Application Registration #3403
Comments
|
The error message is kind of expected. This issue already raised in #3292. I would close this issue in favor of the other. |
|
Just to add something to resolve this issue at the moment: Please login into portal.azure.com and go to App Registrations, Permissions. PLease add an Application scoped permission for Organization.Read.All. After doing so, you need to grant admin consent within the enterprise application. |
|
|
|
Thanks. |
|
This must have been the missing part. |
|
But I have it. as I wrote, I had it, and still got the issue
|
|
Is the application registration in the same tenant, that you try to export? |
|
Indeed. |
|
I am not able to replicate in our environments. I created brand new App registrations and ensured only the same permissions as what you have in your above screenshot were granted. Are you getting an error when running: Connect-MgGraph -ClientID "e78b2368-edf4-44d7-84e0-af464d8180fe" -TenantId "MSFT.onmicrosoft.com" -CertificateThumbprint "6BDA00E3D87CEAAC7312E88F41DEED29FBA1AF4B"
Get-MgOrganization -ErrorAction 'Stop' |
|
I got the same error. I tried to create a new APP registration, gave it only user and org permissions, and tried authenticate with either secret or certificate, still same error. screenshots attached. I'm using this guide for generating the certificate
|
|
Would you mind giving this cmdlet a try: https://microsoft365dsc.com/user-guide/cmdlets/Update-M365DSCAzureAdApplication/ This should create a functioning app registration with the suitable permissions. |
|
We cannot replicate even using the same instructions you shared to create a self signed certificate. Can you please try on a different machine/environment to see if you are able to replicate? This looks like it is specific to your environment unfortunately. |
|
Hi, getting back to my old issue, would really appreciate some help here. so far so good.
for for Those are the App Permissions I gave the App Registration: Any explanation / step by step instructions of getting the export command to work with either Application based or Certificate based authentication is welcome |
I'm trying to run the Export-M365DSCConfiguration command using the application authentication.
I created an App Registration, gave it API Permissions of MicrosoftGraph for User, Group and Organization ReadWrite.All.
I also generated a secret and copied its value.
I tried to run
Export-M365DSCConfiguration -Components @("AADGroup") -ApplicationId "xxx" -ApplicationSecret "yyy" -TenantId "zzz.onmicrosoft.com"
and received
The relevant area in the code generates an error: Error retrieving Organizational information: Missing Organization.Read.All permission.
I also tried :
$ApplicationId = "xxx"
$SecuredPassword = "yyy"
$tenantID = "zzz"
$SecuredPasswordPassword = ConvertTo-SecureString -String $SecuredPassword -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPasswordPassword
Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential
and got:
Connect-MgGraph : A parameter cannot be found that matches parameter name 'ClientSecretCredential'. At line:1 char:37The text was updated successfully, but these errors were encountered: