Closed WilliamOverweg closed 4 years ago
@WilliamOverweg Did you make any changes to the JSON? Could you please post the JSON you are trying to import/update and I will take a look
Thanks for the quick response.
This section doesnt allow upload of JSON files so i will post the file as a .txt file. JSON With Device States.txt
I will take a look this afternoon (after 7PM its 2PM here atm) I am anyways trying to plan a update for the update logic and introduce a option for ring based deployments
Thanks a lot! Looking forward to your findings and update.
I believe you are using "deviceStates" instead of "devices". I just replicated your policy with the GUI and exported it via Graph Explorer and it looks like this. JSON.With.Device.States2.json.txt
Actually that might be a recent change to the BETA graph API's the policies in the repository are also using "deviceStates" e.g. https://github.com/AlexFilipin/ConditionalAccess/blob/master/PolicyRepository/Data%20protection/Data%20protection%20-%20All%20apps%20No%20persistent%20browser%20session%20When%20on%20untrusted%20device.json
I will take more detailed look when i find time this week and keep the issue open - in the meantime give it a try with "devices" instead of "devicestates"
I can confirm proper updating the policy when using the Devices parameters from the JSON you supplied:
"devices": { "includeDeviceStates": [ "All" ], "excludeDeviceStates": [ "Compliant", "DomainJoined" ]
Awesome! Thanks a lot.
Updated the policy repository as part of release V1.1 to switch from "devicestates" to "devices" https://github.com/AlexFilipin/ConditionalAccess/wiki/Release-History#v11
An example policy from the repository to replicate the error is: "Data protection - All apps No persistent browser session When on untrusted device"
Creating this policy works without any issues.
When deploying the same policy again, it generates the following error:
` Invoke-RestMethod : { "error": { "code": "BadRequest", "message": "The server could not process the request because it is malformed or incorrect.", "innerError": { "message": "1060: 'deviceStates' and 'devices' conditions cannot be set together. For examples, please see API documentation at https://docs.microsoft.com/en-us/graph/api/conditionalaccesspolicy-update?view=graph-rest-beta.", "request-id": "9bbe13e1-999d-42f9-8d11-448acd907502", "date": "2020-04-28T10:41:12" } } } At C:\Source\VSTS\POR\ConditionalAccess-master\Deploy-Policies.ps1:172 char:40
`
Any idea how to resolve this issue? Thanks!