Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Very slow AAD Configuration Issues #2688

Closed
miket-c-137 opened this issue Dec 19, 2022 · 0 comments · Fixed by #2750 or #2765
Closed

Very slow AAD Configuration Issues #2688

miket-c-137 opened this issue Dec 19, 2022 · 0 comments · Fixed by #2750 or #2765

Comments

@miket-c-137
Copy link

miket-c-137 commented Dec 19, 2022
edited
Loading

Hey All,

I'm cloning a demo tenant of mine to another demo. There are a large amount of Condtional Access Rules. I've noticed the following pattern when running Start-DscConfiguration with the following parameters -Wait -Verbose -Force :

VERBOSE: [wks1]: [[AADConditionalAccessPolicy]15f12a29-1fb5-444e-9a30-61e34e8fc540] Target Values: ApplicationEnforcedRestrictionsIsEnabled=False; BuiltInControls=(); ClientAppTypes=(all); CloudAppSecurityIsEnabled=True; CloudAppSecurityType=monitorOnly; Credential=***; CustomAuthenticationFactors=(); DeviceFilterRule=; DisplayName=RULE11 (Browser Only) - Allow SPO From Browser Outside Network; Ensure=Present; ExcludeApplications=(); ExcludeDevices=(); ExcludeGroups=(); ExcludeLocations=(); ExcludePlatforms=(android,iOS,macOS,linux); ExcludeRoles=(); ExcludeUsers=(); Id=27eda006-4bf1-4fd4-9998-6368b7e87712; IncludeApplications=(None); IncludeDevices=(); IncludeGroups=(); IncludeLocations=(); IncludePlatforms=(all); IncludeRoles=(); IncludeUserActions=(); IncludeUsers=(All); PersistentBrowserIsEnabled=False; PersistentBrowserMode=; SignInFrequencyIsEnabled=False; SignInFrequencyType=; SignInRiskLevels=(); State=enabledForReportingButNotEnforced; UserRiskLevels=(); Verbose=True
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]15f12a29-1fb5-444e-9a30-61e34e8fc540] Test-TargetResource returned True
VERBOSE: [wks1]: LCM: [ End Test ] [[AADConditionalAccessPolicy]15f12a29-1fb5-444e-9a30-61e34e8fc540] in 43.3110 seconds.
VERBOSE: [wks1]: LCM: [ Skip Set ] [[AADConditionalAccessPolicy]15f12a29-1fb5-444e-9a30-61e34e8fc540]
VERBOSE: [wks1]: LCM: [ End Resource ] [[AADConditionalAccessPolicy]15f12a29-1fb5-444e-9a30-61e34e8fc540]
VERBOSE: [wks1]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a]
VERBOSE: [wks1]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a]
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Testing configuration of AzureAD CA Policies
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Getting configuration of AzureAD Conditional Access Policy
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.18.0\Microsoft.Graph.Identity.SignIns.psd1'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Removing the imported "Update-MgUserInformationProtectionThreatAssessmentRequestResult" function.

... It continues for all the functions and then reloads them...

VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Cannot verify the Microsoft .NET Framework version 4.7.2 because it is not included in the list of permitted versions.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Loading 'Assembly' from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.18.0\bin\Microsoft.Graph.Identity.SignIns.private.dll'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Loading 'Assembly' from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.18.0\bin\Microsoft.Graph.Identity.SignIns.private.dll'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Loading 'FormatsToProcess' from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.18.0\Microsoft.Graph.Identity.SignIns.format.ps1xml'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Populating RepositorySourceLocation property for module Microsoft.Graph.Identity.SignIns.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Identity.SignIns\1.18.0./Microsoft.Graph.Identity.SignIns.psm1'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Confirm-MgInformationProtectionSignature'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Confirm-MgRiskyServicePrincipalCompromised'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Confirm-MgRiskyUserCompromised'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Find-MgIdentityConditionalAccessAuthenticationStrengthPolicyByMethodMode'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Find-MgPolicyAuthenticationStrengthPolicyByMethodMode'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgDataPolicyOperation'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityApiConnector'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityAuthenticationEventListener'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityB2CUserFlow'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityB2CUserFlowIdentityProvider'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityB2CUserFlowIdentityProviderByRef'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityB2CUserFlowLanguage'.
VERBOSE: [wks1]: [[AADConditionalAccessPolicy]683d838e-0faa-4c75-9041-e667d6de605a] Importing function 'Get-MgIdentityB2CUserFlowLanguageDefaultPage'.
... It continues for all the functions...

Eventually, it will get to the next rule but with all the loading/reloading it takes quite some time. I have at least 14 client access rules, for example, I kicked off a configuration and noticed it was still running them when I came back four hours later. Again, I'm not sure if this behavior is expected or not. My guess is..I'm probably going about something wrong. Any help would be appreciated! Thanks! Also, I really do appreciate everyone working on M365DSC! It's awesome!
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jan 5, 2023
@NikCharlebois
FIXES microsoft#2688
a0191ba
@NikCharlebois NikCharlebois mentioned this issue Jan 5, 2023
Merged
NikCharlebois added a commit that referenced this issue Jan 5, 2023
@NikCharlebois
Merge pull request #2750 from NikCharlebois/FIX#2688
842599a 
FIXES #2688
@NikCharlebois NikCharlebois mentioned this issue Jan 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

FIXES #2688 NikCharlebois/Microsoft365DSC
Release 1.23.111.1 NikCharlebois/Microsoft365DSC
1 participant
@miket-c-137