kreestof1
commented
7 months ago I have the same error with an AAD B2C
Open jbosloy opened 8 months ago
kreestof1
commented
7 months ago I have the same error with an AAD B2C
SamErde
commented
3 months ago Like #62, this sounds like an opportunity to add checks for relevant licenses and handle the error if not applicable.
SamErde
commented
2 months ago @merill and @snozzberries, do you think this is in any way related to Maester issue #195? The error and API path are both different, but the scenario feels similar: reading PIM information fails for application identities but works with delegated GA access.
In Get-EEDefaultSchema.ps1 'privilegedAccess/azureResources/resources', the IgnoreError string is set to: 'The tenant has not onboarded to PIM.'
When running the export with -All, I see the export fail on this endpoint with an error of: 'The tenant needs an AAD Premium 2 license.'
By changing the ignoreError string in this file, I can get the export to complete successfully.
If both error strings are possible under different conditions (e.g. a P1 license vs. a P2 license), perhaps in Export-Entra.ps1, the check against ignoreError could use a -match to allow use of a regex, and then ignore errors for this endpoint could be: (The tenant has not onboarded to PIM.|The tenant needs an AAD Premium 2 license.)