You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The AADApplication resource fails to detect drift, incorrectly interpreting an empty Permissions array as "ignore existing permissions" rather than "remove all permissions."
Steps to reproduce:
Define an AADApplication resource
Set the Permissions property to an empty array @()
Apply the configuration to an existing application that has permissions
Run drift detection
Expected result:
Drift should be detected, indicating a difference between the empty Permissions array and the existing permissions.
Actual result:
No drift is detected, and the existing permissions on the application are ignored.
Impact:
This issue can lead to unintended permissions remaining on applications, creating potential security vulnerabilities and making it difficult to maintain.
Module version: 1.24.1204.1
Description:
The AADApplication resource fails to detect drift, incorrectly interpreting an empty Permissions array as "ignore existing permissions" rather than "remove all permissions."
Steps to reproduce:
@()
Expected result:
Drift should be detected, indicating a difference between the empty Permissions array and the existing permissions.
Actual result:
No drift is detected, and the existing permissions on the application are ignored.
Impact:
This issue can lead to unintended permissions remaining on applications, creating potential security vulnerabilities and making it difficult to maintain.
Sample configuration:
Test-DscConfiguration
output:The text was updated successfully, but these errors were encountered: