Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This application has been disabled by Microsoft #89

Open
JosephSay opened this issue Apr 11, 2024 · 9 comments
Open

This application has been disabled by Microsoft #89

JosephSay opened this issue Apr 11, 2024 · 9 comments

Comments

@JosephSay
Copy link

image
Getting an error that the application has been disabled by Microsoft, just checking to see if there is another version.
@StephanGa
Copy link

Same issue. Tried to delete it - then came across this entry in graph explorer.
We are doing our manual access reviews with that.

image

@pstapf
Copy link

pstapf commented Apr 15, 2024

You can just create your own App Registration and point the Connect-AADAssessment to your AppID.
Delegated permissions will be added to your app reg then.

@StephanGa
Copy link

Thanks. Can you help me out with the "Redirect URL" or maybe some other settings that need to be done?

I added https://login.microsoftonline.com as Redirect URL and use the "-clientid" parameter but it fails with:
Get-MsalToken : A configuration issue is preventing authentication - check the error message from the server for
details. You can modify the configuration in the application registration portal. See
https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain
the following parameter: 'client_assertion' or 'client_secret'.

It should take the rights of my current user as delegated rights

@pstapf
Copy link

pstapf commented Apr 15, 2024

Ahh sorry, yes, forget to add that detail.
I added the following native/desktop client redirect Uri: https://login.microsoftonline.com/common/oauth2/nativeclient

After you consent to the permissions make sure they are added correctly to the app and admin grant ist set

/Peter

@StephanGa
Copy link

StephanGa commented Apr 16, 2024
edited
Loading

I though i give it some time... but:
Anything else i need to configure?

PS C:\Users\admin> Connect-AADAssessment -clientid "4ba2af9f-xxx-a46c-b4d3584fcfb1" Get-MsalToken : A configuration issue is preventing authentication - check the error message from the server for
details. You can modify the configuration in the application registration portal. See
https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain
the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 0112fa30-31be-41be-bdf8-3455b4d04000
Correlation ID: ece7897b-0f3a-4137-8c0f-d2384390c4a7 Timestamp: 2024-04-16 06:31:40Z

Deleted App again and tried with redirect URL from the start - same error

@merill
Copy link
Member

merill commented Apr 26, 2024

Cheers folks. I have updated the instructions to include a step to create the app

@TomAafloen
Copy link

Hello!

The Connect-AADAssessment cmdlet works great with my own Client. But the Complete-AADAssessmentReports cmdlet still gives the error:

AADSTS7000112: Application '68bc31c0-f891-4f4c-9309-c6104f7be41b'(Azure AD Assessment) is disabled.

Can I point that cmdlet to my registered app somehow? I do not see a ClientId parameter there.

@arvindsuthar
Copy link

@merill or @TomAafloen any update on getting the Complete-AADAssessmentReports cmdlet working again?

@arvindsuthar
Copy link

Ah! Looks like you need to precede the Complete-AADAssessmentReports call with a Connect-AADAssessment call!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@merill @arvindsuthar @pstapf @JosephSay @TomAafloen @StephanGa