Microsoft Graph API, ModelValidationFailure while updating Intune profile

Question

Greeting! While updating a Windows device profile of the following type: Platform: Windows 10 and later Profile type: Device restrictions

I get a ModelValidationFailure. Which is often a catch-all error that can arise from several sources: the content of the request, the state of the object I am trying to update, or restrictions/requirements not met by my request. I have very little information on what's failing here.

The details are as follows: Obtained the token from https://login.microsoftonline.com/{Tenant-ID}/oauth2/v2.0/token

Decoded the token using jwt.ms, The aud and iss values in the token appear to be correct.

"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/{Tenant-ID}/",

Admin consented to the API permission for the App Registration > DeviceManagementConfiguration.ReadWrite.All (Application)

PATCH payload is -

{
    "uri": "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{profileId}",
    "method": "PATCH",
    "headers": {
        "Authorization": "*sanitized*",
        "Content-Type": "application/json"
    },
    "body": {
        "personalizationLockScreenImageUrl": "https://{storageAccountName}.blob.core.windows.net/lockedscreen/image.jpg"
    }
}

Output is - Status code 400

{
  "error": {
    "code": "ModelValidationFailure",
    "message": "Exception has been thrown by the target of an invocation.",
    "innerError": {
      "message": "Exception has been thrown by the target of an invocation.",
      "date": "2023-10-02T13:15:44",
      "request-id": "XXXXXXXXXXXXXXXXXXX",
      "client-request-id": "XXXXXXXXXXXXXXXXXXX"
    }
  }
}

I can confirm that the profile id is correct using Postman. I am working with a windows10GeneralConfiguration. And the the relevant attribute I want to modify is personalizationLockScreenImageUrl.

Postman GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{profileId}

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#deviceManagement/deviceConfigurations/$entity",
    "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
    "id": "XXXXXXXXXXXXXXXXXXX",
    "lastModifiedDateTime": "2023-10-02T12:45:36.6706764Z",
    "createdDateTime": "2022-12-06T07:22:58.8685029Z",
    "description": "Set a custom locked screen wallpaper",
    "displayName": "Locked screen wallpaper",
    "version": 22,
    "personalizationLockScreenImageUrl": "https://XYZ.blob.core.windows.net/lockedscreen/image.jpg"
 
}

Answer 1

I was missing the @odata.type property, it is used to specify the type of the entity when the context is ambiguous (more details here..). Adding @odata.type fixed the issue.

{
    "uri": "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{profileId}",
    "method": "PATCH",
    "headers": {
        "Authorization": "*sanitized*",
        "Content-Type": "application/json"
    },
    "body": {
        "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
        "personalizationLockScreenImageUrl": "https://xyz.blob.core.windows.net/lockedscreen/image.jpg"
    }
}