Thank you for you answer Lu Dai!
I will wait for an answer and in mean time i will try to get some info with the MS Graph Intune SDK team
Thank you for your valuable time!
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I want to add a Trusted location in the Azure Conditional policies with MS Graph.
I have the next powerrshell script. The $body is converted to JSON, and the converted JSON works just fine in the MS Graph explorer, just as expected.
$body = @{
"@odata.type" = "#microsoft.graph.countryNamedLocation"
countriesAndRegions = @(
$ExcludedCountryCode
)
countryLookupMethod = "clientIpAddress"
displayName = $ExcludedCountryDisplayName
}| ConvertTo-Json
$NamedLocationURI = "https://graph.microsoft.com/beta/conditionalAccess/namedLocations"
$NamedLocation = Invoke-RestMethod -Uri $NamedLocationURI -Headers $authToken -body $Body -Method POST -ContentType "application/json"
logwrite -logfile $Logfile -type Informational -logstring "De named location `"$ExcludedCountryDisplayName`" is aangemaakt!"
However when i run it in my script I get an error: The remote server returned an error: (403) Forbidden. Of course this probably has something to do with the bearer token, however if a run another JSON - one to create a new Azure AD group - that runs without any problems with the same token...
$Body = @{
description = $Description
displayName = $DisplayName
mailEnabled = $false
mailNickname = ($DisplayName + "-" + (get-random -Minimum 100000 -Maximum 999999))
securityEnabled = $true
}|ConvertTo-Json
$Group = Invoke-RestMethod -Uri $BaseUrl -Headers $authToken -body $Body -Method POST -ContentType "application/json"
logwrite -logfile $Logfile -type Informational -logstring "De security groep $DisplayName is aangemaakt..."
I use the same (global admin) account both scripts and also in the Graph explorer. It is strange, since i can use the authentication token for creating all policies we need, except the policies created under Conditional access: https://graph.microsoft.com/beta/identity/conditionalAccess all of them gave me problems with authentication. (in the scripts, not in graph, not manual on the site with the same accounts).
I got my header via:
$AccessToken = Connect-MSGraph -ForceInteractive -PassThru
$AuthToken = @{
Authorization = "Bearer $AccessToken"
}
I have no idea anymore... Does anyone have an idea?
Thank you for you answer Lu Dai!
I will wait for an answer and in mean time i will try to get some info with the MS Graph Intune SDK team
Thank you for your valuable time!
@Reinout Dorreboom Thanks for posting in our Q&A.
For this error message, it seems that we don't have enough permissions. It is suggested to enter F12 to get the detailed token information and try to use it. For example:
Then please make sure that we have the "Policy.Read.All" permission in Graph Explorer.
If this issue still exists, please understand that conditional access works with Azure AD resources in Microsoft Graph, so it is suggested to contact Azure AD support to get more accurate help. Here is the support link:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-troubleshooting-support-howto
Hope it will help
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.