search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.47k stars 446 forks source link

AADNamedLocationPolicy: Locations getting recreated #4640

Closed hosebei closed 2 months ago

hosebei commented 2 months ago

Description of the issue

This issue bugged me some time, but since we do not often apply the DSC, it was not that much annoying. But our NamedLocations get created with every release. We are using the same DisplayName, and even provide the ID of the NamedLocations. I found out, that the get-resource always writes out: Could not retrieve AAD Named Location by ID {0b3c94ad-1529-4cf3-92f3-90f3cc7125b9} But when I do the same command in PowerShell, I do get my Named Location: Get-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId 0b3c94ad-1529-4cf3-92f3-90f3cc7125b9

I could not further pin down, where the Issue might arise.

Microsoft 365 DSC Version

1.24.417.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

AADNamedLocationPolicy "AADNamedLocationPolicy-Trusted Countries" {
            ApplicationId                     = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint             = $ConfigurationData.NonNodeData.CertificateThumbprint;
            DisplayName                       = "Trusted Countries";
            Ensure                            = "Present";
            countriesAndRegions               = @("SE", "ES", "CH", "SK", "SI", "RO", "PT", "PL", "NL", "MT", "LU", "LT", "LV", "IT", "IE", "HU", "GR", "DE", "FR", "FI", "EE", "CZ", "CY", "HR", "AT", "DK", "BG", "BE");
            includeUnknownCountriesAndRegions = $False;
            OdataType                         = "#microsoft.graph.countryNamedLocation";
            TenantId                          = $OrganizationName;
            Id                                = "0b3c94ad-1529-4cf3-92f3-90f3cc7125b9";
        }

Verbose logs showing the problem

Could not retrieve AAD Named Location by ID {0b3c94ad-1529-4cf3-92f3-90f3cc7125b9}

Eventlog:

Error retrieving data: { One or more errors occurred. } \ at Get-MgBetaIdentityConditionalAccessNamedLocation<Begin>, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Beta.Identity.SignIns\2.17.0\exports\ProxyCmdletDefinitions.ps1: line 18864 \ at Get-TargetResource, D:\a\r1\a\_KTSG\drop\s\Modules\Microsoft365DSC\1.24.417.1\DscResources\MSFT_AADNamedLocationPolicy\MSFT_AADNamedLocationPolicy.psm1: line 107 \ at Set-TargetResource, D:\a\r1\a\_KTSG\drop\s\Modules\Microsoft365DSC\1.24.417.1\DscResources\MSFT_AADNamedLocationPolicy\MSFT_AADNamedLocationPolicy.psm1: line 246 TenantId: -radacted-.onmicrosoft.com

Environment Information + PowerShell Version

DevOps Pipelines based on the M365 DSC Article
hosebei commented 2 months ago

Well, today it worked for the first time. The locations does not get recreated again. I'm not sure, why, and how, but maybe some voodoo, and the release must be rolled two times, that it works.