AlexFilipin
commented
4 years ago Ahh I though PG told me that would not happen - seems like the upcoming changes to clientAppTypes are rolling out. I will have a look and update the JSONs - thanks for reporting!
Using current policy set Device trust with AADP1.
Effected Policies: 100, 101, 102, 104, 105, 106, 200, 201, 302, 400, 401, 402, 500, 501
Problem: I did not modify the JSON. Error indicates "clientAppTypes": [], brackets cannot be empty, and to explicitly specify the apps. Note, I successfully used the same JSON at another tenant earlier today.
Full error: Invoke-RestMethod : { "error": { "code": "BadRequest", "message": "The server could not process the request because it is malformed or incorrect.", "innerError": { "message": "1064: 'clientAppTypes' condition does not support []. If you want to target all client apps, use ['All']. If you want to target modern authentication clients, use ['browser', 'mobileAppsAndDesktopClients']. For examples, please see API documentation at https://docs.microsoft.com/en-us/graph/api/conditionalaccessroot-post-policies?view=graph-rest-beta.
Solution: update the effected JSON files with: "clientAppTypes": [ "mobileAppsAndDesktopClients", "browser" ],