From 32e768e8fa9c92b0bca74e4aee30cc86e1ae4ead Mon Sep 17 00:00:00 2001
From: Fabien Tschanz <fabien.tschanz@mobi.ch>
Date: Thu, 2 May 2024 14:03:52 +0200
Subject: [PATCH] Fix policy creation when onboarding blob is specified and
 tenant is Defender for Endpoint enrolled

---
 CHANGELOG.md                                        |  3 +++
 ...efenderForEndpointOnboardingPolicyWindows10.psm1 | 13 +++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0724d80d0a..953f9a64a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@
 * SCAutoSensitivityLabelPolicy
   * Fix incorrect mandatory Credential parameter in Set and Test methods
     FIXES [#4283](https://github.com/microsoft/Microsoft365DSC/issues/4283)
+* IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10
+  * Fixed a creation and update issue when the exported policy contains a 
+    onboarding blob and the tenant is connected to Defender for Endpoint Service.
 * DEPENDENCIES
   * Updated Microsoft.Graph to version 2.18.0.
   * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1
index d0027aa267..16cb194ff9 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1
@@ -281,6 +281,13 @@ function Set-TargetResource
 
         $CreateParameters = ([Hashtable]$BoundParameters).clone()
         $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters
+
+        if ($AdvancedThreatProtectionAutoPopulateOnboardingBlob -and `
+            $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob)
+        {
+            $CreateParameters.Remove('AdvancedThreatProtectionOnboardingBlob') | Out-Null
+        }
+
         $CreateParameters.Remove('Id') | Out-Null
 
         $keys = (([Hashtable]$CreateParameters).clone()).Keys
@@ -316,6 +323,12 @@ function Set-TargetResource
         $UpdateParameters = ([Hashtable]$BoundParameters).clone()
         $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters
 
+        if ($AdvancedThreatProtectionAutoPopulateOnboardingBlob -and `
+            $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob)
+        {
+            $UpdateParameters.Remove('AdvancedThreatProtectionOnboardingBlob') | Out-Null
+        }
+
         $UpdateParameters.Remove('Id') | Out-Null
 
         $keys = (([Hashtable]$UpdateParameters).clone()).Keys