Can't run Get-AzSecurityTask at the subscription level

[SponTanious]

Description

Hi Team,

I am unable to run Get-AzSecurityTask on a Subscription.

$SubscriptionIDs = Get-AzSubscription

foreach ($sub in $SubscriptionIDs) {

    $sub.Name
    Set-AzContext -Subscription $sub | Out-null
    Get-AzSecurityTask 

}

This is the error I am getting, I have access to a lot of subscriptions and this error is occurring for all of them.

Looks like it was a bug that existed previously. issue

Let me know if you would like anymore details.

Kind Regards, Daniel Tanious

Issue script & Debug output

Issue Script:

$SubscriptionIDs = Get-AzSubscription

foreach ($sub in $SubscriptionIDs) {

    $sub.Name
    Set-AzContext -Subscription $sub | Out-null
    Get-AzSecurityTask 

}

Debug Output: Can't provide as it contains to much sensitive data.

### Environment data

```PowerShell
Name                           Value
----                           -----
PSVersion                      7.3.8
PSEdition                      Core
GitCommitId                    7.3.8
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.12.5                Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     1.4.0                 Az.Security                         {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecuritySqlVulnerabilityAssessmentBaseline, Confirm…
Script     5.9.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccou…
Manifest   2.1.0                 AzTable                             {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}

Error output

Message        : The given key 'policyName' was not present in the dictionary.
StackTrace     :    at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.ConvertToPSType(SecurityTask value)
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.<>c.<ConvertToPSType>b__1_0(SecurityTask task)
                    at System.Linq.Enumerable.SelectEnumerableIterator`2.ToList()
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.ConvertToPSType(IEnumerable`1 value)
                    at Microsoft.Azure.Commands.Security.Cmdlets.Tasks.GetTasks.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.Collections.Generic.KeyNotFoundException
InvocationInfo : {Get-AzSecurityTask}
Line           :     Get-AzSecurityTask

Position       : At untitled:Untitled-1:42 char:5
                 +     Get-AzSecurityTask
                 +     ~~~~~~~~~~~~~~~~~~
HistoryId      : 1

[isra-fel]

Let me route this to the Azure Security team. BTW @SponTanious hi, I noticed the call is in a for-loop. Does the command not work for every subscription? Any error when Set-AzContext?

[microsoft-github-policy-service[bot]]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @zivraf.

[SponTanious]

@isra-fel No errors with Set-AzContext

[ghetzu]

hi,

any news on this one?

facing the same issue, can't run Get-AzSecurityTask.

thanks,

[SponTanious]

Issue still exists but I wanted to post a work around I found.

@ghetzu - you can use the following as an alternative.

$SecurityAssements = Get-AzSecurityAssessment | Where-Object {$_.Status.Code -eq "Unhealthy"} | Group-Object 'DisplayName' | ForEach-Object { $_.Group[0] }
$SecurityAssementMetadatas = $SecurityAssements | ForEach-Object {Get-AzSecurityAssessmentMetadata -ResourceId $_.Id}
$SecurityRecommendations = $SecurityAssementMetadatas | Select-Object DisplayName, Severity

[theorjan]

stale issue?

[SponTanious]

stale issue?

No I don't believe so