I want to add a Trusted location in the Azure Conditional policies with MS Graph.
I have the next powerrshell script. The $body is converted to JSON, and the converted JSON works just fine in the MS Graph explorer, just as expected.
$body = @{
"@odata.type" = "#microsoft.graph.countryNamedLocation"
countriesAndRegions = @(
$ExcludedCountryCode
)
countryLookupMethod = "clientIpAddress"
displayName = $ExcludedCountryDisplayName
}| ConvertTo-Json
$NamedLocationURI = "https://graph.microsoft.com/beta/conditionalAccess/namedLocations"
$NamedLocation = Invoke-RestMethod -Uri $NamedLocationURI -Headers $authToken -body $Body -Method POST -ContentType "application/json"
logwrite -logfile $Logfile -type Informational -logstring "De named location `"$ExcludedCountryDisplayName`" is aangemaakt!"
However when i run it in my script I get an error: The remote server returned an error: (403) Forbidden. Of course this probably has something to do with the bearer token, however if a run another JSON - one to create a new Azure AD group - that runs without any problems with the same token...
$Body = @{
description = $Description
displayName = $DisplayName
mailEnabled = $false
mailNickname = ($DisplayName + "-" + (get-random -Minimum 100000 -Maximum 999999))
securityEnabled = $true
}|ConvertTo-Json
$Group = Invoke-RestMethod -Uri $BaseUrl -Headers $authToken -body $Body -Method POST -ContentType "application/json"
logwrite -logfile $Logfile -type Informational -logstring "De security groep $DisplayName is aangemaakt..."
I use the same (global admin) account both scripts and also in the Graph explorer. It is strange, since i can use the authentication token for creating all policies we need, except the policies created under Conditional access: https://graph.microsoft.com/beta/identity/conditionalAccess all of them gave me problems with authentication. (in the scripts, not in graph, not manual on the site with the same accounts).
I got my header via:
$AccessToken = Connect-MSGraph -ForceInteractive -PassThru
$AuthToken = @{
Authorization = "Bearer $AccessToken"
}
I have no idea anymore... Does anyone have an idea?