Azure-Samples/azure-ad-conditional-access-apis

New-AzureADMSConditionalAccessPolicy : Cannot bind parameter 'Conditions'

Opened this issue · 2 comments

SGeeves commented

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

When running your specific $conditions to create the CA Policy I receive an error. I am authenticated with the global admin on the tenant, the account is also a part of the 'Conditional Access Administrators' role.
Even if I write my own conditions in I have the same error.
The only amendment I had made to your script was the $conditions.users.includegroups for a group Id in the tenant.

Any log messages given by the failure

PS C:\Windows\system32> New-AzureADMSConditionalAccessPolicy -DisplayName "CA0002: Require MFA for medium + sign-in risk" -State "enabledForReportingButNotEnforced" -Conditions $conditions -GrantControls $controls

New-AzureADMSConditionalAccessPolicy : Cannot bind parameter 'Conditions'. Cannot convert the "class ConditionalAccessConditionSet {
Applications: class ConditionalAccessApplicationCondition {
IncludeApplications: System.Collections.Generic.List1[System.String] ExcludeApplications: IncludeUserActions: IncludeProtectionLevels: } Users: class ConditionalAccessUserCondition { IncludeUsers: ExcludeUsers: IncludeGroups: System.Collections.Generic.List1[System.String]
ExcludeGroups:
IncludeRoles:
ExcludeRoles:
}
Platforms:
Locations:
SignInRiskLevels: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessRiskLevel]
ClientAppTypes:
}
" value of type "Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet" to type "Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet".
At line:1 char:154

  • ... e "enabledForReportingButNotEnforced" -Conditions $conditions -GrantC ...
  •                                                   ~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [New-AzureADMSConditionalAccessPolicy], ParameterBindingException
    • FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Open.MSGraphBeta.PowerShell.NewAzureADMSConditionalAccessPolicy

Expected/desired behavior

No error

OS and Version?

Versions

Mention any other details that might be useful

If I am being a noob, then I am very sorry! Have looked into Intune and Azure deployment for so long my brain is mush.

SmoothRob commented

Hi
I am getting the same issue - even when using the example code from the MS Ref page (https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsconditionalaccesspolicy?view=azureadps-2.0)

Did you ever get this resolved? My code was working, but now stopped creating the Policies!!

Thanks
Rob

tcatw commented

hi
i have the same error. i can not create a new policy.
I have also tested the example code from the MS Ref page, without success.

Has anyone found out more?

Thanks
Thomy