Missing data from Export

[ghost]

Hello
As an example im trying to export the Windows Compliance policy and apply to a new tenant from our Dev.
We are getting missing settings..

Here is the export
IntuneDeviceCompliancePolicyWindows10 4106a696
{
BitLockerEnabled = $False;
CodeIntegrityEnabled = $False;
Credential = $Credscredential;
DisplayName = "Compliance Policy for Windows 10 devices";
EarlyLaunchAntiMalwareDriverEnabled = $False;
Ensure = "Present";
OsMinimumVersion = "10.0.18363";
PasswordBlockSimple = $False;
PasswordRequired = $False;
PasswordRequiredToUnlockFromIdle = $False;
PasswordRequiredType = "deviceDefault";
RequireHealthyDeviceReport = $False;
SecureBootEnabled = $False;
StorageRequireEncryption = $True;
}

Compared to the actual settings..

Compliance settings

Device Properties
Minimum OS version 10.0.18363
System Security
Require encryption of data storage on device. Require
Firewall Require
Antivirus Require
Antispyware Require
Microsoft Defender Antimalware Require
Real-time protection Require

We are missing all the items for Firewall etc..

Any reason why this is happening?
When i do a blueprint and add these settings in they seem to be flagged!

[andikrueger]

Could you run the following lines of code to see, if there is an issue within the resource or the graph sdk:

$DisplayName = "Compliance Policy for Windows 10 devices"
$credential = Get-Credential
Connect-M365Tenant -Workload MicrosoftGraph `
        -Credential $Credential `
        -ProfileName "v1.0"
 $devicePolicy = Get-MGDeviceManagementDeviceCompliancePolicy `
            -ErrorAction Stop | Where-Object `
            -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and `
            $_.displayName -eq $($DisplayName) }

[System.Collections.Hashtable]@{
            DisplayName                                 = $devicePolicy.DisplayName
            Description                                 = $devicePolicy.Description
            PasswordRequired                            = $devicePolicy.AdditionalProperties.passwordRequired
            PasswordBlockSimple                         = $devicePolicy.AdditionalProperties.passwordBlockSimple
            PasswordRequiredToUnlockFromIdle            = $devicePolicy.AdditionalProperties.passwordRequiredToUnlockFromIdle
            PasswordMinutesOfInactivityBeforeLock       = $devicePolicy.AdditionalProperties.passwordMinutesOfInactivityBeforeLock
            PasswordExpirationDays                      = $devicePolicy.AdditionalProperties.passwordExpirationDays
            PasswordMinimumLength                       = $devicePolicy.AdditionalProperties.passwordMinimumLength
            PasswordMinimumCharacterSetCount            = $devicePolicy.AdditionalProperties.passwordMinimumCharacterSetCount
            PasswordRequiredType                        = $devicePolicy.AdditionalProperties.passwordRequiredType
            PasswordPreviousPasswordBlockCount          = $devicePolicy.AdditionalProperties.passwordPreviousPasswordBlockCount
            RequireHealthyDeviceReport                  = $devicePolicy.AdditionalProperties.requireHealthyDeviceReport
            OsMinimumVersion                            = $devicePolicy.AdditionalProperties.osMinimumVersion
            OsMaximumVersion                            = $devicePolicy.AdditionalProperties.osMaximumVersion
            MobileOsMinimumVersion                      = $devicePolicy.AdditionalProperties.mobileOsMinimumVersion
            MobileOsMaximumVersion                      = $devicePolicy.AdditionalProperties.mobileOsMaximumVersion
            EarlyLaunchAntiMalwareDriverEnabled         = $devicePolicy.AdditionalProperties.earlyLaunchAntiMalwareDriverEnabled
            BitLockerEnabled                            = $devicePolicy.AdditionalProperties.bitLockerEnabled
            SecureBootEnabled                           = $devicePolicy.AdditionalProperties.secureBootEnabled
            CodeIntegrityEnabled                        = $devicePolicy.AdditionalProperties.codeIntegrityEnabled
            StorageRequireEncryption                    = $devicePolicy.AdditionalProperties.storageRequireEncryption
            ActiveFirewallRequired                      = $devicePolicy.AdditionalProperties.activeFirewallRequired
            DefenderEnabled                             = $devicePolicy.AdditionalProperties.defenderEnabled
            DefenderVersion                             = $devicePolicy.AdditionalProperties.defenderVersion
            SignatureOutOfDate                          = $devicePolicy.AdditionalProperties.signatureOutOfDate
            RTPEnabled                                  = $devicePolicy.AdditionalProperties.rtpEnabled
            AntivirusRequired                           = $devicePolicy.AdditionalProperties.antivirusRequired
            AntiSpywareRequired                         = $devicePolicy.AdditionalProperties.antiSpywareRequired
            DeviceThreatProtectionEnabled               = $devicePolicy.AdditionalProperties.deviceThreatProtectionEnabled
            DeviceThreatProtectionRequiredSecurityLevel = $devicePolicy.AdditionalProperties.deviceThreatProtectionRequiredSecurityLevel
            ConfigurationManagerComplianceRequired      = $devicePolicy.AdditionalProperties.configurationManagerComplianceRequired
            TPMRequired                                 = $devicePolicy.AdditionalProperties.tPMRequired
            DeviceCompliancePolicyScript                = $devicePolicy.AdditionalProperties.deviceCompliancePolicyScript
            ValidOperatingSystemBuildRanges             = $devicePolicy.AdditionalProperties.validOperatingSystemBuildRanges
        }

[ghost]

Thanks for the help so far!
it does not extract that data it seems.. i have tested against a blueprint adding them in and it seems to check them then.
but export doesn't on the above script..

[ghost]

When i review the export manually i only see these settings output
im running
$dp = Get-MGDeviceManagementDeviceCompliancePolicy -DeviceCompliancePolicyId (id here)
then doing
$dp.AdditionalProperties
and you see the screenshot below!
Thats all its grabbing

[NikCharlebois]

Confirmed as a bug, the resource needs to be using the beta profile for it to capture the required properties. PR on its way.

[William-Francillette]

Confirmed as a bug, the resource needs to be using the beta profile for it to capture the required properties. PR on its way.

Hi @NikCharlebois

I was working on this issue as well and also added support for Assignments
Should I push the PR now or for the next release?

Thanks

[NikCharlebois]

Feel free to push it now if it is ready for review. Thanks

[William-Francillette]

Cool pushing the PR now