Hi !
I want to enable a Conditional Access Policy periodically with Azure Automation Account.
I'm using user assigned managed identity. I gave it the "Security adminisitrator" role from Azure AD.
I can successfuly connect to AzureAD from my runbook with this commands :
Connect-AzAccount -Identity -AccountId 'XXX'
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$graphToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.microsoft.com").AccessToken
$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.windows.net").AccessToken
Connect-AzureAD -AadAccessToken $aadToken -AccountId $context.Account.Id -TenantId $context.tenant.id
I can get users successfuly so the connection is ok.
But when i try to do this :
Set-AzureADMSConditionalAccessPolicy -PolicyId 'XXX' -State 'Enabled'
I have the error : "Object reference not set to an instance of an object."
In a second try, i've tried with MSGraph :
Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId 'XXX' -State 'Enabled'
but this time i have : "Applications without a signed-in user are not allowed access to this report or data."
If anyone has ever seen this error ...
Thanks in advance :)