Microsoft365DSC icon indicating copy to clipboard operation
Microsoft365DSC copied to clipboard

Published 20 hours ago verified publisher icon microsoft

AADConditionalAccessPolicy: Add support for Authentication Flows

Open techthoughts2 opened this issue 1 year ago • 0 comments

Description of the issue

AADConditionalAccessPolicy does not currently support Conditional Access (CA) policy settings related to Authentication flows:

  • Device Code Flow
  • Authentication transfer

See attached photo for corresponding portal based settings:

image

While this CA policy can be successfully created in the Portal, an export of the policy does not reflect any of the settings related to Authentication flow settings.

See attached export of the resource for details.

Enhancement request: Add support to the AADConditionalAccessPolicy resource for adjusting the Device Code Flow and Authentication transfer settings.

Microsoft 365 DSC Version

v1.24.313.1

Which workloads are affected

Azure Active Directory

The DSC configuration

AADConditionalAccessPolicy "AADConditionalAccessPolicy-Block MS Device code flow"
{
    ApplicationId                        = $ConfigurationData.NonNodeData.ApplicationId;
    AuthenticationContexts               = @();
    BuiltInControls                      = @("block");
    CertificateThumbprint                = $ConfigurationData.NonNodeData.CertificateThumbprint;
    ClientAppTypes                       = @("all");
    CloudAppSecurityType                 = "";
    CustomAuthenticationFactors          = @();
    DeviceFilterRule                     = "";
    DisplayName                          = "Block MS Device code flow";
    Ensure                               = "Present";
    ExcludeApplications                  = @();
    ExcludeExternalTenantsMembers        = @();
    ExcludeExternalTenantsMembershipKind = "";
    ExcludeGroups                        = @();
    ExcludeLocations                     = @();
    ExcludePlatforms                     = @();
    ExcludeRoles                         = @();
    ExcludeUsers                         = @("");
    GrantControlOperator                 = "OR";
    Id                                   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx";
    IncludeApplications                  = @("All");
    IncludeExternalTenantsMembers        = @();
    IncludeExternalTenantsMembershipKind = "";
    IncludeGroups                        = @();
    IncludeLocations                     = @();
    IncludePlatforms                     = @();
    IncludeRoles                         = @();
    IncludeUserActions                   = @();
    IncludeUsers                         = @("All");
    PersistentBrowserMode                = "";
    SignInFrequencyType                  = "";
    SignInRiskLevels                     = @();
    State                                = "enabled";
    TenantId                             = $OrganizationName;
    UserRiskLevels                       = @();
}

Verbose logs showing the problem

N/A

Environment Information + PowerShell Version

No response

techthoughts2 avatar Mar 20 '24 20:03 techthoughts2