Merge pull request #5259 from ricmestre/fixderivedcred

IntuneDerivedCredential: Fix export and deployment
microsoft · Oct 23, 2024 · ea62f8e · ea62f8e
2 parents cbe5a16 + 228714e
commit ea62f8e
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,11 @@
   * Fixed missing permissions in settings.json
 * EXOMailboxAuditBypassAssociation
   * Initial release.
+* IntuneDerivedCredential
+  * Fixed export and deployment when `NotificationType` had more than one option
+    selected
+  * Fixed retrieval of resource when it cannot be found by `Id`
+  * Added a few verbose messages
 * Intune workload
   * Fixed missing permissions in settings.json
 * SentinelAlertRule

diff --git a/...crosoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/...crosoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1
@@ -23,7 +23,7 @@ function Get-TargetResource {
         $Issuer,
 
         [Parameter()]
-        [ValidateSet('none', 'email', 'companyPortal')]
+        [ValidateSet('none', 'email', 'companyPortal', 'companyPortal,email')]
         [System.String]
         $NotificationType = 'none',
 
@@ -96,17 +96,18 @@ function Get-TargetResource {
 
         if ($null -eq $instance)
         {
-          $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction Stop
+            $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction SilentlyContinue
 
-          if ($null -eq $instance)
-          {
-              Write-Verbose -Message "Could not find Derived Credential by Id {$Id}."
+            if ($null -eq $instance)
+            {
+                Write-Verbose -Message "Could not find Derived Credential by Id {$Id}."
+
+                if (-Not [string]::IsNullOrEmpty($DisplayName))
+                {
+                    $instance = Get-MgBetaDeviceManagementDerivedCredential `
+                        -Filter "DisplayName eq '$DisplayName'" `
+                        -ErrorAction SilentlyContinue
 
-              if (-Not [string]::IsNullOrEmpty($DisplayName))
-              {
-                  $instance = Get-MgBetaDeviceManagementDerivedCredential `
-                    -Filter "DisplayName eq '$DisplayName'" `
-                    -ErrorAction SilentlyContinue
                     if ($null -eq $instance)
                     {
                         Write-Verbose -Message "Could not find Derived Credential by DisplayName {$DisplayName}."
@@ -178,7 +179,7 @@ function Set-TargetResource {
         #endregion resource params
 
         [Parameter()]
-        [ValidateSet('none', 'email', 'companyPortal')]
+        [ValidateSet('none', 'email', 'companyPortal', 'companyPortal,email')]
         [System.String]
         $NotificationType = 'none',
 
@@ -231,18 +232,21 @@ function Set-TargetResource {
     $currentInstance = Get-TargetResource @PSBoundParameters
 
     $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters
-    $setParameters.remove('Id') | Out-Null
-    $setParameters.remove('Ensure') | Out-Null
+    $setParameters.Remove('Id') | Out-Null
 
     # CREATE
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
+        Write-Verbose -Message "Creating an Intune Derived Credential with DisplayName {$DisplayName}"
+
         New-MgBetaDeviceManagementDerivedCredential @SetParameters
     }
     # UPDATE is not supported API, it always creates a new Derived Credential instance
     # REMOVE
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
+        Write-Verbose -Message "Removing the Intune Derived Credential with DisplayName {$DisplayName}"
+
         Remove-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id -Confirm:$false
     }
 }
@@ -272,7 +276,7 @@ function Test-TargetResource {
         $Issuer,
 
         [Parameter()]
-        [ValidateSet('none', 'email', 'companyPortal')]
+        [ValidateSet('none', 'email', 'companyPortal', 'companyPortal,email')]
         [System.String]
         $NotificationType = 'none',
 
@@ -330,13 +334,26 @@ function Test-TargetResource {
     $CurrentValues = Get-TargetResource @PSBoundParameters
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone()
 
+    if ($CurrentValues.Ensure -ne $Ensure)
+    {
+        Write-Verbose -Message "Test-TargetResource returned $false"
+        return $false
+    }
+    $testResult = $true
+
+    $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck
+    $ValuesToCheck.Remove('Id') | Out-Null
+
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
 
-    $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
-        -Source $($MyInvocation.MyCommand.Source) `
-        -DesiredValues $PSBoundParameters `
-        -ValuesToCheck $ValuesToCheck.Keys
+    if ($testResult)
+    {
+        $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck $ValuesToCheck.Keys
+    }
 
     Write-Verbose -Message "Test-TargetResource returned $testResult"
 
@@ -368,7 +385,7 @@ function Export-TargetResource {
         $Issuer,
 
         [Parameter()]
-        [ValidateSet('none', 'email', 'companyPortal')]
+        [ValidateSet('none', 'email', 'companyPortal', 'companyPortal,email')]
         [System.String]
         $NotificationType = 'none',
 

diff --git a/...t365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof b/...t365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof
@@ -12,8 +12,8 @@ class MSFT_IntuneDerivedCredential : OMI_BaseResource
         String Issuer;
 
     [Write, Description("Supported values for the notification type to use."),
-        ValueMap{"none", "email", "companyPortal"},
-        Values{"none", "email", "companyPortal"}]
+        ValueMap{"none", "email", "companyPortal", "companyPortal,email"},
+        Values{"none", "email", "companyPortal", "companyPortal,email"}]
         String NotificationType;
 
     [Write, Description("Supported values for the notification type to use."),