAdminFEService/deviceAppManagement/iosManagedAppProtections('T_c740fd41-98db-4e9c-b87f-43e93a77f3af')?api-version=5024-02-26", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}" } + CategoryInfo : InvalidOperation: ({ IosManagedApp...AppProtection }:) [], CimException + FullyQualifiedErrorId : InternalServerError,Microsoft.Graph.Beta.PowerShell.Cmdlets.UpdateMgBetaDeviceAppManagementiOSManagedAppProtection_Update + PSComputerName : localhost The PowerShell DSC resource '[IntuneAppProtectionPolicyiOS]IntuneAppProtectionPolicyiOS-Dynamics365-test' with SourceInfo 'C:\dsc-AssignmentsBug-IOS\M365TenantConfig.ps1::87::9::IntuneAppProtectionPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. + CategoryInfo : InvalidOperation: (:) [], CimException + FullyQualifiedErrorId : NonTerminatingErrorFromProvider + PSComputerName : localhost [InternalServerError] : { "_version": 3, "Message": "An internal server error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: eac9814c-3817-459a-a067-da791728548f - Url: https://fef.msub06.manage.microsoft.com/MAMAdmin_2501/MAMAdminFEService/deviceAppManagement/iosManagedAppProtections('T_1ccce8ef-2ac2-4ea4-ac1d-12e630ae70b1')?api-version=5024-02-26", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}" } + CategoryInfo : InvalidOperation: ({ IosManagedApp...AppProtection }:) [], CimException + FullyQualifiedErrorId : InternalServerError,Microsoft.Graph.Beta.PowerShell.Cmdlets.UpdateMgBetaDeviceAppManagementiOSManagedAppProtection_Update + PSComputerName : localhost The PowerShell DSC resource '[IntuneAppProtectionPolicyiOS]IntuneAppProtectionPolicyiOS-test-AppProtectionIOS' with SourceInfo 'C:\dsc-AssignmentsBug-IOS\M365TenantConfig.ps1::157::9::IntuneAppProtectionPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. + CategoryInfo : InvalidOperation: (:) [], CimException + FullyQualifiedErrorId : NonTerminatingErrorFromProvider + PSComputerName : localhost The SendConfigurationApply function did not succeed. + CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : MI RESULT 1 + PSComputerName : localhost
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description of the issue
IntuneAppProtectionPolicyiOS is unable to enforce 'inclusion' and 'exclusion' groups. In some circumstances it will cause an error
To replicate the issue:
Expected: assignment is recreated
Actual: assignment is not recreated, no error occurs. Test-DscConfiguration still shows 'true'
Code will completely fail if you do this:
Expected: assignment are recreated
Actual: error message copied below (verbose logs section).
Microsoft 365 DSC Version
1.25.212.2
Which workloads are affected
Intune
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version
The text was updated successfully, but these errors were encountered: