You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to create a policy which requests a password change when the userRisk is high.
As soon I set the BuiltInControls to passwordChange, the deployement failed. If I put "mfa" instead of passwordChange it works and the policy is created.
BuiltInControls = @("passwordChange"); => failed
BuiltInControls = @("mfa"); => works
The value passwordChange is provided by ma configuration export ran with Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy")
##[error][BadRequest] : The server could not process the request because it is malformed or incorrect.+ CategoryInfo : InvalidOperation: ({ ConditionalAc...lAccessPolicy }:) [], CimException
+ FullyQualifiedErrorId : BadRequest,Microsoft.Graph.Beta.PowerShell.Cmdlets.UpdateMgBetaIdentityConditionalAccess
Policy_UpdateExpanded
+ PSComputerName : localhost
VERBOSE: [fv-az623-346]:
[[AADConditionalAccessPolicy]CAP002-Global-AllApps-UserRiskHigh-MFAAndPasswordChange-FreqEveryTime::[EntraID]EntraID_Configuration] Set-Targetresource: Finished processing Policy
CAP002-Global-AllApps-UserRiskHigh-MFAAndPasswordChange-FreqEveryTime
VERBOSE: [fv-az623-346]: LCM: [ EndSet ]
[[AADConditionalAccessPolicy]CAP002-Global-AllApps-UserRiskHigh-MFAAndPasswordChange-FreqEveryTime::[EntraID]EntraID_Configuration] in1.4090 seconds.
##[error]The PowerShell DSC resource '[AADConditionalAccessPolicy]CAP002-Global-AllApps-UserRiskHigh-MFAAndPasswordChange-FreqEv
eryTime::[EntraID]EntraID_Configuration' with SourceInfo 'D:\a\1\s\M365Config\0.0.1\DSCResources\EntraID\EntraID.schema.psm1::45::17::AADConditionalAccessPolicy' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. + CategoryInfo : InvalidOperation: (:) [], CimException + FullyQualifiedErrorId : NonTerminatingErrorFromProvider + PSComputerName : localhostVERBOSE: [fv-az623-346]: LCM: [ Start Resource ] [[AADConditionalAccessPolicy]CAP003-Global-AllApps-SignInRiskMediumAndHigh-MFA-FreqEveryTime::[EntraID]EntraID_Configuration]
Environment Information + PowerShell Version
No response
The text was updated successfully, but these errors were encountered:
Description of the issue
I want to create a policy which requests a password change when the userRisk is high.
As soon I set the BuiltInControls to passwordChange, the deployement failed. If I put "mfa" instead of passwordChange it works and the policy is created.
BuiltInControls = @("passwordChange"); => failed
BuiltInControls = @("mfa"); => works
The value passwordChange is provided by ma configuration export ran with Export-M365DSCConfiguration -Components @("AADConditionalAccessPolicy")
Microsoft 365 DSC Version
1.24.424.1
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version
No response
The text was updated successfully, but these errors were encountered: