[BUG] Error in pipeline when running update #191
Comments
|
How is the app registration setup, is it a multi-tenant app setup in the upstream tenant and added to the downstream? |
|
Somewhere in the chain you are running in to permission issues |
|
Also, given the log outputs, you are not running the latest version of IntuneCD (2.3.0), then the output would be in a different format |
|
Hi The tenant where the app is created is not a multi-tenant. I've recreated the app on both tenants where the problem occurs. But the problem is still there. After some more searching, I found where the problem occurs, in the settings for Windows Hello for Business on the enrollement page . Also is there a parameter to give to make sure that the pipeline uses version 2.3.0? Thanks in advance |
|
I will see if there is any way that I can replicate the behaviour you have described to understand what is happening. Regarding the use of the latest version, all that is required is to run the |
|
I've done some more testing, and the error appears when I enable Windows Hello under Windows enrollment. Just enabeling it is enough to fail the update. Even when keeping the default values, it will still fail. As for the version of IntunceCD when i run the pipeline the command is pip install IntuneCD but it wil install version 2.2.0 |
|
I managed to replicate and find out what is going on. Windows Hello For Business settings require delegated permissions when updating the values, i.e. you must use interactive authentication as application permissions won't work. I will have to add a check for this payload and output that updating Windows Hello For Business is only possible when running with interactive auth. Regarding the IntuneCD version, can you try this command and see if it successfully installs the newest version? |
|
Ok, no problem, good to know. Then this will be a manual setup for Windows Hello for us. As for running the command, it produces the following error: 2024-04-05T07:50:59.4359335Z ##[section]Starting: Install IntuneCD |
|
I just tried in an Azure DevOps pipeline using the Try run an update of pip before installing IntuneCD: |
|
With ubuntu-latest its not working but if i user ubuntu-22.04 then ersion 2.3.0 is installed |
|
Very interesting, latest should be |
Describe the bug
When i want to push an update to a new tenant, I get the following error on update_enrollmentConfigurations.py. "Tenant is not Global Admin or Intune Service Admin. Patch operation is restricted"
If I run the backup with --exclude EnrollmentConfigurations the update then runs fine.
I've even removed every custom setting under enrolment in the tenant where the backup comes from, but still no luck.
In previous test setups, I've never encountered this issue before.
Any insights are welcome.
To Reproduce
Not sure what causes the issue, like I've written above, I've removed every custom setting in the enrollment page.
Expected behavior
apply configuration with is does for to some extend see Pic2
The naming convention I've set gets applyed before the error.
Screenshots
Pic 1:
Pic 2:
Pic 3: App rights
Pic 4: Update pipeline
Pic 5: Run when --exclude EnrollmentConfigurations is applyed to backup
Pic 6: Run when no excluded is applyed to backup
Run type (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: