July update 1 – Desired state configuration for the modern workplace

A week of Desired State Configuration (aka Configuration Drift) for Endpoint Manager

This week is all about Desired State Configuration or Configuration Drift as it is called at Wortell.
This week we start with the implementation of DSC for Endpoint Manager.

As I understand it from the management at Wortell, no other companies are working on Desired State Configuration for the modern workplace yet, so I am curious how the current sprint will go in the coming 2 weeks.


Today I start by adjusting the deployment scripts, generating content on which I can easily compare. It’s a bit of a slow process, but we’ll get there.

The deployment scripts were created before I came back to Wortell, so for now I’m mainly concerned with understanding the code from colleagues and of course I also learn from this.

I found out about $ProgressPreference today! I didn’t even know you could actually hide Write-Progress, but I’ll be honest, I’ve never needed it either. I saw it in a colleague’s code.


I had a strange problem today that I haven’t had before. I was connected to the Wi-Fi (and really connected to the outside), but I still couldn’t browse the internet.

I use Fiddler a lot and apparently Fiddler had changed my proxy settings? At least as I read it on the internet it was Fiddler.

This was my proxy settings:;https=

July update 1 -  Desired state configuration for the modern workplace
July update 1 – Desired state configuration for the modern workplace

I also found out that when you enable Fiddler this is set in your proxy settings. And if your device crashes and Fiddler has not yet been disabled, it will remain as a Proxy server.

When turning off Fiddler, the settings are removed again. Unfortunately I was not able to try whether enabling and disabling Fiddler also solved the problem after the crash of my device.


And poof, what a hassle it is to get a correct DSC for Endpoint manager aka Intune.

How do you deal with different types of policies, profiles, scripts, applications and more? How do you ensure that you can indicate per component whether you want an Alerting or an actual adjustment, but how do you ensure that the consultant only receives a report instead of the PowerShell console?

And so on, but until now we are going steady and something will certainly come out at the end of the sprint. Unfortunately a bit more boring for the reader, but it is what it is.


First of: New blog post!

I found a bug in Batch-Mga… apparently it does whatever you tell it to do, but it won’t return the response correctly… Have to figure that one out soon.

I figured out how to make a Desired State Configuration for Policy assignments. Well, actually more than that, we’ve got some sort of alerting tool for the following Microsoft Graph API Endpoint Manager (Intune):

  • deviceManagement/groupPolicyConfigurations
  • deviceManagement/intents
  • deviceAppManagement/mobileApps
  • deviceManagement/deviceManagementScripts
  • deviceManagement/deviceConfigurations
  • deviceManagement/deviceCompliancePolicies
  • deviceManagement/windowsAutopilotDeploymentProfiles


The last day of the week and the weather will be nice this weekend in the Netherlands. We will go barbecueing on the Kamado.

Finishing the last bits of the Alerting and ForceRedeploy pieces today an then next week continue with the actual adjustments or patces.

July update 1 -  Desired state configuration for the modern workplace
July update 1 – Desired state configuration for the modern workplace

it’s bad, but I found out that the Optimized.Mga module only worked in Powershell version 5…. By adding the right dlls it now works in both!

Summary of what I learned this week

I’ve learned quite a bit about debugging in Visual Studio Code. I can finally throw myself into development. I’ve been in positions for years where I mainly focused on PowerShell scripts for clients for functional needs, or bulk actions, but developing DSC for Intune is a different story.

Published by

Bas Wijdenes

My name is Bas Wijdenes and I work as a PowerShell DevOps Engineer. In my spare time I write about interesting stuff that I encounter during my work.

Leave a Reply

Your email address will not be published.