New-AzRoleAssignmentScheduleRequest cmdlet does not work when a PIM eligible role assignment has Conditional Access authentication context enabled

charlie-swing commented 6 days ago

Description

I am able to get the New-AzRoleAssignmentScheduleRequest to work on some PIM eligible assignments, however I noticed I get an error message when trying this on eligible assignments that have the Conditional Access authentication context setting enabled. Is there any way to get around this?

Script or Debug output

No response

Environment data

No response

Module versions

Az.Resources 5.6.0

Error output

New-AzRoleAssignmentScheduleRequest : &claims=%7B%22access_token%22%3A%7B%22acrs%22%3A%7B%22essential%22%3Atrue%2C%20%22value%22%3A%22c1%22%7D%7D%7D
At line:21 char:1
+ New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -Expira ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ Scope = /subs...heduleRequest }:<>f__AnonymousType53) [New-AzRoleAssig..._CreateExpanded], Exception
    + FullyQualifiedErrorId : RoleAssignmentRequestAcrsValidationFailed,Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Cmdlets.NewAzRoleAssignmentScheduleRequest_CreateExpanded

microsoft-github-policy-service[bot] commented 4 days ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @darshanhs90, @AshishGargMicrosoft.

microsoft-github-policy-service[bot] commented 4 days ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @darshanhs90, @AshishGargMicrosoft.

Azure / azure-powershell