Error obtaining AzureAD conditional access

[amadeus916]

Hi, Using delegated access and with the Policy.Read.All permission I failed to get CA documentation.

$doc = Get-M365Doc -Components AzureAD
Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/policies
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13

•         throw "Used application does not have sufficiant permissi ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Used applicatio...Access/policies:String) [], RuntimeException
  • FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/conditionalAccess/
    policies

Getting my tokens permissions show Policy.Real.All

scp : AccessReview.Read.All Agreement.Read.All AppCatalog.Read.All Application.Read.All ConsentRequest.Read.All Device.Read.All
DeviceManagementApps.Read.All DeviceManagementConfiguration.Read.All DeviceManagementManagedDevices.Read.All
DeviceManagementRBAC.Read.All DeviceManagementServiceConfig.Read.All Directory.Read.All Domain.Read.All Organization.Read.All
Policy.Read.All PrivilegedAccess.Read.AzureAD PrivilegedAccess.Read.AzureADGroup PrivilegedAccess.Read.AzureResources User.Read
profile openid email

Trying the same in the web I see that is the only permission required

[amadeus916]

Same issue after excluding AADConditionalAccess this time with Identity providers

Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/identityProviders
At C:\Program Files\WindowsPowerShell\Modules\M365Documentation\3.3.0\Internal\Helper\Invoke-DocGraph.ps1:62 char:13

•         throw "Used application does not have sufficiant permissi ...
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (Used applicatio...entityProviders:String) [], RuntimeException
  • FullyQualifiedErrorId : Used application does not have sufficiant permission to access: https://graph.microsoft.com/beta/identity/identityProviders

  I tried adding IdentityProvider.Read.All and Policy.Read.ConditionalAccess but both errors remain.

[ThomasKur]

I have seen this error now as well. it can also happen if you have no license for the specific feature. Could it be that in this tenant you have no E5 or Entra ID P2 license for example?