After running Start-DscConfiguration AADConditionalAccessPolicy policies are not written to the target tenant

rick-engle commented 6 days ago

Description of the issue

I ran Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") against my source tenant and it listed all 39 CA policies that I had. After compiling the powershell script and then running Start-DscConfiguration all of the policies showed up in the output using -Verbose and had no errors that I could see yet the polcies were not successfully written to my target tenant. How can i troubleshoot this?

Rick

Microsoft 365 DSC Version

Release 1.24.1002.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -ApplicationId $clientId -TenantId $tenantIdDomainName -ApplicationSecret $clientSecretValue -Path $SavePath -FileName $SaveFileName

Start-DscConfiguration -Path $PathToCompiledMOF -Wait -Verbose -Force

Verbose logs showing the problem

Just AADConditionalAccessPolicy:

Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -ApplicationId $clientId -TenantId $tenantIdDomainName -ApplicationSecret $clientSecretValue -Path $SavePath -FileName $SaveFileName

Exporting Microsoft 365 configuration for Components: AADConditionalAccessPolicy

Authentication methods specified:

Service Principal with Application Secret

Connecting to {MicrosoftGraph}...✅ [1/1] Extracting [AADConditionalAccessPolicy] using {ApplicationSecret}... |---[1/39] My App Conditional Access Policy✅ ... |---[39/39] Multifactor authentication for Microsoft partners and vendors✅ ⌛ Export took {59 seconds} for {39 instances}

$PermissionsList = Get-M365DSCCompiledPermissionList -AccessType Update -ResourceNameList @("AADApplication", "AADAuthenticationMethodPolicy", "AADAuthenticationStrengthPolicy", "AADAuthorizationPolicy", "AADGroup", "AADNamedLocationPolicy", "AADServicePrincipal") -PermissionType Application

The M365DSC app needs the Directory.Read.All permission

$PermissionsList += @{API ='Graph';PermissionName='Directory.Read.All';} $PermissionsList += @{API ='Graph';PermissionName='Directory.ReadWrite.All';}

. .\M365TenantConfig_M365x648977_Backup.ps1 Import-Module : The version of Windows PowerShell on this computer is '5.1.26100.1882'. The module 'C:\Program Files\WindowsPowerShell\Modules\PSDesiredStateConfiguration\2.0.7\PSDesiredStateConfiguration.psd1' requires a minimum Windows PowerShell version of '6.1' to run. Verify that you have the minimum required version of Windows PowerShell installed, and then try again. At line:3 char:25

... Import-Module PSDesiredStateConfiguration -Verbose:$false ...


+ CategoryInfo          : ResourceUnavailable: (C:\Program File...figuration.psd1:String) [Import-Module], InvalidOperationException
+ FullyQualifiedErrorId : Modules_InsufficientPowerShellVersion,Microsoft.PowerShell.Commands.ImportModuleCommand

Mode LastWriteTime Length Name

-a---- 10/14/2024 5:33 PM 171746 localhost.mof

Start-DscConfiguration -Path $PathToCompiledMOF -Wait -Verbose -Force VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigura tionManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer ULTRASBOOK6 with user sid S-1-12-1-2786440620-1107658995-3191192979-3267944029. VERBOSE: The -Force option was specified with the Stop operation. The current configuration has been successfully cancelled. VERBOSE: An LCM method call arrived from computer ULTRASBOOK6 with user sid S-1-12-1-2786440620-1107658995-3191192979-3267944029. VERBOSE: [ULTRASBOOK6]: LCM: [ Start Set ] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Testing configuration of AzureAD CA Policies VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Getting configuration of AzureAD Conditional Access Policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] PolicyI D was specified VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Found existing Conditional Access policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Process IncludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Process ExcludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Process IncludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Process ExcludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Location condition defined, processing VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Processing IncludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource: Processing ExcludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar getResource Result: AccessTokens=$null ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= ApplicationsFilter=$null ApplicationsFilterMode=$null AuthenticationContexts=() AuthenticationStrength=$null BuiltInControls=(mfa,compliantDevice) CertificateThumbprint= ClientAppTypes=(browser,mobileAppsAndDesktopClients) CloudAppSecurityIsEnabled=False CloudAppSecurityType= Credential=$null CustomAuthenticationFactors=() DeviceFilterMode= DeviceFilterRule= DisplayName=My App Conditional Access Policy Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeGuestOrExternalUserTypes=$null ExcludeLocations=() ExcludePlatforms=(android,iOS,macOS) ExcludeRoles=() ExcludeUsers=(GuestsOrExternalUsers) GrantControlOperator=AND Id=266e548c-eddd-4b20-b561-8e6eed90efdb IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeGuestOrExternalUserTypes=$null IncludeLocations=(All) IncludePlatforms=(android,iOS) IncludeRoles=() IncludeUserActions=() IncludeUsers=(None) Managedidentity=False PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyInterval=$null SignInFrequencyIsEnabled=False SignInFrequencyType= SignInFrequencyValue=$null SignInRiskLevels=(high) State=enabledForReportingButNotEnforced TenantId= TermsOfUse=$null TransferMethods= UserRiskLevels=(medium) VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Current Values: AccessTokens=$null ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= ApplicationsFilter=$null ApplicationsFilterMode=$null AuthenticationContexts=() AuthenticationStrength=$null BuiltInControls=(mfa,compliantDevice) CertificateThumbprint= ClientAppTypes=(browser,mobileAppsAndDesktopClients) CloudAppSecurityIsEnabled=False CloudAppSecurityType= Credential=$null CustomAuthenticationFactors=() DeviceFilterMode= DeviceFilterRule= DisplayName=My App Conditional Access Policy Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeGuestOrExternalUserTypes=$null ExcludeLocations=() ExcludePlatforms=(android,iOS,macOS) ExcludeRoles=() ExcludeUsers=(GuestsOrExternalUsers) GrantControlOperator=AND Id=266e548c-eddd-4b20-b561-8e6eed90efdb IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeGuestOrExternalUserTypes=$null IncludeLocations=(All) IncludePlatforms=(android,iOS) IncludeRoles=() IncludeUserActions=() IncludeUsers=(None) Managedidentity=False PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyInterval=$null SignInFrequencyIsEnabled=False SignInFrequencyType= SignInFrequencyValue=$null SignInRiskLevels=(high) State=enabledForReportingButNotEnforced TenantId= TermsOfUse=$null TransferMethods= UserRiskLevels=(medium) VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Target Values: ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= AuthenticationContexts=() BuiltInControls=(mfa,compliantDevice) ClientAppTypes=(browser,mobileAppsAndDesktopClients) CloudAppSecurityIsEnabled=False CloudAppSecurityType= CustomAuthenticationFactors=() DeviceFilterRule= DisplayName=My App Conditional Access Policy Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeLocations=() ExcludePlatforms=(android,iOS,macOS) ExcludeRoles=() ExcludeUsers=(GuestsOrExternalUsers) GrantControlOperator=AND Id=266e548c-eddd-4b20-b561-8e6eed90efdb IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeLocations=(All) IncludePlatforms=(android,iOS) IncludeRoles=() IncludeUserActions=() IncludeUsers=(None) PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyIsEnabled=False SignInFrequencyType= SignInRiskLevels=(high) State=enabledForReportingButNotEnforced TenantId= TransferMethods= UserRiskLevels=(medium) Verbose=True VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Test-Ta rgetResource returned True VERBOSE: [ULTRASBOOK6]: LCM: [ End Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] in 1.3 060 seconds. VERBOSE: [ULTRASBOOK6]: LCM: [ Skip Set ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] VERBOSE: [ULTRASBOOK6]: LCM: [ End Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Testin g configuration of AzureAD CA Policies VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Gettin g configuration of AzureAD Conditional Access Policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Policy ID was specified VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Found existing Conditional Access policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Process IncludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Process ExcludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Process IncludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Process ExcludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Location condition defined, processing VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Processing IncludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource: Processing ExcludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta rgetResource Result: AccessTokens=$null ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= ApplicationsFilter=$null ApplicationsFilterMode=$null AuthenticationContexts=() AuthenticationStrength=$null BuiltInControls=(mfa) CertificateThumbprint= ClientAppTypes=(all) CloudAppSecurityIsEnabled=False CloudAppSecurityType= Credential=$null CustomAuthenticationFactors=() DeviceFilterMode= DeviceFilterRule= DisplayName=Require MFA for B2B portal access Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeGuestOrExternalUserTypes=$null ExcludeLocations=() ExcludePlatforms=() ExcludeRoles=() ExcludeUsers=() GrantControlOperator=OR Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeGuestOrExternalUserTypes=$null IncludeLocations=() IncludePlatforms=() IncludeRoles=() IncludeUserActions=() IncludeUsers=(GuestsOrExternalUsers) Managedidentity=False PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyInterval=$null SignInFrequencyIsEnabled=False SignInFrequencyType= SignInFrequencyValue=$null SignInRiskLevels=() State=enabledForReportingButNotEnforced TenantId= TermsOfUse=$null TransferMethods= UserRiskLevels=() VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Curren t Values: AccessTokens=$null ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= ApplicationsFilter=$null ApplicationsFilterMode=$null AuthenticationContexts=() AuthenticationStrength=$null BuiltInControls=(mfa) CertificateThumbprint= ClientAppTypes=(all) CloudAppSecurityIsEnabled=False CloudAppSecurityType= Credential=$null CustomAuthenticationFactors=() DeviceFilterMode= DeviceFilterRule= DisplayName=Require MFA for B2B portal access Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeGuestOrExternalUserTypes=$null ExcludeLocations=() ExcludePlatforms=() ExcludeRoles=() ExcludeUsers=() GrantControlOperator=OR Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeGuestOrExternalUserTypes=$null IncludeLocations=() IncludePlatforms=() IncludeRoles=() IncludeUserActions=() IncludeUsers=(GuestsOrExternalUsers) Managedidentity=False PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyInterval=$null SignInFrequencyIsEnabled=False SignInFrequencyType= SignInFrequencyValue=$null SignInRiskLevels=() State=enabledForReportingButNotEnforced TenantId= TermsOfUse=$null TransferMethods= UserRiskLevels=() VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Target Values: ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= AuthenticationContexts=() BuiltInControls=(mfa) ClientAppTypes=(all) CloudAppSecurityIsEnabled=False CloudAppSecurityType= CustomAuthenticationFactors=() DeviceFilterRule= DisplayName=Require MFA for B2B portal access Ensure=Present ExcludeApplications=() ExcludeExternalTenantsMembers=() ExcludeExternalTenantsMembershipKind= ExcludeGroups=() ExcludeLocations=() ExcludePlatforms=() ExcludeRoles=() ExcludeUsers=() GrantControlOperator=OR Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe) IncludeExternalTenantsMembers=() IncludeExternalTenantsMembershipKind= IncludeGroups=() IncludeLocations=() IncludePlatforms=() IncludeRoles=() IncludeUserActions=() IncludeUsers=(GuestsOrExternalUsers) PersistentBrowserIsEnabled=False PersistentBrowserMode= SignInFrequencyIsEnabled=False SignInFrequencyType= SignInRiskLevels=() State=enabledForReportingButNotEnforced TenantId= TransferMethods= UserRiskLevels=() Verbose=True VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Test-T argetResource returned True VERBOSE: [ULTRASBOOK6]: LCM: [ End Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] in 1. 0500 seconds. VERBOSE: [ULTRASBOOK6]: LCM: [ Skip Set ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] VERBOSE: [ULTRASBOOK6]: LCM: [ End Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Testing configuration of Azure AD CA Policies VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Getting configuration of Azure AD Conditional Access Policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] PolicyID was specified VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Found exis ting Conditional Access policy VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process In cludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process Ex cludeUsers VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process In cludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process Ex cludeGroups VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Location c ondition defined, processing VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Processing IncludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Processing ExcludeLocations VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource Result: AccessTokens=$null ApplicationEnforcedRestrictionsIsEnabled=False ApplicationId= ApplicationSecret= ApplicationsFilter=$null ApplicationsFilterMode=$null AuthenticationContexts=() AuthenticationStrength=$null BuiltInControls=(mfa,compliantDevice,domainJoinedDevice) CertificateThumbprint=*** ClientAppTypes=(exchangeActiveSync,browser,other)

.........

VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ] VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ] in 80.7530 seconds. VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 81.363 seconds

Environment Information + PowerShell Version

OsName : Microsoft Windows 11 Enterprise OsOperatingSystemSKU : EnterpriseEdition OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 26100.1.amd64fre.ge_release.240331-1435 OsLanguage : en-US OsMuiLanguages : {en-US}

Key : PSVersion Value : 5.1.26100.1882 Name : PSVersion

Key : PSEdition Value : Desktop Name : PSEdition

Key : PSCompatibleVersions Value : {1.0, 2.0, 3.0, 4.0...} Name : PSCompatibleVersions

Key : BuildVersion Value : 10.0.26100.1882 Name : BuildVersion

Key : CLRVersion Value : 4.0.30319.42000 Name : CLRVersion

Key : WSManStackVersion Value : 3.0 Name : WSManStackVersion

Key : PSRemotingProtocolVersion Value : 2.3 Name : PSRemotingProtocolVersion

Key : SerializationVersion Value : 1.1.0.1 Name : SerializationVersion

FabienTschanz commented 6 days ago

If you want to apply the configuration to another tenant, you need to change the tenant id / name in the ConfigurationData.psd1 file and then compile it. Otherwise, you'll end up targeting your export tenant.

rick-engle commented 5 days ago

@FabienTschanz , that is a good tip. I did not see that note in the Microsoft365DSC documentation. I did try that and tested against the AADConditionalAccessPolicy component. I realized that it was still not working and then figured out that after compiling, the M365TenantConfig.ps1 file needs to be edited and have the UPN addresses globally replaced from users' old tenant domain to the target tenant. Then, finally, finally it worked! I didn't find any of that in the documentation. And I cannot thank you enough for giving me this tip that got me to a solution!

FabienTschanz commented 4 days ago

UPNs and other things for one tenant indeed have to be changed by you from an external input unfortunately. What you could do (if you wanted to) would be to configure a variable in the ConfigurationData.psd1 which contains the UPN suffix and have one for each of your tenants. That way, depending on what file you specify, you can target one or the other tenant.

Hope that helps 😃 If the issue is resolved for you, feel free to close it.

microsoft / Microsoft365DSC