azure-docs Wrong Powershell example.

On the website their is an powershell example:

{
  "displayName": "Name",
  "state": "enabled OR disabled OR enabledForReportingButNotEnforced",
  "conditions": {
    "applications": {
      "includeApplications": [
        "All"
      ]
    },
    "clientApplications": {
      "includeServicePrincipals": [
        "[Service principal Object ID] OR ServicePrincipalsInMyTenant"
      ],
      "excludeServicePrincipals": [
        "[Service principal Object ID]"
      ],
    },
    "locations": {
      "includeLocations": [
        "All"
      ],
      "excludeLocations": [
        "[Named location ID] OR AllTrusted"
      ]
    }
  },
  "grantControls": {
    "operator": "and",
    "builtInControls": [
      "block"
    ]
  }
}

But it contains a mistake. The last comma behind

 "excludeServicePrincipals": [
        "[Service principal Object ID]"
      ],

Must be deleted.

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 60d23869-94f5-22cc-425e-4bf675d84ce0
Version Independent ID: 5105047f-04bf-87ef-ee8e-3e9bf9b5ac3a
Content: Azure Active Directory Conditional Access for workload identities preview - Microsoft Entra
Content Source: articles/active-directory/conditional-access/workload-identity.md
Service: active-directory
Sub-service: conditional-access
GitHub Login: @MicrosoftGuyJFlo
Microsoft Alias: joflore

Nov 11 '22 12:11 joostjansenskg

#reassign:@MicrosoftGuyJFlo

So @joostjansenskg your recommendation is

{
  "displayName": "Name",
  "state": "enabled OR disabled OR enabledForReportingButNotEnforced",
  "conditions": {
    "applications": {
      "includeApplications": [
        "All"
      ]
    },
    "clientApplications": {
      "includeServicePrincipals": [
        "[Service principal Object ID] OR ServicePrincipalsInMyTenant"
      ],
      "excludeServicePrincipals": [
        "[Service principal Object ID]"
      ]
    },
    "locations": {
      "includeLocations": [
        "All"
      ],
      "excludeLocations": [
        "[Named location ID] OR AllTrusted"
      ]
    }
  },
  "grantControls": {
    "operator": "and",
    "builtInControls": [
      "block"
    ]
  }
}

Nov 11 '22 15:11 MicrosoftGuyJFlo

@joostjansenskg Thanks for your feedback! We will investigate and update as appropriate.

Nov 11 '22 15:11 SaibabaBalapur-MSFT

@joostjansenskg Could you confirm on above ask from @MicrosoftGuyJFlo ?

Nov 14 '22 07:11 YashikaTyagii

Yes correct.

Nov 14 '22 08:11 joostjansenskg

@MicrosoftGuyJFlo If you agree with this recommendation by @joostjansenskg. Please provide your feedback.

Nov 14 '22 09:11 YashikaTyagii

#unassign:@YashikaTyagi-MSFT

Nov 14 '22 15:11 MicrosoftGuyJFlo

Resolving with a PR in our private repo

Nov 14 '22 15:11 MicrosoftGuyJFlo

#label:"assigned-to-author"

Nov 14 '22 15:11 MicrosoftGuyJFlo