Closed slavizh closed 2 weeks ago
dkershaw10
commented
3 months ago Nice bug. Thanks for filing this. We'll go investigate this. Supporting app-only required some work in the authentication flows to support application on-behalf-of through the service tiers, to ensure that the originating client flows through to the API service. It looks like the wrong client was used in the ownership logic, probably due to us forgetting to hook this up to the new application on-behalf-of flow.
dkershaw10
commented
3 months ago @slavizh Known issues has been updated - with temporary workaround. That said, we will work on getting a fix for this.
eketo-msft
commented
3 months ago Hey @slavizh, the bug has been identified and the fix is in progress. Including the deployment time, it will probably take 2-3 weeks to get the fix shipped. Happy to share any other details as needed.
eketo-msft
commented
2 months ago Just sharing an update. The fix has been merged into the repo and we're expecting ~2 weeks for the deployment to complete. I'll circle back here after deployment and verification is completed.
eketo-msft
commented
2 months ago Hey @slavizh, the fix for this is fully deployed and verified. Please let me know if you continue to see any issues regarding group owner.
dkershaw10
commented
1 month ago Hi @slavizh - would you be able to verify the fix here please, and let us know if you are still seeing any issues? Thanks in advance.
danstis
commented
1 month ago @dkershaw10 - As this item was linked to #134, should any application created also be automatically owned by the SP that created it? As we are still seeing no owner assigned to Applications created using the graph extension.
dkershaw10
commented
1 month ago @danstis So this should work for groups and service principals (ownership should be assigned for these resource types), but we do indeed still have a problem with applications that we are trying to nail down and fix.
slavizh
commented
2 weeks ago @dkershaw10 confirming that this is now fixed and the owner assigned now is the SP that was used for the deployment of the Microsoft 365 group.
dkershaw10
commented
2 weeks ago Just to confirm for others. This is working for group ownership only. We currently still have a bug for application ownership. We think we have a fix for this, and we're waiting for the rollout of the fix to start (which we will also verify in early integration rings). We'll track status and validation of this issue in #134
Bicep version Bicep CLI version 0.27.1 (4b41cb6d4b)
Resource and API version Microsoft.Graph/groups@v1.0
Auth flow automated
Deployment details N/A
Describe the bug When you create Microsoft365 group with application it lists the Microsoft Graph Bicep extension as owner. Preferably owner should be the application that did the deployment.
To Reproduce Create Microsoft365 group with application.
Additional context Add any other context about the problem here. For example, what permissions does the identity have if it's a permission issue?