Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of DeviceCompliancePolicyScript property #5828

Merged
merged 6 commits into from
Feb 26, 2025
Merged

Fix handling of DeviceCompliancePolicyScript property #5828

merged 6 commits into from
Feb 26, 2025

Conversation

FabienTschanz
Copy link
Collaborator

Pull Request (PR) description

This PR fixes the handling of the DeviceCompliancePolicyScript property in the IntuneDeviceCompliancePolicyWindows10 resource. Previously, if this property was set, it would export a non-parseable string similar to System.Collections.Generic.Dictionary2[System.String,System.Object];`. This PR fixes this issue by exporting a CIM instance with the details of the property.

This Pull Request (PR) fixes the following issues

Task list

  • Added an entry to the change log under the Unreleased section of the file CHANGELOG.md.
    Entry should say what was changed and how that affects users (if applicable), and
    reference the issue being resolved (if applicable).
  • Resource parameter descriptions added/updated in the schema.mof.
  • Resource documentation added/updated in README.md.
  • Resource settings.json file contains all required permissions.
  • Examples appropriately added/updated.
  • Unit tests added/updated.
  • New/changed code adheres to DSC Community Style Guidelines.

@FabienTschanz FabienTschanz force-pushed the fix/device-compliance-policy branch from df1b065 to f7d125c Compare February 21, 2025 16:59
@NikCharlebois
Copy link
Collaborator

That would be considered a breaking change. What is the current behavior? Is this resource even working today?

@FabienTschanz
Copy link
Collaborator Author

@NikCharlebois Currently, if you were to export this resource, it would end up with a broken export like the following:

IntuneDeviceCompliancePolicyWindows10 "IntuneDeviceCompliancePolicyWindows10-IntuneDeviceCompliancePolicyWindows10_1"
        {
            ...
            Description                                 = "";
            DeviceCompliancePolicyScript                = System.Collections.Generic.Dictionary`2[System.String,System.Object];
            DeviceThreatProtectionEnabled               = $True;
            ...
        }

This obviously doesn't compile and never worked (probably since the beginning). Yet, nobody bothered with this property not working. With this PR, the export will look like the following:

IntuneDeviceCompliancePolicyWindows10 "IntuneDeviceCompliancePolicyWindows10-IntuneDeviceCompliancePolicyWindows10_1"
        {
            ...
            Description                                 = "";
            DeviceCompliancePolicyScript                = MSFT_MicrosoftGraphDeviceCompliancePolicyScript{
                RulesContent = "<JSON Content of the rules>"
                DisplayName = "IntuneDeviceComplianceScriptWindows10_1 (TODO)"
            };
            DeviceThreatProtectionEnabled               = $True;
            ...
        }

This corresponds to the following Custom compliance setting in the policy:
image

Yes, you are right, under normal circumstances, this would absolutely be a breaking change. But I don't think that's the case here since the export never was correct and even if anything was specified, it would never have worked with this property specified. So I think it's fair to assume we can change it without a breaking change release.

@NikCharlebois NikCharlebois merged commit 01eddc9 into microsoft:Dev Feb 26, 2025
3 checks passed
@FabienTschanz FabienTschanz deleted the fix/device-compliance-policy branch February 26, 2025 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NikCharlebois NikCharlebois NikCharlebois approved these changes

Assignees
No one assigned
Labels
Breaking Changes Intune
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BUG: IntuneDeviceCompliancePolicyWindows10: System.Collections.Generic.Dictionary
2 participants
@FabienTschanz @NikCharlebois