msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard
verified publisher icon microsoftgraph

Error in assigning compliance policy to a device group - Set-MgBetaDeviceManagementDeviceCompliancePolicy

Open derhoeppi opened this issue 2 years ago • 1 comments

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

  • Make sure you can reproduce this issue using the latest released version of Microsoft.Graph or Microsoft.Graph.Beta.
  • Please search the existing issues to see if there has been a similar issue filed.
  • For issues related to authentication and service errors, please refer to our troubleshooting guide. For service issues, please open a question at https://developer.microsoft.com/graph/support.

Describe the bug I'm trying to assign a device compliance policy to a device group. Therefore i used the graph API explorer to get the correct command. Within the API explorer i could assign and unassign groups.

To Reproduce Steps to reproduce the behavior:

  1. Run the following command (insert your policy and group id)
Import-Module Microsoft.Graph.Beta.DeviceManagement.Actions
$params = @{
	assignments = @(
		@{
			target = @{
				"@odata.type" = "#microsoft.graph.groupAssignmentTarget"
				groupId = "EntraIDgroupID"
			}
		}
	)
}
$deviceCompliancePolicyId = "CompliancePolicyId"
Set-MgBetaDeviceManagementDeviceCompliancePolicy -DeviceCompliancePolicyId $deviceCompliancePolicyId -BodyParameter $params
  1. Commandlet is execuded -> Intune shows a correct assignment but powershell returns an error
Set-MgBetaDeviceManagementDeviceCompliancePolicy : Object reference not set to an instance of an object.
At line:1 char:1
+ Set-MgBetaDeviceManagementDeviceCompliancePolicy -DeviceCompliancePol ...
 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-MgBetaDevic...cePolicy_Assign], NullReferenceException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.SetMgBetaDeviceManagementDeviceCompliancePolicy_
   Assign`
  1. This error occures every time with different policy and group id's.

Expected behavior Executing this commandlet should not report an error / failure.

Debug Output

`Set-MgBetaDeviceManagementDeviceCompliancePolicy -DeviceCompliancePolicyId $Policy.Id -BodyParameter $params -Debug
DEBUG: [CmdletBeginProcessing]: - Set-MgBetaDeviceManagementDeviceCompliancePolicy begin processing with 'parameterSet
'Assign'.

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): A
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope:
'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [AdministrativeUnit.Read.All, Agreement.Read.All, Application.Read.All,
Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, ChannelSettings.Read.All, Device.Read.All,
Device.ReadWrite.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All,
DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All,
DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementRBAC.Read.All,
DeviceManagementRBAC.ReadWrite.All, DeviceManagementServiceConfig.Read.All, Directory.Read.All, Domain.Read.All,
EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All, Group.Read.All, Group.ReadWrite.All,
GroupMember.ReadWrite.All, openid, Organization.Read.All, Policy.Read.All, profile, RoleManagement.Read.Directory,
RoleManagement.ReadWrite.Directory, RoleManagementPolicy.Read.Directory, Tasks.Read, User.Read.All, User.ReadWrite.All,
 WindowsUpdates.ReadWrite.All, email].

Confirm
Are you sure you want to perform this action?
Performing the operation "Set-MgBetaDeviceManagementDeviceCompliancePolicy_Assign" on target "Call remote 'POST
/deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicy-id}/microsoft.graph.assign' operation".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/<CompliancePolicyId>/microso
ft.graph.assign

Headers:
FeatureFlag                   : 00000043
Cache-Control                 : no-store, no-cache
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22621;
de-DE),PowerShell/5.1.22621.2506
Accept-Encoding               : gzip
SdkVersion                    : graph-powershell-beta/2.12.0
client-request-id             : fcc725fb-0fd4-40b3-8e45-9f14a4dc5329

Body:
{
  "assignments": [
    {
      "target": {
        "@odata.type": "#microsoft.graph.groupAssignmentTarget",
        "groupId": "EntraIDgroupId"
      }
    }
  ]
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Strict-Transport-Security     : max-age=31536000
request-id                    : d3d3cdb1-15f7-45c2-b471-dc9a6ab13d60
client-request-id             : fcc725fb-0fd4-40b3-8e45-9f14a4dc5329
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Germany West
Central","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"FR3PEPF00000160"}}
Date                          : Wed, 21 Feb 2024 14:27:30 GMT

Body:


DEBUG: [CmdletException]: Received exception with message 'NullReferenceException - Object reference not set to an
instance of an object. :    at
Microsoft.Graph.Beta.PowerShell.Cmdlets.SetMgBetaDeviceManagementDeviceCompliancePolicy_Assign.<on2Xx>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Microsoft.Graph.Beta.PowerShell.DeviceManagementActions.<DeviceManagementDeviceCompliancePolicyAssign_Call>d__327.MoveN
ext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at
Microsoft.Graph.Beta.PowerShell.DeviceManagementActions.<DeviceManagementDeviceCompliancePolicyAssign_Call>d__327.MoveN
ext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Microsoft.Graph.Beta.PowerShell.DeviceManagementActions.<DeviceManagementDeviceCompliancePolicyAssign>d__325.MoveNext()

--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at
Microsoft.Graph.Beta.PowerShell.Cmdlets.SetMgBetaDeviceManagementDeviceCompliancePolicy_Assign.<ProcessRecordAsync>d__5
5.MoveNext()'

Confirm
Object reference not set to an instance of an object.
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): A
Set-MgBetaDeviceManagementDeviceCompliancePolicy : Object reference not set to an instance of an object.
At line:1 char:1
+ Set-MgBetaDeviceManagementDeviceCompliancePolicy -DeviceCompliancePol ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-MgBetaDevic...cePolicy_Assign], NullReferenceException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.SetMgBetaDeviceManagementDeviceCompliancePolicy_
   Assign

DEBUG: [CmdletEndProcessing]: - Set-MgBetaDeviceManagementDeviceCompliancePolicy end processing.`

Module Version Mirosoft.Graph and Micrososft.Graph.Beta is version 2.12.0

Environment Data

Name                           Value
----                           -----
PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

derhoeppi avatar Feb 21 '24 14:02 derhoeppi

Hi @derhoeppi thank you for identifying and logging this issue. When you tested the request using graph explorer, did you get any response object as documented in the API reference here? From your debug information, I'm only seeing the response http status code and a null body.

timayabi2020 avatar Mar 01 '24 06:03 timayabi2020

@timayabi2020 the only response from graph explorer is the return code 200 without a summary of the deviceCompliancePolicyAssignment

image

derhoeppi avatar Mar 05 '24 09:03 derhoeppi

@derhoeppi, the SDK is expecting a response body that should be deserialized into the output object specified here. image.

According to the API reference document here, it has been specified that the action returns a 200 OK response code and a deviceCompliancePolicyAssignment collection in the response body, which is missing from your response, hence the error thrown by the SDK. Therefore, I think this is an API issue and we may not be best placed to give an answer. Kindly raise an issue here https://developer.microsoft.com/en-us/graph/support so that the API owner can respond to it.

timayabi2020 avatar Mar 05 '24 09:03 timayabi2020

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

microsoft-github-policy-service[bot] avatar Mar 09 '24 10:03 microsoft-github-policy-service[bot]