maester icon indicating copy to clipboard operation
maester copied to clipboard

Published 20 hours ago verified publisher icon maester365

Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 should not require $AllKnownPlatformsExcluded

Open jarboed opened this issue 9 months ago • 2 comments

Test-MtCaBlockUnknownOrUnsupportedDevicePlatform.ps1 goes to some trouble to test whether all known platforms are excluded from a policy. This, in addition to its test that the grant controls eq 'block' with included platforms eq 'All'

But considering a block policy including all platforms, and excluding only the Windows platform. The effect would be to block the unknown platforms plus most of the known ones (i.e. further limiting which platforms are allowed beyond the unknown). If the goal of this test is to ensure that unknown platforms are blocked by at least one CA policy, can't we just eliminate the $AllKnownPlatformsExcluded bit entirely?

jarboed avatar May 11 '24 01:05 jarboed

Yes, this does make sense. If there is a CA policy that blocks all platforms then we really don't need to be specific about which platforms are excluded since it will always be limited to the known platforms.

@f-bader do you agree?

merill avatar May 13 '24 07:05 merill

@jarboed Sounds correct, I will check why this is not yet the case, I thought I had something similar solved already :)

f-bader avatar May 13 '24 11:05 f-bader

Im d'accord with the logic you proposed and adjusted the function. Should be live in the next release

f-bader avatar May 18 '24 20:05 f-bader