Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADAuthorizationPolicy: Could not determine authentication method, possible permission issue. #3056

Closed
OptimAdam opened this issue Mar 22, 2023 · 3 comments · Fixed by #3136 or #3140
Closed

AADAuthorizationPolicy: Could not determine authentication method, possible permission issue. #3056

OptimAdam opened this issue Mar 22, 2023 · 3 comments · Fixed by #3136 or #3140
Labels
Authentication Bug Something isn't working V1.23.315.1 Version 1.23.315.1

Comments

@OptimAdam
Copy link

Hi,

I am trying to export my M365 config but I am getting a error on AADAuthorizationPolicy. I think its a permission issue but the error message throws me off. I thought the permissions would be 'Policy.ReadWrite.Authorization' from the MS Graph is this correct?

If its not a permission issue any other ideas, everything else in my command runs fine?

Export-M365DSCConfiguration -Components @("AADAdministrativeUnit", "AADApplication", "AADAuthorizationPolicy", "AADConditionalAccessPolicy", "AADEntitlementManagementAccessPackage", "AADEntitlementManagementAccessPackageAssignmentPolicy", "AADEntitlementManagementAccessPackageCatalog", "AADEntitlementManagementAccessPackageCatalogResource", "AADEntitlementManagementConnectedOrganization", "AADGroupLifecyclePolicy", "AADGroupsNamingPolicy", "AADGroupsSettings", "AADNamedLocationPolicy", "AADRoleDefinition", "AADRoleSetting", "AADSecurityDefaults", "AADTenantDetails", "AADTokenLifetimePolicy", "EXOAcceptedDomain", "EXOActiveSyncDeviceAccessRule", "EXOAddressBookPolicy", "EXOAddressList", "EXOAntiPhishPolicy", "EXOAntiPhishRule", "EXOApplicationAccessPolicy", "EXOAtpPolicyForO365", "EXOAuthenticationPolicy", "EXOAuthenticationPolicyAssignment", "EXOAvailabilityAddressSpace", "EXOAvailabilityConfig", "EXOCASMailboxPlan", "EXOCASMailboxSettings", "EXOClientAccessRule", "EXODataClassification", "EXODataEncryptionPolicy", "EXODistributionGroup", "EXODkimSigningConfig", "EXOEmailAddressPolicy", "EXOGlobalAddressList", "EXOHostedConnectionFilterPolicy", "EXOHostedContentFilterPolicy", "EXOHostedContentFilterRule", "EXOHostedOutboundSpamFilterPolicy", "EXOHostedOutboundSpamFilterRule", "EXOInboundConnector", "EXOIntraOrganizationConnector", "EXOIRMConfiguration", "EXOJournalRule", "EXOMailboxPlan", "EXOMailContact", "EXOMailTips", "EXOMalwareFilterPolicy", "EXOMalwareFilterRule", "EXOManagementRoleAssignment", "EXOMessageClassification", "EXOMobileDeviceMailboxPolicy", "EXOOfflineAddressBook", "EXOOMEConfiguration", "EXOOnPremisesOrganization", "EXOOrganizationConfig", "EXOOrganizationRelationship", "EXOOutboundConnector", "EXOOwaMailboxPolicy", "EXOPartnerApplication", "EXOPerimeterConfiguration", "EXOPolicyTipConfig", "EXOQuarantinePolicy", "EXORemoteDomain", "EXOResourceConfiguration", "EXORoleAssignmentPolicy", "EXORoleGroup", "EXOSafeAttachmentPolicy", "EXOSafeAttachmentRule", "EXOSafeLinksPolicy", "EXOSafeLinksRule", "EXOSharedMailbox", "EXOSharingPolicy", "EXOTransportConfig", "EXOTransportRule") -ApplicationId $ApplicationId -ApplicationSecret $ApplicationSecret -TenantId $TenantId

[2023-03-21 08:30:45]
{OperationStopped}
System.Management.Automation.RuntimeException: Could not determine authentication method
"Error during Export:"
at New-M365DSCConnection, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.315.1\modules\M365DSCUtil.psm1: line 1941
at Get-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.315.1\DSCResources\MSFT_AADAuthorizationPolicy\MSFT_AADAuthorizationPolicy.psm1: line 94
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.315.1\DSCResources\MSFT_AADAuthorizationPolicy\MSFT_AADAuthorizationPolicy.psm1: line 543
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.315.1\modules\M365DSCReverse.psm1: line 615
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.315.1\modules\M365DSCUtil.psm1: line 1207
at <ScriptBlock>, <No file>: line 1
@andikrueger
Copy link
Collaborator

Did you provide values for

# Getting application information for Application + Secret authentication
$ApplicationId = Read-Host -Prompt 'Application Id'
$ApplicationSecret = Read-Host -Prompt 'Application Secret'
$TenantId = Read-Host -Prompt 'Tenant Id'

and does it work if you run the command without exporting AADAuthorizationPolicy

@OptimAdam
Copy link
Author

Thank you for getting back to me.

Yes the values have been provided and the other service do not fail when pulling back the configuration information.

@NikCharlebois NikCharlebois added the Bug Something isn't working label Apr 4, 2023
@NikCharlebois
Copy link
Collaborator

We have been able to replicate and have a fix on the way. The AppSecret parameter wasn't passed back to the Get-TargetResource function which caused MSCloudLoginAssistant not to recognize the auth flow used.

NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Apr 4, 2023
@NikCharlebois
Fixes microsoft#3056
1de391c
@NikCharlebois NikCharlebois mentioned this issue Apr 4, 2023
Merged
NikCharlebois added a commit that referenced this issue Apr 4, 2023
@NikCharlebois
Merge pull request #3136 from NikCharlebois/Fixes-#3056
dcd7a14 
Fixes #3056
@ykuijs ykuijs mentioned this issue Apr 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication Bug Something isn't working V1.23.315.1 Version 1.23.315.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #3056 NikCharlebois/Microsoft365DSC
Release 1.23.405.1
3 participants
@NikCharlebois @andikrueger @OptimAdam