Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot find O365AdminAuditLogConfig and O365OrgCustomizationSetting's compiled permissions #2517

Closed
batehurry opened this issue Nov 9, 2022 · 7 comments · Fixed by #2564 or #2584
Closed

Cannot find O365AdminAuditLogConfig and O365OrgCustomizationSetting's compiled permissions #2517

batehurry opened this issue Nov 9, 2022 · 7 comments · Fixed by #2564 or #2584
Assignees
@ykuijs
Labels
Bug Something isn't working Office 365 Admin

Comments

@batehurry
Copy link

Dear,

Details of the scenario you tried and the problem that is occurring

When I used cmdlet Export-M365DSCConfiguration to export the component O365AdminAuditLogConfig with CertificateThumbprint,
It shows error "Extracting [O365AdminAuditLogConfig] using {CertificateThumbprint}...UnAuthorized".

Then I tried to execute cmdlet "Get-M365DSCCompiledPermissionList -ResourceNameList @("O365AdminAuditLogConfig") -Source 'Graph' -PermissionsType 'Application'" to get the permission, it returned empty value of ReadPermissions and UpdatePermissions.

The scripts I used:

  1. Export-M365DSCConfiguration -Components @("O365AdminAuditLogConfig") -ApplicationId 'XXX' -TenantId 'XXX' -CertificateThumbprint 'XXX' -Path 'C:\Temp'

  2. Get-M365DSCCompiledPermissionList -ResourceNameList @("O365AdminAuditLogConfig") -Source 'Graph' -PermissionsType 'Application'

Also the component O365OrgCustomizationSetting configuration exporting has same issue.
Could you like to advise the permission list of O365OrgCustomizationSetting and O365AdminAuditLogConfig.
Thanks.
@batehurry batehurry changed the title Cannot find O365AdminAuditLogConfig's compiled permissions Cannot find O365AdminAuditLogConfig and O365OrgCustomizationSetting's compiled permissions Nov 9, 2022
@andikrueger andikrueger added Bug Something isn't working Office 365 Admin labels Nov 9, 2022
@mlhickey
Copy link
Contributor

mlhickey commented Nov 11, 2022
edited
Loading

@batehurry - The underlying cmdlets are EXO PowerShell cmdlets, not Graph. You'd need to follow the EXO permissions configuration in the user guide. If further scoping is required you can use the Get-ManagementRole cmdlet to determine the additional EXO permissions.

@batehurry
Copy link
Author

@mlhickey
Do you mean the cmdlets should be "Get-M365DSCCompiledPermissionList -ResourceNameList @('O365OrgCustomizationSetting') -Source 'Exchange'".
Thanks.

@mlhickey
Copy link
Contributor

@batehurry - I think that should be the path. I'll defer to the author of the resource as the associated settings.json files are not currently populated, hence no return when running Get-M365DSCCompiledPermissionList.

@batehurry
Copy link
Author

So, May I know which permissions do you prefer to set. Thanks.

@andikrueger
Copy link
Collaborator

@ykuijs Could you help with a settings.json file for this resource?

@NikCharlebois
Copy link
Collaborator

Here are the required roles:

O365AdminAuditLogConfig

        "exchange": {
            "requiredroles": [
                "Audit Logs"
            ],
            "requiredrolegroups": []
        }

O365OrgCustomizationSetting

        "exchange": {
            "requiredroles": [
                "Organization Configuration"
            ],
            "requiredrolegroups": []
        }

We will update the settings.json files for next release to reflect this.

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Nov 18, 2022
@NikCharlebois
Fixes microsoft#2517
c7dd755
@NikCharlebois NikCharlebois mentioned this issue Nov 18, 2022
Merged
@batehurry
Copy link
Author

Thanks

@NikCharlebois NikCharlebois mentioned this issue Nov 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ykuijs ykuijs

Labels
Bug Something isn't working Office 365 Admin
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #2523 NikCharlebois/Microsoft365DSC
Release 1.22.1123.1 NikCharlebois/Microsoft365DSC
5 participants
@NikCharlebois @batehurry @ykuijs @andikrueger @mlhickey