search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.59k stars 500 forks source link

Configuring Microsoft 365 DSC with Azure Devops #2500

Closed Rajagopal301189 closed 1 year ago

Rajagopal301189 commented 1 year ago

Hi Team,

I am following a white paper in below link to configure M365DSC with Azure Devops.

https://techcommunity.microsoft.com/t5/azure-developer-community-blog/managing-microsoft365-with-microsoft365dsc-and-azure-devops/bc-p/3671002#M903

But when I come to Release pipeline, i encounter "Access Denied" error. Could you please let me know how to resolve this.

andikrueger commented 1 year ago

Could you share a more specific error message or screenshots about the actual error message?

Rajagopal301189 commented 1 year ago

MicrosoftTeams-image Hi Andi,

I have attached the image of error message.

Please help.

Thanks, Raj

NikCharlebois commented 1 year ago

//cc @ykuijs

Rajagopal301189 commented 1 year ago

Hi All,

Any insights please ??

andikrueger commented 1 year ago

Usually this error happens, if the WINRM service is not started or not well configured. Are you using the deploy.ps1 of the whitepaper?

Rajagopal301189 commented 1 year ago

Hi @andikrueger ,

Yes, I am following the entire steps and code (Powershell scripts) mentioned in the whitepaper...

https://office365dsc.azurewebsites.net/Pages/Resources/Whitepapers/Managing%20Microsoft%20365%20with%20Microsoft365Dsc%20and%20Azure%20DevOps.pdf

Ok if the issue is with WINRM, then how can we resolved it.

Thanks, Raj

ykuijs commented 1 year ago

Hi @Rajagopal301189, I am in the final stages of a major update of the whitepaper. The old version was mostly written to demonstrate how you could use Azure DevOps to manage Microsoft 365 using Microsoft365DSC, the DSC configuration itself and the scripts were very basic.

This new version has a more extended setup: The scripts are more robust and are now using Composite resources to combine all resources of a specific workload into its own composite resource.

Keep an eye on our Microsoft365DSC Twitter feed for news when this whitepaper is released!

Rajagopal301189 commented 1 year ago

Hi @ykuijs ,

Thanks for the response.

After running the agent job with local service account of VM Machine i have managed to resolve "Access denied" error. But receiving the below error message.

Is that anything you could help me or suggest? image

Thanks, Raj

Rajagopal301189 commented 1 year ago

Hi @andikrueger / @NikCharlebois ,

Is that could any one help me on the above error screenshot please.

Kindly let me know if any further information is required.

Thanks, Raj

andikrueger commented 1 year ago

What kind of authentication method do you try to use and what version of M365DSC are you running?

Rajagopal301189 commented 1 year ago

I am running 1.22.1019.1 version of M365DSC. We are using Modern authentication method. Below is the Task log of powershell script where it is getting error. Hope this helps.

2022-11-17T14:11:13.7335659Z ##[section]Starting: PowerShell Script 2022-11-17T14:11:13.7502277Z ============================================================================== 2022-11-17T14:11:13.7502562Z Task : PowerShell 2022-11-17T14:11:13.7502784Z Description : Run a PowerShell script on Linux, macOS, or Windows 2022-11-17T14:11:13.7503020Z Version : 2.212.0 2022-11-17T14:11:13.7503202Z Author : Microsoft Corporation 2022-11-17T14:11:13.7503475Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell 2022-11-17T14:11:13.7503818Z ============================================================================== 2022-11-17T14:11:14.8027642Z Generating script. 2022-11-17T14:11:14.8077586Z Formatted command: . 'C:\Agents\vsts-agent-win-x64-2.211.1_work\r1\a_DSCConfig\deploypackage\deploy.ps1' 2022-11-17T14:11:14.8438478Z ========================== Starting Command Output =========================== 2022-11-17T14:11:14.8686674Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'C:\Agents\vsts-agent-win-x64-2.211.1_work_temp\cf765b37-cd84-4bc4-85ba-99d0649b8e85.ps1'" 2022-11-17T14:11:15.1991657Z 2022-11-17 14:11:15 - Checking for presence of Microsoft365Dsc module and all required modules 2022-11-17T14:11:15.2911751Z 2022-11-17 14:11:15 -
2022-11-17T14:11:15.4173592Z 2022-11-17 14:11:15 - Checking Microsoft365Dsc version 2022-11-17T14:11:15.4196494Z 2022-11-17 14:11:15 - - Required version: 1.22.1019.1 2022-11-17T14:11:15.4255912Z 2022-11-17 14:11:15 - - Installed version: 1.22.1019.1 2022-11-17T14:11:15.4303582Z 2022-11-17 14:11:15 -
2022-11-17T14:11:15.5662568Z 2022-11-17 14:11:15 - Correct version installed, continuing. 2022-11-17T14:11:15.5673810Z 2022-11-17 14:11:15 -
2022-11-17T14:11:15.8414112Z VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = 2022-11-17T14:11:15.8423390Z SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = 2022-11-17T14:11:15.8431096Z root/Microsoft/Windows/DesiredStateConfiguration'. 2022-11-17T14:11:15.9171992Z VERBOSE: An LCM method call arrived from computer Machine01 with user sid S-1-5-18. 2022-11-17T14:11:15.9178846Z VERBOSE: [Machine01]: LCM: [ Start Set ] 2022-11-17T14:11:16.2525188Z VERBOSE: [Machine01]: LCM: [ Start Resource ] [[SPOTenantSettings]TenantSettings] 2022-11-17T14:11:16.2558183Z VERBOSE: [Machine01]: LCM: [ Start Test ] [[SPOTenantSettings]TenantSettings] 2022-11-17T14:11:23.7728937Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:23.7736659Z {Microsoft.Graph.Applications} is available {1.16.0} 2022-11-17T14:11:24.0211166Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:24.0220025Z {Microsoft.Graph.Authentication} is available {1.16.0} 2022-11-17T14:11:24.7743737Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:24.7795060Z {Microsoft.Graph.DeviceManagement} is available {1.16.0} 2022-11-17T14:11:25.1188587Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:25.1196239Z {Microsoft.Graph.DeviceManagement.Administration} is available {1.16.0} 2022-11-17T14:11:25.5335462Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:25.5341908Z {Microsoft.Graph.DeviceManagement.Enrolment} is available {1.16.0} 2022-11-17T14:11:25.9721637Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:25.9734470Z {Microsoft.Graph.Devices.CorporateManagement} is available {1.16.0} 2022-11-17T14:11:28.2910334Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:28.2948881Z {Microsoft.Graph.Groups} is available {1.16.0} 2022-11-17T14:11:28.6011014Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:28.6018738Z {Microsoft.Graph.Identity.DirectoryManagement} is available {1.16.0} 2022-11-17T14:11:29.2358038Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:29.3350937Z {Microsoft.Graph.Identity.Governance} is available {1.16.0} 2022-11-17T14:11:29.6604559Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:29.6611584Z {Microsoft.Graph.Identity.SignIns} is available {1.16.0} 2022-11-17T14:11:29.9099655Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:29.9106608Z {Microsoft.Graph.Planner} is available {1.16.0} 2022-11-17T14:11:30.3378421Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:30.3391002Z {Microsoft.Graph.Teams} is available {1.16.0} 2022-11-17T14:11:30.5790356Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:30.5797633Z {Microsoft.Graph.Users} is available {1.16.0} 2022-11-17T14:11:30.9368321Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:30.9493260Z {Microsoft.Graph.Users.Actions} is available {1.16.0} 2022-11-17T14:11:32.0748838Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of {MicrosoftTeams} is 2022-11-17T14:11:32.0755534Z available {4.9.1} 2022-11-17T14:11:32.4107248Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] New version of 2022-11-17T14:11:32.4118874Z {MSCloudLoginAssistant} is available {1.0.97} 2022-11-17T14:11:35.6669688Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] Testing configuration for SPO 2022-11-17T14:11:35.6681296Z Tenant 2022-11-17T14:11:35.6828463Z VERBOSE: [Machine01]: [[SPOTenantSettings]TenantSettings] Getting configuration for SPO 2022-11-17T14:11:35.6834277Z Tenant 2022-11-17T14:11:35.7544757Z VERBOSE: [Machine01]: LCM: [ End Test ] [[SPOTenantSettings]TenantSettings] in 19.4970 seconds. 2022-11-17T14:11:35.8853898Z ##[error]PowerShell DSC resource MSFT_SPOTenantSettings failed to execute Test-TargetResource functionality with error message: Could not determine authentication method

andikrueger commented 1 year ago
  1. Could you update to the latest version of M365DSC?
  2. Please make sure, that your .mof file contains all needed parameters for authentication. You could download this file from devops and open it in a code editor. There should be some credential references in there. Please make sure, everything is set according to your configuration (User-Password, Service Principal or Application with Cert/Secret...)