You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") against my source tenant and it listed all 39 CA policies that I had. After compiling the powershell script and then running Start-DscConfiguration all of the policies showed up in the output using -Verbose and had no errors that I could see yet the polcies were not successfully written to my target tenant.
How can i troubleshoot this?
Exporting Microsoft 365 configuration for Components: AADConditionalAccessPolicy
Authentication methods specified:
Service Principal with Application Secret
Connecting to {MicrosoftGraph}...✅
[1/1] Extracting [AADConditionalAccessPolicy] using {ApplicationSecret}...
|---[1/39] My App Conditional Access Policy✅
...
|---[39/39] Multifactor authentication for Microsoft partners and vendors✅
⌛ Export took {59 seconds} for {39 instances}
. .\M365TenantConfig_M365x648977_Backup.ps1
Import-Module : The version of Windows PowerShell on this computer is '5.1.26100.1882'. The module 'C:\Program
Files\WindowsPowerShell\Modules\PSDesiredStateConfiguration\2.0.7\PSDesiredStateConfiguration.psd1' requires a minimum Windows PowerShell version
of '6.1' to run. Verify that you have the minimum required version of Windows PowerShell installed, and then try again.
At line:3 char:25
VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ]
VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ] in 80.7530 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 81.363 seconds
If you want to apply the configuration to another tenant, you need to change the tenant id / name in the ConfigurationData.psd1 file and then compile it. Otherwise, you'll end up targeting your export tenant.
@FabienTschanz , that is a good tip. I did not see that note in the Microsoft365DSC documentation. I did try that and tested against the AADConditionalAccessPolicy component. I realized that it was still not working and then figured out that after compiling, the M365TenantConfig.ps1 file needs to be edited and have the UPN addresses globally replaced from users' old tenant domain to the target tenant. Then, finally, finally it worked! I didn't find any of that in the documentation. And I cannot thank you enough for giving me this tip that got me to a solution!
UPNs and other things for one tenant indeed have to be changed by you from an external input unfortunately. What you could do (if you wanted to) would be to configure a variable in the ConfigurationData.psd1 which contains the UPN suffix and have one for each of your tenants. That way, depending on what file you specify, you can target one or the other tenant.
Hope that helps 😃 If the issue is resolved for you, feel free to close it.
Description of the issue
I ran Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") against my source tenant and it listed all 39 CA policies that I had. After compiling the powershell script and then running Start-DscConfiguration all of the policies showed up in the output using -Verbose and had no errors that I could see yet the polcies were not successfully written to my target tenant.
How can i troubleshoot this?
Rick
Microsoft 365 DSC Version
Release 1.24.1002.1
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -ApplicationId $clientId -TenantId $tenantIdDomainName -ApplicationSecret $clientSecretValue -Path $SavePath -FileName $SaveFileName
Start-DscConfiguration -Path $PathToCompiledMOF -Wait -Verbose -Force
Verbose logs showing the problem
Just AADConditionalAccessPolicy:
Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy") -ApplicationId $clientId -TenantId $tenantIdDomainName -ApplicationSecret $clientSecretValue -Path $SavePath -FileName $SaveFileName
Exporting Microsoft 365 configuration for Components: AADConditionalAccessPolicy
Authentication methods specified:
Connecting to {MicrosoftGraph}...✅
[1/1] Extracting [AADConditionalAccessPolicy] using {ApplicationSecret}...
|---[1/39] My App Conditional Access Policy✅
...
|---[39/39] Multifactor authentication for Microsoft partners and vendors✅
⌛ Export took {59 seconds} for {39 instances}
$PermissionsList = Get-M365DSCCompiledPermissionList -AccessType Update -ResourceNameList @("AADApplication", "AADAuthenticationMethodPolicy", "AADAuthenticationStrengthPolicy", "AADAuthorizationPolicy", "AADGroup", "AADNamedLocationPolicy", "AADServicePrincipal") -PermissionType Application
The M365DSC app needs the Directory.Read.All permission
$PermissionsList += @{API ='Graph';PermissionName='Directory.Read.All';}
$PermissionsList += @{API ='Graph';PermissionName='Directory.ReadWrite.All';}
. .\M365TenantConfig_M365x648977_Backup.ps1
Import-Module : The version of Windows PowerShell on this computer is '5.1.26100.1882'. The module 'C:\Program
Files\WindowsPowerShell\Modules\PSDesiredStateConfiguration\2.0.7\PSDesiredStateConfiguration.psd1' requires a minimum Windows PowerShell version
of '6.1' to run. Verify that you have the minimum required version of Windows PowerShell installed, and then try again.
At line:3 char:25
Mode LastWriteTime Length Name
-a---- 10/14/2024 5:33 PM 171746 localhost.mof
Start-DscConfiguration -Path $PathToCompiledMOF -Wait -Verbose -Force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigura
tionManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer ULTRASBOOK6 with user sid S-1-12-1-2786440620-1107658995-3191192979-3267944029.
VERBOSE: The -Force option was specified with the Stop operation. The current configuration has been successfully cancelled.
VERBOSE: An LCM method call arrived from computer ULTRASBOOK6 with user sid S-1-12-1-2786440620-1107658995-3191192979-3267944029.
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Set ]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy]
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Testing
configuration of AzureAD CA Policies
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Getting
configuration of AzureAD Conditional Access Policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] PolicyI
D was specified
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Found existing Conditional Access policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Process IncludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Process ExcludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Process IncludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Process ExcludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Location condition defined, processing
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Processing IncludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource: Processing ExcludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Get-Tar
getResource Result:
AccessTokens=$null
ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
ApplicationsFilter=$null
ApplicationsFilterMode=$null
AuthenticationContexts=()
AuthenticationStrength=$null
BuiltInControls=(mfa,compliantDevice)
CertificateThumbprint=***
ClientAppTypes=(browser,mobileAppsAndDesktopClients)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
Credential=$null
CustomAuthenticationFactors=()
DeviceFilterMode=
DeviceFilterRule=
DisplayName=My App Conditional Access Policy
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeGuestOrExternalUserTypes=$null
ExcludeLocations=()
ExcludePlatforms=(android,iOS,macOS)
ExcludeRoles=()
ExcludeUsers=(GuestsOrExternalUsers)
GrantControlOperator=AND
Id=266e548c-eddd-4b20-b561-8e6eed90efdb
IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeGuestOrExternalUserTypes=$null
IncludeLocations=(All)
IncludePlatforms=(android,iOS)
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(None)
Managedidentity=False
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyInterval=$null
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInFrequencyValue=$null
SignInRiskLevels=(high)
State=enabledForReportingButNotEnforced
TenantId=***
TermsOfUse=$null
TransferMethods=
UserRiskLevels=(medium)
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Current
Values: AccessTokens=$null
ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
ApplicationsFilter=$null
ApplicationsFilterMode=$null
AuthenticationContexts=()
AuthenticationStrength=$null
BuiltInControls=(mfa,compliantDevice)
CertificateThumbprint=***
ClientAppTypes=(browser,mobileAppsAndDesktopClients)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
Credential=$null
CustomAuthenticationFactors=()
DeviceFilterMode=
DeviceFilterRule=
DisplayName=My App Conditional Access Policy
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeGuestOrExternalUserTypes=$null
ExcludeLocations=()
ExcludePlatforms=(android,iOS,macOS)
ExcludeRoles=()
ExcludeUsers=(GuestsOrExternalUsers)
GrantControlOperator=AND
Id=266e548c-eddd-4b20-b561-8e6eed90efdb
IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeGuestOrExternalUserTypes=$null
IncludeLocations=(All)
IncludePlatforms=(android,iOS)
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(None)
Managedidentity=False
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyInterval=$null
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInFrequencyValue=$null
SignInRiskLevels=(high)
State=enabledForReportingButNotEnforced
TenantId=***
TermsOfUse=$null
TransferMethods=
UserRiskLevels=(medium)
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Target
Values: ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
AuthenticationContexts=()
BuiltInControls=(mfa,compliantDevice)
ClientAppTypes=(browser,mobileAppsAndDesktopClients)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
CustomAuthenticationFactors=()
DeviceFilterRule=
DisplayName=My App Conditional Access Policy
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeLocations=()
ExcludePlatforms=(android,iOS,macOS)
ExcludeRoles=()
ExcludeUsers=(GuestsOrExternalUsers)
GrantControlOperator=AND
Id=266e548c-eddd-4b20-b561-8e6eed90efdb
IncludeApplications=(02c39422-d850-4440-bb38-3eb38a6634ff)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeLocations=(All)
IncludePlatforms=(android,iOS)
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(None)
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInRiskLevels=(high)
State=enabledForReportingButNotEnforced
TenantId=***
TransferMethods=
UserRiskLevels=(medium)
Verbose=True
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] Test-Ta
rgetResource returned True
VERBOSE: [ULTRASBOOK6]: LCM: [ End Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy] in 1.3
060 seconds.
VERBOSE: [ULTRASBOOK6]: LCM: [ Skip Set ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy]
VERBOSE: [ULTRASBOOK6]: LCM: [ End Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-My App Conditional Access Policy]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access]
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Testin
g configuration of AzureAD CA Policies
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Gettin
g configuration of AzureAD Conditional Access Policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Policy
ID was specified
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Found existing Conditional Access policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Process IncludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Process ExcludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Process IncludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Process ExcludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Location condition defined, processing
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Processing IncludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource: Processing ExcludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Get-Ta
rgetResource Result:
AccessTokens=$null
ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
ApplicationsFilter=$null
ApplicationsFilterMode=$null
AuthenticationContexts=()
AuthenticationStrength=$null
BuiltInControls=(mfa)
CertificateThumbprint=***
ClientAppTypes=(all)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
Credential=$null
CustomAuthenticationFactors=()
DeviceFilterMode=
DeviceFilterRule=
DisplayName=Require MFA for B2B portal access
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeGuestOrExternalUserTypes=$null
ExcludeLocations=()
ExcludePlatforms=()
ExcludeRoles=()
ExcludeUsers=()
GrantControlOperator=OR
Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c
IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeGuestOrExternalUserTypes=$null
IncludeLocations=()
IncludePlatforms=()
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(GuestsOrExternalUsers)
Managedidentity=False
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyInterval=$null
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInFrequencyValue=$null
SignInRiskLevels=()
State=enabledForReportingButNotEnforced
TenantId=***
TermsOfUse=$null
TransferMethods=
UserRiskLevels=()
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Curren
t Values: AccessTokens=$null
ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
ApplicationsFilter=$null
ApplicationsFilterMode=$null
AuthenticationContexts=()
AuthenticationStrength=$null
BuiltInControls=(mfa)
CertificateThumbprint=***
ClientAppTypes=(all)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
Credential=$null
CustomAuthenticationFactors=()
DeviceFilterMode=
DeviceFilterRule=
DisplayName=Require MFA for B2B portal access
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeGuestOrExternalUserTypes=$null
ExcludeLocations=()
ExcludePlatforms=()
ExcludeRoles=()
ExcludeUsers=()
GrantControlOperator=OR
Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c
IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeGuestOrExternalUserTypes=$null
IncludeLocations=()
IncludePlatforms=()
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(GuestsOrExternalUsers)
Managedidentity=False
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyInterval=$null
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInFrequencyValue=$null
SignInRiskLevels=()
State=enabledForReportingButNotEnforced
TenantId=***
TermsOfUse=$null
TransferMethods=
UserRiskLevels=()
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Target
Values: ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
AuthenticationContexts=()
BuiltInControls=(mfa)
ClientAppTypes=(all)
CloudAppSecurityIsEnabled=False
CloudAppSecurityType=
CustomAuthenticationFactors=()
DeviceFilterRule=
DisplayName=Require MFA for B2B portal access
Ensure=Present
ExcludeApplications=()
ExcludeExternalTenantsMembers=()
ExcludeExternalTenantsMembershipKind=
ExcludeGroups=()
ExcludeLocations=()
ExcludePlatforms=()
ExcludeRoles=()
ExcludeUsers=()
GrantControlOperator=OR
Id=d65bbcb4-9c6c-4fff-b71e-298f3bf2322c
IncludeApplications=(cc15fd57-2c6c-4117-a88c-83b1d56b4bbe)
IncludeExternalTenantsMembers=()
IncludeExternalTenantsMembershipKind=
IncludeGroups=()
IncludeLocations=()
IncludePlatforms=()
IncludeRoles=()
IncludeUserActions=()
IncludeUsers=(GuestsOrExternalUsers)
PersistentBrowserIsEnabled=False
PersistentBrowserMode=
SignInFrequencyIsEnabled=False
SignInFrequencyType=
SignInRiskLevels=()
State=enabledForReportingButNotEnforced
TenantId=***
TransferMethods=
UserRiskLevels=()
Verbose=True
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] Test-T
argetResource returned True
VERBOSE: [ULTRASBOOK6]: LCM: [ End Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access] in 1.
0500 seconds.
VERBOSE: [ULTRASBOOK6]: LCM: [ Skip Set ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access]
VERBOSE: [ULTRASBOOK6]: LCM: [ End Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-Require MFA for B2B portal access]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot]
VERBOSE: [ULTRASBOOK6]: LCM: [ Start Test ] [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot]
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Testing configuration of Azure
AD CA Policies
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Getting configuration of Azure
AD Conditional Access Policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] PolicyID was specified
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Found exis
ting Conditional Access policy
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process In
cludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process Ex
cludeUsers
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process In
cludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Process Ex
cludeGroups
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Location c
ondition defined, processing
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Processing
IncludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource: Processing
ExcludeLocations
VERBOSE: [ULTRASBOOK6]: [[AADConditionalAccessPolicy]AADConditionalAccessPolicy-MFA Pilot] Get-TargetResource Result:
AccessTokens=$null
ApplicationEnforcedRestrictionsIsEnabled=False
ApplicationId=***
ApplicationSecret=***
ApplicationsFilter=$null
ApplicationsFilterMode=$null
AuthenticationContexts=()
AuthenticationStrength=$null
BuiltInControls=(mfa,compliantDevice,domainJoinedDevice)
CertificateThumbprint=***
ClientAppTypes=(exchangeActiveSync,browser,other)
.........
VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ]
VERBOSE: [ULTRASBOOK6]: LCM: [ End Set ] in 80.7530 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 81.363 seconds
Environment Information + PowerShell Version
OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 26100.1.amd64fre.ge_release.240331-1435
OsLanguage : en-US
OsMuiLanguages : {en-US}
Key : PSVersion
Value : 5.1.26100.1882
Name : PSVersion
Key : PSEdition
Value : Desktop
Name : PSEdition
Key : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name : PSCompatibleVersions
Key : BuildVersion
Value : 10.0.26100.1882
Name : BuildVersion
Key : CLRVersion
Value : 4.0.30319.42000
Name : CLRVersion
Key : WSManStackVersion
Value : 3.0
Name : WSManStackVersion
Key : PSRemotingProtocolVersion
Value : 2.3
Name : PSRemotingProtocolVersion
Key : SerializationVersion
Value : 1.1.0.1
Name : SerializationVersion
The text was updated successfully, but these errors were encountered: