Closed RolandTB303 closed 2 weeks ago
Micke-K
commented
1 month ago Hello,
Does it work if you enable "Get Tenant List" in Settings?
This uses an API to get a list of tenants you have access to. This might not work if Security has not allowed it.
There is no option today that you can logon directly with a guest account.
See Discussion 213 for more info.
Cheers!
RolandTB303
commented
1 month ago Thanks for letting me know! I will need to request permissions from Opsec to have minimum privileges to log on at least.
RolandTB303
commented
1 month ago Hi Micke, happy Friday. Now that I have been given permissions to my organisation's Graph Command Line Tools, I am still getting a CA block due to Intune-Management seemingly utilising IE to authenticate which is not a valid condition of accessing Cloud Apps on my tenant. I have disabled IE on my device manually, and still get the same error although I can now no longer click the links to launch Edge from the popup.
Is this by design? If so, is there any way as a user that I can change the script to avoid using IE? Thanks again, Roland
RolandTB303
commented
1 month ago Update - the CA logs say that I'm authenticating with IE7! I've tried running it in PS7 and running Start-IntuneManagement.ps1 just to make sure. This might be a hard sell to my Cyber team...let me know if you have any suggestions and thanks once again!
Micke-K
commented
1 month ago Hello,
I run this on a computer with Windows 11 and IE disabled. Still works for me. I think I saw this when it tried to configure Security Info for a user. It worked after I did that by signing in to the portal in Edge. What security requirements do you have eg MFA, Authentication Strength etc.
The app uses MSAL for authentication. It is an older version. Microsoft does not support MSAL with PowerShell anymore, so it is a bit tricky to get later versions to work. I am looking into this in the next major version.
PS7 is not supported...so I don't expect it to work that way. Will look into that as well at some point.
Cheers!
RolandTB303
commented
1 month ago Hi Micke, thanks again for your input. I figured out there was a secondary MFA prompt going on (one of the semi regular prompts to review/confirm details are correct) which was causing a CA 'loop' when signing into the tool. After completing this in a regular Edge session I'm now able to authenticate properly. Thanks!
Micke-K
commented
2 weeks ago Thank you for the update
Cheers!
Hi Micke & community.
Is there any way to authenticate directly with a tenant I have guest access to? My work tenant policy blocks me from using Microsoft Graph Command Line Tools, as I work for an MSP and by design to not have permissions to my own company's tenant/sub.
AADSTS50105: Your administrator has configured the application Microsoft Graph Command Line Tools ('14d82eec-204b-4c2f-b7e8-296a70dab67e') to block users unless they are specifically granted ('assigned') access to the application.
I wondered if it was possible to authenticate using my user.name_companydomain.com#EXT#clientdomain.onmicrosoft.com UPN but this doesn't seem to be possible.
Is there an option that ignores my actual work directory in this process and would allow me to start the app and then choose the client's directory?
Thanks
TB303