maester
maester copied to clipboard
EIDSCA.AP08 test fails when no User Consent is configured.
Scenario: The ManagePermissionGrantsForSelf is not configured (admin-only consent).
Test: https://graph.microsoft.com/beta/policies/authorizationPolicy .permissionGrantPolicyIdsAssignedToDefaultUserRole | Sort-Object -Descending | select-object -first 1 = 'ManagePermissionGrantsForSelf.microsoft-user-default-low'
EIDSCA.AP08 test fails because permissionGrantPolicyIdsAssignedToDefaultUserRole does not contain ManagePermissionGrantsForSelf and returns something else, in my case:
Your tenant is configured as ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team. The recommended value is 'ManagePermissionGrantsForSelf.microsoft-user-default-low' for policies/authorizationPolicy
If admin-only is configured (more strict), result should be Pass.