KQL Query semantic error "Failed to resolve scalar expression named 'IsInteetFacing'" on Query checking for IsInternetFacing

[DefenderAPINinja]

Describe the bug

I am trying to get some data via KQL and Powershell Module "Microsoft.Graph.Security". When running the Query I get an semantic error from the cmdlet but that semantic error is not present in the Query.
I authenticate with a certificate and am running Version 2.26.0 of Microsoft.Graph.Security on Powershell 7.5

Where is the misspelled IsInteetFacing from the error message comming from?

Query
$KQLQuery = @{
Query = "DeviceInfo | summarize arg_max(Timestamp, DeviceId, DeviceName, ExposureLevel, IsInternetFacing, SensorHealthState, OnboardingStatus) by DeviceId, bin(Timestamp, 1d)"
}
Start-MgSecurityHuntingQuery -BodyParameter $KQLQuery

Error
Start-MgSecurityHuntingQuery_Run: untitled:Untitled-1:16:1
Line |
16 | $result = Start-MgSecurityHuntingQuery -BodyParameter $KQLQuery
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 'summarize' operator: Failed to resolve scalar expression named 'IsInteetFacing'. Fix semantic errors in your query. Status: 400 (BadRequest) ErrorCode: BadRequest
| Date: 2025-02-26T08:54:14 Headers: Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id :
| 1e7849dd-b4da-48e1-8bff-725e1f016fc3 client-request-id : d40b4179-845f-4bbc-9278-c9ebd7271fcc x-ms-ags-diagnostic :
| {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"4","ScaleUnit":"004","RoleInstance":"FR2PEPF0000054F"}} Date : Wed, 26
| Feb 2025 08:54:13 GMT

Recommendation: See service error codes: https://learn.microsoft.com/graph/errors

Expected behavior

Either return an error with content from the KQL query or execute the KQL query

How to reproduce

Import-Module Microsoft.Graph.Security
Connect-MgGraph

$KQLQuery = @{
Query = "DeviceInfo | summarize arg_max(Timestamp, DeviceId, DeviceName, ExposureLevel, IsInternetFacing, SensorHealthState, OnboardingStatus) by DeviceId, bin(Timestamp, 1d)"
}
Start-MgSecurityHuntingQuery -BodyParameter $KQLQuery

SDK Version

2.26.00

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

```

PS C:\Users\phi\OneDrive - first frame networkers ag\Dokumente\Scripts> Start-MgSecurityHuntingQuery -BodyParameter $KQLQuery -Debug
DEBUG: [CmdletBeginProcessing]: - Start-MgSecurityHuntingQuery begin processing with parameterSet 'Run'.
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientCertificate', ContextScope: 'Process', AppName: 'first frame managed protected connector'.
DEBUG: [Authentication]: - Scopes: [SecurityAlert.ReadWrite.All, SecurityEvents.Read.All, ThreatIndicators.ReadWrite.OwnedBy, SecurityIncident.ReadWrite.All, ThreatHunting.Read.All].

Confirm
Are you sure you want to perform this action?
Performing the operation "Start-MgSecurityHuntingQuery_Run" on target "Call remote 'POST /security/microsoft.graph.security.runHuntingQuery' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/v1.0/security/microsoft.graph.security.runHuntingQuery

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; de-CH),PowerShell/2025.0.0
SdkVersion : graph-powershell/2.26.0
client-request-id : c43d412b-1b5b-42c8-8c85-e9c28c9abd35
Accept-Encoding : gzip,deflate,br

Body:
{
"query": "DeviceInfo | summarize arg_max(Timestamp, DeviceId, DeviceName, ExposureLevel, IsInteetFacing, SensorHealthState, OnboardingStatus) by DeviceId, bin(Timestamp, 1d)"
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 6ae93e30-7472-4bdd-80e2-1a464e8658eb
client-request-id : c43d412b-1b5b-42c8-8c85-e9c28c9abd35
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"4","ScaleUnit":"000","RoleInstance":"FR1PEPF00000C1F"}}
Date : Wed, 26 Feb 2025 09:31:48 GMT

Body:
{
"error": {
"code": "BadRequest",
"message": "'summarize' operator: Failed to resolve scalar expression named 'IsInteetFacing'. Fix semantic errors in your query.",
"innerError": {
"date": "2025-02-26T09:31:49",
"request-id": "6ae93e30-7472-4bdd-80e2-1a464e8658eb",
"client-request-id": "c43d412b-1b5b-42c8-8c85-e9c28c9abd35"
}
}
}

Start-MgSecurityHuntingQuery_Run: 'summarize' operator: Failed to resolve scalar expression named 'IsInteetFacing'. Fix semantic errors in your query.

Status: 400 (BadRequest)
ErrorCode: BadRequest
Date: 2025-02-26T09:31:49

Headers:
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 6ae93e30-7472-4bdd-80e2-1a464e8658eb
client-request-id : c43d412b-1b5b-42c8-8c85-e9c28c9abd35
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"4","ScaleUnit":"000","RoleInstance":"FR1PEPF00000C1F"}}
Date : Wed, 26 Feb 2025 09:31:48 GMT

Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
DEBUG: [CmdletEndProcessing]: - Start-MgSecurityHuntingQuery end processing.
PS C:\Users\phi\OneDrive - first frame networkers ag\Dokumente\Scripts>

</details>


### Configuration

_No response_

### Other information

_No response_

[timayabi2020]

Hi @DefenderAPINinja sorry for that experience. This issue has been resolved in the latest version 2.26.1. I'll also close this as a duplicate since it was reported here #3178 and #3183