Issue when sync conditional access policy about microsoft365dsc HOT 7 OPEN

Does your tenant have at least one Entra ID P1 or P2 license to enable Conditional Access?

from microsoft365dsc.

@andikrueger If you look closely the deployment is actually failing for all resources with "Set-Targetresource: Failed creating new policy", the same issue has been reported already on #4725 and doesn't look like a licensing issue since this was working before.

from microsoft365dsc.

Before deploying in my company tenant, I test this function in the Microsoft CDX tenant. I have license M365 E5.

from microsoft365dsc.

In my event viewer, log reports:
"Error creating new policy:

{ Response status code does not indicate success: BadRequest (Bad Request). } \ at Set-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.529.1\DscResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.psm1: line 1682"

And in line 1655 in MSFT_AADConditionalAccessPolicy.psm1 I found that Conditional use " $NewParameters.Add('ConditionalAccessPolicyId', $currentPolicy.Id)"

But in Microsoft graph document, It does not have "ConditionalAccessPolicyId", It only has "Id". I try to fix but it not work

from microsoft365dsc.

hello,
I am facing the same error when trying to make a start-dscconfiguration with my MOF file.
Error creating new policy:
{ Response status code does not indicate success: BadRequest (Bad Request). } \ at Set-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365dsc\1.24.522.1\DscResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.psm1: line 1682

I have one computer with module Microsoft365dsc version 1.24.522.1. I have update the Microsoft365dsc recently.
And I have another computer on which I did not updated recently and it is using module version 1.24.228.1.
With version 1.24.228.1, everything is working fine for EntraID ConditionAccess, I can created and update conditionalAccess from MOF file without error.
But with version 1.24.522.1, creation and update of conditionalAccess does not work anymore.
The DSC agent verbose log does not output any error, it seems that everything is working fine. But when checking the conditionalAccess M365 console, nothing changed. And looking at eventlog, there is this error "BadRequest".
It seems that since update of Microsoft365DSC, some functionality for conditionalaccess are not working anymore.
Moreover, I can see that there are new option for "TransferMethods" in conditionaccess setting has been added.

Does any one manage to create and update conditionalAccess object with version 1.24.522.1 and earlier version ?
Regards

from microsoft365dsc.

hello, One update from my end.
M365DSC deployment is successfull by removing from the MOF file, the line corresponding:
TransferMethods = "";

The M365DSC team has switched from "Update-MgBetaIdentityConditionalAccessPolicy" to Invoke-MgGraphRequest.
There maybe some fine tuning to do with this new property TransferMethods on $newparameters variable.
Great job to the team by the way.
Regards
Vi-Nam

from microsoft365dsc.