supple imp
Does anyone have experience of trying to Microsoft 365 DSC to work through a proxy? I'm having a strange issue in my environment. I am going out through a proxy with the graph urls whitelisted. I can authenticate to MS graph using my SPN and use POST, GET methods etc. and cmdlets such as New-MgBetaDeviceManagementConfiguration to successfully create policies etc. but as soon as I start trying to push policies through DSC using Start-DscConfiguration it fails when trying to create the policy. Nothing useful in any of the logs, just non-terminating exception occurred (important bits below):
"call remote 'POST /deviceManagement/deviceCompliancePolicies' operation". An error occurred while sending the request.....The Powershell DSC resource....threw one or more non-terminating errors"
According to the logs it seems to be able to call Test- Get- successfully.
I've run Test-DscConfiguration and this runs without error... However, I created the policy in my .mof using the Graph API and then re-ran the test and it still returned "false".
To check it wasn't me being stupid, I repeated the test outside the environment and it returned "true" as I expected, so it isn't just me being stupid.
I am sure that if Test-DscConfiguration can't get out to internet then it'd fail (I've tested this on a vm and it does), so the fact it is returning a result suggests that DSC is using the proxy and connecting to graph (correct me I'm wrong)?
What I can't understand is what could be stopping it retrieving the information and why New-MgBetaDeviceManagementConfiguration (or any other DSC equivalent) would fail from DSC but not from Powershell window? It should be the same thing right?
Does anyone have any ideas?
I was wondering if Crowdstrike could be interfering, ASR interfering with CIM or something, but the Crowdstrike team say there's nothing in the logs to suggest such a thing...
vast atlas