microsoft
O365OrgSettings: Problematic settings
Description of the issue
I was testing this resource through my test harness pipeline and noticed it really didn't work so I tested it manually and found some problems.
I'm trying to change all settings of this resource, except PlannerAllowCalendarSharing see #4340, where I have one MOF with some settings and another MOF with completely different settings and there's 2 sets of properties there that never change on the first run of Start-DSCConfiguration only works on the second deployment, and once I've seen it even needing an extra run for good measure to make it work. I'm testing the values with Test-DSCConfiguration.
The affected properties are the ones mentioned at the bottom, all others seem to change just fine without issues needing only Start-DSCConfiguration to be set. I've made my tests manually but in a loop between those 2 MOFs without waiting much time, but I've also waited between runs like an hour and afterwards tested the configuration back to check if it actually made the change without needing another run but it didn't work, the only way to solve it was really just running the same deployment again.
What is actually going on here? I can always sprinkle some code to check if this resource and these specific properties are involved in a deployment to run it again but that would be like sticking a giant band-aid on the problem.
AppsAndServicesIsAppAndServicesTrialEnabled
AppsAndServicesIsOfficeStoreEnabled
VivaInsightsDigestEmail
VivaInsightsOutlookAddInAndInlineSuggestions
VivaInsightsScheduleSendSuggestions
VivaInsightsWebExperience
Microsoft 365 DSC Version
1.23.214.2
Which workloads are affected
other
The DSC configuration
O365OrgSettings "O365OrgSettings"
{
AdminCenterReportDisplayConcealedNames = $False;
ApplicationId = $O365ApplicationId;
AppsAndServicesIsAppAndServicesTrialEnabled = $False;
AppsAndServicesIsOfficeStoreEnabled = $False;
CertificateThumbprint = $O365CertThumbprint;
DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled = $False;
DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled = $True;
DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled = $True;
FormsIsBingImageSearchEnabled = $False;
FormsIsExternalSendFormEnabled = $False;
FormsIsExternalShareCollaborationEnabled = $False;
FormsIsExternalShareResultEnabled = $False;
FormsIsExternalShareTemplateEnabled = $False;
FormsIsInOrgFormsPhishingScanEnabled = $False;
FormsIsRecordIdentityByDefaultEnabled = $False;
InstallationOptionsAppsForMac = "isMicrosoft365AppsEnabled";
InstallationOptionsAppsForWindows = @("isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled");
InstallationOptionsUpdateChannel = "current";
IsSingleInstance = "Yes";
M365WebEnableUsersToOpenFilesFrom3PStorage = $False;
PlannerAllowCalendarSharing = $True;
TenantId = $OrganizationName;
ToDoIsExternalJoinEnabled = $False;
ToDoIsExternalShareEnabled = $True;
ToDoIsPushNotificationEnabled = $False;
VivaInsightsDigestEmail = $True;
VivaInsightsOutlookAddInAndInlineSuggestions = $False;
VivaInsightsScheduleSendSuggestions = $False;
VivaInsightsWebExperience = $False;
}
Verbose logs showing the problem
PSComputerName ResourcesInDesiredState ResourcesNotInDesiredState InDesiredState -------------- ----------------------- -------------------------- -------------- localhost {[O365OrgSettings]O365OrgSe... False
Environment Information + PowerShell Version
OsName : Microsoft Windows 11 Enterprise OsOperatingSystemSKU : EnterpriseEdition OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250 OsLanguage : en-US OsMuiLanguages : {en-US, en-GB}
Name Value ---- ----- PSVersion 5.1.22621.1778 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.22621.1778 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
@andikrueger @nikcharlebois This whole workload is starting to be a pain in the neck, and more specifically this resource. Now I have 3 tenants where the InstallationOptions properties mentioned below just vanished from the blueprints because all properties are added to the export conditionally. After running Invoke-GraphRequest manually I'm getting on all 3 tenants a 403 forbidden error message and I didn't change any permissions which for apps as per https://learn.microsoft.com/en-us/graph/api/m365appsinstallationoptions-update?view=graph-rest-beta&tabs=http is OrgSettings-Microsoft365Install.ReadWrite.All.
For this specific problem there is some problem going on the backend but it's definitely impacting all my tenants along with the initial issue I already described before.
InstallationOptionsAppsForMac
InstallationOptionsAppsForWindows
InstallationOptionsUpdateChannel
@ricmestre, Looks like this is the same issue as 4418, which was fixed in v1.24.313.1?? Is that correct? If so, this issue can be closed.
@ykuijs Hi, no, this is different, the settings for the properties I've mentioned only apply after they are deployed at least 2 times.