Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New or Set-MgEntitlementManagementAssignmentPolicy returns Invalid Model for any policy with reviewSettings on version 2.26 of the SDK #3211

Open
ralflarsen opened this issue Mar 6, 2025 · 0 comments
Open

New or Set-MgEntitlementManagementAssignmentPolicy returns Invalid Model for any policy with reviewSettings on version 2.26 of the SDK #3211

ralflarsen opened this issue Mar 6, 2025 · 0 comments
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience

Comments

@ralflarsen
Copy link

Describe the bug

We create and set access package assignment policies using Azure DevOps pipelines on Microsoft hosted agents. Recently the stage of the pipeline which does this has been failing.

After considerable troubleshooting of the model being passed to the API via the Set-MgEntitlementManagementAssignmentPolicy or New-MgEntitlementManagementAssignmentPolicy, we've identified that it would work consistently only when no reviewSettings were passed to the cmdlet.

If reviewSettings were passed, then Invalid Model was received, despite no changes having been made to the model and the model still being valid according to the Powershell/API reference.

We furthermore identified that the commands would accept reviewSettings when the image version of the agent was 20250209.1.0 or older, but always failed when 20250224.5.0.

Looking into the version history, one of the differences was that the version of Microsoft.Graph included in 20250224.5.0 was 2.26.1, but in 20250209.1.0 it was 2.25.0.

We've since used a task to specifically install Microsoft.Graph 2.25.0 on the agent, whatever version it runs, and the commands are consistency succeeding again. So there is an issue with these cmdlets in version 2.26.1 when reviewSettings are passed - or the accepted model has changed without this being reflected in the documentation.

Expected behavior

It should be possible to pass a reviewSettings object to either cmdlet.

The model passed is very similar to that in the example here - https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/new-mgentitlementmanagementassignmentpolicy?view=graph-powershell-1.0#example-2-code-snippet

And we also tried the exact model in the example, with the same error results.

How to reproduce

In an ADO pipeline, in a AzurePowerShell@5 task and on a windows-latest image on a Microsoft hosted agent, try to create an access package assignment policy with Set-MgEntitlementManagementPolicy and pass in parameters including a reviewSettings object like that in the example.

It will only fail if the image version of the agent selected is 20250224.5.0 or later.

SDK Version

2.26.1

Latest version known to work for scenario above?

2.25.0

Known Workarounds

Use another AzurePowerShell@5 task to manually install version 2.25.0 of the SDK using Install-Module 'Microsoft.Graph' -Scope CurrentUser -RequiredVersion 2.25.0 -Force -AllowClobber

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_
@ralflarsen ralflarsen added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Mar 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ralflarsen