search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.59k stars 499 forks source link

AADRoleSetting: Error: Cannot verify the Microsoft .NET Framework version 4.7.2 because it is not included in the list of permitted versions. #4386

Open Kelvin-Rundle opened 7 months ago

Kelvin-Rundle commented 7 months ago

Description of the issue

When deploying the MOF as part of Azure DevOps Pipeline using Microsoft Hosted Agent Windows-Latest the deployment fails with the following errors: 2024-02-28T21:45:15.2522389Z VERBOSE: [fv-az775-139]: [[AADRoleSetting]Application Developer] Getting configuration of Role 2024-02-28T21:45:15.2969565Z VERBOSE: [fv-az775-139]: [[AADRoleSetting]Application Developer] Cannot verify the Microsoft .NET Framework version 4.7.2 because it is not included in the list of permitted versions.

[snip] 2024-02-28T21:45:47.2967456Z VERBOSE: [fv-az775-139]: LCM: [ End Test ] [[AADRoleSetting]Application Developer] in 43.4500 seconds. 2024-02-28T21:45:47.3372664Z PowerShell DSC resource MSFT_AADRoleSetting failed to execute Test-TargetResource functionality with error message

[snip]

2024-02-28T21:45:51.6715741Z PowerShell DSC resource MSFT_AADRoleSetting failed to execute Test-TargetResource functionality with error message: 2024-02-28T21:45:51.6717275Z One or more errors occurred. 2024-02-28T21:45:51.6720236Z + CategoryInfo : InvalidOperation: (:) [], CimException VERBOSE: [fv-az775-139]: LCM: [ End Set ] + FullyQualifiedErrorId : ProviderOperationExecutionFailure + PSComputerName : localhost

2024-02-28T21:45:51.6782501Z The SendConfigurationApply function did not succeed. 2024-02-28T21:45:51.6788069Z + CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException 2024-02-28T21:45:51.6788508Z VERBOSE: Operation 'Invoke CimMethod' complete. 2024-02-28T21:45:51.6788736Z + FullyQualifiedErrorId : MI RESULT 1 2024-02-28T21:45:51.6795861Z + PSComputerName : localhost 2024-02-28T21:45:51.6796578Z
2024-02-28T21:45:51.6797143Z VERBOSE: Time taken for configuration job to complete is 48.256 seconds 2024-02-28T21:45:51.6896399Z 2024-02-28T21:45:51.6896835Z 2024-02-28T21:45:51.7393342Z ##[section]Finishing: Deploying PIM RoleSettings MOF

Microsoft 365 DSC Version

1.24.221.1

Which workloads are affected

Azure Active Directory

The DSC configuration

param 
( 
    [Parameter(Mandatory = $true)] 
    [String]$CertificateThumbprint, 
    [String]$ApplicationId, 
    [String]$TenantId 
)  

Configuration M365TenantConfig 
{ 
    Import-DSCResource -ModuleName Microsoft365DSC 
    Update-M365DSCDependencies 
    Node localhost 
    { 

    AADRoleSetting 'Application Developer'
    {
        DisplayName                                                 = 'Application Developer'
        ActivationMaxDuration                                       = 'PT4H'
        ActivationReqMFA                                            = $True
        ActivationReqJustification                                  = $True
        ActivationReqTicket                                         = $False
        ApprovaltoActivate                                          = $False
        ActivateApprover                                            = @()
        PermanentEligibleAssignmentisExpirationRequired             = $True
        ExpireEligibleAssignment                                    = 'P180D'
        PermanentActiveAssignmentisExpirationRequired               = $True
        ExpireActiveAssignment                                      = 'P180D'        
        AssignmentReqMFA                                            = $False
        AssignmentReqJustification                                  = $True
        EligibleAlertNotificationDefaultRecipient                   = $True
        EligibleAlertNotificationAdditionalRecipient                = @()
        EligibleAlertNotificationOnlyCritical                       = $False
        EligibleAssigneeNotificationDefaultRecipient                = $True
        EligibleAssigneeNotificationAdditionalRecipient             = @()
        EligibleAssigneeNotificationOnlyCritical                    = $False
        EligibleApproveNotificationDefaultRecipient                 = $True
        EligibleApproveNotificationAdditionalRecipient              = @()
        EligibleApproveNotificationOnlyCritical                     = $False
        ActiveAlertNotificationDefaultRecipient                     = $True
        ActiveAlertNotificationAdditionalRecipient                  = @()
        ActiveAlertNotificationOnlyCritical                         = $False
        ActiveApproveNotificationDefaultRecipient                   = $True
        ActiveApproveNotificationAdditionalRecipient                = @()
        ActiveApproveNotificationOnlyCritical                       = $False
        ActiveAssigneeNotificationDefaultRecipient                  = $True
        ActiveAssigneeNotificationAdditionalRecipient               = @()
        ActiveAssigneeNotificationOnlyCritical                      = $False
        EligibleAssignmentAlertNotificationDefaultRecipient         = $True
        EligibleAssignmentAlertNotificationAdditionalRecipient      = @()
        EligibleAssignmentAlertNotificationOnlyCritical             = $False
        EligibleAssignmentAssigneeNotificationDefaultRecipient      = $True
        EligibleAssignmentAssigneeNotificationAdditionalRecipient   = @()
        EligibleAssignmentAssigneeNotificationOnlyCritical          = $False
        Ensure                                                      = 'Present'
        ApplicationId                                               = 'xxxxxxxxxx'
        TenantId                                                    = 'xxxxxxxxx.onmicrosoft.com'
        CertificateThumbprint                                       = 'xxxxxxxxxxx'
    }

    AADRoleSetting 'Attack Payload Author'
    {
        DisplayName                                                 = 'Attack Payload Author'
        ActivationMaxDuration                                       = 'PT4H'
        ActivationReqMFA                                            = $True
        ActivationReqJustification                                  = $True
        ActivationReqTicket                                         = $False
        ApprovaltoActivate                                          = $TRUE
        ActivateApprover                                            = @("AllanD@xxxxxxxx.OnMicrosoft.com"; "ChristieC@xxxxxxxx.OnMicrosoft.com")
        PermanentEligibleAssignmentisExpirationRequired             = $False
        ExpireEligibleAssignment                                    = 'P180D'
        PermanentActiveAssignmentisExpirationRequired               = $False
        ExpireActiveAssignment                                      = 'P180D'        
        AssignmentReqMFA                                            = $False
        AssignmentReqJustification                                  = $True
        EligibleAlertNotificationDefaultRecipient                   = $True
        EligibleAlertNotificationAdditionalRecipient                = @()
        EligibleAlertNotificationOnlyCritical                       = $False
        EligibleAssigneeNotificationDefaultRecipient                = $True
        EligibleAssigneeNotificationAdditionalRecipient             = @()
        EligibleAssigneeNotificationOnlyCritical                    = $False
        EligibleApproveNotificationDefaultRecipient                 = $True
        EligibleApproveNotificationAdditionalRecipient              = @()
        EligibleApproveNotificationOnlyCritical                     = $False
        ActiveAlertNotificationDefaultRecipient                     = $True
        ActiveAlertNotificationAdditionalRecipient                  = @()
        ActiveAlertNotificationOnlyCritical                         = $False
        ActiveApproveNotificationDefaultRecipient                   = $True
        ActiveApproveNotificationAdditionalRecipient                = @()
        ActiveApproveNotificationOnlyCritical                       = $False
        ActiveAssigneeNotificationDefaultRecipient                  = $True
        ActiveAssigneeNotificationAdditionalRecipient               = @()
        ActiveAssigneeNotificationOnlyCritical                      = $False
        EligibleAssignmentAlertNotificationDefaultRecipient         = $True
        EligibleAssignmentAlertNotificationAdditionalRecipient      = @()
        EligibleAssignmentAlertNotificationOnlyCritical             = $False
        EligibleAssignmentAssigneeNotificationDefaultRecipient      = $True
        EligibleAssignmentAssigneeNotificationAdditionalRecipient   = @()
        EligibleAssignmentAssigneeNotificationOnlyCritical          = $False
        Ensure                                                      = 'Present'
        ApplicationId                                               = 'xxxxxxxxx'
        TenantId                                                    = 'xxxxxxxxx'
        CertificateThumbprint                                       = 'xxxxxxxxx'
    }

    AADRoleSetting 'Attack Simulation Administrator'
    {
        DisplayName                                                 = 'Attack Simulation Administrator'
        ActivationMaxDuration                                       = 'PT4H'
        ActivationReqMFA                                            = $True
        ActivationReqJustification                                  = $True
        ActivationReqTicket                                         = $False
        ApprovaltoActivate                                          = $TRUE
        ActivateApprover                                            = @("CA-Persona-Admins")
        PermanentEligibleAssignmentisExpirationRequired             = $False
        ExpireEligibleAssignment                                    = 'P180D'
        PermanentActiveAssignmentisExpirationRequired               = $False
        ExpireActiveAssignment                                      = 'P180D'        
        AssignmentReqMFA                                            = $False
        AssignmentReqJustification                                  = $True
        EligibleAlertNotificationDefaultRecipient                   = $True
        EligibleAlertNotificationAdditionalRecipient                = @()
        EligibleAlertNotificationOnlyCritical                       = $False
        EligibleAssigneeNotificationDefaultRecipient                = $True
        EligibleAssigneeNotificationAdditionalRecipient             = @()
        EligibleAssigneeNotificationOnlyCritical                    = $False
        EligibleApproveNotificationDefaultRecipient                 = $True
        EligibleApproveNotificationAdditionalRecipient              = @()
        EligibleApproveNotificationOnlyCritical                     = $False
        ActiveAlertNotificationDefaultRecipient                     = $True
        ActiveAlertNotificationAdditionalRecipient                  = @()
        ActiveAlertNotificationOnlyCritical                         = $False
        ActiveApproveNotificationDefaultRecipient                   = $True
        ActiveApproveNotificationAdditionalRecipient                = @()
        ActiveApproveNotificationOnlyCritical                       = $False
        ActiveAssigneeNotificationDefaultRecipient                  = $True
        ActiveAssigneeNotificationAdditionalRecipient               = @()
        ActiveAssigneeNotificationOnlyCritical                      = $False
        EligibleAssignmentAlertNotificationDefaultRecipient         = $True
        EligibleAssignmentAlertNotificationAdditionalRecipient      = @()
        EligibleAssignmentAlertNotificationOnlyCritical             = $False
        EligibleAssignmentAssigneeNotificationDefaultRecipient      = $True
        EligibleAssignmentAssigneeNotificationAdditionalRecipient   = @()
        EligibleAssignmentAssigneeNotificationOnlyCritical          = $False
        Ensure                                                      = 'Present'
        ApplicationId                                               = 'xxxxxxxx'
        TenantId                                                    = 'xxxxxxx.onmicrosoft.com'
        CertificateThumbprint                                       = 'xxxxxxxx'
    }

}
}

M365TenantConfig -ConfigurationData .\PIM\ConfigurationData.psd1

Verbose logs showing the problem

2024-02-29T01:33:00.3862473Z ##[section]Starting: Prep.ps1 Configuring Build
2024-02-29T01:33:00.3970077Z ==============================================================================
2024-02-29T01:33:00.3970210Z Task         : PowerShell
2024-02-29T01:33:00.3970288Z Description  : Run a PowerShell script on Linux, macOS, or Windows
2024-02-29T01:33:00.3970386Z Version      : 2.235.1
2024-02-29T01:33:00.3970447Z Author       : Microsoft Corporation
2024-02-29T01:33:00.3970519Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
2024-02-29T01:33:00.3970645Z ==============================================================================
2024-02-29T01:33:01.5914391Z Generating script.
2024-02-29T01:33:01.6343061Z Arguments passed sanitization without change.
2024-02-29T01:33:01.6536932Z Formatted command: . 'D:\a\1\s\prep.ps1' -m365cert *** -dsccertificate ***
2024-02-29T01:33:01.6899475Z ========================== Starting Command Output ===========================
2024-02-29T01:33:01.7109038Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\eb480afd-fcc4-406f-b64c-4d6657e4039c.ps1'"
2024-02-29T01:33:52.3484196Z Installing DSCParser version {1.4.0.2}
2024-02-29T01:34:10.2841241Z Installing ExchangeOnlineManagement version {3.4.0}
2024-02-29T01:34:17.0921544Z Installing Microsoft.Graph.Applications version {2.14.1}
2024-02-29T01:34:25.6014976Z Installing Microsoft.Graph.Beta.DeviceManagement version {2.14.1}
2024-02-29T01:34:34.7802518Z Installing Microsoft.Graph.Beta.Devices.CorporateManagement version {2.14.1}
2024-02-29T01:34:42.2294177Z Installing Microsoft.Graph.Beta.DeviceManagement.Administration version {2.14.1}
2024-02-29T01:35:19.6656314Z Installing Microsoft.Graph.Beta.DeviceManagement.Enrollment version {2.14.1}
2024-02-29T01:35:25.8412165Z Installing Microsoft.Graph.Beta.Identity.DirectoryManagement version {2.14.1}
2024-02-29T01:35:35.5503141Z Installing Microsoft.Graph.Beta.Identity.Governance version {2.14.1}
2024-02-29T01:35:45.0408707Z Installing Microsoft.Graph.Beta.Identity.SignIns version {2.14.1}
2024-02-29T01:35:53.1175352Z Installing Microsoft.Graph.Beta.Reports version {2.14.1}
2024-02-29T01:35:58.9429370Z Installing Microsoft.Graph.Beta.Teams version {2.14.1}
2024-02-29T01:36:07.1617901Z Installing Microsoft.Graph.DeviceManagement.Administration version {2.14.1}
2024-02-29T01:36:15.3858214Z Installing Microsoft.Graph.Beta.DirectoryObjects version {2.14.1}
2024-02-29T01:36:21.8993427Z Installing Microsoft.Graph.Groups version {2.14.1}
2024-02-29T01:36:31.4329784Z Installing Microsoft.Graph.Planner version {2.14.1}
2024-02-29T01:36:42.9733375Z Installing Microsoft.Graph.Users version {2.14.1}
2024-02-29T01:36:51.1985359Z Installing Microsoft.Graph.Users.Actions version {2.14.1}
2024-02-29T01:36:59.9539767Z Installing Microsoft.PowerApps.Administration.PowerShell version {2.0.180}
2024-02-29T01:37:04.7154316Z Installing MicrosoftTeams version {5.9.0}
2024-02-29T01:37:11.7418181Z Installing MSCloudLoginAssistant version {1.1.13}
2024-02-29T01:37:16.6353657Z Installing PnP.PowerShell version {1.12.0}
2024-02-29T01:37:29.7008431Z Installing ReverseDSC version {2.0.0.19}
2024-02-29T01:37:37.2011097Z WinRM service is already running on this machine.
2024-02-29T01:37:37.2609348Z WinRM is not set up to allow remote access to this machine for management.
2024-02-29T01:37:37.2609867Z The following changes must be made:
2024-02-29T01:37:37.2610135Z 
2024-02-29T01:37:37.2611587Z Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. 
2024-02-29T01:37:37.2612900Z Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
2024-02-29T01:37:37.2614425Z 
2024-02-29T01:37:37.2723350Z WinRM has been updated for remote management.
2024-02-29T01:37:37.2724840Z 
2024-02-29T01:37:37.2728190Z Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. 
2024-02-29T01:37:37.2730519Z Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
2024-02-29T01:37:37.3003665Z Installing Certificate now
2024-02-29T01:37:39.6192313Z 
2024-02-29T01:37:39.6192787Z 
2024-02-29T01:37:39.6195561Z     Directory: D:\a\1\s\ConfigureLCM
2024-02-29T01:37:39.6195713Z 
2024-02-29T01:37:39.6196081Z 
2024-02-29T01:37:39.6204941Z Mode                 LastWriteTime         Length Name                                                                 
2024-02-29T01:37:39.6208051Z ----                 -------------         ------ ----                                                                 
2024-02-29T01:37:39.6215978Z -a----         2/29/2024   1:37 AM           1106 localhost.meta.mof                                                   
2024-02-29T01:37:39.9522881Z VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target 
2024-02-29T01:37:39.9523801Z "MSFT_DSCLocalConfigurationManager".
2024-02-29T01:37:39.9571863Z VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = 
2024-02-29T01:37:39.9573615Z SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = 
2024-02-29T01:37:39.9574637Z root/Microsoft/Windows/DesiredStateConfiguration'.
2024-02-29T01:37:40.6589716Z VERBOSE: An LCM method call arrived from computer fv-az774-422 with user sid 
2024-02-29T01:37:40.6593328Z S-1-5-21-2394786532-1129356281-3000965722-500.
2024-02-29T01:37:40.6599870Z VERBOSE: [fv-az774-422]: LCM:  [ Start  Set      ]
2024-02-29T01:37:40.6611779Z VERBOSE: [fv-az774-422]: LCM:  [ Start  Resource ]  [MSFT_DSCMetaConfiguration]
2024-02-29T01:37:40.6612447Z VERBOSE: [fv-az774-422]: LCM:  [ Start  Set      ]  [MSFT_DSCMetaConfiguration]
2024-02-29T01:37:40.6613128Z VERBOSE: [fv-az774-422]: LCM:  [ End    Set      ]  [MSFT_DSCMetaConfiguration]  in 0.0810 seconds.
2024-02-29T01:37:40.6613549Z VERBOSE: [fv-az774-422]: LCM:  [ End    Resource ]  [MSFT_DSCMetaConfiguration]
2024-02-29T01:37:40.6801537Z VERBOSE: [fv-az774-422]: LCM:  [ End    Set      ]
2024-02-29T01:37:40.6802231Z VERBOSE: [fv-az774-422]: LCM:  [ End    Set      ]    in  0.0970 seconds.
2024-02-29T01:37:40.6826088Z VERBOSE: Operation 'Invoke CimMethod' complete.
2024-02-29T01:37:40.6842774Z VERBOSE: Set-DscLocalConfigurationManager finished in 0.741 seconds.
2024-02-29T01:37:40.6845959Z Certificate installation complete
2024-02-29T01:37:40.6870120Z 
2024-02-29T01:37:40.6870481Z 
2024-02-29T01:37:40.7717962Z ##[section]Finishing: Prep.ps1 Configuring Build

2024-02-29T01:38:04.9008113Z ##[section]Starting: Building PIM RoleSettings MOF
2024-02-29T01:38:04.9126220Z ==============================================================================
2024-02-29T01:38:04.9126368Z Task         : PowerShell
2024-02-29T01:38:04.9126454Z Description  : Run a PowerShell script on Linux, macOS, or Windows
2024-02-29T01:38:04.9126555Z Version      : 2.235.1
2024-02-29T01:38:04.9126627Z Author       : Microsoft Corporation
2024-02-29T01:38:04.9126721Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
2024-02-29T01:38:04.9126833Z ==============================================================================
2024-02-29T01:38:05.9992658Z Generating script.
2024-02-29T01:38:06.0409483Z Arguments passed sanitization without change.
2024-02-29T01:38:06.0588448Z Formatted command: . 'D:\a\1\s\PIMbuild.ps1' -m365cert ***
2024-02-29T01:38:06.0951431Z ========================== Starting Command Output ===========================
2024-02-29T01:38:06.1146392Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\91a9776f-a9b2-4af9-9b9c-8d3477c7e050.ps1'"
2024-02-29T01:38:13.7234999Z 
2024-02-29T01:38:13.7235685Z 
2024-02-29T01:38:13.7238078Z     Directory: D:\a\1\s\M365TenantConfig
2024-02-29T01:38:13.7238529Z 
2024-02-29T01:38:13.7238832Z 
2024-02-29T01:38:13.7249160Z Mode                 LastWriteTime         Length Name                                                                 
2024-02-29T01:38:13.7252474Z ----                 -------------         ------ ----                                                                 
2024-02-29T01:38:13.7261613Z -a----         2/29/2024   1:38 AM          15498 localhost.mof                                                        
2024-02-29T01:38:13.7470792Z 
2024-02-29T01:38:13.7471174Z 
2024-02-29T01:38:13.8050100Z ##[section]Finishing: Building PIM RoleSettings MOF

2024-02-28T21:45:00.1163777Z ##[section]Starting: Deploying PIM RoleSettings MOF
2024-02-28T21:45:00.1271317Z ==============================================================================
2024-02-28T21:45:00.1271451Z Task         : PowerShell
2024-02-28T21:45:00.1271540Z Description  : Run a PowerShell script on Linux, macOS, or Windows
2024-02-28T21:45:00.1271642Z Version      : 2.235.1
2024-02-28T21:45:00.1271704Z Author       : Microsoft Corporation
2024-02-28T21:45:00.1271776Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
2024-02-28T21:45:00.1271902Z ==============================================================================
2024-02-28T21:45:01.3326942Z Generating script.
2024-02-28T21:45:01.3695810Z Arguments passed sanitization without change.
2024-02-28T21:45:01.3882556Z Formatted command: . 'D:\a\1\s\deploy.ps1' -m365cert *** -dsccertificate ***
2024-02-28T21:45:01.4254507Z ========================== Starting Command Output ===========================
2024-02-28T21:45:01.4492898Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\555ca68f-d0e2-4057-a99c-54b31fbb57cb.ps1'"
2024-02-28T21:45:03.3198995Z 
2024-02-28T21:45:03.3199647Z 
2024-02-28T21:45:03.3202837Z     Directory: D:\a\1\s\ConfigureLCM
2024-02-28T21:45:03.3203545Z 
2024-02-28T21:45:03.3204280Z 
2024-02-28T21:45:03.3216457Z Mode                 LastWriteTime         Length Name                                                                 
2024-02-28T21:45:03.3219692Z ----                 -------------         ------ ----                                                                 
2024-02-28T21:45:03.3229714Z -a----         2/28/2024   9:45 PM           1106 localhost.meta.mof                                                   
2024-02-28T21:45:03.3494729Z VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target 
2024-02-28T21:45:03.3495079Z "MSFT_DSCLocalConfigurationManager".
2024-02-28T21:45:03.3562154Z VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = 
2024-02-28T21:45:03.3562649Z SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = 
2024-02-28T21:45:03.3562902Z root/Microsoft/Windows/DesiredStateConfiguration'.
2024-02-28T21:45:03.3731597Z VERBOSE: An LCM method call arrived from computer fv-az775-139 with user sid 
2024-02-28T21:45:03.3732346Z S-1-5-21-3821398207-315983215-784787031-500.
2024-02-28T21:45:03.3761827Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Set      ]
2024-02-28T21:45:03.3848842Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Resource ]  [MSFT_DSCMetaConfiguration]
2024-02-28T21:45:03.3849462Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Set      ]  [MSFT_DSCMetaConfiguration]
2024-02-28T21:45:03.3955698Z VERBOSE: [fv-az775-139]: LCM:  [ End    Set      ]  [MSFT_DSCMetaConfiguration]  in 0.0000 seconds.
2024-02-28T21:45:03.3956284Z VERBOSE: [fv-az775-139]: LCM:  [ End    Resource ]  [MSFT_DSCMetaConfiguration]
2024-02-28T21:45:03.4156971Z VERBOSE: [fv-az775-139]: LCM:  [ End    Set      ]
2024-02-28T21:45:03.4157548Z VERBOSE: [fv-az775-139]: LCM:  [ End    Set      ]    in  0.0470 seconds.
2024-02-28T21:45:03.4177469Z VERBOSE: Operation 'Invoke CimMethod' complete.
2024-02-28T21:45:03.4190452Z VERBOSE: Set-DscLocalConfigurationManager finished in 0.081 seconds.
2024-02-28T21:45:03.4392697Z VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = 
2024-02-28T21:45:03.4393845Z SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = 
2024-02-28T21:45:03.4395514Z root/Microsoft/Windows/DesiredStateConfiguration'.
2024-02-28T21:45:03.4514789Z VERBOSE: An LCM method call arrived from computer fv-az775-139 with user sid 
2024-02-28T21:45:03.4515390Z S-1-5-21-3821398207-315983215-784787031-500.
2024-02-28T21:45:03.4537793Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Set      ]
2024-02-28T21:45:03.8518936Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Resource ]  [[AADRoleSetting]Application Developer]
2024-02-28T21:45:03.8524212Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Test     ]  [[AADRoleSetting]Application Developer]
2024-02-28T21:45:12.1070777Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Testing configuration of 
2024-02-28T21:45:12.1072310Z Role Assignment: Application Developer
2024-02-28T21:45:12.1456255Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Getting configuration of 
2024-02-28T21:45:12.1457795Z Role: Application Developer
2024-02-28T21:45:15.2522389Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Getting configuration of 
2024-02-28T21:45:15.2523033Z Role
2024-02-28T21:45:15.2969565Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Cannot verify the Microsoft
2024-02-28T21:45:15.2970385Z  .NET Framework version 4.7.2 because it is not included in the list of permitted versions.
2024-02-28T21:45:15.2976046Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Populating 
2024-02-28T21:45:15.2979738Z RepositorySourceLocation property for module Microsoft.Graph.Authentication.
2024-02-28T21:45:15.2984920Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.2985578Z 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.15.0\Microsoft.Graph.Authentication.dll'.
2024-02-28T21:45:15.3153710Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3154243Z 'C:\Program 
2024-02-28T21:45:15.3154701Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.15.0\Microsoft.Graph.Authentication.Core.dll'.
2024-02-28T21:45:15.3194339Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3195466Z 'C:\Program 
2024-02-28T21:45:15.3195923Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.15.0\./Microsoft.Graph.Authentication.psm1'.
2024-02-28T21:45:15.3219425Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Cannot verify the Microsoft
2024-02-28T21:45:15.3221915Z  .NET Framework version 4.7.2 because it is not included in the list of permitted versions.
2024-02-28T21:45:15.3223973Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Populating 
2024-02-28T21:45:15.3231428Z RepositorySourceLocation property for module Microsoft.Graph.Authentication.
2024-02-28T21:45:15.3232218Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3232731Z 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\Microsoft.Graph.Authentication.dll'.
2024-02-28T21:45:15.3283138Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3284240Z 'C:\Program 
2024-02-28T21:45:15.3284702Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\Microsoft.Graph.Authentication.Core.dll'.
2024-02-28T21:45:15.3310707Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3311857Z 'C:\Program 
2024-02-28T21:45:15.3312279Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\./Microsoft.Graph.Authentication.psm1'.
2024-02-28T21:45:15.3530150Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3531698Z 'C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\Microsoft.Graph.Authentication.psd1'.
2024-02-28T21:45:15.3552905Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Cannot verify the Microsoft
2024-02-28T21:45:15.3553484Z  .NET Framework version 4.7.2 because it is not included in the list of permitted versions.
2024-02-28T21:45:15.3554101Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading 'FormatsToProcess' 
2024-02-28T21:45:15.3554593Z from path 'C:\Program 
2024-02-28T21:45:15.3555031Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\Microsoft.Graph.Authentication.format.ps1xml'.
2024-02-28T21:45:15.3819976Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Populating 
2024-02-28T21:45:15.3821328Z RepositorySourceLocation property for module Microsoft.Graph.Authentication.
2024-02-28T21:45:15.3845535Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Loading module from path 
2024-02-28T21:45:15.3846819Z 'C:\Program 
2024-02-28T21:45:15.3847367Z Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.14.1\./Microsoft.Graph.Authentication.psm1'.
2024-02-28T21:45:15.7030228Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7038302Z 'Add-MgEnvironment'.
2024-02-28T21:45:15.7038783Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7041593Z 'Connect-MgGraph'.
2024-02-28T21:45:15.7049470Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7052115Z 'Disconnect-MgGraph'.
2024-02-28T21:45:15.7055907Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7057206Z 'Get-MgContext'.
2024-02-28T21:45:15.7064864Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7069548Z 'Get-MgEnvironment'.
2024-02-28T21:45:15.7073054Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7075742Z 'Get-MgGraphOption'.
2024-02-28T21:45:15.7078793Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7079190Z 'Get-MgRequestContext'.
2024-02-28T21:45:15.7080094Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7086769Z 'Invoke-MgGraphRequest'.
2024-02-28T21:45:15.7104249Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7108569Z 'Remove-MgEnvironment'.
2024-02-28T21:45:15.7115392Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7115827Z 'Set-MgEnvironment'.
2024-02-28T21:45:15.7116256Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7116619Z 'Set-MgGraphOption'.
2024-02-28T21:45:15.7117162Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing cmdlet 
2024-02-28T21:45:15.7117503Z 'Set-MgRequestContext'.
2024-02-28T21:45:15.7117934Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing function 
2024-02-28T21:45:15.7118288Z 'Find-MgGraphCommand'.
2024-02-28T21:45:15.7118697Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing function 
2024-02-28T21:45:15.7119058Z 'Find-MgGraphPermission'.
2024-02-28T21:45:15.7119480Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing alias 
2024-02-28T21:45:15.7119832Z 'Connect-Graph'.
2024-02-28T21:45:15.7120247Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing alias 
2024-02-28T21:45:15.7120755Z 'Disconnect-Graph'.
2024-02-28T21:45:15.7121183Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing alias 
2024-02-28T21:45:15.7121532Z 'Invoke-GraphRequest'.
2024-02-28T21:45:15.7121945Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Application Developer] Importing alias 
2024-02-28T21:45:15.7122274Z 'Invoke-MgRestMethod'.
2024-02-28T21:45:47.2967456Z VERBOSE: [fv-az775-139]: LCM:  [ End    Test     ]  [[AADRoleSetting]Application Developer]  in 43.4500 seconds.
2024-02-28T21:45:47.3372664Z PowerShell DSC resource MSFT_AADRoleSetting  failed to execute Test-TargetResource functionality with error message: 
2024-02-28T21:45:47.3373139Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Resource ]  [[AADRoleSetting]Attack Payload Author]
2024-02-28T21:45:47.3376916Z One or more errors occurred. 
2024-02-28T21:45:47.3377355Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Test     ]  [[AADRoleSetting]Attack Payload Author]
2024-02-28T21:45:47.3378754Z     + CategoryInfo          : InvalidOperation: (:) [], CimException
2024-02-28T21:45:47.3380184Z     + FullyQualifiedErrorId : ProviderOperationExecutionFailure
2024-02-28T21:45:47.3380572Z     + PSComputerName        : localhost
2024-02-28T21:45:47.3380925Z  
2024-02-28T21:45:48.7979404Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Payload Author] Testing configuration of 
2024-02-28T21:45:48.7984481Z Role Assignment: Attack Payload Author
2024-02-28T21:45:48.7985471Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Payload Author] Getting configuration of 
2024-02-28T21:45:48.7985840Z Role: Attack Payload Author
2024-02-28T21:45:49.4388658Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Payload Author] Getting configuration of 
2024-02-28T21:45:49.4390365Z Role
2024-02-28T21:45:49.4887210Z VERBOSE: [fv-az775-139]: LCM:  [ End    Test     ]  [[AADRoleSetting]Attack Payload Author]  in 2.1840 seconds.
2024-02-28T21:45:49.4911661Z PowerShell DSC resource MSFT_AADRoleSetting  failed to execute Test-TargetResource functionality with error message: 
2024-02-28T21:45:49.4916857Z One or more errors occurred. 
2024-02-28T21:45:49.4921796Z     + CategoryInfo          : InvalidOperation: (:) [], CimException
2024-02-28T21:45:49.4922232Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Resource ]  [[AADRoleSetting]Attack Simulation Administrator]
2024-02-28T21:45:49.4922778Z     + FullyQualifiedErrorId : ProviderOperationExecutionFailure
2024-02-28T21:45:49.4923113Z VERBOSE: [fv-az775-139]: LCM:  [ Start  Test     ]  [[AADRoleSetting]Attack Simulation Administrator]
2024-02-28T21:45:49.4923493Z     + PSComputerName        : localhost
2024-02-28T21:45:49.4923752Z  
2024-02-28T21:45:50.9466099Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Simulation Administrator] Testing 
2024-02-28T21:45:50.9467729Z configuration of Role Assignment: Attack Simulation Administrator
2024-02-28T21:45:50.9476255Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Simulation Administrator] Getting 
2024-02-28T21:45:50.9476751Z configuration of Role: Attack Simulation Administrator
2024-02-28T21:45:51.6504554Z VERBOSE: [fv-az775-139]:                            [[AADRoleSetting]Attack Simulation Administrator] Getting 
2024-02-28T21:45:51.6505146Z configuration of Role
2024-02-28T21:45:51.6694627Z VERBOSE: [fv-az775-139]: LCM:  [ End    Test     ]  [[AADRoleSetting]Attack Simulation Administrator]  in 2.1710 
2024-02-28T21:45:51.6694944Z seconds.
2024-02-28T21:45:51.6715741Z PowerShell DSC resource MSFT_AADRoleSetting  failed to execute Test-TargetResource functionality with error message: 
2024-02-28T21:45:51.6717275Z One or more errors occurred. 
2024-02-28T21:45:51.6720236Z     + CategoryInfo          : InvalidOperation: (:) [], CimException
2024-02-28T21:45:51.6725108Z VERBOSE: [fv-az775-139]: LCM:  [ End    Set      ]
2024-02-28T21:45:51.6725498Z     + FullyQualifiedErrorId : ProviderOperationExecutionFailure
2024-02-28T21:45:51.6726146Z     + PSComputerName        : localhost
2024-02-28T21:45:51.6726410Z  
2024-02-28T21:45:51.6782501Z The SendConfigurationApply function did not succeed.
2024-02-28T21:45:51.6788069Z     + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
2024-02-28T21:45:51.6788508Z VERBOSE: Operation 'Invoke CimMethod' complete.
2024-02-28T21:45:51.6788736Z     + FullyQualifiedErrorId : MI RESULT 1
2024-02-28T21:45:51.6795861Z     + PSComputerName        : localhost
2024-02-28T21:45:51.6796578Z  
2024-02-28T21:45:51.6797143Z VERBOSE: Time taken for configuration job to complete is 48.256 seconds
2024-02-28T21:45:51.6896399Z 
2024-02-28T21:45:51.6896835Z 
2024-02-28T21:45:51.7393342Z ##[section]Finishing: Deploying PIM RoleSettings MOF

Environment Information + PowerShell Version

Microsoft Hosted Agent Windows-Latest
Also tried Windows-2019 and got the same error.
Kelvin-Rundle commented 7 months ago

This error appeared on nearly every module and appears to have been caused by the Microsoft Hosted Agents having Microsoft.Graph.Authentication 2.15.0 already installed and Microsoft365DSC having a required version dependency of 2.14.1. Adding Uninstall-M365DSCOutdatedDependencies after Update-M365DSCDependencies resolved this issue.

Perhaps dependecies should be a minimum version rather than forcing a downgrade when using hosted agent?