Microsoft365DSC icon indicating copy to clipboard operation
Microsoft365DSC copied to clipboard
verified publisher icon microsoft

Intune: RoleScopeTagIds are set to "Default"

Open adrian-haeusser opened this issue 1 month ago • 0 comments

Description of the issue

Hello,

when setting the parameter "RoleScopeTagIds" to a specific, non-default value (e.g., ID = 1) for the following resources:

  • IntuneDeviceConfigurationTrustedCertificatePolicyWindows10
  • IntuneWindowsUpdateForBusinessHotpatchProfileWindows10
  • IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10
  • IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10

the parameter takes on the "Default" role scope tag (ID = 0) upon initial configuration (e.g., creating a new TrustedCertificatePolicy). Upon a second execution (existing resource), nothing occurs and the "Default" role scope tag remains.

Additionally, I tried manually setting the role scope tag to a different value (e.g., ID = 1) and changed the value to RoleScopeTagIds = @("0") in the DSC configuration. After another execution, nothing occurs and the role scope tag retains the manually set value (ID = 1).

Microsoft 365 DSC Version

V1.25.1112.1

Which workloads are affected

Intune

The DSC configuration

IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example'
        {
            DisplayName = "Test";
            RoleScopeTagIds = @("1");
            CertFileName = "RootCert.cer";
            DestinationStore = "computerCertStoreRoot";       
            TrustedRootCertificate = "";

            ApplicationID = "";
            TenantID = "";
            CertificateThumbprint = "";
        }

IntuneWindowsUpdateForBusinessHotpatchProfileWindows10 'Example'
        {
            DisplayName  = "HotpatchProfile";
            Description = "Test";
            HotpatchEnabled = $True;
            RoleScopeTagIds = @("1");
            Ensure = "Present";

            ApplicationId = "";
            TenantId = "";
            CertificateThumbprint = "";
        }

IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example'
        {
            DisplayName  = "Feature Update Profile";
            RoleScopeTagIds = @("1");

            ApplicationId = "";
            TenantId = "";
            CertificateThumbprint = "";
        }

IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example'
        {
            DisplayName  = "Ring Update Profile";
            RoleScopeTagIds = @("1");

            ApplicationId = "";
            TenantId = "";
            CertificateThumbprint = "";
        }

Verbose logs showing the problem

Environment Information + PowerShell Version

PSVersion: 5.1.17763.8024

adrian-haeusser avatar Dec 01 '25 14:12 adrian-haeusser