Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AADGroup - ENHANCEMENT - Enterprise App Service Principal Assignment to Group #4972

Closed
pangjaa opened this issue Aug 20, 2024 · 0 comments · Fixed by #5107 or #5132
Closed

AADGroup - ENHANCEMENT - Enterprise App Service Principal Assignment to Group #4972

pangjaa opened this issue Aug 20, 2024 · 0 comments · Fixed by #5107 or #5132
Labels
Enhancement New feature or request Entra ID

Comments

@pangjaa
Copy link

pangjaa commented Aug 20, 2024

Description of the issue

It is not currently possible to assign service principals to a group using AADGroup.

This is because MSFT_AADGroup.psm1 only supports retrieving users.

However, Groups supports assignment of Service Principals as members.

image

Additionally, New-MgGroup supports the assignment of service principals to groups.

Microsoft 365 DSC Version

v1.24.731.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

AADGroup 'SECURITY GROUP FOR CUSTOM ROLE' {
        DependsOn             = @(
            '[AADApplication]AADApplication-Microsoft365DSC'
            '[AADServicePrincipal]Enterprise APP Service Principal'
        )
        DisplayName           = 'SECURITY GROUP FOR CUSTOM ROLE' ###
        MailNickname          = 'SECURITY GROUP FOR CUSTOM ROLE' #
        Description           = 'SECURITY GROUP for assignment of custom role to service principal' 
        # Id = ''
        Owners                = @()
        Members               = @(
            'Entperise APP Service Principal'
        )
        # MemberOf = @()
        # GroupTypes            = @()
        # MembershipRule = ''
        # MembershipRuleProcessingState = ''
        SecurityEnabled       = $true 
        MailEnabled           = $false 
        IsAssignableToRole    = $true 
        AssignedToRole        = @(
            'A CUSTOM ROLE' 
        )
        Visibility            = 'Private' 
        # AssignedLicenses =
        Ensure                = 'Present'
        ApplicationId         = $ApplicationId
        TenantId              = $TenantId
        CertificateThumbprint = $Thumbprint
    }

Verbose logs showing the problem

N/A - not currently supported

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Name                           Value
----                           -----
PSVersion                      5.1.20348.2582
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.2582
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
@pangjaa pangjaa changed the title AADGroup - ENHANCEMENT - Enterprise App Service Principal Assignment to Gorup AADGroup - ENHANCEMENT - Enterprise App Service Principal Assignment to Group Aug 20, 2024
@andikrueger andikrueger added Enhancement New feature or request Entra ID labels Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement New feature or request Entra ID
Projects
None yet
2 participants