I just replicated this issue.

DeviceCompliancePolicyScript must be converted from String to CIM instance since it's an complex object, then Graph only returns the Id of the script so we must also add DisplayName and search for it if it can't be found by Id (cloning tenant scenario) and the rules content in base64 must be decoded to JSON.

The property DeviceCompliancePolicyScript has been added 3 years ago and no one ever complained about this not working which means no one is using compliance scripts so I don't consider this a breaking change, if I have time I'll look into it this week.

@FabienTschanz Seems I won't have time for this after all, I'll be busy creating tests for resources from AAD workload. Is this something you can look at? There's also the fact that the schedule actions for rule were never properly added, there's only a default one being added in order to be able to create the policy, probably it's easier to start fresh and generate the resource again through DRG since this is an oldie?

You can use the examples for the script and json rules from the site below [0] if you don't already have them.

[0] https://jannikreinhard.com/2023/02/26/how-to-use-custom-compliance-script-example-script/

@ricmestre I'll take a look at it.

@ricmestre I have a version that is a bit rough around the edges but seems to do the job of exporting. Test and Set are currently in implementation, but I think there are some changes necessary in ReverseDSC to make it work. Especially the RulesContent property that contains the json value of the rules we specify is giving me a headache because it's removing escaped quotes in a single string instance. What a pain 😓

I'll give an update once I'm done with it.

Hi @FabienTschanz,

Happy New Year!
Any luck with your checking?
Looking forward to hearing good news.

Thank you!

@CovidtheDog2024 Since there are changes required in ReverseDSC, I currently don't have any other option than wait for them to be discussed and implemented. Will continue the work once that's all settled.

Hi @FabienTschanz,

Thank you for the update, much appreciated!
Do you know the timeline?
I’m hoping that the required update will be released before the end of this month.

@CovidtheDog2024 I don't think we'll achieve that, but we'll keep trying. I'm currently waiting for @ykuijs to review my proposal, but it's still early after the holiday season and we have to carefully think how to handle that. Not sure if you noticed, but some things were changed and had to be rolled back just before Christmas. We want to avoid running into the same issue again.

Hi @FabienTschanz ,

Below is the sample setting for the Device Compliance Policy Script. My question is, why is this not seen in the exported configuration file? Is it masked or converted to an array? Sorry for the silly question.

Powershell script:

$TPM= Get-Tpm
$hash=@ {TPMChipPresent = $TPM.TPMPresent}
Return $harsh | ConvertTo-Json -Compress

Json File:
{
"Rules":[
{
"SettingName":"TPMChipPresent",
"Operator":"IsEquals",
"DataType":"Boolean",
"Operand":true,
"MoreInfoUrl":"http://xxxx.xx",
"RemediationStrings":[
{
"Language":"en_US",
"Title":"TPM Chip must be enabled",
"Description": "Make sure that TPM chip is enabled on this device."

   }
] 	

},
]
}

**Export configuration: **
Description =""
DeviceCompliancePolicyScript = System.Collections.Generic.Dictionary`2[System.String,System.Object];
DeviceThreatProtectionEnabled = $False;

@CovidtheDog2024 Short answer is that there is a missing type conversion for the DeviceCompliancePolicyScript property. We need to custom convert it and then make the export. Currently not possible since we're waiting for another change to happen. After that, we'll take a look at it.