IntuneAppProtectionPolicyiOS Functions have hard coded Commercial Graph endpoints breaking Government

[mpoulson]

Description of the issue

IntuneAppProtectionPolicyiOS Functions call to Invoke-MgGraphRequest use a hard coded graph.microsoft.com endpoint which results in failure with EntraID Government tenants.

Correct call should use $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl for the graph hostname.

Get-IntuneAppProtectionPolicyiOSAssignment $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments"

Update-IntuneAppProtectionPolicyiOSAssignment $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign"

Update-IntuneAppProtectionPolicyiOSApp $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps"

FYI: All calls to graph.microsoft.com need to be replaced with a cloud specific endpoint and Devs need to stop hard coding graph.microsoft.com

Microsoft 365 DSC Version

1.24.1016.1

Which workloads are affected

Intune

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response