Whedle
commented
3 years ago Adding to this, the token generator has permissions to read all objects within MCAS and the tested invoke-mcasrestmethod were all Get methods.
Open Whedle opened 3 years ago
Whedle
commented
3 years ago Adding to this, the token generator has permissions to read all objects within MCAS and the tested invoke-mcasrestmethod were all Get methods.
The Get-Credential and Invoke-MCASRestMethod are validating the uri by ...username -match '.portal.cloudappsecurity.(com|us|eu|gov|uk|edu|co.uk)$'.
The newly released GCC tenant is ...portal.cloudappsecuritygov.com (which doesn't match the validation).
We bypassed validation and when using the MCASRestMethod we are receiving "Invoke-WebRequest : {"detail":"Invalid user - the owner of this token is not permitted to use tokens"}