search

AzureAD / azure-activedirectory-powershell

This is a repo for Azure AD PowerShell scrips and samples
30 stars 27 forks source link

Get-AzureADMSConditionalAccessPolicy fails when any policy has Linux selected as a device platform. #31

Open ThoughtContagion opened 2 years ago

ThoughtContagion commented 2 years ago

As the title states, if a tenant chooses Linux as a platform under any Conditional Access Policy, the commands to get policies throws a nasty error.

Get-AzureADMSConditionalAccessPolicy
Get-AzureADMSConditionalAccessPolicy : Error converting value "linux" to type 'Microsoft.Open.MSGraph.Model.ConditionalAccessDevicePlatforms'. Path
'value[5].conditions.platforms.includePlatforms[2]', line 1, position 5853.
At line:1 char:1
+ Get-AzureADMSConditionalAccessPolicy
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-AzureADMSConditionalAccessPolicy], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.GetAzureADMSConditionalAccessPolicy

I realize this next bit is beyond the scope of this repo, but additionally the Microsoft Graph module doesn't throw an error, it just omits the policy in it's entirety. Not helpful for admins or auditors looking to programmatically pull the policies and details.

asthalon commented 2 years ago

This issue still persists, and makes generating a shareable catalogue/document of conditional access policies more painful than it needs to be. Please resolve!