Sharepoint incorrectly produces N/A for policy 3.2 when using service principal but it should perform the policy check because the needed fields exist #1221
The Rego code for Sharepoint policy 3.2 incorrectly produces an N/A when you run with a service principal. I guess the coder thought that the Get-PnPTenant cmdlet does not contain the necessary fields, but based on my testing, it does contain them. I temporarily changed the Rego code and it worked when running with a service principal. The fix to correct this is easy and I provide a code snippet below that I tested with. The fields needed are FileAnonymousLinkType and FolderAnonymousLinkType.
Screenshots of the problem
Run the Sharepoint provider with a service principal and you will get the following:
After I fixed the code, this is what the report looks like. It matches the output when running with interactive authentication.
💡 Summary
The Rego code for Sharepoint policy 3.2 incorrectly produces an N/A when you run with a service principal. I guess the coder thought that the Get-PnPTenant cmdlet does not contain the necessary fields, but based on my testing, it does contain them. I temporarily changed the Rego code and it worked when running with a service principal. The fix to correct this is easy and I provide a code snippet below that I tested with. The fields needed are FileAnonymousLinkType and FolderAnonymousLinkType.
Screenshots of the problem
Run the Sharepoint provider with a service principal and you will get the following:
After I fixed the code, this is what the report looks like. It matches the output when running with interactive authentication.
Code Fix
I commented out the lines that should be removed.
Implementation notes