Closed harken350 closed 3 years ago
dingmeng-xue
commented
3 years ago @harken350 , thanks for reporting.
Could you share us debug message when you execute scripts? You can turn it on via $DebugPreference = "Continue". If you can try it via Az.KeyVault 2.1.0. The debug message will be very helpful to us.
harken350
commented
3 years ago This is using Az.KeyVault 3.4.4 (next entry using Az.KeyVault 2.1.0) ` DEBUG: 7:03:51 AM - NewAzureKeyVault begin processing with ParameterSet '__AllParameterSets'. DEBUG: 7:03:51 AM - using account id 'Nathan.Grieve@oobe.com.au'... DEBUG: [Common.Authentication]: Authenticating using Account: 'Nathan.Grieve@oobe.com.au', environment: 'AzureCloud', tenant: '05f72b90-815c-4cb9-8b40-96c29b862189' DEBUG: 7:03:51 AM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'05f72b90-815c-4cb9-8b40-96c29b862189', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'Nathan.Grieve@oobe.com.au' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Found 1 cache accounts and 0 broker accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Returning 1 accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(2d0f1ea8-681f-4cf8-b898-bdd3a2431582) DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === AcquireTokenSilent Parameters === DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] LoginHint provided: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Account provided: True DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] ForceRefresh: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 2d0f1ea8-681f-4cf8-b898-bdd3a2431582
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.comDEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Access token is not expired. Returning the found cache entry. [Current time (08/11/2021 21:03:51) - Expiration Time (08/11/2021 21:59:04 +00:00) - Extended Expiration Time (08/11/2021 21:59:04 +00:00)] DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Returning access token found in cache. RefreshOn exists ? False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Fetched access token from host login.microsoftonline.com. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 08/11/2021 21:59:04 +00:00 and Scopes https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2021-08-11T21:59:04.0000000+00:00 DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '05f72b90-815c-4cb9-8b40-96c29b862189', UserId: 'Nathan.Grieve@oobe.com.au' DEBUG: [Common.Authentication]: Authenticating using Account: 'Nathan.Grieve@oobe.com.au', environment: 'AzureCloud', tenant: '05f72b90-815c-4cb9-8b40-96c29b862189' DEBUG: 7:03:51 AM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'05f72b90-815c-4cb9-8b40-96c29b862189', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'Nathan.Grieve@oobe.com.au' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Found 1 cache accounts and 0 broker accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Returning 1 accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(0020d8c4-d0b0-4327-a8be-4c0be109ae9c) DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === AcquireTokenSilent Parameters === DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] LoginHint provided: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Account provided: True DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] ForceRefresh: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 0020d8c4-d0b0-4327-a8be-4c0be109ae9c
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.comDEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Access token is not expired. Returning the found cache entry. [Current time (08/11/2021 21:03:51) - Expiration Time (08/11/2021 21:59:04 +00:00) - Extended Expiration Time (08/11/2021 21:59:04 +00:00)] DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Returning access token found in cache. RefreshOn exists ? False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Fetched access token from host login.microsoftonline.com. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 08/11/2021 21:59:04 +00:00 and Scopes https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2021-08-11T21:59:04.0000000+00:00 DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '05f72b90-815c-4cb9-8b40-96c29b862189', UserId: 'Nathan.Grieve@oobe.com.au' DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: GET
Absolute Uri: https://management.azure.com/subscriptions/2150aebf-945e-430f-8f2c-abf6b500a915/resources?$filter=resourceType eq 'Microsoft.KeyVault%2Fvaults'&api-version=2016-09-01
Headers: x-ms-client-request-id : c84eb78d-248f-4f53-842b-ed802772fb13 Accept-Language : en-US
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: OK
Headers: Cache-Control : no-cache Pragma : no-cache x-ms-ratelimit-remaining-subscription-reads: 11990 x-ms-request-id : 1a9cf26e-b4d7-4712-be88-ca2707cf48db x-ms-correlation-request-id : 1a9cf26e-b4d7-4712-be88-ca2707cf48db x-ms-routing-request-id : AUSTRALIACENTRAL:20210811T210352Z:1a9cf26e-b4d7-4712-be88-ca2707cf48db Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Date : Wed, 11 Aug 2021 21:03:51 GMT
Body: { "value": [ { "id": "/subscriptions/2150aebf-945e-430f-8f2c-abf6b500a915/resourceGroups/oobe-nathan-storage/providers/Microsoft.KeyVault/vaults/sadasjkljkddlas", "name": "sadasjkljkddlas", "type": "Microsoft.KeyVault/vaults", "location": "australiacentral", "tags": { "test": "value" } } ] }
DEBUG: [Common.Authentication]: Authenticating using Account: 'Nathan.Grieve@oobe.com.au', environment: 'AzureCloud', tenant: '05f72b90-815c-4cb9-8b40-96c29b862189' DEBUG: 7:03:51 AM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'05f72b90-815c-4cb9-8b40-96c29b862189', Scopes:'https://graph.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'Nathan.Grieve@oobe.com.au' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://graph.windows.net//.default ] ParentRequestId: DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Found 1 cache accounts and 0 broker accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51] Returning 1 accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(38acd197-33c1-4365-bf49-d2c2684c2c13) DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === AcquireTokenSilent Parameters === DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] LoginHint provided: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Account provided: True DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] ForceRefresh: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Request Data === Authority Provided? - True Scopes - https://graph.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 38acd197-33c1-4365-bf49-d2c2684c2c13
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.comDEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Access token is not expired. Returning the found cache entry. [Current time (08/11/2021 21:03:51) - Expiration Time (08/11/2021 22:02:51 +00:00) - Extended Expiration Time (08/11/2021 22:02:51 +00:00)] DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Returning access token found in cache. RefreshOn exists ? False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] Fetched access token from host login.microsoftonline.com. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:51 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 08/11/2021 22:02:51 +00:00 and Scopes https://graph.windows.net//62e90394-69f5-4237-9190-012177145e10 https://graph.windows.net//.default DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://graph.windows.net//.default ] ParentRequestId: ExpiresOn: 2021-08-11T22:02:51.0000000+00:00 DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '05f72b90-815c-4cb9-8b40-96c29b862189', UserId: 'Nathan.Grieve@oobe.com.au' DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: GET
Absolute Uri: https://graph.windows.net/05f72b90-815c-4cb9-8b40-96c29b862189/me?api-version=1.6
Headers: x-ms-client-request-id : c84eb78d-248f-4f53-842b-ed802772fb13 Accept-Language : en-US
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
ocp-aad-diagnostics-server-name: Sxl5wI2Jap+F5bTGjHG5S0NWrnaP1FoQS6SetyvM4B4=
request-id : ee5703ca-bc16-415d-a3df-b743925a60a0
client-request-id : c84eb78d-248f-4f53-842b-ed802772fb13
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key : 7RPk4T2xhxS3nReYxBgpxTA3Qy-AUuhFDvm8Ju3h8d5uU0c1DlzBa7f3f7zcilPjMk3XNVpwnNNCHe8x0lV2XdokiLP3kRlWyxOea7HEngIaUOK0pxBvdpJOD-wqV-z8.ITOGYkBcqy2iQGaJw50X6-AO3N2XZKd9qqww7PFzK4Q
Duration : 489243
x-ms-resource-unit : 1
DataServiceVersion : 3.0;
X-AspNet-Version : 4.0.30319
X-Powered-By : ASP.NET
Strict-Transport-Security : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin : *
Date : Wed, 11 Aug 2021 21:03:51 GMT
Body: { "odata.metadata": "https://graph.windows.net/05f72b90-815c-4cb9-8b40-96c29b862189/$metadata#directoryObjects/@Element", "odata.type": "Microsoft.DirectoryServices.User", "objectType": "User", "objectId": "26b1935e-6417-4352-abfa-e8ea35ab3ff3", "deletionTimestamp": null, "accountEnabled": true, "ageGroup": null, "assignedLicenses": [ { "disabledPlans": [], "skuId": "4b244418-9658-4451-a2b8-b5e2b364e9bd" }, { "disabledPlans": [], "skuId": "3dd6cf57-d688-4eed-ba52-9e40b5468c3e" }, { "disabledPlans": [ "aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1", "7547a3fe-08ee-4ccb-b430-5077c5041653" ], "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900" }, { "disabledPlans": [], "skuId": "efccb6f7-5641-4e0e-bd10-b4976e1bf68e" }, { "disabledPlans": [], "skuId": "1e7e1070-8ccb-4aca-b470-d7cb538cb07e" } ], "assignedPlans": [ { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "da792a53-cbc0-4184-a10d-e544dd34b3c1" }, { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "MicrosoftPrint", "servicePlanId": "795f6fe0-cc4d-4773-b050-5dde4dc704c9" }, { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "WindowsUpdateforBusinessCloudExtensions", "servicePlanId": "7bf960f6-2cd9-443a-8046-5dbff9558365" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "SCO", "servicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "AADPremiumService", "servicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "Adallom", "servicePlanId": "932ad362-64a8-4783-9106-97849a1a30b9" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "MultiFactorService", "servicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "RMSOnline", "servicePlanId": "6c57d4b6-3b23-47a5-9bc9-69f17b4947b3" }, { "assignedTimestamp": "2020-10-07T21:16:39Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "8e0c0a52-6a6c-4d40-8370-dd62790dcd70" }, { "assignedTimestamp": "2020-10-07T21:16:39Z", "capabilityStatus": "Enabled", "service": "MicrosoftThreatProtection", "servicePlanId": "bf28f719-7844-4079-9c78-c1307898e192" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ProjectProgramsAndPortfolios", "servicePlanId": "b21a6b06-1988-436e-a07b-51ec6d9f52ad" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "Adallom", "servicePlanId": "8c098270-9dd4-4350-9b30-ba4703f3b36b" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ccibotsprod", "servicePlanId": "ded3d325-1bdc-453e-8432-5bac26d7a014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "RMSOnline", "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "4de31727-a228-4ec3-a5bf-8e45b5ca48cc" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "WhiteboardServices", "servicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "b1188c4c-1b36-4018-b48b-ee07604f6feb" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "PowerAppsService", "servicePlanId": "9c0dab89-a30c-4117-86e7-97bda240acd2" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ProcessSimple", "servicePlanId": "07699545-9485-468e-95b6-2fca3738be01" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "Deskless", "servicePlanId": "8c7d2df8-86f0-4902-b2ed-a0458298f3b3" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "33c4f319-9bdd-48d6-9c4d-410b750a4a5a" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "41fcdd7d-4733-4863-9cf4-c65b83ce2df4" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "46129a58-a698-46f0-aa5b-17f6586297d9" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "CRM", "servicePlanId": "afa73018-811e-46e9-988f-f75d2b1b8430" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "CRM", "servicePlanId": "28b0fa46-c39a-4188-89e2-58e979a6b014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "TeamspaceAPI", "servicePlanId": "57ff2da0-773e-42df-b2af-ffb7a2317929" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "To-Do", "servicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftStream", "servicePlanId": "6c6042f5-6f01-4d67-b8c1-eb99d36eed3e" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "Sway", "servicePlanId": "a23b959c-7ce8-4e57-9140-b90eb88a9e97" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftCommunicationsOnline", "servicePlanId": "4828c8ec-dc2e-4779-b502-87ac9ce28ab7" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "34c0d7a0-a70f-4668-9238-47f9fc208882" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "OfficeForms", "servicePlanId": "e212cbc7-0961-4c40-9825-01117710dcb1" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "ProjectWorkManagement", "servicePlanId": "b737dad2-2f6c-4c65-90e3-ca563267e8b9" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "PowerBI", "servicePlanId": "70d33638-9c74-4d01-bfd3-562de28bd4ba" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "9f431833-0334-42de-a7dc-70aa40db46db" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftOffice", "servicePlanId": "531ee2f8-b1cb-453b-9c21-d2180d014ca5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftCommunicationsOnline", "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftOffice", "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "WhiteboardServices", "servicePlanId": "94a54592-cd8b-425e-87c6-97868b000b91" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProjectProgramsAndPortfolios", "servicePlanId": "31b4e2fc-4cd6-4e7d-9c1b-41407303bd66" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "To-Do", "servicePlanId": "c87f142c-d1e9-4363-8630-aaea9c4d9ae5" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "95b76021-6a53-4741-ab8b-1d1f3d66a95a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "OfficeForms", "servicePlanId": "2789c901-c14e-48ab-a76a-be334d9d793a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "PowerAppsService", "servicePlanId": "c68f8d98-5534-41c8-bf36-22fa496fa792" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProcessSimple", "servicePlanId": "76846ad7-7776-4c40-a281-a386362dd1b9" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ccibotsprod", "servicePlanId": "041fe683-03e4-45b6-b1af-c0cdc516daee" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "MicrosoftStream", "servicePlanId": "9e700747-8b1d-45e5-ab8d-ef187ceec156" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "WindowsDefenderATP", "servicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "Windows", "servicePlanId": "21b439ba-a0ca-424f-a6cc-52f954a5b111" } ], "city": "Fyshwick", "companyName": "oobe", "consentProvidedForMinor": null, "country": null, "createdDateTime": "2020-06-09T04:29:04Z", "creationType": null, "department": "Consulting", "dirSyncEnabled": true, "displayName": "Nathan Grieve", "employeeId": null, "facsimileTelephoneNumber": null, "givenName": "Nathan", "immutableId": "iu1bMHYQXE60rP8aaJVjgg==", "isCompromised": null, "jobTitle": "Consultant", "lastDirSyncTime": "2021-08-04T04:19:07Z", "legalAgeGroupClassification": null, "mail": "nathan.grieve@oobe.com.au", "mailNickname": "nathan.grieve", "mobile": null, "onPremisesDistinguishedName": "CN=Nathan Grieve,OU=Cloud Users,OU=User Accounts,OU=oobe,DC=prod,DC=oobe,DC=com,DC=au", "onPremisesSecurityIdentifier": "S-1-5-21-485434819-2056864547-1369349253-1953", "otherMails": [], "passwordPolicies": "DisablePasswordExpiration", "passwordProfile": null, "physicalDeliveryOfficeName": "ACT", "postalCode": "2609", "preferredLanguage": null, "provisionedPlans": [ { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" } ], "provisioningErrors": [], "proxyAddresses": [ "smtp:nathan.grieve@oobecloud.onmicrosoft.com", "SMTP:nathan.grieve@oobe.com.au" ], "refreshTokensValidFromDateTime": "2021-08-04T04:08:03Z", "showInAddressList": null, "signInNames": [], "sipProxyAddress": "Nathan.Grieve@oobe.com.au", "state": "ACT", "streetAddress": "3 Geelong Street", "surname": "Grieve", "telephoneNumber": "+61402047598", "usageLocation": "AU", "userIdentities": [], "userPrincipalName": "Nathan.Grieve@oobe.com.au", "userState": null, "userStateChangedOn": null, "userType": "Member" }
DEBUG: [Common.Authentication]: Authenticating using Account: 'Nathan.Grieve@oobe.com.au', environment: 'AzureCloud', tenant: '05f72b90-815c-4cb9-8b40-96c29b862189' DEBUG: 7:03:52 AM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'05f72b90-815c-4cb9-8b40-96c29b862189', Scopes:'https://graph.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'Nathan.Grieve@oobe.com.au' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://graph.windows.net//.default ] ParentRequestId: DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52] Found 1 cache accounts and 0 broker accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52] Returning 1 accounts DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(5ca22609-14f3-4368-9b32-62557929789a) DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] === AcquireTokenSilent Parameters === DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] LoginHint provided: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Account provided: True DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] ForceRefresh: False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] === Request Data === Authority Provided? - True Scopes - https://graph.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 5ca22609-14f3-4368-9b32-62557929789a
DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] === Token Acquisition (SilentRequest) started:
Authority Host: login.microsoftonline.comDEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Azure region was not configured or could not be discovered. Not using a regional authority. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Access token is not expired. Returning the found cache entry. [Current time (08/11/2021 21:03:52) - Expiration Time (08/11/2021 22:02:51 +00:00) - Extended Expiration Time (08/11/2021 22:02:51 +00:00)] DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Returning access token found in cache. RefreshOn exists ? False DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] Fetched access token from host login.microsoftonline.com. DEBUG: (False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.19043 [08/11/2021 21:03:52 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 08/11/2021 22:02:51 +00:00 and Scopes https://graph.windows.net//62e90394-69f5-4237-9190-012177145e10 https://graph.windows.net//.default DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://graph.windows.net//.default ] ParentRequestId: ExpiresOn: 2021-08-11T22:02:51.0000000+00:00 DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '05f72b90-815c-4cb9-8b40-96c29b862189', UserId: 'Nathan.Grieve@oobe.com.au' DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: PUT
Headers: x-ms-client-request-id : c84eb78d-248f-4f53-842b-ed802772fb13 Accept-Language : en-US
Body: { "location": "Australia Central", "properties": { "tenantId": "05f72b90-815c-4cb9-8b40-96c29b862189", "sku": { "name": "standard", "family": "A" }, "accessPolicies": [ { "tenantId": "05f72b90-815c-4cb9-8b40-96c29b862189", "objectId": "26b1935e-6417-4352-abfa-e8ea35ab3ff3", "permissions": { "keys": [ "get", "create", "delete", "list", "update", "import", "backup", "restore", "recover" ], "secrets": [ "get", "list", "set", "delete", "backup", "restore", "recover" ], "certificates": [ "get", "delete", "list", "create", "import", "update", "deleteissuers", "getissuers", "listissuers", "managecontacts", "manageissuers", "setissuers", "recover", "backup", "restore" ], "storage": [ "delete", "deletesas", "get", "getsas", "list", "listsas", "regeneratekey", "set", "setsas", "update", "recover", "backup", "restore" ] } } ], "vaultUri": "", "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, "softDeleteRetentionInDays": 90, "enableRbacAuthorization": false, "enablePurgeProtection": true, "networkAcls": { "bypass": "AzureServices", "defaultAction": "Allow" } } }
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: Forbidden
Headers: Cache-Control : no-cache Pragma : no-cache x-ms-failure-cause : gateway x-ms-request-id : d393cabd-4ba5-4642-8229-40cd37ccfd01 x-ms-correlation-request-id : d393cabd-4ba5-4642-8229-40cd37ccfd01 x-ms-routing-request-id : AUSTRALIACENTRAL:20210811T210353Z:d393cabd-4ba5-4642-8229-40cd37ccfd01 Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Date : Wed, 11 Aug 2021 21:03:52 GMT Connection : close
Body: { "error": { "code": "RequestDisallowedByPolicy", "target": "alexanderbramblejam", "message": "Resource 'alexanderbramblejam' was disallowed by policy. Reasons: 'Git gud scrub'. See error details for policy resource IDs.", "additionalInfo": [ { "type": "PolicyViolation", "info": { "policyDefinitionDisplayName": "Key vaults should have purge protection enabled", "evaluationDetails": { "evaluatedExpressions": [ { "result": "True", "expressionKind": "Field", "expression": "type", "path": "type", "expressionValue": "Microsoft.KeyVault/vaults", "targetValue": "Microsoft.KeyVault/vaults", "operator": "Equals" }, { "result": "False", "expressionKind": "Field", "expression": "Microsoft.KeyVault/vaults/createMode", "path": "properties.createMode", "targetValue": "recover", "operator": "Equals" }, { "result": "True", "expressionKind": "Field", "expression": "Microsoft.KeyVault/vaults/enableSoftDelete", "path": "properties.enableSoftDelete", "targetValue": "false", "operator": "Exists" } ], "reason": "Git gud scrub" }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", "policyDefinitionName": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", "policyDefinitionEffect": "Deny", "policyAssignmentId": "/subscriptions/2150aebf-945e-430f-8f2c-abf6b500a915/resourceGroups/oobe-nathan-storage/providers/Microsoft.Authorization/policyAssignments/c05828b5881345059343f240", "policyAssignmentName": "c05828b5881345059343f240", "policyAssignmentDisplayName": "Key vaults should have purge protection enabled", "policyAssignmentScope": "/subscriptions/2150aebf-945e-430f-8f2c-abf6b500a915/resourceGroups/oobe-nathan-storage" } } ] } }
New-AzKeyVault: Resource 'alexanderbramblejam' was disallowed by policy. Reasons: 'Git gud scrub'. See error details for policy resource IDs. DEBUG: AzureQoSEvent: Module: Az.KeyVault:3.4.4; CommandName: New-AzKeyVault; PSVersion: 7.1.3; IsSuccess: False; Duration: 00:00:01.8008807; Exception: Resource 'alexanderbramblejam' was disallowed by policy. Reasons: 'Git gud scrub'. See error details for policy resource IDs.; DEBUG: Finish sending metric. DEBUG: 7:03:54 AM - NewAzureKeyVault end processing.`
harken350
commented
3 years ago This is using Az.KeyVault 2.1.0
` }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "OfficeForms", "servicePlanId": "e212cbc7-0961-4c40-9825-01117710dcb1" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "ProjectWorkManagement", "servicePlanId": "b737dad2-2f6c-4c65-90e3-ca563267e8b9" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "PowerBI", "servicePlanId": "70d33638-9c74-4d01-bfd3-562de28bd4ba" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "9f431833-0334-42de-a7dc-70aa40db46db" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftOffice", "servicePlanId": "531ee2f8-b1cb-453b-9c21-d2180d014ca5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftCommunicationsOnline", "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftOffice", "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "WhiteboardServices", "servicePlanId": "94a54592-cd8b-425e-87c6-97868b000b91" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProjectProgramsAndPortfolios", "servicePlanId": "31b4e2fc-4cd6-4e7d-9c1b-41407303bd66" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "To-Do", "servicePlanId": "c87f142c-d1e9-4363-8630-aaea9c4d9ae5" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "95b76021-6a53-4741-ab8b-1d1f3d66a95a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "OfficeForms", "servicePlanId": "2789c901-c14e-48ab-a76a-be334d9d793a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "PowerAppsService", "servicePlanId": "c68f8d98-5534-41c8-bf36-22fa496fa792" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProcessSimple", "servicePlanId": "76846ad7-7776-4c40-a281-a386362dd1b9" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ccibotsprod", "servicePlanId": "041fe683-03e4-45b6-b1af-c0cdc516daee" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "MicrosoftStream", "servicePlanId": "9e700747-8b1d-45e5-ab8d-ef187ceec156" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "WindowsDefenderATP", "servicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "Windows", "servicePlanId": "21b439ba-a0ca-424f-a6cc-52f954a5b111" } ], "city": "Fyshwick", "companyName": "oobe", "consentProvidedForMinor": null, "country": null, "createdDateTime": "2020-06-09T04:29:04Z", "creationType": null, "department": "Consulting", "dirSyncEnabled": true, "displayName": "Nathan Grieve", "employeeId": null, "facsimileTelephoneNumber": null, "givenName": "Nathan", "immutableId": "iu1bMHYQXE60rP8aaJVjgg==", "isCompromised": null, "jobTitle": "Consultant", "lastDirSyncTime": "2021-08-04T04:19:07Z", "legalAgeGroupClassification": null, "mail": "nathan.grieve@oobe.com.au", "mailNickname": "nathan.grieve", "mobile": null, "onPremisesDistinguishedName": "CN=Nathan Grieve,OU=Cloud Users,OU=User Accounts,OU=oobe,DC=prod,DC=oobe,DC=com,DC=au", "onPremisesSecurityIdentifier": "S-1-5-21-485434819-2056864547-1369349253-1953", "otherMails": [], "passwordPolicies": "DisablePasswordExpiration", "passwordProfile": null, "physicalDeliveryOfficeName": "ACT", "postalCode": "2609", "preferredLanguage": null, "provisionedPlans": [ { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" } ], "provisioningErrors": [], "proxyAddresses": [ "smtp:nathan.grieve@oobecloud.onmicrosoft.com", "SMTP:nathan.grieve@oobe.com.au" ], "refreshTokensValidFromDateTime": "2021-08-04T04:08:03Z", "showInAddressList": null, "signInNames": [], "sipProxyAddress": "Nathan.Grieve@oobe.com.au", "state": "ACT", "streetAddress": "3 Geelong Street", "surname": "Grieve", "telephoneNumber": "+61402047598", "usageLocation": "AU", "userIdentities": [], "userPrincipalName": "Nathan.Grieve@oobe.com.au", "userState": null, "userStateChangedOn": null, "userType": "Member" } ] }
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: GET
Absolute Uri: https://graph.windows.net/05f72b90-815c-4cb9-8b40-96c29b862189/users/26b1935e-6417-4352-abfa-e8ea35ab3ff3?api-version=1.6
Headers: x-ms-client-request-id : 1f639c0d-4a8c-4a2f-b1c6-02316b0cae49 Accept-Language : en-US
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: OK
Headers: Cache-Control : no-cache Pragma : no-cache ocp-aad-diagnostics-server-name: i8HOtV8wigLp/N+OyLyT8hp8EGTMKfyGfR0HHth9ySk= request-id : b30e1ce1-5f9a-47e0-9de8-e0fa94725676 client-request-id : 1f639c0d-4a8c-4a2f-b1c6-02316b0cae49 x-ms-dirapi-data-contract-version: 1.6 ocp-aad-session-key : vfLi4TUjBM23XGy32bROI4yOScv-lv-Frb4q7wXCm__7LfVJzVU_3-acsolnhMLfqktMXSwBqL9RUY6kZdFJfAoYQ909d7nCnTjDIakgV9j8s3gAE2krVm4YG_qr0sGV.jaq4V7Fldr81W9ouFVOC9bULvVPSrnqZCHRJ180lMpk Duration : 1322709 x-ms-resource-unit : 1 DataServiceVersion : 3.0; X-AspNet-Version : 4.0.30319 X-Powered-By : ASP.NET Strict-Transport-Security : max-age=31536000; includeSubDomains Access-Control-Allow-Origin : * Date : Wed, 11 Aug 2021 21:16:03 GMT
Body: { "odata.metadata": "https://graph.windows.net/05f72b90-815c-4cb9-8b40-96c29b862189/$metadata#directoryObjects/@Element", "odata.type": "Microsoft.DirectoryServices.User", "objectType": "User", "objectId": "26b1935e-6417-4352-abfa-e8ea35ab3ff3", "deletionTimestamp": null, "accountEnabled": true, "ageGroup": null, "assignedLicenses": [ { "disabledPlans": [], "skuId": "4b244418-9658-4451-a2b8-b5e2b364e9bd" }, { "disabledPlans": [], "skuId": "3dd6cf57-d688-4eed-ba52-9e40b5468c3e" }, { "disabledPlans": [ "aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1", "7547a3fe-08ee-4ccb-b430-5077c5041653" ], "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900" }, { "disabledPlans": [], "skuId": "efccb6f7-5641-4e0e-bd10-b4976e1bf68e" }, { "disabledPlans": [], "skuId": "1e7e1070-8ccb-4aca-b470-d7cb538cb07e" } ], "assignedPlans": [ { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "da792a53-cbc0-4184-a10d-e544dd34b3c1" }, { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "MicrosoftPrint", "servicePlanId": "795f6fe0-cc4d-4773-b050-5dde4dc704c9" }, { "assignedTimestamp": "2021-08-04T03:55:02Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "WindowsUpdateforBusinessCloudExtensions", "servicePlanId": "7bf960f6-2cd9-443a-8046-5dbff9558365" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "SCO", "servicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "AADPremiumService", "servicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "Adallom", "servicePlanId": "932ad362-64a8-4783-9106-97849a1a30b9" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "MultiFactorService", "servicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0" }, { "assignedTimestamp": "2021-05-16T00:18:58Z", "capabilityStatus": "Enabled", "service": "RMSOnline", "servicePlanId": "6c57d4b6-3b23-47a5-9bc9-69f17b4947b3" }, { "assignedTimestamp": "2020-10-07T21:16:39Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "8e0c0a52-6a6c-4d40-8370-dd62790dcd70" }, { "assignedTimestamp": "2020-10-07T21:16:39Z", "capabilityStatus": "Enabled", "service": "MicrosoftThreatProtection", "servicePlanId": "bf28f719-7844-4079-9c78-c1307898e192" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ProjectProgramsAndPortfolios", "servicePlanId": "b21a6b06-1988-436e-a07b-51ec6d9f52ad" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "Adallom", "servicePlanId": "8c098270-9dd4-4350-9b30-ba4703f3b36b" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ccibotsprod", "servicePlanId": "ded3d325-1bdc-453e-8432-5bac26d7a014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "RMSOnline", "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "4de31727-a228-4ec3-a5bf-8e45b5ca48cc" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "WhiteboardServices", "servicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "b1188c4c-1b36-4018-b48b-ee07604f6feb" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "PowerAppsService", "servicePlanId": "9c0dab89-a30c-4117-86e7-97bda240acd2" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "ProcessSimple", "servicePlanId": "07699545-9485-468e-95b6-2fca3738be01" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "Deskless", "servicePlanId": "8c7d2df8-86f0-4902-b2ed-a0458298f3b3" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "33c4f319-9bdd-48d6-9c4d-410b750a4a5a" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "41fcdd7d-4733-4863-9cf4-c65b83ce2df4" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "46129a58-a698-46f0-aa5b-17f6586297d9" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "CRM", "servicePlanId": "afa73018-811e-46e9-988f-f75d2b1b8430" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "CRM", "servicePlanId": "28b0fa46-c39a-4188-89e2-58e979a6b014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "TeamspaceAPI", "servicePlanId": "57ff2da0-773e-42df-b2af-ffb7a2317929" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "To-Do", "servicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftStream", "servicePlanId": "6c6042f5-6f01-4d67-b8c1-eb99d36eed3e" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "Sway", "servicePlanId": "a23b959c-7ce8-4e57-9140-b90eb88a9e97" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftCommunicationsOnline", "servicePlanId": "4828c8ec-dc2e-4779-b502-87ac9ce28ab7" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "34c0d7a0-a70f-4668-9238-47f9fc208882" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "OfficeForms", "servicePlanId": "e212cbc7-0961-4c40-9825-01117710dcb1" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "ProjectWorkManagement", "servicePlanId": "b737dad2-2f6c-4c65-90e3-ca563267e8b9" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "PowerBI", "servicePlanId": "70d33638-9c74-4d01-bfd3-562de28bd4ba" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "SharePoint", "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "9f431833-0334-42de-a7dc-70aa40db46db" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "exchange", "servicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "exchange", "servicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Deleted", "service": "MicrosoftOffice", "servicePlanId": "531ee2f8-b1cb-453b-9c21-d2180d014ca5" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftCommunicationsOnline", "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c" }, { "assignedTimestamp": "2020-10-07T09:18:19Z", "capabilityStatus": "Enabled", "service": "MicrosoftOffice", "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "WhiteboardServices", "servicePlanId": "94a54592-cd8b-425e-87c6-97868b000b91" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProjectProgramsAndPortfolios", "servicePlanId": "31b4e2fc-4cd6-4e7d-9c1b-41407303bd66" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "To-Do", "servicePlanId": "c87f142c-d1e9-4363-8630-aaea9c4d9ae5" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "CRM", "servicePlanId": "95b76021-6a53-4741-ab8b-1d1f3d66a95a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "OfficeForms", "servicePlanId": "2789c901-c14e-48ab-a76a-be334d9d793a" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "PowerAppsService", "servicePlanId": "c68f8d98-5534-41c8-bf36-22fa496fa792" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ProcessSimple", "servicePlanId": "76846ad7-7776-4c40-a281-a386362dd1b9" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "ccibotsprod", "servicePlanId": "041fe683-03e4-45b6-b1af-c0cdc516daee" }, { "assignedTimestamp": "2020-09-21T23:13:47Z", "capabilityStatus": "Enabled", "service": "MicrosoftStream", "servicePlanId": "9e700747-8b1d-45e5-ab8d-ef187ceec156" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "WindowsDefenderATP", "servicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef" }, { "assignedTimestamp": "2020-06-09T04:30:36Z", "capabilityStatus": "Enabled", "service": "Windows", "servicePlanId": "21b439ba-a0ca-424f-a6cc-52f954a5b111" } ], "city": "Fyshwick", "companyName": "oobe", "consentProvidedForMinor": null, "country": null, "createdDateTime": "2020-06-09T04:29:04Z", "creationType": null, "department": "Consulting", "dirSyncEnabled": true, "displayName": "Nathan Grieve", "employeeId": null, "facsimileTelephoneNumber": null, "givenName": "Nathan", "immutableId": "iu1bMHYQXE60rP8aaJVjgg==", "isCompromised": null, "jobTitle": "Consultant", "lastDirSyncTime": "2021-08-04T04:19:07Z", "legalAgeGroupClassification": null, "mail": "nathan.grieve@oobe.com.au", "mailNickname": "nathan.grieve", "mobile": null, "onPremisesDistinguishedName": "CN=Nathan Grieve,OU=Cloud Users,OU=User Accounts,OU=oobe,DC=prod,DC=oobe,DC=com,DC=au", "onPremisesSecurityIdentifier": "S-1-5-21-485434819-2056864547-1369349253-1953", "otherMails": [], "passwordPolicies": "DisablePasswordExpiration", "passwordProfile": null, "physicalDeliveryOfficeName": "ACT", "postalCode": "2609", "preferredLanguage": null, "provisionedPlans": [ { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "MicrosoftCommunicationsOnline" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Deleted", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "exchange" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "SharePoint" }, { "capabilityStatus": "Enabled", "provisioningStatus": "Success", "service": "CRM" } ], "provisioningErrors": [], "proxyAddresses": [ "smtp:nathan.grieve@oobecloud.onmicrosoft.com", "SMTP:nathan.grieve@oobe.com.au" ], "refreshTokensValidFromDateTime": "2021-08-04T04:08:03Z", "showInAddressList": null, "signInNames": [], "sipProxyAddress": "Nathan.Grieve@oobe.com.au", "state": "ACT", "streetAddress": "3 Geelong Street", "surname": "Grieve", "telephoneNumber": "+61402047598", "usageLocation": "AU", "userIdentities": [], "userPrincipalName": "Nathan.Grieve@oobe.com.au", "userState": null, "userStateChangedOn": null, "userType": "Member" }
Vault Name : alexanderbramblejam6 Resource Group Name : oobe-nathan-storage Location : australia central Resource ID : /subscriptions/2150aebf-945e-430f-8f2c-abf6b500a915/resourceGroups/oobe-nathan-storage/providers/Microsoft.KeyVault/vaults/alexanderbramblejam6 Vault URI : https://alexanderbramblejam6.vault.azure.net/ Tenant ID : 05f72b90-815c-4cb9-8b40-96c29b862189 SKU : Standard Enabled For Deployment? : False Enabled For Template Deployment? : False Enabled For Disk Encryption? : False Soft Delete Enabled? : True Soft Delete Retention Period (days) : 90 Access Policies : Tenant ID : 05f72b90-815c-4cb9-8b40-96c29b862189 Object ID : 26b1935e-6417-4352-abfa-e8ea35ab3ff3 Application ID : Display Name : Nathan Grieve (Nathan.Grieve@oobe.com.au) Permissions to Keys : get, create, delete, list, update, import, backup, restore, recover Permissions to Secrets : get, list, set, delete, backup, restore, recover Permissions to Certificates : get, delete, list, create, import, update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers, setissuers, recover, backup, restore Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list, listsas, regeneratekey, set, setsas, update, recover, backup, restore
Network Rule Set : Default Action : Allow Bypass : AzureServices IP Rules : Virtual Network Rules :
Tags : Name Value ==== ===== test value
DEBUG: AzureQoSEvent: Module: Az.KeyVault:2.1.0; CommandName: New-AzKeyVault; PSVersion: 7.1.3; IsSuccess: True; Duration: 00:00:35.7978135 DEBUG: Finish sending metric. DEBUG: 7:16:04 AM - NewAzureKeyVault end processing.`
BethanyZhou
commented
3 years ago Hi @harken350 , thank you for opening this issue, I have reproduced this issue on my machine.
Key vaults should have purge protection enabled Built-in Malicious deletion of a key vault can lead to permanent data loss. A malicious insider in your organization can potentially delete and purge key vaults. Purge protection protects you from insider attacks by enforcing a mandatory retention period for soft deleted key vaults. No one inside your organization or Microsoft will be able to purge your key vaults during the soft delete retention period.
From the description of the policy, we should create a key vault with enable purge protection within soft delete retention period.
KeyVault team announced EnableSoftDelete is deprecated and will be always turn on last Oct , please see https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-change, so our command doesn't send enableSoftDelete and only keeps softDeleteRetentionInDays as parameter after Az.KeyVault 3.0.0.
While the policy still checks we whether enable softdelete, that's why Az.KeyVault >= 3.0.0 can't not pass through in this case.
{
"result": "True",
"expressionKind": "Field",
"expression": "Microsoft.KeyVault/vaults/enableSoftDelete",
"path": "properties.enableSoftDelete",
"targetValue": "false",
"operator": "Exists"
}I believe the owner of this policy should adjust the judge logic rather than Azure PowerShell side.
ghost
commented
3 years ago Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!
harken350
commented
3 years ago I’m closing this issue as I’ve sent it off to the policy team via Azure support
Description
Having the policy definition ID: "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53" in Deny mode will not allow me to create a key vault with Az.KeyVault 3.4.4 . I am denied regardless of if I have the flag "-enablepurgeprotection" on or not.
This is not present in other az.keyvault versions (tested 2.1.0)
Steps to reproduce
Enable the policy with the deny effect. Try to create a key vault while using az.keyvault version 3.4.4
Environment data
Module versions
Debug output
Error output