Closed rohancragg closed 3 years ago
rohancragg
commented
3 years ago I also found that I could only get the script to work in PowerShell 5 (i.e. not PowerShell 7). This seems to be because AzureADPreview has dependencies not supported in PowerShell core.
Could you also perhaps mention this in the QuickStart guide?
I am using AzureADPreview v2.0.2.129 but I also tried v2.0.2.89
AlexFilipin
commented
3 years ago Hi @rohancragg - thanks for the feedback! I will update the quick-start wiki. The application admin should be needed because we use delegated permissions on the app registration and it has application read permissions there. PowerShell 5 / 7 feedback is fair, yes thats because of the AzureADPreview Module that does not support PowerShell 7 so far
AlexFilipin
commented
3 years ago @rohancragg I am also curious for feedback what you would prefer from an authentication point of view. Delegated or Application? My latest focus was on the templates and guidance less on the automation, it needs some love. I should fix the authentication part so it only uses Graph no longer the AzureAD module and then it will get simpler.
AlexFilipin
commented
3 years ago I made some updates to https://github.com/AlexFilipin/ConditionalAccess/wiki#deploy-the-policy-set let me know if it looks good to you
rohancragg
commented
3 years ago That looks great -thanks! I'm afraid I'm not yet confident enough with application auth to comment on best options as regards delegated / vs application
I found that when I deployed, I would get errors if I didn't also use PIM to activate AD Roles for my account.
The Roles I activated were
I'm not sure if I'm understanding how this works but this got me past the errors.
Many thanks for a great tool! https://github.com/AlexFilipin/ConditionalAccess/wiki#deploy-the-policy-set