mutiple Configuration Erros

[asadvohra]

Description of the issue

Can someone please validate my script, im continiously getting errors, sometime graph authentication sometime authencation method.

Full Script to Configure CIS Compliance

Write-Host "Enabling WinRM and setting execution policy..." -ForegroundColor Cyan
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Enable-PSRemoting -Force

Install Required Modules

Write-Host "Installing required PowerShell modules..." -ForegroundColor Cyan
Install-Module -Name Microsoft365DSC -RequiredVersion 1.24.626.1 -Force -AllowClobber
Install-Module Microsoft.Graph -Force -AllowClobber

Update Installed Modules

Write-Host "Updating installed PowerShell modules..." -ForegroundColor Cyan
#Update-Module Microsoft.Graph -force
#Update-Module Microsoft365DSC -force
Update-M365DSCDependencies -force

#Verfication of modules installing
Get-Module -ListAvailable -Name Microsoft365DSC, Microsoft.Graph,ExchangeOnlineManagement | Select Name, ModuleBase

Application and Tenant Details

$ApplicationId = "abc"
$TenantId = "123.onmicrosoft.com"
$ApplicationSecret = "123"

Convert Client Secret to SecureString

$SecureClientSecret = ConvertTo-SecureString -String $ApplicationSecret -AsPlainText -Force
$ClientSecretCredential = New-Object System.Management.Automation.PSCredential($ApplicationId, $SecureClientSecret)

Connect to Microsoft Graph

Connect-MgGraph -TenantId $TenantId -ClientSecretCredential $ClientSecretCredential
Write-Host "Connected to Microsoft Graph successfully." -ForegroundColor Green

#Authentication Verification
Write-Host "Successfully Authentic." -ForegroundColor Green
Get-MgContext

Define the Configuration

Configuration CISCompliancePolicies {
Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.626.1'

Node localhost {


    # Limit Administrator Accounts
    AADGroup "CIS 1.1.3 - Limit Administrator Accounts" {
        Ensure = "Present"
        MailNickname = "abc"
        DisplayName = "Global Admins"
        SecurityEnabled = $true
        MailEnabled     = $True
        Members = @("@.onmicrosoft.com")
        TenantId = ".onmicrosoft.com" 
    }

}

}

Define Variables

$ApplicationId = "123" # Replace with your app ID
$TenantId = "123.onmicrosoft.com" # Replace with your tenant ID
$ApplicationSecret = "123" # Replace with your client secret
$SecureClientSecret = ConvertTo-SecureString -String $ApplicationSecret -AsPlainText -Force
$Credscredential = New-Object System.Management.Automation.PSCredential($ApplicationId, $SecureClientSecret)

Output Path for Configuration

$ConfigPath = "C:\CISCompliancePolicies"
CISCompliancePolicies -OutputPath $ConfigPath

Apply the Configuration

Start-DscConfiguration -Path $ConfigPath -Wait -Force -Verbose
Write-Host "CIS compliance policies configured successfully." -ForegroundColor Green

Export the Current Configuration

Write-Host "Exporting current configuration to generate HTML report..." -ForegroundColor Cyan
Export-M365DSCConfiguration -Components @("AADGroup")
-ApplicationId $ApplicationId -ApplicationSecret $ApplicationSecret
-TenantId $TenantId `
-ConfigurationType HTML

Write-Host "CIS compliance HTML report generated successfully." -ForegroundColor Green

Disconnect from Microsoft Graph

Disconnect-MgGraph
Write-Host "Disconnected from Microsoft Graph." -ForegroundColor Green

Microsoft 365 DSC Version

1.24.626.1

Which workloads are affected

Azure Active Directory (Entra ID), Exchange Online, Security & Compliance Center

The DSC configuration

Verbose logs showing the problem

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}

Key   : PSVersion
Value : 5.1.22621.4391
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.22621.4391
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion

[asadvohra]

Mode LastWriteTime Length Name

---

-a---- 20/11/2024 23:01 2424 localhost.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurat
ionManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DESKTOP-9NEA30J with user sid S-1-5-21-1606539650-3114261197-1917013219-500.
VERBOSE: [DESKTOP-9NEA30J]: LCM: [ Start Set ]
VERBOSE: [DESKTOP-9NEA30J]: LCM: [ Start Resource ] [[AADGroup]CIS 1.1.3 - Limit Administrator Accounts]
VERBOSE: [DESKTOP-9NEA30J]: LCM: [ Start Test ] [[AADGroup]CIS 1.1.3 - Limit Administrator Accounts]
VERBOSE: [DESKTOP-9NEA30J]: [[AADGroup]CIS 1.1.3 - Limit Administrator Accounts] Testing configuration of AzureAD Groups
VERBOSE: [DESKTOP-9NEA30J]: [[AADGroup]CIS 1.1.3 - Limit Administrator Accounts] Getting configuration of AzureAD Group
VERBOSE: [DESKTOP-9NEA30J]: LCM: [ End Test ] [[AADGroup]CIS 1.1.3 - Limit Administrator Accounts] in 9.1210 seconds.
PowerShell DSC resource MSFT_AADGroup failed to execute Test-TargetResource functionality with error message: Could not determine authentication
method
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost

VERBOSE: [DESKTOP-9NEA30J]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 9.568 seconds
CIS compliance policies configured successfully.
Exporting current configuration to generate HTML report...
Export-M365DSCConfiguration : A parameter cannot be found that matches parameter name 'ConfigurationType'.
At line:47 char:5

• -ConfigurationType HTML
  

• ~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (:) [Export-M365DSCConfiguration], ParameterBindingException
  • FullyQualifiedErrorId : NamedParameterNotFound,Export-M365DSCConfiguration

CIS compliance HTML report generated successfully.
Disconnect-MgGraph : No application to sign out from.
At line:52 char:1

• Disconnect-MgGraph

•   + CategoryInfo          : CloseError: (:) [Disconnect-MgGraph], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.DisconnectMgGraph
  
  

Disconnected from Microsoft Graph.

[FabienTschanz]

@asadvohra First, I would start by updating the Microsoft365DSC version to the latest version 1.24.1120.1 (released yesterday). Your version is already quite old. Secondly, there is an error message Export-M365DSCConfiguration : A parameter cannot be found that matches parameter name 'ConfigurationType'. telling you that the -ConfigurationType parameter is not found. Please remove that one and try again.

Additionally, you don't need to install all the Graph modules, simply running Update-M365DSCModule or Update-M365DSCDependencies is enough. Except if you want to do some stuff outside of Microsoft365DSC, that is. If that's the case, just ignore this comment.