The pipeline has been stopped.

[TerrorSource]

Description of the issue

I want to export the Intune config with Delegated Permissions, when running the Export-M365DSCConfiguration command i receive the error:

 Connecting to {MicrosoftGraph}...✅
[1/76] Extracting [IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy] using {Credentials}...Invoke-MgGraphRequest : The pipeline has been stopped.
At C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCTelemetryEngine.psm1:115 char:36
+ ...            $currentUser = Invoke-MgGraphRequest -Uri $uri -Method GET
+                               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-MgGraphRequest], PipelineStoppedException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest

Microsoft 365 DSC Version

1.25.319.1

Which workloads are affected

Intune

The DSC configuration

# install M365DSC
Install-Module -Name Microsoft365DSC -Force -AllowClobber

# install/update dependencies
Update-M365DSCDependencies

# check module installation
Get-Module Microsoft365DSC -ListAvailable | select ModuleBase, Version

# Generated by Microsoft365DSC from https://export.microsoft365dsc.com on 3/26/2025, 1:52:09 PM
# Visit https://microsoft365dsc.com for more information

# Getting client credential
$Credential = Get-Credential

# Exporting resources using credentials
Export-M365DSCConfiguration -Components @("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy", "IntuneAccountProtectionLocalUserGroupMembershipPolicy", "IntuneAccountProtectionPolicy", "IntuneAntivirusPolicyWindows10SettingCatalog", "IntuneAppConfigurationDevicePolicy", "IntuneAppConfigurationPolicy", "IntuneApplicationControlPolicyWindows10", "IntuneAppProtectionPolicyAndroid", "IntuneAppProtectionPolicyiOS", "IntuneASRRulesPolicyWindows10", "IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager", "IntuneDeviceAndAppManagementAssignmentFilter", "IntuneDeviceCategory", "IntuneDeviceCleanupRule", "IntuneDeviceCompliancePolicyAndroid", "IntuneDeviceCompliancePolicyAndroidDeviceOwner", "IntuneDeviceCompliancePolicyAndroidWorkProfile", "IntuneDeviceCompliancePolicyiOs", "IntuneDeviceCompliancePolicyMacOS", "IntuneDeviceCompliancePolicyWindows10", "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10", "IntuneDeviceConfigurationCustomPolicyWindows10", "IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10", "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10", "IntuneDeviceConfigurationDomainJoinPolicyWindows10", "IntuneDeviceConfigurationEmailProfilePolicyWindows10", "IntuneDeviceConfigurationEndpointProtectionPolicyWindows10", "IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10", "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10", "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10", "IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10", "IntuneDeviceConfigurationKioskPolicyWindows10", "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10", "IntuneDeviceConfigurationPkcsCertificatePolicyWindows10", "IntuneDeviceConfigurationPlatformScriptMacOS", "IntuneDeviceConfigurationPlatformScriptWindows", "IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator", "IntuneDeviceConfigurationPolicyAndroidDeviceOwner", "IntuneDeviceConfigurationPolicyAndroidOpenSourceProject", "IntuneDeviceConfigurationPolicyAndroidWorkProfile", "IntuneDeviceConfigurationPolicyiOS", "IntuneDeviceConfigurationPolicyMacOS", "IntuneDeviceConfigurationPolicyWindows10", "IntuneDeviceConfigurationSCEPCertificatePolicyWindows10", "IntuneDeviceConfigurationSecureAssessmentPolicyWindows10", "IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10", "IntuneDeviceConfigurationTrustedCertificatePolicyWindows10", "IntuneDeviceConfigurationVpnPolicyWindows10", "IntuneDeviceConfigurationWindowsTeamPolicyWindows10", "IntuneDeviceConfigurationWiredNetworkPolicyWindows10", "IntuneDeviceEnrollmentLimitRestriction", "IntuneDeviceEnrollmentPlatformRestriction", "IntuneDeviceEnrollmentStatusPageWindows10", "IntuneDeviceRemediation", "IntuneDiskEncryptionMacOS", "IntuneEndpointDetectionAndResponsePolicyWindows10", "IntuneExploitProtectionPolicyWindows10SettingCatalog", "IntunePolicySets", "IntuneRoleAssignment", "IntuneRoleDefinition", "IntuneSettingCatalogASRRulesPolicyWindows10", "IntuneSettingCatalogCustomPolicyWindows10", "IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", "IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", "IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", "IntuneWifiConfigurationPolicyAndroidForWork", "IntuneWifiConfigurationPolicyAndroidOpenSourceProject", "IntuneWifiConfigurationPolicyIOS", "IntuneWifiConfigurationPolicyMacOS", "IntuneWifiConfigurationPolicyWindows10", "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", "IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", "IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10", "IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", "IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10") -Credential $Credential

Verbose logs showing the problem

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 26100.1.amd64fre.ge_release.240331-1435
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Key   : PSVersion
Value : 5.1.26100.2161
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.26100.2161
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion

[FabienTschanz]

Can you please run the export command with -Verbose added as a parameter?

[TerrorSource]

I've shortened the command so it will only run 1 component for testing purposes

 # Getting client credential
$Credential = Get-Credential

# Exporting resources using credentials
Export-M365DSCConfiguration -Verbose -Components @("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy") -Credential $Credential 

Powershell info, is this enough?

 PS C:\Users\name> # Getting client credential
$Credential = Get-Credential

# Exporting resources using credentials
Export-M365DSCConfiguration -Verbose -Components @("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy") -Credential $Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Exporting Microsoft 365 configuration for Components: IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
 
Authentication methods specified:
- Credentials
 
VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\DSCResources\MSFT_IntuneAccountProtectionLocalAdministratorPassword
SolutionPolicy\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1'.
VERBOSE: Importing function 'Export-TargetResource'.
VERBOSE: Importing function 'Get-TargetResource'.
VERBOSE: Importing function 'Set-TargetResource'.
VERBOSE: Importing function 'Test-TargetResource'.
Connecting to {MicrosoftGraph}...✅
[1/1] Extracting [IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy] using {Credentials}...VERBOSE: Attempting connection to {MicrosoftGraph} with:
VERBOSE: 
Name                           Value                                                                                                                                       
----                           -----                                                                                                                                       
Credential                     System.Management.Automation.PSCredential                                                                                                   



VERBOSE: Credential was specified. Connecting via User Principal
VERBOSE: Dependencies were already successfully validated.
Invoke-MgGraphRequest : The pipeline has been stopped.
At C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCTelemetryEngine.psm1:115 char:36
+ ...            $currentUser = Invoke-MgGraphRequest -Uri $uri -Method GET
+                               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-MgGraphRequest], PipelineStoppedException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
 
❌
Error Log created at {file://C:/Users/name/9468-M365DSC-ErrorLog.log}
⌛ Export took {18 seconds} for {0 instances}

Destination Path: 

[TerrorSource]

Content of the 9468-M365DSC-ErrorLog.log

[2025/03/26 09:49:47]
{NotSpecified}
Azure.Identity.AuthenticationFailedException: InteractiveBrowserCredential authentication failed: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found. ---> Microsoft.Identity.Client.MsalClientException: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found.
   at Microsoft.Identity.Client.Platforms.Features.WinFormsLegacyWebUi.WebUI.<AcquireAuthorizationAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceInternalAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Utils.StopwatchService.<MeasureCodeBlockAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.<ExecuteAsync>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveCoreAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<>c__DisplayClass14_0.<<AcquireTokenInteractiveAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenViaBrowserLoginAsync>d__53.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenAsync>d__50.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Kiota.Authentication.Azure.AzureIdentityAccessTokenProvider.<GetAuthorizationTokenAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<AuthenticateRequestAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<SendAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy>d__2652.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaDeviceManagementConfigurationPolicy_List.<ProcessRecordAsync>d__88.MoveNext()
"Error during Export:"
at Get-MgBetaDeviceManagementConfigurationPolicy<Process>, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Beta.DeviceManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1: line 21802
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\DSCResources\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1: line 684
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCReverse.psm1: line 685
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCUtil.psm1: line 1512
at <ScriptBlock>, <No file>: line 5
[email protected]
TenantId: tenant.com



[2025/03/26 09:49:56]
{NotSpecified}
Azure.Identity.AuthenticationFailedException: InteractiveBrowserCredential authentication failed: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found. ---> Microsoft.Identity.Client.MsalClientException: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found.
   at Microsoft.Identity.Client.Platforms.Features.WinFormsLegacyWebUi.WebUI.<AcquireAuthorizationAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceInternalAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Utils.StopwatchService.<MeasureCodeBlockAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.<ExecuteAsync>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveCoreAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<>c__DisplayClass14_0.<<AcquireTokenInteractiveAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenViaBrowserLoginAsync>d__53.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenAsync>d__50.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Kiota.Authentication.Azure.AzureIdentityAccessTokenProvider.<GetAuthorizationTokenAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<AuthenticateRequestAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<SendAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy>d__2652.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaDeviceManagementConfigurationPolicy_List.<ProcessRecordAsync>d__88.MoveNext()
"Error during Export:"
at Get-MgBetaDeviceManagementConfigurationPolicy<Process>, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Beta.DeviceManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1: line 21802
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\DSCResources\MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy\MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1: line 539
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCReverse.psm1: line 685
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCUtil.psm1: line 1512
at <ScriptBlock>, <No file>: line 5
[email protected]
TenantId: tenant.com



[2025/03/26 09:51:34]
{NotSpecified}
Azure.Identity.AuthenticationFailedException: InteractiveBrowserCredential authentication failed: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found. ---> Microsoft.Identity.Client.MsalClientException: The browser based authentication dialog failed to complete. Reason: The server or proxy was not found.
   at Microsoft.Identity.Client.Platforms.Features.WinFormsLegacyWebUi.WebUI.<AcquireAuthorizationAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceInternalAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.<FetchAuthCodeAndPkceVerifierAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Utils.StopwatchService.<MeasureCodeBlockAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.<ExecuteAsync>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveCoreAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<>c__DisplayClass14_0.<<AcquireTokenInteractiveAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.MsalPublicClient.<AcquireTokenInteractiveAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenViaBrowserLoginAsync>d__53.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenImplAsync>d__52.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Azure.Identity.InteractiveBrowserCredential.<GetTokenAsync>d__50.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Kiota.Authentication.Azure.AzureIdentityAccessTokenProvider.<GetAuthorizationTokenAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<AuthenticateRequestAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Handlers.AuthenticationHandler.<SendAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy_Call>d__2658.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.DeviceManagement.<DeviceManagementListConfigurationPolicy>d__2652.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaDeviceManagementConfigurationPolicy_List.<ProcessRecordAsync>d__88.MoveNext()
"Error during Export:"
at Get-MgBetaDeviceManagementConfigurationPolicy<Process>, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Beta.DeviceManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1: line 21802
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\DSCResources\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1: line 684
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCReverse.psm1: line 685
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.319.1\Modules\M365DSCUtil.psm1: line 1512
at <ScriptBlock>, <No file>: line 5
[email protected]
TenantId: tenant.com

[FabienTschanz]

Seems like there is a proxy configured on your system. What happens if you just type Connect-MgGraph in the PowerShell session?

[TerrorSource]

Seems like there is a proxy configured on your system. What happens if you just type Connect-MgGraph in the PowerShell session?

It's a completely reset Windows-365 in the cloud machine. No proxies in use.

 PS C:\temp> Connect-MgGraph
Welcome to Microsoft Graph!

Connected via delegated access using 14d82eec-xxxx
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs

NOTE: You can use the -NoWelcome parameter to suppress this message.

[FabienTschanz]

Are there other Graph modules installed? Please run Update-M365DSCModule to make sure that you are on the latest version. I'm unable to reproduce the issue on a clean machine.

Edit: What's the format of your credentials? They must be: [email protected] and the corresponding password. Any other format, e.g. the dedicated tenant id or another dns name for the tenant can cause issues.

[TerrorSource]

@FabienTschanz i've been using a Windows365 in the cloud machine, no proxy settings are applied via my own tenant/intune settings.

I am trying on a different machine now as well:

$Credential = Get-Credential

# Exporting resources using credentials
Export-M365DSCConfiguration -Verbose -Components @("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy") -Credential $Credential

Error:

[1/1] Extracting [IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy] using {Credentials}...❌
Error Log created at {file://C:/temp/6988-M365DSC-ErrorLog.log}
⌛ Export took {32 seconds} for {0 instances}

Destination Path:
ModuleBase                                                            Version
----------                                                            -------
C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.402.1 1.25.402.1

Error file:

{InvalidOperation}
System.Exception: [Forbidden] : {
  "_version": 3,
  "Message": "Application is not authorized to perform this operation. Application must have one of the following scopes: DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementEndpointSecurity.Read.All, DeviceManagementEndpointSecurity.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 9098ebd1-c0f3-4391-8143-723837df9286 - Url: https://fef.msub06.manage.microsoft.com/DeviceConfigV2/DCV2GraphService/de147310-ffff-5301-0607-040819312452/deviceManagement/configurationPolicies?api-version=5024-12-01&$select=createdDateTime%2ccreationSource%2cdescription%2clastModifiedDateTime%2cname%2cplatforms%2cpriorityMetaData%2croleScopeTagIds%2csettingCount%2ctechnologies%2ctemplateReference%2cid",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
"Error during Export:"
at Get-MgBetaDeviceManagementConfigurationPolicy<Process>, C:\Users\Admin\OneDrive\Documents\WindowsPowerShell\Modules\Microsoft.Graph.Beta.DeviceManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1: line 21802
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.402.1\DSCResources\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy\MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1: line 684
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.402.1\Modules\M365DSCReverse.psm1: line 682
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.25.402.1\Modules\M365DSCUtil.psm1: line 1495
at <ScriptBlock>, C:\temp\Untitled6.ps1: line 21
at <ScriptBlock>, <No file>: line 1
[email protected]
TenantId: tenant.com

[FabienTschanz]

Delegated authentication using credentials requires that the App registration named Microsoft Graph Command Line Tools has all the permissions listed for the resource you want to manage. Please add the permissions and try again.

[TerrorSource]

@FabienTschanz thanks for the help. i've solved the permissions via

 # Read-Write Permissions for Microsoft Graph Command Line Tools
Update-M365DSCAllowedGraphScopes  -Type 'Update' -Environment 'Global' -ResourceNameList @('IntuneAppConfigurationPolicy', 'IntuneAppProtectionPolicy', 'IntuneAppProtectionPolicyiOS', 'IntuneAppProtectionPolicyAndroid', 'IntuneDeviceConfigurationPolicy', 'IntuneDeviceConfigurationPolicyiOS', 'IntuneDeviceConfigurationPolicyAndroid', 'IntuneDeviceConfigurationPolicyWindows10', 'IntuneDeviceConfigurationPolicyMacOS', 'IntuneDeviceCompliancePolicy', 'IntuneDeviceCompliancePolicyiOS', 'IntuneDeviceCompliancePolicyAndroid', 'IntuneDeviceCompliancePolicyWindows10', 'IntuneDeviceCompliancePolicyMacOS', 'IntuneConfigurationProfile', 'IntuneConfigurationProfileiOS', 'IntuneConfigurationProfileAndroid', 'IntuneConfigurationProfileWindows10', 'IntuneConfigurationProfileMacOS', 'IntuneConditionalAccessPolicy', 'IntuneRoleDefinition', 'IntuneRoleAssignment', 'IntuneCompliancePolicySetting', 'IntuneWiFiConfigurationPolicy', 'IntuneVPNConfigurationPolicy', 'IntuneTrustedCertificateProfile', 'IntuneSCEPCertificateProfile', 'IntuneMobileApp', 'IntuneMobileAppAssignment', 'IntuneCompliancePolicy', 'IntuneEnrollmentPolicy', 'IntuneDeviceCategory', 'IntuneDeviceComplianceAction', 'IntuneDeviceRestrictionPolicy', 'IntuneEnrollmentRestrictionPolicy') 

However, importing the MOF file does not seem to work, even though i've set the permissions

Export config

 # Generated by Microsoft365DSC from https://export.microsoft365dsc.com on 3/26/2025, 1:52:09 PM
# Visit https://microsoft365dsc.com for more information

# Getting client credential
$Credential = Get-Credential

# Exporting resources using credentials
Export-M365DSCConfiguration -Components @("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy", "IntuneAccountProtectionLocalUserGroupMembershipPolicy", "IntuneAccountProtectionPolicy", "IntuneAntivirusPolicyWindows10SettingCatalog", "IntuneAppConfigurationDevicePolicy", "IntuneAppConfigurationPolicy", "IntuneApplicationControlPolicyWindows10", "IntuneAppProtectionPolicyAndroid", "IntuneAppProtectionPolicyiOS", "IntuneASRRulesPolicyWindows10", "IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager", "IntuneDeviceAndAppManagementAssignmentFilter", "IntuneDeviceCategory", "IntuneDeviceCleanupRule", "IntuneDeviceCompliancePolicyAndroid", "IntuneDeviceCompliancePolicyAndroidDeviceOwner", "IntuneDeviceCompliancePolicyAndroidWorkProfile", "IntuneDeviceCompliancePolicyiOs", "IntuneDeviceCompliancePolicyMacOS", "IntuneDeviceCompliancePolicyWindows10", "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10", "IntuneDeviceConfigurationCustomPolicyWindows10", "IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10", "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10", "IntuneDeviceConfigurationDomainJoinPolicyWindows10", "IntuneDeviceConfigurationEmailProfilePolicyWindows10", "IntuneDeviceConfigurationEndpointProtectionPolicyWindows10", "IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10", "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10", "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10", "IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10", "IntuneDeviceConfigurationKioskPolicyWindows10", "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10", "IntuneDeviceConfigurationPkcsCertificatePolicyWindows10", "IntuneDeviceConfigurationPlatformScriptMacOS", "IntuneDeviceConfigurationPlatformScriptWindows", "IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator", "IntuneDeviceConfigurationPolicyAndroidDeviceOwner", "IntuneDeviceConfigurationPolicyAndroidOpenSourceProject", "IntuneDeviceConfigurationPolicyAndroidWorkProfile", "IntuneDeviceConfigurationPolicyiOS", "IntuneDeviceConfigurationPolicyMacOS", "IntuneDeviceConfigurationPolicyWindows10", "IntuneDeviceConfigurationSCEPCertificatePolicyWindows10", "IntuneDeviceConfigurationSecureAssessmentPolicyWindows10", "IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10", "IntuneDeviceConfigurationTrustedCertificatePolicyWindows10", "IntuneDeviceConfigurationVpnPolicyWindows10", "IntuneDeviceConfigurationWindowsTeamPolicyWindows10", "IntuneDeviceConfigurationWiredNetworkPolicyWindows10", "IntuneDeviceEnrollmentLimitRestriction", "IntuneDeviceEnrollmentPlatformRestriction", "IntuneDeviceEnrollmentStatusPageWindows10", "IntuneDeviceRemediation", "IntuneDiskEncryptionMacOS", "IntuneEndpointDetectionAndResponsePolicyWindows10", "IntuneExploitProtectionPolicyWindows10SettingCatalog", "IntunePolicySets", "IntuneRoleAssignment", "IntuneRoleDefinition", "IntuneSettingCatalogASRRulesPolicyWindows10", "IntuneSettingCatalogCustomPolicyWindows10", "IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", "IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", "IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", "IntuneWifiConfigurationPolicyAndroidForWork", "IntuneWifiConfigurationPolicyAndroidOpenSourceProject", "IntuneWifiConfigurationPolicyIOS", "IntuneWifiConfigurationPolicyMacOS", "IntuneWifiConfigurationPolicyWindows10", "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", "IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", "IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10", "IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", "IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10") -Credential $Credential

Changed a value in the ps1

# Create MOF
.\M365TenantConfig.ps1  -Credential $Global:AdminNonMFA

# import MOF
Start-DscConfiguration -Path C:\temp\DSC\delegated\M365TenantConfig\ -Wait -Force

error in PowerShell ISE:

 PS C:\temp\DSC\delegated> Start-DscConfiguration -Path C:\temp\DSC\delegated\M365TenantConfig\ -Wait -Force
Authentication needed. Please call Connect-MgGraph.
    + CategoryInfo          : AuthenticationError: (:) [], CimException
    + FullyQualifiedErrorId : AuthenticationError,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
    + PSComputerName        : localhost
 
The PowerShell DSC resource '[IntuneDeviceCleanupRule]IntuneDeviceCleanupRule' with SourceInfo 
'C:\temp\DSC\delegated\M365TenantConfig.ps1::34::9::IntuneDeviceCleanupRule' threw one or more non-terminating errors while running the Set-TargetResource functionality. 
These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
Authentication needed. Please call Connect-MgGraph.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementDeviceCompliancePolicy_CreateExpanded
    + PSComputerName        : localhost
 
The PowerShell DSC resource '[IntuneDeviceCompliancePolicyAndroid]IntuneDeviceCompliancePolicyAndroid-Standaardnalevingsbeleid voor Android' with SourceInfo 
'C:\temp\DSC\delegated\M365TenantConfig.ps1::41::9::IntuneDeviceCompliancePolicyAndroid' threw one or more non-terminating errors while running the Set-TargetResource 
functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost 

[FabienTschanz]

That's strange. Are you based in the US with a tenant that is not in the public region? E.g. USGov, DoD or something like that? To troubleshoot authentication issues, please set the environment variable MSCLOUDLOGINASSISTANT_WRITETOEVENTLOG to true and run Start-DscConfiguration again after restarting the shell. Then, you can find an event log named MSCloudLoginAssistant under Applications & Services Logs in the event viewer. You can export and zip it so that we can take a look at the authentication flow and see, if it actually authenticates.

[FabienTschanz]

I stumbled upon a discussion somewhere but can't find the link anymore. Can you check if TLS1.2 is enabled in the Internet Options of the control panel? After that, restart the system and try again. Maybe that helps.

[FabienTschanz]

@TerrorSource Do you have any updates? Otherwise we will close the issue. Thank you.

[TerrorSource]

@TerrorSource Do you have any updates? Otherwise we will close the issue. Thank you.

Hi, i just tried again to get this to work:

1. export configuration (readonly permissions) with certificate = works
2. change a setting in the ps1 file (like PasscodeBlockSimple from $True to $False)
3. copy ps1 file to folder with different ConfigurationData.psd1 (as the ConfigurationData.psd1 is different when certificates are used)
4. create MOF
5. Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Domain.Read.All", "Policy.Read.All", "Policy.ReadWrite.ConditionalAccess"
6. Start-DscConfiguration -Path C:\temp\DSC\after-delegated\M365TenantConfig -Wait -Force -Debug
7. errors:

PS C:\temp\DSC\after-delegated> Start-DscConfiguration -Path C:\temp\DSC\after-delegated\M365TenantConfig -Wait -Force -Debug
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespace
Name' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer WIN11DEMO with user sid S-1-12-1-xx
VERBOSE: [WIN11DEMO]: LCM:  [ Start  Set      ]
VERBOSE: [WIN11DEMO]: LCM:  [ Start  Resource ]  [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode]
VERBOSE: [WIN11DEMO]: LCM:  [ Start  Test     ]  [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode]
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Testing configuration of {9caacd4c0-xx}
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Getting configuration of the Intun
e Device Configuration Policy for iOS with Id {9caacd4c-xx} and DisplayName {EMEA-Passcode}
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the usernam
e in the format of <tenant>.onmicrosoft.* for the Credential property.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the tenant 
name in format <tenant>.onmicrosoft.* for TenantId.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Unable to retrieve AccessToken. Ha
ve you registered the 'Microsoft Graph PowerShell' application already? Please run 'Connect-MgGraph -Scopes Domain.Read.All' and logon using '[email protected]'
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Current Values: AccountBlockModifi
cation=False
...
PasscodeBlockSimple=False
...
WifiPowerOnForced=False
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Target Values: AccountBlockModific
ation=False
...
PasscodeBlockSimple=False
...
WifiPowerOnForced=False
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Test-TargetResource returned False
VERBOSE: [WIN11DEMO]: LCM:  [ End    Test     ]  [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode]  in 0.8180 seconds.
VERBOSE: [WIN11DEMO]: LCM:  [ Start  Set      ]  [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode]
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the usernam
e in the format of <tenant>.onmicrosoft.* for the Credential property.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the tenant 
name in format <tenant>.onmicrosoft.* for TenantId.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Unable to retrieve AccessToken. Ha
ve you registered the 'Microsoft Graph PowerShell' application already? Please run 'Connect-MgGraph -Scopes Domain.Read.All' and logon using '[email protected]'
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Getting configuration of the Intun
e Device Configuration Policy for iOS with Id {9caacd4c-xx and DisplayName {EMEA-Passcode}
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the usernam
e in the format of <tenant>.onmicrosoft.* for the Credential property.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] We recommend providing the tenant 
name in format <tenant>.onmicrosoft.* for TenantId.
WARNING: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Unable to retrieve AccessToken. Ha
ve you registered the 'Microsoft Graph PowerShell' application already? Please run 'Connect-MgGraph -Scopes Domain.Read.All' and logon using '[email protected]'
VERBOSE: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] Creating {EMEA-Passcode}
DEBUG: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] [CmdletBeginProcessing]: - New-MgBet
aDeviceManagementDeviceConfiguration begin processing with parameterSet 'Create'.
DEBUG: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] [CmdletException]: Received exceptio
n with message 'AuthenticationException - Authentication needed. Please call Connect-MgGraph. :    at Microsoft.Graph.PowerShell.Authentication.Core.Utilities.Authenticat
ionHelpers.<GetAuthenticationProviderAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.PowerShell.Authentication.Helpers.HttpHelpers.GetGraphHttpClient()
   at Microsoft.Graph.Beta.PowerShell.Module.BeforeCreatePipeline(InvocationInfo invocationInfo, HttpPipeline& pipeline)
   at Microsoft.Graph.Beta.PowerShell.Module.CreatePipeline(InvocationInfo invocationInfo, String parameterSetName)
   at Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementDeviceConfiguration_Create.<ProcessRecordAsync>d__58.MoveNext()'
Authentication needed. Please call Connect-MgGraph.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.NewMgBetaDeviceManagementDeviceConfiguration_Create
    + PSComputerName        : localhost
 
DEBUG: [WIN11DEMO]:                            [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode] [CmdletEndProcessing]: - New-MgBetaD
eviceManagementDeviceConfiguration end processing.
VERBOSE: [WIN11DEMO]: LCM:  [ End    Set      ]  [[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode]  in 0.8210 seconds.
The PowerShell DSC resource '[IntuneDeviceConfigurationPolicyIOS]IntuneDeviceConfigurationPolicyiOS-EMEA-Passcode' with SourceInfo 
'C:\temp\DSC\after-delegated\ios-after.ps1::34::9::IntuneDeviceConfigurationPolicyiOS' threw one or more non-terminating errors while running the Set-TargetResource 
functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [WIN11DEMO]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 1.889 seconds

PS C:\temp\DSC\after-delegated> 

[FabienTschanz]

Can you please share part of the configuration, especially of the authentication methods? I don't quite understand if you're using certificates or delegated authentication. The log indicates delegated but without some of the necessary permissions as well as the userprincipalname is not provided in the @.onmicrosoft.com format. Using certificates works fine for me, delegated as well.

[TerrorSource]

Can you please share part of the configuration, especially of the authentication methods? I don't quite understand if you're using certificates or delegated authentication. The log indicates delegated but without some of the necessary permissions as well as the userprincipalname is not provided in the @.onmicrosoft.com format. Using certificates works fine for me, delegated as well.

Did you also test exporting the config with certificates and upload with delegated? That's what we would like to achieve

[FabienTschanz]

Ahh I see, so I assume that your secondary ConfigurationData.psd1 just contains nothing? You need to update the M365TenantConfig.ps1 file to actually ask you for credentials, otherwise it won't work. An example:

M365TenantConfig_with_Certificate.ps1

# Generated with Microsoft365DSC version 1.25.611.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
)

Configuration M365TenantConfig
{
    param (
    )

    $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.25.611.1'

    Node localhost
    {
        IntuneDeviceCleanupRule "IntuneDeviceCleanupRule"
        {
            ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Enabled               = $False;
            Ensure                = "Present";
            IsSingleInstance      = "Yes";
            TenantId              = $OrganizationName;
        }
    }
}

M365TenantConfig -ConfigurationData .\ConfigurationData.psd1

M365TenantConfig_with_Credentials.ps1

# Generated with Microsoft365DSC version 1.25.611.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
    [parameter()]
    [System.Management.Automation.PSCredential]
    $Credential
)

Configuration M365TenantConfig
{
    param (
        [parameter()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    if ($null -eq $Credential)
    {
        <# Credentials #>
        $Credscredential = Get-Credential -Message "Credentials"

    }
    else
    {
        $CredsCredential = $Credential
    }

    $OrganizationName = $CredsCredential.UserName.Split('@')[1]

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.25.611.1'

    Node localhost
    {
        IntuneDeviceCleanupRule "IntuneDeviceCleanupRule"
        {
            Credential           = $Credscredential;
            Enabled              = $False;
            Ensure               = "Present";
            IsSingleInstance     = "Yes";
        }
    }
}

M365TenantConfig -ConfigurationData .\ConfigurationData.psd1 -Credential $Credential

Do you see the difference in the file? If you export a file using certificates and want to use some other authentication methods afterwards, you also have to update all of the resources to also include that new type. That's something I just stumbled upon in an ancient issue. Would you like to have a function built in to M365DSC, with which you can change the authentication methods for all resources?

[FabienTschanz]

Any updates here? Otherwise I'll close the issue.

[FabienTschanz]

Closing the issue.