Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADConditionalAccessPolicy - Issues #4347

Closed
Cyanic-Cloud opened this issue Feb 16, 2024 · 3 comments · Fixed by #4350 or #4357
Closed

AADConditionalAccessPolicy - Issues #4347

Cyanic-Cloud opened this issue Feb 16, 2024 · 3 comments · Fixed by #4350 or #4357
Labels
Bug Something isn't working Entra ID V1.24.214.2 Version 1.24.214.2

Comments

@Cyanic-Cloud
Copy link

Cyanic-Cloud commented Feb 16, 2024
edited
Loading

Description of the issue

When using Export-M365DSCConfiguration like below:

Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -ApplicationId $ApplicationId -CertificateThumbprint $CertificateThumbprint -TenantId $TenantId

The following objects are not auto populating with required values

IncludeExternalTenantsMembershipKind = "";
ExcludeExternalTenantsMembershipKind = "";

image

Is it possible to not make this a required variable or auto populate with unknownFutureValue, as currently I now get an error in my pipeline as I dont populate this variable in my base config:

image

image

If I populate both IncludeExternalTenantsMembershipKind AND ExcludeExternalTenantsMembershipKind with unknownFutureValue the compilation runs fine.

Microsoft 365 DSC Version

1.24.214.2

Which workloads are affected

Azure Active Directory

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response
@sachabruttin
Copy link

Empty string value has been removed on this PR #4322 / Commit
32fa1cc

When I export my Conditional Access with

> $policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'"

The value I get is empty.

> $policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants

MembershipKind
--------------

> $policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind -eq $null
True

Please allow the properties IncludeExternalTenantsMembershipKind and ExcludeExternalTenantsMembershipKind the have empty value/$null value.

@ricmestre
Copy link
Contributor

@ykuijs Hi, could you please look into this? According to https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccessexternaltenants?view=graph-rest-beta these properties only allow all, enumerated, unknownFutureValue but the API still can return $null and with your diff this now makes the resource fail when this case happens.

@andikrueger andikrueger added Bug Something isn't working Entra ID V1.24.214.2 Version 1.24.214.2 labels Feb 20, 2024
@NikCharlebois NikCharlebois mentioned this issue Feb 20, 2024
Merged
@Cyanic-Cloud
Copy link
Author

Thanks @NikCharlebois, much appreciated 🚀

@NikCharlebois NikCharlebois mentioned this issue Feb 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Entra ID V1.24.214.2 Version 1.24.214.2
Projects
None yet
Milestone
No milestone
4 participants
@sachabruttin @andikrueger @Cyanic-Cloud @ricmestre