Error: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string..

[camei27]

Description of the issue

Hello,

I recently made changes to set some O365OrgSettings configs. The specific one I am having issue with setting is the M365WebEnableUsersToOpenFilesFrom3PStorage setting to $false. When this is deployed, I am seeing the following error:

Description": "Job {F686B07C-738C-11EE-BA36-0AF65DFD1103} : \r\nThis event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_O365OrgSettings DSC resource. FullyQualifiedErrorId is ParameterArgumentValidationErrorEmptyStringNotAllowed,Update-MgServicePrincipal. Error Message is Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string..",

 "EventId": 4252,
    "Description": "Job {F686B07C-738C-11EE-BA36-0AF65DFD1103} : \r\nMIResult: 1\r\nError Message: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.\r\nMessage ID: ParameterArgumentValidationErrorEmptyStringNotAllowed,Update-MgServicePrincipal\r\nError Category: 6\r\nError Code: 6\r\nError Type: MI",

[[O365OrgSettings]O365OrgSettings::[Office365]Office365_Configuration] Updating the Microsoft 365 On the Web setting to
 {False}
[23:23:39 ERR] Error while starting DSC configuration: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.
ERROR: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.

I looked into the code and it is failing here. It seems that we are passing in nothing to the ServicePrincipalId flag for Update-MgservicePrincipal. This flag is being set by $M365WebEnableUsersToOpenFilesFrom3PStorageValue, which is loaded in by Get-MgServicePrincipal.

I see Get-MgServicePrincipal is called 5 times in that file. For the other 4 occurrences, there are $null checks for result. However, for this call, there are no $null checks. Is this expected?

Also, I noticed that the CortanaEnabled configuration follows a similar pattern to the M365WebEnableUsersToOpenFilesFrom3PStorage configuration I am having issues with. However, the CortanaEnabled does have the $null check here. It also has another check here that the M365WebEnableUsersToOpenFilesFrom3PStorage does not have either. Do we need to add these checks to M365WebEnableUsersToOpenFilesFrom3PStorage code?

Please let me know if you need any other details from my side.

Microsoft 365 DSC Version

V1.23.1011.1

Which workloads are affected

Office 365 Admin

The DSC configuration

We are setting the following [O365OrgSettings](https://microsoft365dsc.com/resources/office365/O365OrgSettings/):


    O365OrgSettings 'O365OrgSettings' {
        IsSingleInstance                                = 'Yes';        
        AppsAndServicesIsAppAndServicesTrialEnabled     = $False;
        AppsAndServicesIsOfficeStoreEnabled             = $False;
        CortanaEnabled                                  = $False;
        M365WebEnableUsersToOpenFilesFrom3PStorage      = $False;
        VivaInsightsOutlookAddInAndInlineSuggestions    = $False;
        ToDoIsExternalShareEnabled                      = $False;
        ApplicationId                                   = $ApplicationId;
        TenantId                                        = $TenantId;
        CertificateThumbprint                           = $Thumbprint;
    }

### Verbose logs showing the problem

```powershell
Description": "Job {F686B07C-738C-11EE-BA36-0AF65DFD1103} : \r\nThis event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_O365OrgSettings DSC resource. FullyQualifiedErrorId is ParameterArgumentValidationErrorEmptyStringNotAllowed,Update-MgServicePrincipal. Error Message is Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string..",

 "EventId": 4252,
    "Description": "Job {F686B07C-738C-11EE-BA36-0AF65DFD1103} : \r\nMIResult: 1\r\nError Message: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.\r\nMessage ID: ParameterArgumentValidationErrorEmptyStringNotAllowed,Update-MgServicePrincipal\r\nError Category: 6\r\nError Code: 6\r\nError Type: MI",

[[O365OrgSettings]O365OrgSettings::[Office365]Office365_Configuration] Updating the Microsoft 365 On the Web setting to
 {False}
[23:23:39 ERR] Error while starting DSC configuration: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.
ERROR: Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.

### Environment Information + PowerShell Version

_No response_

[techthoughts2]

Environment information for this issue:

### Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Name                           Value
----                           -----
PSVersion                      5.1.20348.1850
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.1850
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

[NikCharlebois]

To begin the investigation, let's make sure that the service principal for Office on the Web is registered on your tenant. What is the outcome of running the following command against the tenant? You will need to connect to Graph first either using Connect-M365Tenant -Workload MicrosoftGraph or Connect-MgGraph.

$OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'
Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id'

[techthoughts2]

Connect-MgGraph -Scopes $RequiredScopes
Welcome To Microsoft Graph!
$OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'
Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id'

Returns null.

[NikCharlebois]

Thanks, we are investigating with the proper team internally to understand what could cause that service principal not to be registered on your tenant and will get back to you ASAP.

[NikCharlebois]

It appears that this service principal gets registered the first time someone change the setting via the UI. I am assuming you were running into the error because this setting was never modified previously. An option is to force register it by running:

New-MgServicePrincipal -AppId 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' -ErrorAction Stop

Which will then fix the issue within the DSC resource. On our end, we will add a check in the resource to check if the service principal is registered against the tenant or not, and if it isn't then we will use the code above to register it automatically. This will fix the issue for future tenants where it's not already registered as well.