@@ -13,24 +13,52 @@ function Invoke-EditIntunePolicy {
1313
1414
1515 # Interact with query parameters or the body of the request.
16- $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter
17- $ID = $Request.Query.ID ?? $Request.Body.ID
18- $DisplayName = $Request.Query.newDisplayName ?? $Request.Body.newDisplayName
19- $PolicyType = $Request.Query.policyType ?? $Request.Body.policyType
16+ $TenantFilter = $Request.Body.tenantFilter
17+ $ID = $Request.Body.ID
18+ $DisplayName = $Request.Body.newDisplayName
19+ $PolicyType = $Request.Body.policyType
20+ $PlatformType = $Request.Body.platformType ?? ' deviceManagement'
21+
22+ # The description is optional and may be sent as an empty string to clear it,
23+ # so track whether the caller actually supplied the key.
24+ $DescriptionProvided = $Request.Body.PSObject.Properties.Name -contains ' description'
25+ $Description = $Request.Body.description
2026
2127 try {
28+ # App protection policy lists expose the singular @odata.type as the URLName, but a
29+ # Graph PATCH needs the plural collection segment. Normalize the known types here.
30+ $PolicyType = switch ($PolicyType ) {
31+ ' androidManagedAppProtection' { ' androidManagedAppProtections' }
32+ ' iosManagedAppProtection' { ' iosManagedAppProtections' }
33+ ' windowsManagedAppProtection' { ' windowsManagedAppProtections' }
34+ ' mdmWindowsInformationProtectionPolicy' { ' mdmWindowsInformationProtectionPolicies' }
35+ ' windowsInformationProtectionPolicy' { ' windowsInformationProtectionPolicies' }
36+ ' targetedManagedAppConfiguration' { ' targetedManagedAppConfigurations' }
37+ default { $PolicyType }
38+ }
39+
2240 $properties = @ {}
2341
24- # Only add displayName if it's provided
42+ # Settings catalog policies (configurationPolicies) store the name in the 'name'
43+ # property rather than 'displayName'.
44+ $NameProperty = if ($PolicyType -ieq ' configurationPolicies' ) { ' name' } else { ' displayName' }
45+
46+ # Only add the name if it's provided
2547 if ($DisplayName ) {
26- $properties [' displayName' ] = $DisplayName
48+ $properties [$NameProperty ] = $DisplayName
49+ }
50+
51+ # Only add description if the caller supplied it (empty string clears it)
52+ if ($DescriptionProvided ) {
53+ $properties [' description' ] = $Description
2754 }
2855
2956 # Update the policy
30- $Request = New-GraphPOSTRequest - uri " https://graph.microsoft.com/beta/deviceManagement /$PolicyType /$ID " - tenantid $TenantFilter - type PATCH - body ($properties | ConvertTo-Json ) - asapp $true
57+ $Request = New-GraphPOSTRequest - uri " https://graph.microsoft.com/beta/$PlatformType /$PolicyType /$ID " - tenantid $TenantFilter - type PATCH - body ($properties | ConvertTo-Json ) - asapp $true
3158
3259 $Result = " Successfully updated Intune policy $ ( $ID ) "
3360 if ($DisplayName ) { $Result += " name to '$ ( $DisplayName ) '" }
61+ if ($DescriptionProvided ) { $Result += ' and description' }
3462
3563 Write-LogMessage - headers $Headers - API $APIName - tenant $ ($TenantFilter ) - message $Result - Sev ' Info'
3664 $StatusCode = [HttpStatusCode ]::OK
0 commit comments