gdasher
commented
4 days ago Do you have a cap policy that might be blocking this access? It's hard to know the cause without a little more information on your setup.
Closed sam-i-am-clark closed 3 days ago
gdasher
commented
4 days ago Do you have a cap policy that might be blocking this access? It's hard to know the cause without a little more information on your setup.
sam-i-am-clark
commented
3 days ago I will close out this issue. It was a timing issue with PIM. I had activated the role, but hadn't waited long enough it appears and the token that was assigned didn't provide access to the role. Oddly enough, everything else worked repeatedly.
In any case, I re-executed today and everything was fine, so I'm going to close out this issue as a user error.
🐛 Summary
Receiving an AccessDenied error when running Invoke-SCuBA -ProductNames aad
Even when configured as a Global Administrator AND Conditional Access Administrator enabled it is still returning AccessDenied when executing Get-MgBetaIdentityConditionalAccessPolicy
To reproduce
Expected behavior
Produce the report for scanning Entra
Any helpful log output or screenshots
WARNING: Error running Get-MgBetaIdentityConditionalAccessPolicy. Your account does not have access to this report or data. Please contact your global administrator to request access. One of the following roles is required: Security Reader, Company Administrator, Security Administrator, Conditional Access Administrator, Global Reader, Devices Admin, Entra Network Access Administrator.
Status: 403 (Forbidden) ErrorCode: AccessDenied Date: 2024-11-20T19:06:37
Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : xxxxxxx client-request-id : xxxxxxxx x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"xxxxxx","Slice":"x","Ring":"x","ScaleUnit":"xxx","RoleInstance":"xxxxx"}} Link : https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-u s/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePre view:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=202 2-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/htm l",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/e n-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,Private Preview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to= 2022-03-01;rel="deprecation";type="text/html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:networkAccess&from=2022-02-01&to=2022-03-01;rel="deprecation";type="text/ html",https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:secureAppSessionMode&from=2023-07-01&to=2023-08-01;rel="deprecation";type="text/html",https://developer.microsoft -tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:secureAppSessionMode&from=2023-07-01&to=2023-08-01;rel="deprecation";type="text/html" Deprecation : Thu, 17 Feb 2022 23:59:59 GMT Sunset : Sat, 17 Feb 2024 23:59:59 GMT Cache-Control : no-cache Date : Wed, 20 Nov 2024 19:06:37 GMT