andikrueger
commented
1 year ago The error message is kind of expected. This issue already raised in #3292. I would close this issue in favor of the other.
Closed kami-delaroz closed 1 year ago
andikrueger
commented
1 year ago The error message is kind of expected. This issue already raised in #3292. I would close this issue in favor of the other.
andikrueger
commented
1 year ago Just to add something to resolve this issue at the moment:
Please login into portal.azure.com and go to App Registrations, Permissions. PLease add an Application scoped permission for Organization.Read.All.
After doing so, you need to grant admin consent within the enterprise application.
andikrueger
commented
1 year ago 
kami-delaroz
commented
1 year ago Thanks. As I wrote, I already gave Organization-Read permissions. so I'm not sure this is what I was missing
andikrueger
commented
1 year ago This must have been the missing part.
kami-delaroz
commented
1 year ago But I have it. as I wrote, I had it, and still got the issue
andikrueger
commented
1 year ago Is the application registration in the same tenant, that you try to export?
kami-delaroz
commented
1 year ago Indeed.
I also tried to gain access using certificate. upon running
Connect-MgGraph -ClientID "e78b2368-edf4-44d7-84e0-af464d8180fe" -TenantId "MSFT.onmicrosoft.com" -CertificateThumbprint "6BDA00E3D87CEAAC7312E88F41DEED29FBA1AF4B"
I got
Welcome To Microsoft Graph!
but I got the same error when running
Export-M365DSCConfiguration -Components @("AADGroup") -ApplicationId "e78b2368-edf4-44d7-84e0-af464d8180fe" -CertificateThumbprint "6BDA00E3D87CEAAC7312E88F41DEED29FBA1AF4B" -TenantId "MSFT.onmicrosoft.com"
NikCharlebois
commented
1 year ago I am not able to replicate in our environments. I created brand new App registrations and ensured only the same permissions as what you have in your above screenshot were granted.
Are you getting an error when running:
Connect-MgGraph -ClientID "e78b2368-edf4-44d7-84e0-af464d8180fe" -TenantId "MSFT.onmicrosoft.com" -CertificateThumbprint "6BDA00E3D87CEAAC7312E88F41DEED29FBA1AF4B"
Get-MgOrganization -ErrorAction 'Stop'I got the same error.
I tried to create a new APP registration, gave it only user and org permissions, and tried authenticate with either secret or certificate, still same error. screenshots attached.
I'm using this guide for generating the certificate
andikrueger
commented
1 year ago Would you mind giving this cmdlet a try: https://microsoft365dsc.com/user-guide/cmdlets/Update-M365DSCAzureAdApplication/
This should create a functioning app registration with the suitable permissions.
NikCharlebois
commented
1 year ago We cannot replicate even using the same instructions you shared to create a self signed certificate. Can you please try on a different machine/environment to see if you are able to replicate? This looks like it is specific to your environment unfortunately.
kami-delaroz
commented
1 year ago Hi, getting back to my old issue, would really appreciate some help here. I created a new windows vm (version 2022), opened pwsh in administration level, and run:
Install-Module Microsoft365DSC -Force
Update-M365DSCDependencies
Export-M365DSCConfiguration -Components @("AADGroup") -Credential $Credentialso far so good. then I tried to create a new app registration. for some reason the app isn't shown under Owned applications, but under All applications. so I tried the following steps for both the new app registration and an old existing one:
for Export-M365DSCConfiguration -Components @("AADGroup") -ApplicationId $ApplicationId -ApplicationSecret $ApplicationSecret -TenantId $TenantId I got:
for Export-M365DSCConfiguration -Components @("AADGroup") -ApplicationId $ApplicationId -CertificateThumbprint $CertificateThumbprint -TenantId $TenantId I got:
Those are the App Permissions I gave the App Registration:
Any explanation / step by step instructions of getting the export command to work with either Application based or Certificate based authentication is welcome
I'm trying to run the Export-M365DSCConfiguration command using the application authentication. I created an App Registration, gave it API Permissions of MicrosoftGraph for User, Group and Organization ReadWrite.All. I also generated a secret and copied its value. I tried to run Export-M365DSCConfiguration -Components @("AADGroup") -ApplicationId "xxx" -ApplicationSecret "yyy" -TenantId "zzz.onmicrosoft.com" and received
The relevant area in the code generates an error: Error retrieving Organizational information: Missing Organization.Read.All permission.
I also tried :
$ApplicationId = "xxx" $SecuredPassword = "yyy" $tenantID = "zzz"
$SecuredPasswordPassword = ConvertTo-SecureString -String $SecuredPassword -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPasswordPassword Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential
and got:
Connect-MgGraph : A parameter cannot be found that matches parameter name 'ClientSecretCredential'. At line:1 char:37