AADConditionalAccessPolicy failt if ExternalGuest/User is lempty

[sandrola]

Details of the scenario you tried and the problem that is occurring

If the attributes "IncludeGuestOrExternalUserTypes" or "ExcludeGuestOrExternalUserTypes" are empty (e.g. = "") an empty Odata.Type is added to the parameters. The command fail consequently.

Verbose logs showing the problem

Invalid OData type specified: ""
+ CategoryInfo : InvalidOperation: ({ ConditionalAc...AccessPolicy1 }:) [], CimException
+ FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgIdentityConditionalAccessPolicy_UpdateExpanded
+ PSComputerName : localhost

Suggested solution to the issue

Add a condition
if($IncludeGuestOrExternalUserTypes){
and
f($ExcludeGuestOrExternalUserTypes){
and remove
else
{
$externalTenants.Add('@odata.type', '')
}
from the code.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# insert configuration here
AADConditionalAccessPolicy test
        {
            ApplicationEnforcedRestrictionsIsEnabled = $False;
            BuiltInControls                          = @("block");
            ClientAppTypes                           = @("all");
            CloudAppSecurityIsEnabled                = $False;
            CloudAppSecurityType                     = "";
            CustomAuthenticationFactors              = @();
            DeviceFilterMode                         = "exclude";
            DeviceFilterRule                         = "device.trustType -eq `"ServerAD`"";
            DisplayName                              = "My test Policy";
            Ensure                                   = "Present";
            ExcludeApplications                      = @();
            ExcludeExternalTenantsMembers            = @();
            ExcludeExternalTenantsMembershipKind     = "";
            ExcludeGroups                            = @();
            ExcludeLocations                         = @("test");
            ExcludePlatforms                         = @();
            ExcludeRoles                             = @();
            ExcludeUsers                             = @("[email protected]");
            GrantControlOperator                     = "OR";
            Id                                       = "9932ac93-7671-46d3-8714-7e95624af6fe";
            IncludeApplications                      = @("079e1f00-7eae-475d-90db-977deb9edb40");
            IncludeExternalTenantsMembers            = @();
            IncludeExternalTenantsMembershipKind     = "";
            IncludeGroups                            = @();
            IncludeLocations                         = @("All");
            IncludePlatforms                         = @("windows");
            IncludeRoles                             = @();
            IncludeUserActions                       = @();
            IncludeUsers                             = @("All");
            PersistentBrowserIsEnabled               = $False;
            PersistentBrowserMode                    = "";
            SignInFrequencyIsEnabled                 = $False;
            SignInFrequencyType                      = "";
            SignInRiskLevels                         = @();
            State                                    = "enabledForReportingButNotEnforced";
            UserRiskLevels                           = @();
        }

#### The operating system the target node is running
OsName               : Microsoft Windows 10 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

#### Version of the DSC module that was used ('dev' if using current dev branch)
1.23.322.1