Skip to content

Error using New-MgPolicyCrossTenantAccessPolicyPartner #3320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vlijmenfileer opened this issue May 13, 2025 · 3 comments
Open

Error using New-MgPolicyCrossTenantAccessPolicyPartner #3320

vlijmenfileer opened this issue May 13, 2025 · 3 comments
Labels
no-recent-activity status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close type:bug A broken experience

Comments

@vlijmenfileer
Copy link

Describe the bug

I am trying to create a new "Cross Tenant Access Policy Partner".
We have built scripting for this which we have been using for a bout a year now and on which we saw an unexpected failure starting some weeks ago. The script uses New-MgPolicyCrossTenantAccessPolicyPartner at its core. The error text mentions Invalid property 'b2BDirectConnectInbound'.

It turns out that the example on your MS Learn page for this cmdlet gives the same error, so I will use that as example.

Expected behavior

A new partner configuration in a cross-tenant access policy is created.

How to reproduce

$PSVersionTable.PSVersion

(Get-MgContext).Scopes

(Get-InstalledModule Microsoft.Graph).Version

(Get-InstalledModule Microsoft.Graph.Beta).Version

$params = @{
	tenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
	b2bDirectConnectOutbound = @{
		usersAndGroups = @{
			accessType = "blocked"
			targets = @(
				@{
					target = "6f546279-4da5-4b53-a095-09ea0cef9971"
					targetType = "group"
				}
			)
		}
	}
	b2bDirectConnectInbound = @{
		applications = @{
			accessType = "allowed"
			targets = @(
				@{
					target = "Office365"
					targetType = "application"
				}
			)
		}
	}
}

New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params

New-MgBetaPolicyCrossTenantAccessPolicyPartner -BodyParameter $params

is expected to create a new partner configuration, but instead gives an error:

Major  Minor  Patch  PreReleaseLabel BuildLabel
-----  -----  -----  --------------- ----------
7      5      1
CrossTenantInformation.ReadBasic.All
Policy.Read.All
Policy.ReadWrite.CrossTenantAccess
2.27.0
2.27.0
New-MgPolicyCrossTenantAccessPolicyPartner_Create: 
Line |
  35 |  New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Invalid property 'b2BDirectConnectInbound'.

Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:39:14

Headers:
Cache-Control                 : no-cache
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 1892dfc1-9fd1-45f6-96f5-a68c3a15d2bf
client-request-id             : 041370da-ec4e-4e9f-b4b0-dd6353b906c7
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00043902"}}
x-ms-resource-unit            : 1
Date                          : Tue, 13 May 2025 06:39:14 GMT


  Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
New-MgBetaPolicyCrossTenantAccessPolicyPartner_Create: 
Line |
  37 |  New-MgBetaPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Invalid property 'b2BDirectConnectInbound'.

Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:39:14

Headers:
Cache-Control                 : no-cache
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 05f7593d-1537-4598-a9d2-09f69938f228
client-request-id             : 11af986b-a8ba-4621-a3c9-ef022296b51b
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00043902"}}
Link                          : <https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html",<https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html",<https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html"
deprecation                   : Wed, 10 Jan 2024 23:59:59 GMT
sunset                        : Sat, 10 Jan 2026 23:59:59 GMT
x-ms-resource-unit            : 1
Date                          : Tue, 13 May 2025 06:39:14 GMT


  Recommendation: See service error codes: https://learn.microsoft.com/graph/errors

SDK Version

7.5.1

Latest version known to work for scenario above?

Unknown

Known Workarounds

None (create manually)

Debug output

Click to expand log ```

New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params -Debug
DEBUG: [CmdletBeginProcessing]: - New-MgPolicyCrossTenantAccessPolicyPartner begin processing with parameterSet 'Create'.
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientCertificate', ContextScope: 'Process', AppName: 'App-IAM-MSGraph-ExternalIdentities'.
DEBUG: [Authentication]: - Scopes: [CrossTenantInformation.ReadBasic.All, Policy.Read.All, Policy.ReadWrite.CrossTenantAccess].

Confirm
Are you sure you want to perform this action?
Performing the operation "New-MgPolicyCrossTenantAccessPolicyPartner_Create" on target "Call remote 'POST
/policies/crossTenantAccessPolicy/partners' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/partners

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; en-NL),PowerShell/2025.0.0
SdkVersion : graph-powershell/2.27.0
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
Accept-Encoding : gzip,deflate,br

Body:
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"b2BDirectConnectInbound": {
"applications": {
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
},
"b2BDirectConnectOutbound": {
"usersAndGroups": {
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
}
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 7d9535da-4800-428f-a206-c62b7c9a72ae
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"007","RoleInstance":"AM4PEPF0004390C"}}
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:44:52 GMT

Body:
{
"error": {
"code": "Request_BadRequest",
"message": "Invalid property 'b2BDirectConnectInbound'.",
"innerError": {
"date": "2025-05-13T06:44:52",
"request-id": "7d9535da-4800-428f-a206-c62b7c9a72ae",
"client-request-id": "609d7952-b795-4417-a495-d9e32fe7db0b"
}
}
}

New-MgPolicyCrossTenantAccessPolicyPartner_Create: Invalid property 'b2BDirectConnectInbound'.

Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:44:52

Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 7d9535da-4800-428f-a206-c62b7c9a72ae
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"007","RoleInstance":"AM4PEPF0004390C"}}
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:44:52 GMT

Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
DEBUG: [CmdletEndProcessing]: - New-MgPolicyCrossTenantAccessPolicyPartner end processing.

</details>


### Configuration

Both Azure DevOps Microsoft Managed Windows agents and Windows 11 x64


### Other information

No idea
@vlijmenfileer vlijmenfileer added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels May 13, 2025
@timayabi2020
Copy link
Contributor

Please update to the latest SDK version (2.28.0)

@timayabi2020 timayabi2020 added status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned labels May 13, 2025
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

@vanboven
Copy link

I updated from PowerShell SDK version 2.27 to 2.28.0. This resolved the issue.

I tried to find what in the list of changes for 2.27 could have caused this behaviour, but could not find anything obviously related. A bit of a bummer. But I'm glad it's been solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-recent-activity status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vlijmenfileer @timayabi2020 @vanboven