andikrueger
commented
1 year ago Please elaborate a bit more and share the details of your current setup.
Closed LijuV-MSFT closed 1 year ago
andikrueger
commented
1 year ago Please elaborate a bit more and share the details of your current setup.
LijuV-MSFT
commented
1 year ago I am running this on a Server 2019 VM
Here is the output… the first one succeeds, whereas the second fails:
PS C:> Update-Module Microsoft365DSC
PS C:> Update-M365DSCDependencies Installing ExchangeOnlineManagement version {3.1.0} Installing Microsoft.Graph.Applications version {1.22.0} Installing Microsoft.Graph.DeviceManagement version {1.22.0} Installing Microsoft.Graph.DeviceManagement.Administration version {1.22.0} Installing Microsoft.Graph.DeviceManagement.Enrolment version {1.22.0} Installing Microsoft.Graph.Devices.CorporateManagement version {1.22.0} Installing Microsoft.Graph.Groups version {1.22.0} Installing Microsoft.Graph.Identity.DirectoryManagement version {1.22.0} Installing Microsoft.Graph.Identity.Governance version {1.22.0} Installing Microsoft.Graph.Identity.SignIns version {1.22.0} Installing Microsoft.Graph.Planner version {1.22.0} Installing Microsoft.Graph.Teams version {1.22.0} Installing Microsoft.Graph.Users version {1.22.0} Installing Microsoft.Graph.Users.Actions version {1.22.0} Installing Microsoft.PowerApps.Administration.PowerShell version {2.0.155} Installing MicrosoftTeams version {4.9.3} Installing MSCloudLoginAssistant version {1.0.105} Installing ReverseDSC version {2.0.0.14}
PS C:> $SourceCredential = Get-Credential cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters:
PS C:> Update-M365DSCAllowedGraphScopes -All -Type 'Update' -Environment 'Global' Error during updating allowed Graph scopes!
PS C:> Update-M365DSCAllowedGraphScopes -ResourceNameList @("AADApplication") -Type Update Allowed Graph scopes updated!
PS C:> Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\04" -Components @("AADApplication") Exporting Microsoft 365 configuration for Components: AADApplication Authentication methods specified:
PS C:> Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\05" -Filters @{AADApplication = "DisplayName eq 'AAD_SignIn_Log_Reader'"} Exporting Microsoft 365 configuration for Mode: Default Authentication methods specified:
PS C:>
Thanks, Liju…
andikrueger
commented
1 year ago What kind of user account are you using?
LijuV-MSFT
commented
1 year ago The user is assigned global administrator. Any idea why the first command succeeds while the second fails? The second is exporting only one application, while the first is exporting ALL apps.
Thanks, Liju...
ykuijs
commented
1 year ago Your last statement isn't entirely true In the first export you are running this command:
Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\04" -Components @("AADApplication")Since you specifically specified that you wanted to export the AADApplication component, the first line shows this
Exporting Microsoft 365 configuration for Components: AADApplication. And therefore it only has to connect to the Graph (AAD resources use the Graph).
In the second export you are running this command:
Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\05" -Filters @{AADApplication = "DisplayName eq 'AAD_SignIn_Log_Reader'"}
Exporting Microsoft 365 configuration for Mode: DefaultHere you didn't specify any components, so the export method assumes the Default set of resources, which is also tells you on the first line Exporting Microsoft 365 configuration for Mode: Default. That also includes the Security & Compliance resources, so it tries to connect to that.
It is however still strange that the connection fails. Can you please try the following command:
$cred = Get-Credential
New-M365DSCConnection -Workload SecurityComplianceCenter -InboundParameters @{ Credential = $cred }Sorry about the delay; here is the output:
PS C:\windows\system32> New-M365DSCConnection -Workload SecurityComplianceCenter -InboundParameters @{ Credential = $cred } WARNING: Please note that you can only use above 9 new EXO cmdlets (the one with -EXO naming pattern).You can't use other cmdlets as we couldn't establish a Remote PowerShell session as basic auth is disabled in your cli ent machine. To enable Basic Auth, please check instruction here https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#prerequisites-for-the-exo-v2-module Create Powershell Session is failed using OAuth At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21
+ CategoryInfo : OperationStopped: (:) [], Exception
+ FullyQualifiedErrorId : Create Powershell Session is failed using OAuthThanks, Liju...
From: Yorick Kuijs @.> Sent: Friday, March 3, 2023 8:44 AM To: microsoft/Microsoft365DSC @.> Cc: Liju Varghese @.>; Author @.> Subject: Re: [microsoft/Microsoft365DSC] Export-M365DSCConfiguration never gets to app; fails on connecting to SecurityComplianceCenter (Issue #2956)
Your last statement isn't entirely true In the first export you are running this command:
Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\04" -Components @("AADApplication")
Since you specifically specified that you wanted to export the AADApplication component, the first line shows this Exporting Microsoft 365 configuration for Components: AADApplication. And therefore it only has to connect to the Graph (AAD resources use the Graph).
In the second export you are running this command:
Export-M365DSCConfiguration -Credential $SourceCredential -Path "C:\Temp\M365DSC-Verditer.photo\05" -Filters @{AADApplication = "DisplayName eq 'AAD_SignIn_Log_Reader'"}
Exporting Microsoft 365 configuration for Mode: Default
Here you didn't specify any components, so the export method assumes the Default set of resources, which is also tells you on the first line Exporting Microsoft 365 configuration for Mode: Default. That also includes the Security & Compliance resources, so it tries to connect to that.
It is however still strange that the connection fails. Can you please try the following command:
$cred = Get-Credential
New-M365DSCConnection -Workload SecurityComplianceCenter -InboundParameters @{ Credential = $cred }
- Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft365DSC%2Fissues%2F2956%23issuecomment-1453552735&data=05%7C01%7Clijuv%40microsoft.com%7Caee30d4c106b482e5bf708db1bed5426%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638134478365016994%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S3dg0h4%2FDaDLDnctZojczGmyKbRmd861MSrTcCEHQDI%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FALM4F3SC2NQJGOJKA7EFYATW2HYRRANCNFSM6AAAAAAVMVJ4LA&data=05%7C01%7Clijuv%40microsoft.com%7Caee30d4c106b482e5bf708db1bed5426%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638134478365016994%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=inld3XuSp4xcOatgUrfFZqTlx7oGI9WAyQpnC8pl0TE%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>
NikCharlebois
commented
1 year ago Are you getting any error running the following?
Connect-M365Tenant -Workload SecurityComplianceCenter -Credential $credClosing due to inactivity
Details of the scenario you tried and the problem that is occurring
Verbose logs showing the problem
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
Version of the DSC module that was used ('dev' if using current dev branch)