microsoft · NikCharlebois · Oct 17, 2023 · Oct 6, 2023 · Oct 6, 2023 · Oct 9, 2023
@@ -9,6 +9,8 @@
   * Added support for retrieved groups as calendar delegates.
 * EXODistributionGroup
   * Fixes the export of group membership to use Identity.
+* IntuneDeviceConfigurationPolicyWindows10
+  * Support setting assignment groups by display name
 * TeamsUpdateManagementPolicy
   * Add support for the new acceptable value for UseNewTeamsClient (NewTeamsAsDefault).
 * MISC

@@ -1980,14 +1980,29 @@ function Get-TargetResource
         $assignmentResult = @()
         foreach ($assignmentEntry in $AssignmentsValues)
         {
+            $DataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
+            $GroupId = $assignmentEntry.Target.AdditionalProperties.groupId
+            $GroupDisplayName = $null
+
+            if ($DataType -eq "#microsoft.graph.groupAssignmentTarget" -or `
+                $DataType -eq "#microsoft.graph.exclusionGroupAssignmentTarget") {
+                $Group = Get-MgGroup -GroupId $GroupId -ErrorAction SilentlyContinue
+                if ($Group.Count -eq 1)
+                {
+                    $GroupDisplayName = $Group.DisplayName
+                    $GroupId = $null
+                }
+            }
+
             $assignmentValue = @{
-                dataType                                   = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
+                dataType                                   = $DataType
                 deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)
                     {
                         $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()
                     })
                 deviceAndAppManagementAssignmentFilterId   = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
-                groupId                                    = $assignmentEntry.Target.AdditionalProperties.groupId
+                groupId                                    = $GroupId
+                groupDisplayName                           = $GroupDisplayName
             }
             $assignmentResult += $assignmentValue
         }
@@ -3325,7 +3340,66 @@ function Set-TargetResource
         $assignmentsHash = @()
         foreach ($assignment in $Assignments)
         {
-            $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+            if ($Assignment.dataType -eq "#microsoft.graph.groupAssignmentTarget" -or `
+                $Assignment.dataType -eq "#microsoft.graph.exclusionGroupAssignmentTarget")
+            {
+                if (![string]::IsNullOrEmpty($Assignment.groupId))
+                {
+                    $Group = Get-MgGroup -GroupId $Assignment.groupId -ErrorAction SilentlyContinue
+                    $GroupId = $Assignment.groupId
+                }
+                else
+                {
+                    $Group = $null
+                    $GroupId = "null"
+                }
+
+                if ($Group.Count -eq 0)
+                {
+                    $Message = "Could not find assignment group with id {0}, trying with display name" -f $GroupId
+                    Write-Verbose -Message $Message
+
+                    if (![string]::IsNullOrEmpty($Assignment.groupDisplayName))
+                    {
+                        $Message = "Checking for the assignment group '{0}'" -f $Assignment.groupDisplayName
+                        Write-Verbose -Message $Message
+
+                        $Filter = "displayName eq '{0}'" -f $Assignment.groupDisplayName
+                        $Group = Get-MgGroup -Filter $Filter -ErrorAction SilentlyContinue
+                        if ($Group.Count -eq 1)
+                        {
+                            $Message = "Found assignment group '{0}' with id '{1}'" -f $Group.DisplayName, $Group.Id
+                            Write-Verbose -Message $Message
+
+                            $Assignment.groupId = $Group.Id
+                        }
+                        else
+                        {
+                            if ([string]::IsNullOrEmpty($Assignment.groupId))
+                            {
+                                $Message = "Could not find assignment group, skipping"
+                                continue
+                            }
+
+                            $Message = "Could not find assignment group '{0}', instead use group with id '{1}'" -f $Assignment.groupDisplayName, $Assignment.groupId
+                            Write-Verbose -Message $Message
+                        }
+                    }
+                    else
+                    {
+                        $Message = "Could not find assignment group, skipping"
+                        Write-Verbose -Message $Message
+                        continue
+                    }
+                }
+            }
+
+            $assignmentHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+            if (![string]::IsNullOrEmpty($Assignment.groupDisplayName))
+            {
+                $assignmentHash.Remove("groupDisplayName") | Out-Null
+            }
+            $assignmentsHash += $assignmentHash
         }
         Update-DeviceConfigurationPolicyAssignment `
             -DeviceConfigurationPolicyId $currentInstance.id `
@@ -4810,7 +4884,7 @@ function Export-TargetResource
             }
             if ($Results.Assignments)
             {
-                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName IntuneDeviceConfigurationPolicyWindows10Assignments
                 if ($complexTypeStringResult)
                 {
                     $Results.Assignments = $complexTypeStringResult

@@ -1,10 +1,11 @@
 [ClassVersion("1.0.0.0")]
-class MSFT_DeviceManagementConfigurationPolicyAssignments
+class MSFT_IntuneDeviceConfigurationPolicyWindows10Assignments
 {
     [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
     [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
     [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
     [Write, Description("The group Id that is the target of the assignment.")] String groupId;
+    [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
     [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
 };
 [ClassVersion("1.0.0")]
@@ -332,7 +333,7 @@ class MSFT_IntuneDeviceConfigurationPolicyWindows10 : OMI_BaseResource
     [Key, Description("Admin provided name of the device configuration.")] String DisplayName;
     [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags;
     [Write, Description("The unique identifier for an entity. Read-only.")] String Id;
-    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
+    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_IntuneDeviceConfigurationPolicyWindows10Assignments")] String Assignments[];
     [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

diff --git a/...DeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 b/...DeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1
@@ -25,7 +25,7 @@ Configuration Example
             AppsAllowTrustedAppsSideloading                      = "notConfigured";
             AppsBlockWindowsStoreOriginatedApps                  = $False;
             Assignments                                          = @(
-                MSFT_DeviceManagementConfigurationPolicyAssignments{
+                MSFT_IntuneDeviceConfigurationPolicyWindows10Assignments{
                     deviceAndAppManagementAssignmentFilterType = 'none'
                     dataType = '#microsoft.graph.allDevicesAssignmentTarget'
                 }