MSEndpointMgr/Intune

Get-IntuneManagedDeviceBitLockerKeyPresence.ps1 failing

Opened this issue · 2 comments

https://github.com/MSEndpointMgr/Intune/blob/master/Security/Get-IntuneManagedDeviceBitLockerKeyPresence.ps1

The GraphAPI has had a change so there are a couple of things I had to change to fix this. Should I submit my changes below:
Line 175 should be this: $TokenExpireMins = (([datetime]$Headers["ExpiresOn"]).ToUniversalTime() - $UTCDateTime).Minutes
It wasn't converting ExpiresOn to UTC time so any comparison that happened would end up in the past.

Line 335: $BitLockerRecoveryKeys = Invoke-MSGraphOperation -Get -APIVersion "Beta" -Resource "informationProtection/bitlocker/recoveryKeys?`$select=id,createdDateTime,deviceId" -Headers $AuthenticationHeader -Verbose:$VerbosePreference

used to have the -Resource start as just bitlocker/ needed to add in informationProtection/bitlocker

After changing those it works again.

Wish I'd checked the issues before I spent an hour trying to figure out why my token was expired! I resolved by changing line 315 to: "ExpiresOn" = $AccessToken.ExpiresOn.UtcDateTime

Line 335 seems to work as of this date, but now I'm curious to try your version

I cannot use this script, it returns errors on both getting the auth token, and retrieving data.
At first I get this error:
See https://aka.ms/msal-net-invalid-client for details. Original exception:
AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

When I modify the script to provide a client secret, I then get this error:

VERBOSE: GET
https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys?$select=id,createdDateTime,deviceId
VERBOSE: Existing token found but has expired, requesting a new token
WARNING: Unhandled error occurred in function. Error message: You cannot call a method on a null-valued expression.
VERBOSE: GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=operatingSystem eq
'Windows'&select=azureADDeviceId&$select=deviceName,id,azureADDeviceId
VERBOSE: Existing token found but has expired, requesting a new token
WARNING: Unhandled error occurred in function. Error message: You cannot call a method on a null-valued expression.