[BUG] M365 GCC High Errors Calling Cross-Sovereign Cloud Resource

aaronnl3h commented 3 months ago

Reporting an Issue or Missing Feature

The Get-PnPPowerPlatformEnvironment cmdlet seems to be calling out to the commercial endpoint management.azure.com instead of the endpoint appropriate for the environment that was set in the initial Connect-PnPOnline connection. I operate out of a GCC High tenant. I believe the endpoint should be configurable or pointed to "management.usgovcloudapi.net" for a GCC High tenant based on the article here: https://learn.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure.

Expected behavior

I expected something other than an error from the Get-PnPPowerPlatformEnvironment cmdlet, once a connection had been set in my GCC High tenant

Actual behavior

The error message text states: Get-PnPPowerPlatformEnvironment: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 00000000-fbd8-4d46-93c1-9b23cef00000(PnP PowerShell). Resource value from request: https://management.azure.com. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000003-0000-0000-c000-000000000000, 40a69793-8fe6-4db1-9591-dbc5c57b17d8, 00000003-0000-0ff1-ce00-000000000000. Trace ID: Correlation ID: Timestamp: 2024-03-25 21:32:07Z

Steps to reproduce behavior

Initiate connection to GCC High SharePoint Online endpoint, e.g. $ctx = Connect-PnPOnline -Url https://tenant-name.sharepoint.us -Interactive -AzureEnvironment USGovernmentHigh -ClientId 00000000-fbd8-4d46-93c1-9b23cef00000 -MicrosoftGraphEndPoint "graph.microsoft.us" -AzureADLoginEndPoint "https://login.microsoftonline.us" -Tenant "tenant-name.onmicrosoft.com" -ReturnConnection
Sign-in with tenant credentials successfully
Run the following cmdlet: Get-PnPPowerPlatformEnvironment -Connection $ctx
Sign-in again
Error is triggered: Get-PnPPowerPlatformEnvironment: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 00000000-fbd8-4d46-93c1-9b23cef00000(PnP PowerShell). Resource value from request: https://management.azure.com. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000003-0000-0000-c000-000000000000, 40a69793-8fe6-4db1-9591-dbc5c57b17d8, 00000003-0000-0ff1-ce00-000000000000. Trace ID: Correlation ID: Timestamp: 2024-03-25 21:32:07Z

What is the version of the Cmdlet module you are running?

PnP PowerShell Cmdlets (2.3.0)

Which operating system/environment are you running PnP PowerShell on?

[x] Windows
[ ] Linux
[ ] MacOS
[ ] Azure Cloud Shell
[ ] Azure Functions
[ ] Other : please specify

gautamdsheth commented 3 months ago

@aaronnl3h - can you please update to the latest version , 2.4.0 and check ? We made fixes around this area, should help

aaronnl3h commented 3 months ago

Yes, sir! Will do that and share the results. Thank you!

aaronnl3h commented 3 months ago

@gautamdsheth - I've updated to the latest version and am seeing the same error message.

aaronnl3h commented 3 months ago

I remain interested in support or resolution on this issue. The reason for the behavior and next steps continue to be a mystery.

aaronnl3h commented 2 months ago

Have I overlooked anything as part of submitting this support request? I remain interested in resolution.

aaronnl3h commented 2 months ago

Have I overlooked anything as part of submitting this support request?

pnp / powershell