Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADConditionalAccessPolicy: bad request on set-targetresource #4202

Open
mibarm opened this issue Jan 22, 2024 · 0 comments
Open

AADConditionalAccessPolicy: bad request on set-targetresource #4202

mibarm opened this issue Jan 22, 2024 · 0 comments

Comments

@mibarm
Copy link
Contributor

mibarm commented Jan 22, 2024

Description of the issue

Updating or creating a CA policy should work also by specificing not all the parameters.
E.g disabling an existing policy by just specifing displayname, state (and the other common params like tenantid,..) throws a bad request by the way the conditions are constructed in the code.

Updating with graph works with just providing the parameters that should change.
Link to update CA policy

For creating though, there are some minimum params required.
The minimum according to graph api docs is an appliction rule, an user rule and grant/session control --> link

Microsoft 365 DSC Version

1.23.1018.1

Which workloads are affected

Azure Active Directory

The DSC configuration

AADConditionalAccessPolicy "Microsoft-managed: Multifactor authentication for admins accessing Microsoft Admin Portals"
        {
            ApplicationId                            = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint                    = $ConfigurationData.NonNodeData.CertificateThumbprint;
            DisplayName                              = "Microsoft-managed: Multifactor authentication for admins accessing Microsoft Admin Portals";
            Ensure                                   = "Present";
            State                                    = "disabled";
            TenantId                                 = $OrganizationName;
        }

Verbose logs showing the problem

2024-01-22T07:52:54.7001730Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:54.7002413Z admins accessing Microsoft Admin Portals] Target Values: ApplicationId=***
2024-01-22T07:52:54.7002800Z 
2024-01-22T07:52:54.7003264Z CertificateThumbprint=***
2024-01-22T07:52:54.7003662Z 
2024-01-22T07:52:54.7004163Z DisplayName=Microsoft-managed: Multifactor authentication for admins accessing 
2024-01-22T07:52:54.7004705Z Microsoft Admin Portals
2024-01-22T07:52:54.7005057Z 
2024-01-22T07:52:54.7005527Z Ensure=Present
2024-01-22T07:52:54.7005902Z 
2024-01-22T07:52:54.7006351Z State=disabled
2024-01-22T07:52:54.7006946Z 
2024-01-22T07:52:54.7007421Z TenantId=***
2024-01-22T07:52:54.7007780Z 
2024-01-22T07:52:54.7008225Z Verbose=True
2024-01-22T07:52:54.7008728Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:54.7009326Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:54.7009909Z admins accessing Microsoft Admin Portals] Test-TargetResource returned False
2024-01-22T07:52:54.7015211Z VERBOSE: [D89316D39457]: LCM:  [ End    Test     ]  
2024-01-22T07:52:54.7015954Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:54.7017290Z admins accessing Microsoft Admin Portals]  in 21.3180 seconds.
2024-01-22T07:52:54.7023834Z VERBOSE: [D89316D39457]: LCM:  [ Start  Set      ]  
2024-01-22T07:52:54.7024483Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:54.7025814Z admins accessing Microsoft Admin Portals]
2024-01-22T07:52:55.4233150Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4237554Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4241552Z admins accessing Microsoft Admin Portals] Setting configuration of AzureAD 
2024-01-22T07:52:55.4245627Z Conditional Access Policy
2024-01-22T07:52:55.4371400Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4376093Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4380157Z admins accessing Microsoft Admin Portals] Set-Targetresource: Running 
2024-01-22T07:52:55.4387863Z Get-TargetResource
2024-01-22T07:52:55.4503449Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4504306Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4505240Z admins accessing Microsoft Admin Portals] Getting configuration of AzureAD 
2024-01-22T07:52:55.4506355Z Conditional Access Policy
2024-01-22T07:52:55.4514030Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4514722Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4516098Z admins accessing Microsoft Admin Portals] Id was NOT specified
2024-01-22T07:52:55.4522953Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4523795Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4524640Z admins accessing Microsoft Admin Portals] Get-TargetResource: Found existing 
2024-01-22T07:52:55.4525612Z Conditional Access policy
2024-01-22T07:52:55.4531519Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4532192Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4532924Z admins accessing Microsoft Admin Portals] Get-TargetResource: Process 
2024-01-22T07:52:55.4533822Z IncludeUsers
2024-01-22T07:52:55.4539445Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4540260Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4541084Z admins accessing Microsoft Admin Portals] Get-TargetResource: Process 
2024-01-22T07:52:55.4542033Z ExcludeUsers
2024-01-22T07:52:55.4547642Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4548326Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4549091Z admins accessing Microsoft Admin Portals] Get-TargetResource: Process 
2024-01-22T07:52:55.4550032Z IncludeGroups
2024-01-22T07:52:55.4555770Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4556615Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4557476Z admins accessing Microsoft Admin Portals] Get-TargetResource: Process 
2024-01-22T07:52:55.4558426Z ExcludeGroups
2024-01-22T07:52:55.4564596Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4565282Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4566047Z admins accessing Microsoft Admin Portals] Get-TargetResource: Role condition 
2024-01-22T07:52:55.4567022Z defined, processing
2024-01-22T07:52:55.4572707Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4573513Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4574556Z admins accessing Microsoft Admin Portals] Get-TargetResource: Processing 
2024-01-22T07:52:55.4575484Z IncludeRoles
2024-01-22T07:52:55.4581160Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4581824Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4582557Z admins accessing Microsoft Admin Portals] Get-TargetResource: Processing 
2024-01-22T07:52:55.4583507Z ExcludeRoles
2024-01-22T07:52:55.4589680Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4590486Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4591272Z admins accessing Microsoft Admin Portals] Get-TargetResource: Location 
2024-01-22T07:52:55.4592212Z condition defined, processing
2024-01-22T07:52:55.4597862Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4598564Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4599330Z admins accessing Microsoft Admin Portals] Get-TargetResource: Processing 
2024-01-22T07:52:55.4600280Z IncludeLocations
2024-01-22T07:52:55.4606421Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4607372Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4608199Z admins accessing Microsoft Admin Portals] Get-TargetResource: Processing 
2024-01-22T07:52:55.4609111Z ExcludeLocations
2024-01-22T07:52:55.4626692Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4627388Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4628153Z admins accessing Microsoft Admin Portals] Get-TargetResource Result: 
2024-01-22T07:52:55.4628760Z  ApplicationEnforcedRestrictionsIsEnabled=False
2024-01-22T07:52:55.4629257Z 
2024-01-22T07:52:55.4629683Z ApplicationId=***
2024-01-22T07:52:55.4630171Z 
2024-01-22T07:52:55.4630791Z ApplicationSecret=$null
2024-01-22T07:52:55.4631139Z 
2024-01-22T07:52:55.4631561Z AuthenticationStrength=$null
2024-01-22T07:52:55.4631869Z 
2024-01-22T07:52:55.4632275Z BuiltInControls=(mfa)
2024-01-22T07:52:55.4632592Z 
2024-01-22T07:52:55.4633011Z CertificateThumbprint=***
2024-01-22T07:52:55.4633304Z 
2024-01-22T07:52:55.4633701Z ClientAppTypes=(all)
2024-01-22T07:52:55.4634011Z 
2024-01-22T07:52:55.4634425Z CloudAppSecurityIsEnabled=False
2024-01-22T07:52:55.4634745Z 
2024-01-22T07:52:55.4635148Z CloudAppSecurityType=
2024-01-22T07:52:55.4635595Z 
2024-01-22T07:52:55.4636103Z Credential=$null
2024-01-22T07:52:55.4636411Z 
2024-01-22T07:52:55.4636857Z CustomAuthenticationFactors=()
2024-01-22T07:52:55.4637164Z 
2024-01-22T07:52:55.4637576Z DeviceFilterMode=
2024-01-22T07:52:55.4637870Z 
2024-01-22T07:52:55.4638310Z DeviceFilterRule=
2024-01-22T07:52:55.4638609Z 
2024-01-22T07:52:55.4639093Z DisplayName=Microsoft-managed: Multifactor authentication for admins accessing 
2024-01-22T07:52:55.4639689Z Microsoft Admin Portals
2024-01-22T07:52:55.4640041Z 
2024-01-22T07:52:55.4640466Z Ensure=Present
2024-01-22T07:52:55.4640768Z 
2024-01-22T07:52:55.4641204Z ExcludeApplications=()
2024-01-22T07:52:55.4641527Z 
2024-01-22T07:52:55.4642080Z ExcludeExternalTenantsMembers=()
2024-01-22T07:52:55.4642483Z 
2024-01-22T07:52:55.4643338Z ExcludeExternalTenantsMembershipKind=
2024-01-22T07:52:55.4643797Z 
2024-01-22T07:52:55.4644744Z ExcludeGroups=()
2024-01-22T07:52:55.4645172Z 
2024-01-22T07:52:55.4645791Z ExcludeGuestOrExternalUserTypes=$null
2024-01-22T07:52:55.4646202Z 
2024-01-22T07:52:55.4646737Z ExcludeLocations=()
2024-01-22T07:52:55.4647031Z 
2024-01-22T07:52:55.4647479Z ExcludePlatforms=()
2024-01-22T07:52:55.4647950Z 
2024-01-22T07:52:55.4648549Z ExcludeRoles=()
2024-01-22T07:52:55.4648879Z 
2024-01-22T07:52:55.4649313Z ExcludeUsers=()
2024-01-22T07:52:55.4649594Z 
2024-01-22T07:52:55.4650005Z GrantControlOperator=OR
2024-01-22T07:52:55.4650462Z 
2024-01-22T07:52:55.4650914Z Id=fdddac7f-02e3-42e6-b330-30ca14c40ea2
2024-01-22T07:52:55.4651233Z 
2024-01-22T07:52:55.4651651Z IncludeApplications=(None)
2024-01-22T07:52:55.4651964Z 
2024-01-22T07:52:55.4652391Z IncludeExternalTenantsMembers=()
2024-01-22T07:52:55.4652699Z 
2024-01-22T07:52:55.4653122Z IncludeExternalTenantsMembershipKind=
2024-01-22T07:52:55.4653600Z 
2024-01-22T07:52:55.4654090Z IncludeGroups=()
2024-01-22T07:52:55.4654378Z 
2024-01-22T07:52:55.4654807Z IncludeGuestOrExternalUserTypes=$null
2024-01-22T07:52:55.4655146Z 
2024-01-22T07:52:55.4655560Z IncludeLocations=()
2024-01-22T07:52:55.4655861Z 
2024-01-22T07:52:55.4656269Z IncludePlatforms=()
2024-01-22T07:52:55.4656588Z 
2024-01-22T07:52:55.4657056Z IncludeRoles=(Global Administrator,Security Administrator,SharePoint 
2024-01-22T07:52:55.4657615Z Administrator,Exchange Administrator,Conditional Access Administrator,Helpdesk 
2024-01-22T07:52:55.4658161Z Administrator,Billing Administrator,User Administrator,Authentication 
2024-01-22T07:52:55.4658705Z Administrator,Application Administrator,Cloud Application 
2024-01-22T07:52:55.4659238Z Administrator,Password Administrator,Privileged Authentication 
2024-01-22T07:52:55.4659742Z Administrator,Privileged Role Administrator)
2024-01-22T07:52:55.4660074Z 
2024-01-22T07:52:55.4660481Z IncludeUserActions=()
2024-01-22T07:52:55.4660776Z 
2024-01-22T07:52:55.4661215Z IncludeUsers=()
2024-01-22T07:52:55.4661515Z 
2024-01-22T07:52:55.4661937Z Managedidentity=False
2024-01-22T07:52:55.4662251Z 
2024-01-22T07:52:55.4662830Z PersistentBrowserIsEnabled=False
2024-01-22T07:52:55.4663143Z 
2024-01-22T07:52:55.4663563Z PersistentBrowserMode=
2024-01-22T07:52:55.4663869Z 
2024-01-22T07:52:55.4664292Z SignInFrequencyInterval=$null
2024-01-22T07:52:55.4664707Z 
2024-01-22T07:52:55.4665143Z SignInFrequencyIsEnabled=False
2024-01-22T07:52:55.4665470Z 
2024-01-22T07:52:55.4665887Z SignInFrequencyType=
2024-01-22T07:52:55.4666180Z 
2024-01-22T07:52:55.4666592Z SignInFrequencyValue=$null
2024-01-22T07:52:55.4666991Z 
2024-01-22T07:52:55.4667489Z SignInRiskLevels=()
2024-01-22T07:52:55.4668204Z 
2024-01-22T07:52:55.4668764Z State=enabledForReportingButNotEnforced
2024-01-22T07:52:55.4669586Z 
2024-01-22T07:52:55.4670119Z TenantId=***
2024-01-22T07:52:55.4670555Z 
2024-01-22T07:52:55.4671010Z TermsOfUse=$null
2024-01-22T07:52:55.4671438Z 
2024-01-22T07:52:55.4671921Z UserRiskLevels=()
2024-01-22T07:52:55.4672382Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4673051Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4673820Z admins accessing Microsoft Admin Portals] Set-Targetresource: Cleaning up 
2024-01-22T07:52:55.4674351Z parameters
2024-01-22T07:52:55.4674844Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4675381Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4675931Z admins accessing Microsoft Admin Portals] Set-Targetresource: Policy 
2024-01-22T07:52:55.4676448Z Microsoft-managed: Multifactor authentication for admins accessing Microsoft 
2024-01-22T07:52:55.4676903Z Admin Portals Ensure Present
2024-01-22T07:52:55.4681995Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4682657Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4683413Z admins accessing Microsoft Admin Portals] Set-Targetresource: create Conditions
2024-01-22T07:52:55.4684401Z  object
2024-01-22T07:52:55.4690745Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4691771Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4692570Z admins accessing Microsoft Admin Portals] Set-Targetresource: create 
2024-01-22T07:52:55.4693505Z Application Condition object
2024-01-22T07:52:55.4699359Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4700143Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4700865Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4701915Z includeusers
2024-01-22T07:52:55.4707829Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4708670Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4709468Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4710394Z excludeusers
2024-01-22T07:52:55.4716240Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4716905Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4717637Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4718548Z includegroups
2024-01-22T07:52:55.4724691Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4725548Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4726352Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4727245Z excludegroups
2024-01-22T07:52:55.4733128Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4733769Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4734499Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4735585Z includeroles
2024-01-22T07:52:55.4742413Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4743137Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4743878Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4744829Z excluderoles
2024-01-22T07:52:55.4750661Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4751315Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4752054Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4753382Z includeGuestsOrExternalUsers
2024-01-22T07:52:55.4759481Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4760149Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4760898Z admins accessing Microsoft Admin Portals] Set-Targetresource: process 
2024-01-22T07:52:55.4761834Z excludeGuestsOrExternalUsers
2024-01-22T07:52:55.4767994Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4768805Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4769770Z admins accessing Microsoft Admin Portals] Set-Targetresource: process platform 
2024-01-22T07:52:55.4770575Z condition
2024-01-22T07:52:55.4777134Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4777769Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4778472Z admins accessing Microsoft Admin Portals] Set-Targetresource: setting platform 
2024-01-22T07:52:55.4779366Z condition to null
2024-01-22T07:52:55.4785991Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4786823Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4787551Z admins accessing Microsoft Admin Portals] Set-Targetresource: process include 
2024-01-22T07:52:55.4788473Z and exclude locations
2024-01-22T07:52:55.4794528Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4795192Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4795909Z admins accessing Microsoft Admin Portals] Set-Targetresource: process device 
2024-01-22T07:52:55.4796944Z filter
2024-01-22T07:52:55.4803759Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4804575Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4805347Z admins accessing Microsoft Admin Portals] Set-Targetresource: process risk 
2024-01-22T07:52:55.4806273Z levels and app types
2024-01-22T07:52:55.4811801Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4812470Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4814105Z admins accessing Microsoft Admin Portals] Set-Targetresource: UserRiskLevels:
2024-01-22T07:52:55.4819714Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4820345Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4821598Z admins accessing Microsoft Admin Portals] Set-Targetresource: SignInRiskLevels:
2024-01-22T07:52:55.4827495Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.4827996Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.4829076Z admins accessing Microsoft Admin Portals] Set-Targetresource: ClientAppTypes:
2024-01-22T07:52:55.7501911Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.7502278Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.7502734Z admins accessing Microsoft Admin Portals] Set-Targetresource: Adding processed 
2024-01-22T07:52:55.7508084Z conditions
2024-01-22T07:52:55.7517360Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.7518355Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.7519236Z admins accessing Microsoft Admin Portals] Set-Targetresource: create and 
2024-01-22T07:52:55.7520548Z provision Grant Control object
2024-01-22T07:52:55.7527534Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.7528240Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.7529116Z admins accessing Microsoft Admin Portals] Set-Targetresource: process session 
2024-01-22T07:52:55.7530224Z controls
2024-01-22T07:52:55.7538949Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.7539677Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.7540512Z admins accessing Microsoft Admin Portals] Set-Targetresource: Change policy 
2024-01-22T07:52:55.7541246Z Microsoft-managed: Multifactor authentication for admins accessing Microsoft 
2024-01-22T07:52:55.7542243Z Admin Portals
2024-01-22T07:52:55.7552750Z VERBOSE: [D89316D39457]:                            
2024-01-22T07:52:55.7553243Z [[AADConditionalAccessPolicy]Microsoft-managed: Multifactor authentication for 
2024-01-22T07:52:55.7554109Z admins accessing Microsoft Admin Portals] Updating existing policy with values:
2024-01-22T07:52:55.7554758Z  ConditionalAccessPolicyId=fdddac7f-02e3-42e6-b330-30ca14c40ea2
2024-01-22T07:52:55.7555244Z 
2024-01-22T07:52:55.7555650Z Conditions={Applications={}
2024-01-22T07:52:55.7555902Z 
2024-01-22T07:52:55.7556219Z ClientAppTypes=$null
2024-01-22T07:52:55.7556437Z 
2024-01-22T07:52:55.7556750Z Platforms=$null
2024-01-22T07:52:55.7556973Z 
2024-01-22T07:52:55.7557281Z SignInRiskLevels=$null
2024-01-22T07:52:55.7557486Z 
2024-01-22T07:52:55.7557801Z UserRiskLevels=$null
2024-01-22T07:52:55.7558004Z 
2024-01-22T07:52:55.7558316Z Users={ExcludeGroups=()
2024-01-22T07:52:55.7558541Z 
2024-01-22T07:52:55.7558852Z ExcludeRoles=()
2024-01-22T07:52:55.7559188Z 
2024-01-22T07:52:55.7559537Z ExcludeUsers=()
2024-01-22T07:52:55.7559762Z 
2024-01-22T07:52:55.7560073Z IncludeGroups=()
2024-01-22T07:52:55.7560287Z 
2024-01-22T07:52:55.7560590Z IncludeRoles=()
2024-01-22T07:52:55.7560813Z 
2024-01-22T07:52:55.7561119Z IncludeUsers=()}}
2024-01-22T07:52:55.7561325Z 
2024-01-22T07:52:55.7561709Z DisplayName=Microsoft-managed: Multifactor authentication for admins accessing 
2024-01-22T07:52:55.7562312Z Microsoft Admin Portals
2024-01-22T07:52:55.7562540Z 
2024-01-22T07:52:55.7562860Z SessionControls=$null
2024-01-22T07:52:55.7563078Z 
2024-01-22T07:52:55.7563447Z State=disabled
2024-01-22T07:52:57.8472035Z ****** AADConditionalAccessPolicy
2024-01-22T07:52:57.9591516Z [BadRequest] : The server could not process the request because it is 
2024-01-22T07:52:57.9591895Z malformed or incorrect.
2024-01-22T07:52:57.9592193Z At C:\__w\1\s\GlobalConfigs\Scripts\M365\processConfigs.ps1:160 char:29
2024-01-22T07:52:57.9592498Z + ...             $applyjob = Start-DscConfiguration -Path $configPath -Com ...
2024-01-22T07:52:57.9598379Z +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-01-22T07:52:57.9599998Z     + CategoryInfo          : InvalidOperation: ({ ConditionalAc...lAccessPoli 
2024-01-22T07:52:57.9600686Z    cy }:) [], CimException
2024-01-22T07:52:57.9611023Z     + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.Beta.PowerShell.Cmdle 
2024-01-22T07:52:57.9614519Z    ts.UpdateMgBetaIdentityConditionalAccessPolicy_UpdateExpanded

Environment Information + PowerShell Version

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mibarm