Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ResourceName AADConditionalAccessPolicy: Conditional Access configuration cannot be deployed #3114

Closed
AllertLageweg opened this issue Apr 1, 2023 · 2 comments
Closed

ResourceName AADConditionalAccessPolicy: Conditional Access configuration cannot be deployed #3114

AllertLageweg opened this issue Apr 1, 2023 · 2 comments
Labels
Bug Something isn't working Entra ID

Comments

@AllertLageweg
Copy link

Details of the scenario you tried and the problem that is occurring

When pushing an CA rule configiration to Azure AD I receive an error that invalid odata type is specified:

Verbose logs showing the problem

2023-04-01T07:56:00.9816471Z Invalid OData type specified: ""
2023-04-01T07:56:00.9880085Z + CategoryInfo : InvalidOperation: ({ ConditionalAc...AccessPolicy1 }:) [], CimException
2023-04-01T07:56:00.9884218Z + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgIdentityConditionalAccessPolicy_Up
2023-04-01T07:56:00.9885067Z dateExpanded
2023-04-01T07:56:00.9885790Z + PSComputerName : localhost

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

$OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC'

    Node localhost
    {
        AADConditionalAccessPolicy 53a2360e-7061-4691-a187-71e3b362e575
        {
            ApplicationEnforcedRestrictionsIsEnabled = $False;
            ApplicationId                            = $ConfigurationData.NonNodeData.ApplicationId;
            BuiltInControls                          = @("mfa");
            CertificateThumbprint                    = $ConfigurationData.NonNodeData.CertificateThumbprint;
            ClientAppTypes                           = @("all");
            CloudAppSecurityIsEnabled                = $False;
            CloudAppSecurityType                     = "";
            CustomAuthenticationFactors              = @();
            DeviceFilterRule                         = "";
            DisplayName                              = "Force XXXXXXXX";
            Ensure                                   = "Present";
            ExcludeApplications                      = @();
            ExcludeDevices                           = @();
            ExcludeExternalTenantsMembers            = @();
            ExcludeExternalTenantsMembershipKind     = "";
            ExcludeGroups                            = @();
            ExcludeLocations                         = @("Whitelist local XXXXXX","Whitelist local office IP XXXXX");
            ExcludePlatforms                         = @();
            ExcludeRoles                             = @();
            ExcludeUsers                             = @("[email protected]","bbbbb@$OrganizationName","[email protected]");
            GrantControlOperator                     = "OR";
            Id                                       = "XXXXX-XXXX-XXXX-XXXX-XXXXXX";
            IncludeApplications                      = @("00000002-0000-0ff1-ce00-000000000000");
            IncludeGuestOrExternalUserTypes          = @('b2bCollaborationGuest')
            ExcludeGuestOrExternalUserTypes          = @('internalGuest', 'b2bCollaborationMember')
            IncludeDevices                           = @();
            IncludeExternalTenantsMembers            = @();
            IncludeExternalTenantsMembershipKind     = "";
            IncludeGroups                            = @();
            IncludeLocations                         = @("All");
            IncludePlatforms                         = @();
            IncludeRoles                             = @();
            IncludeUserActions                       = @();
            IncludeUsers                             = @("All");
            PersistentBrowserIsEnabled               = $False;
            PersistentBrowserMode                    = "";
            SignInFrequencyIsEnabled                 = $True;
            SignInFrequencyType                      = "days";
            SignInFrequencyValue                     = 90;
            SignInRiskLevels                         = @();
            State                                    = "disabled";
            TenantId                                 = $ConfigurationData.NonNodeData.TenantId;
            UserRiskLevels                           = @();
        }
    }
}

The operating system the target node is running

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.322.1
@andikrueger andikrueger added Bug Something isn't working Entra ID labels Apr 3, 2023
@ykuijs
Copy link
Member

ykuijs commented Apr 12, 2023

Hi @AllertLageweg, to determine where this is going wrong: Can you please share a little more of the verbose logging messages, so we can see where in the code this error is thrown?

@AllertLageweg
Copy link
Author

AllertLageweg commented Apr 12, 2023
edited
Loading

Hi Yorick, in the latest release (https://github.com/microsoft/Microsoft365DSC/releases/tag/1.23.405.1) the issue we encounter has been solved. So our problem was the same as described (and already solved) in this issue: #3108

So my issue can be closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Entra ID
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ykuijs @andikrueger @AllertLageweg