在 Microsoft.Graph.Intune 模块中使用 Get-IntuneConditionalAccessSetting 时出现 400 错误请求
400 Bad request when using Get-IntuneConditionalAccessSetting within the Microsoft.Graph.Intune module
Intune 的其他 get 命令似乎在工作,例如合规性和配置策略,但是当我尝试使用 Get-IntuneConditionalAccessSetting 命令时,我总是得到以下信息:
Get-IntuneConditionalAccessSetting : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 -
Activity ID: 66a698b9-a2ae-4559-ad06-9a22fd2d69f7 - Url:
https://fef.amsub0102.manage.microsoft.com/StatelessOnboardingService/deviceManagement/conditionalAccessSettings?api-version=2018-08-13\",\r\n
\"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"request-id": "66a698b9-a2ae-4559-ad06-9a22fd2d69f7",
"date": "2020-04-30T08:08:24"
}
}
}
At C:\Data_TempFilesOnly\PowerShell\ConditionalAccess.ps1:131 char:26
+ $IntuneObj = Get-IntuneConditionalAccessSetting | ForEach ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceManag...lAccessSettings], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceManagement_ConditionalAccessSettings
我自己尝试过该命令,但它产生了同样的错误,所以我认为它不是实际代码,而是特定于该命令的。有什么建议吗?
https://graph.microsoft.com/v1.0/deviceManagement/conditionalAccessSettings 用于本地 Exchange 条件访问,因此如果未配置本地交换,returns 错误 400。
如果您正在寻找 AzureAD 条件访问,请使用 https://graph.microsoft.com/beta/conditionalAccess/policies
{
"error":{
"code": "Forbidden",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: afb69295-20c4-424e-b55b-15274fd6ab1a - Url: https://fef.amsub0102.manage.microsoft.com/StatelessOnboardingService/deviceManagement/conditionalAccessSettings?api-version=2018-08-13\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": 空,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError":{
"request-id": "afb69295-20c4-424e-b55b-15274fd6ab1a",
"date":“2020-04-30T09:29:01”
}
}
}
如果这是一个权限问题,我该如何为这个应用程序添加权限?
Intune 的其他 get 命令似乎在工作,例如合规性和配置策略,但是当我尝试使用 Get-IntuneConditionalAccessSetting 命令时,我总是得到以下信息:
Get-IntuneConditionalAccessSetting : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 -
Activity ID: 66a698b9-a2ae-4559-ad06-9a22fd2d69f7 - Url:
https://fef.amsub0102.manage.microsoft.com/StatelessOnboardingService/deviceManagement/conditionalAccessSettings?api-version=2018-08-13\",\r\n
\"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"request-id": "66a698b9-a2ae-4559-ad06-9a22fd2d69f7",
"date": "2020-04-30T08:08:24"
}
}
}
At C:\Data_TempFilesOnly\PowerShell\ConditionalAccess.ps1:131 char:26
+ $IntuneObj = Get-IntuneConditionalAccessSetting | ForEach ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceManag...lAccessSettings], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceManagement_ConditionalAccessSettings
我自己尝试过该命令,但它产生了同样的错误,所以我认为它不是实际代码,而是特定于该命令的。有什么建议吗?
https://graph.microsoft.com/v1.0/deviceManagement/conditionalAccessSettings 用于本地 Exchange 条件访问,因此如果未配置本地交换,returns 错误 400。
如果您正在寻找 AzureAD 条件访问,请使用 https://graph.microsoft.com/beta/conditionalAccess/policies
{ "error":{ "code": "Forbidden", "message": "{\r\n \"_version\": 3,\r\n \"Message\": \"Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: afb69295-20c4-424e-b55b-15274fd6ab1a - Url: https://fef.amsub0102.manage.microsoft.com/StatelessOnboardingService/deviceManagement/conditionalAccessSettings?api-version=2018-08-13\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": 空,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}", "innerError":{ "request-id": "afb69295-20c4-424e-b55b-15274fd6ab1a", "date":“2020-04-30T09:29:01” } } }
如果这是一个权限问题,我该如何为这个应用程序添加权限?