jsonazurepowershellcloud
Error - New-MgIdentityConditionalAccessPolicy : 1032: ConditionalActionPolicy validation failed due to InvalidControls
Whenever I try and run this json file to create a conditional access policy for geoblocking, it keeps coming back with:
New-MgIdentityConditionalAccessPolicy : 1032: ConditionalActionPolicy validation failed due to InvalidControls.
Status: 400 (BadRequest)
ErrorCode: BadRequest
Date: 2023-09-13T22:10:38
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 68fdbd3b-3a45-4ddb-956a-7e8e6fed69e4
client-request-id : 23bfe620-7fb8-4c4b-925d-e7d2c4a3d2c0
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West US 2","Slice":"E","Ring":"1","ScaleUnit":"004","RoleInstance":"MW2PEPF0000E056"}}
Cache-Control : no-cache
Date : Wed, 13 Sep 2023 22:10:38 GMT
At C:\\Users\\MarkKearney\\OneDrive - Netsmart Inc\\Documents\\CondAccess\\Deploy-Policies.ps1:295 char:9
+ New-MgIdentityConditionalAccessPolicy -BodyParameter $request ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ body = Micros...lAccessPolicy }:\<\>f__AnonymousType0\`1) \[New-MgIdentityC...ssPolicy_Create\], Exception
+ FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgIdentityConditionalAccessPolicy_Create
Here is the JSON file.
{
"displayName": "Netsmart - <RING> - Geoblock - Outside US & Canada",
"createdDateTime": null,
"modifiedDateTime": null,
"state": "enabledForReportingButNotEnforced",
"sessionControls": null,
"conditions": {
"signInRiskLevels": [],
"clientAppTypes": ["All"],
"platforms": null,
"locations": {
"excludeLocations": ["15b3734a-b51f-4aa9-b76d-4d3a137222ba", "18bde4b6-cb0d-45ea-8058-9578d3ace326"],
"includeLocations": ["All"]
},
"deviceStates": null,
"applications": {
"includeApplications": ["All"],
"excludeApplications": [],
"includeUserActions": []
},
"users": {
"includeUsers": ["All"],
"excludeUsers": [],
"includeGroups": [],
"excludeGroups": [],
"includeRoles": [],
"excludeRoles": []
}
},
"grantControls": {
"operator": "OR",
"builtInControls": [],
"customAuthenticationFactors": [],
"termsOfUse": []
}
}
Any help would be greatly appreciated. Im pretty new to Azure and JSON -> Azure Conditional Access policies.
Solution
New-MgIdentityConditionalAccessPolicy : 1032: ConditionalActionPolicy validation failed due to InvalidControls.
The error message you received indicates that the Conditional Access policy you are trying to create has invalid controls (InvalidControls). When I attempted to create a Conditional Policy by passing an empty value, I also encountered the same error as you.
The "builtInControls" should contain one or more built-in controls that specify what actions should be taken.
To resolve this issue, you should specify at least one valid built-in control that defines what action should be taken when the conditions are met. Common built-in controls include "block", "allow", "requireMFA", and others.
{
"displayName": "Geoblock - Outside US & Canada",
"createdDateTime": null,
"modifiedDateTime": null,
"state": "enabledForReportingButNotEnforced",
"sessionControls": null,
"conditions": {
"signInRiskLevels": [],
"clientAppTypes": ["All"],
"platforms": null,
"locations": {
"excludeLocations": ["15b3734a-b51f-4aa9-b76d-4d3a137222ba", "18bde4b6-cb0d-45ea-8058-9578d3ace326"],
"includeLocations": ["All"]
},
"deviceStates": null,
"applications": {
"includeApplications": ["All"],
"excludeApplications": [],
"includeUserActions": []
},
"users": {
"includeUsers": ["All"],
"excludeUsers": [],
"includeGroups": [],
"excludeGroups": [],
"includeRoles": [],
"excludeRoles": []
}
},
"grantControls": {
"operator": "OR",
"builtInControls": ["block"],
"customAuthenticationFactors": [],
"termsOfUse": []
}
}
Output:
Once the above script was executed, the Conditional Access Policy was successfully created in the portal.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices