New-AzRoleAssignmentScheduleRequest cmdlet does not work when a PIM eligible role assignment has Conditional Access authentication context enabled
charlie-swing opened this issue · comments
Description
I am able to get the New-AzRoleAssignmentScheduleRequest to work on some PIM eligible assignments, however I noticed I get an error message when trying this on eligible assignments that have the Conditional Access authentication context setting enabled. Is there any way to get around this?
Script or Debug output
No response
Environment data
No response
Module versions
Az.Resources 5.6.0
Error output
New-AzRoleAssignmentScheduleRequest : &claims=%7B%22access_token%22%3A%7B%22acrs%22%3A%7B%22essential%22%3Atrue%2C%20%22value%22%3A%22c1%22%7D%7D%7D
At line:21 char:1
+ New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -Expira ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Scope = /subs...heduleRequest }:<>f__AnonymousType53) [New-AzRoleAssig..._CreateExpanded], Exception
+ FullyQualifiedErrorId : RoleAssignmentRequestAcrsValidationFailed,Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Cmdlets.NewAzRoleAssignmentScheduleRequest_CreateExpanded
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @darshanhs90, @AshishGargMicrosoft.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @darshanhs90, @AshishGargMicrosoft.