Can't connect with Azure Runbook and Managed Identity

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations

https://aka.ms/M365DSC

MIT License

1.6k stars 499 forks source link

Can't connect with Azure Runbook and Managed Identity #4662

Open Mika5283 opened 6 months ago

Mika5283 commented 6 months ago

Description of the issue

Hello, When I try to run my Runbook, I always have this error : "The term 'Add-ConfigurationDataEntry' is not recognized.

I use this command : Export-M365DSCConfiguration -ManagedIdentity -Components @("AADUser") -TenantId "mytenant.onmicrosoft.com"

I have these modules installed :

Microsoft365DSC 1.24.424.1 (7.2)
MSCloudLoginAssistant 1.1.16 (7.2)
Microsoft.Graph (2.19.0)

I tried in 7.2 and 5.1 environment and the result is the same ? I also tried to update the dependencies and removed the old one.

Thanks

Microsoft 365 DSC Version

1.24.424.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response

Mika5283 commented 6 months ago

Is anyone has an idea please ?

Mika5283 commented 5 months ago

Seems that the problem was with reversedsc module. I update it and I have a new error yet :

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (169.254.169.254:80) (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed torespond.))`

My code is only that :

Connect-AzAccount -Identity
Export-M365DSCConfiguration -ManagedIdentity -Components @("ExoAcceptedDomain") -TenantId "XXX.onmicrosoft.com" -Verbose -Debug

Do you have an idea with this problem ?

andikrueger commented 4 months ago

M365DSC and its connection handling module MSCloudLoginAssistant do not check for previously established connections. Your first line of code would be ignored and the connection would be established in line 2.

It looks like there is an issue within MsCloudLoginAssistant on how the cmdlet is called:

https://github.com/microsoft/MSCloudLoginAssistant/blob/917faed08aec286d4ac3b793cf2275b40ec078d5/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.psm1#L190

There is still a bit of App based authentication left.