-
Notifications
You must be signed in to change notification settings - Fork 495
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem exporting OrgSettings and PPTenantIsolationSettings #4783
Comments
Could you please share a screenshot of the assigned API permissions for your application and the assigned roles? Thanks. |
Please check if you did assign: OrganizationSettings.Read or if you need write access as well: OrganizationSettings.ReadWrite I did not see this API permission within the screenshot. |
Is this a permission that I need to assign via PowerShell and not GUI? |
You could add the permission by using Graph PowerShell or the EntraId Admin Center. Using Graph PowerShell you need to add the scope parameter to Connect-MGGraph with one of the scopes above. Within EntraID you could update your app registration in the section api permissions. |
@andikrueger PP workload app doesn't require any API permissions, it just needs to be added to Power Apps as a mgmt app by an admin. "Service principal applications are treated within Power Platform similar to how normal users are with the Power Platform Administrator role assigned. Granular roles and permissions can't be assigned to limit their capabilities. The application doesn't get any special role assigned in Microsoft Entra ID, as this is how platform services treat requests made by service principals." |
That is absolutely correct. I was referring to the Exchange error message. |
Oh right, I didn't even see that resource there, O365 workload and specially O365OrgSettings is really a pain in the neck... The log shows that it's failing on line 294 which corresponds for calling In my case I've assigned Insights administrator since it's the most restrictive, please bear in mind that assigning any one of these Entra roles is required even if only reading is required. |
After adding the Exchange Admin role, the error was fixed but generated new teams errors. Is there any specific roles/permissions needed to export the component TeamsM365App? The error I got was below: {NotSpecified} |
I have been getting the below error messages when exporting PPTenantIsolationSettings and OrgSettings. For PowerPlatform, I have already completed adding the application as a service principal in PowerPlatform. For both workloads, I am authenticating using a certificate.
Microsoft 365 DSC Version
1.24.619.1
Which workloads are affected
Office 365 Admin, Power Platform
The DSC configuration
No response
Verbose logs showing the problem
Environment Information + PowerShell Version
No response
The text was updated successfully, but these errors were encountered: