Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADAuthenticationMethodPolicyFido2: schema missing classversion #4900

Closed
kcooke-gbph opened this issue Jul 17, 2024 · 0 comments · Fixed by #4932 or #4944
Closed

AADAuthenticationMethodPolicyFido2: schema missing classversion #4900

kcooke-gbph opened this issue Jul 17, 2024 · 0 comments · Fixed by #4932 or #4944

Comments

@kcooke-gbph
Copy link

Description of the issue

the existing MSFT_AADAuthenticationMethodPolicyFido2.schema.mof file at DSCResources\MSFT_AADAuthenticationMethodPolicyFido2 is missing [ClassVersion("1.0.0")] for class MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget.

The mof file is generated without any issue, but when attempting to apply the the mof using start-dscconfiguration that includes AADAuthenticationMethodPolicyFido2, it will fail if there are included targets.

Fails with error

##[error]ClassVersion Qualifier not found.
+ CategoryInfo : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException

+ FullyQualifiedErrorId : MI RESULT 6

+ PSComputerName        : localhost

Same error, and probably same issue, as #4079

Adding the missing classversion to the schema file allows the start-dscconfiguration to go through

Microsoft 365 DSC Version

1.24.710.3

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

# Generated with Microsoft365DSC version 1.24.710.3
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
)

Configuration AADAuthenticationMethodPolicyFido2
{
    param (
    )

    $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.710.3'

    Node localhost
    {

        # For information on how to use this resource, please refer to:
        # https://github.com/microsoft/Microsoft365DSC/wiki/AADAuthenticationMethodPolicyFido2
        AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2"
        {
            ApplicationId                    = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint            = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Ensure                           = "Present";
            Id                               = "Fido2";
            IncludeTargets                   = @(
                MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{
                    Id = 'Global Administrators'
                    TargetType = 'group'
                }
                MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{
                    Id = 'FIDO2 Security Key'
                    TargetType = 'group'
                }
            );
            IsAttestationEnforced            = $True;
            IsSelfServiceRegistrationAllowed = $True;
            KeyRestrictions                  = MSFT_MicrosoftGraphfido2KeyRestrictions{
                IsEnforced = $False
                EnforcementType = 'block'
                AaGuids = @()
            };
            State                            = "enabled";
            TenantId                         = $OrganizationName;
        }
    }
}

AADAuthenticationMethodPolicyFido2 -ConfigurationData .\ConfigurationData.psd1

Verbose logs showing the problem

PS Microsoft.PowerShell.Core\FileSystem::> Start-DscConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer NAME with user sid S-1-5-21-000000000-00000000-3268783840-9479.
VERBOSE: [NAME]: LCM:  [ Start  Set      ]
VERBOSE: [NAME]: LCM:  [ End    Set      ]
ClassVersion Qualifier not found.
    + CategoryInfo          : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 3.13 seconds

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.7155.amd64fre.rs1_release.240624-1757
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Name                           Value
----                           -----
PSVersion                      5.1.14393.7155
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.7155
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@kcooke-gbph