Error using New-MgPolicyCrossTenantAccessPolicyPartner #3320
Description
Describe the bug
I am trying to create a new "Cross Tenant Access Policy Partner".
We have built scripting for this which we have been using for a bout a year now and on which we saw an unexpected failure starting some weeks ago. The script uses New-MgPolicyCrossTenantAccessPolicyPartner at its core. The error text mentions Invalid property 'b2BDirectConnectInbound'.
It turns out that the example on your MS Learn page for this cmdlet gives the same error, so I will use that as example.
Expected behavior
A new partner configuration in a cross-tenant access policy is created.
How to reproduce
$PSVersionTable.PSVersion
(Get-MgContext).Scopes
(Get-InstalledModule Microsoft.Graph).Version
(Get-InstalledModule Microsoft.Graph.Beta).Version
$params = @{
tenantId = "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a"
b2bDirectConnectOutbound = @{
usersAndGroups = @{
accessType = "blocked"
targets = @(
@{
target = "6f546279-4da5-4b53-a095-09ea0cef9971"
targetType = "group"
}
)
}
}
b2bDirectConnectInbound = @{
applications = @{
accessType = "allowed"
targets = @(
@{
target = "Office365"
targetType = "application"
}
)
}
}
}
New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
New-MgBetaPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
is expected to create a new partner configuration, but instead gives an error:
Major Minor Patch PreReleaseLabel BuildLabel
----- ----- ----- --------------- ----------
7 5 1
CrossTenantInformation.ReadBasic.All
Policy.Read.All
Policy.ReadWrite.CrossTenantAccess
2.27.0
2.27.0
New-MgPolicyCrossTenantAccessPolicyPartner_Create:
Line |
35 | New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Invalid property 'b2BDirectConnectInbound'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:39:14
Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 1892dfc1-9fd1-45f6-96f5-a68c3a15d2bf
client-request-id : 041370da-ec4e-4e9f-b4b0-dd6353b906c7
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00043902"}}
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:39:14 GMT
Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
New-MgBetaPolicyCrossTenantAccessPolicyPartner_Create:
Line |
37 | New-MgBetaPolicyCrossTenantAccessPolicyPartner -BodyParameter $params
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Invalid property 'b2BDirectConnectInbound'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:39:14
Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 05f7593d-1537-4598-a9d2-09f69938f228
client-request-id : 11af986b-a8ba-4621-a3c9-ef022296b51b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"AM4PEPF00043902"}}
Link : <https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html",<https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html",<https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=beta,PrivatePreview:XtapIdPSelection&from=2022-03-01&to=2022-04-01>;rel="deprecation";type="text/html"
deprecation : Wed, 10 Jan 2024 23:59:59 GMT
sunset : Sat, 10 Jan 2026 23:59:59 GMT
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:39:14 GMT
Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
SDK Version
7.5.1
Latest version known to work for scenario above?
Unknown
Known Workarounds
None (create manually)
Debug output
Click to expand log
```New-MgPolicyCrossTenantAccessPolicyPartner -BodyParameter $params -Debug
DEBUG: [CmdletBeginProcessing]: - New-MgPolicyCrossTenantAccessPolicyPartner begin processing with parameterSet 'Create'.
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientCertificate', ContextScope: 'Process', AppName: 'App-IAM-MSGraph-ExternalIdentities'.
DEBUG: [Authentication]: - Scopes: [CrossTenantInformation.ReadBasic.All, Policy.Read.All, Policy.ReadWrite.CrossTenantAccess].
Confirm
Are you sure you want to perform this action?
Performing the operation "New-MgPolicyCrossTenantAccessPolicyPartner_Create" on target "Call remote 'POST
/policies/crossTenantAccessPolicy/partners' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
POST
Absolute Uri:
https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/partners
Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631; en-NL),PowerShell/2025.0.0
SdkVersion : graph-powershell/2.27.0
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
Accept-Encoding : gzip,deflate,br
Body:
{
"tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
"b2BDirectConnectInbound": {
"applications": {
"accessType": "allowed",
"targets": [
{
"target": "Office365",
"targetType": "application"
}
]
}
},
"b2BDirectConnectOutbound": {
"usersAndGroups": {
"accessType": "blocked",
"targets": [
{
"target": "6f546279-4da5-4b53-a095-09ea0cef9971",
"targetType": "group"
}
]
}
}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
BadRequest
Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 7d9535da-4800-428f-a206-c62b7c9a72ae
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"007","RoleInstance":"AM4PEPF0004390C"}}
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:44:52 GMT
Body:
{
"error": {
"code": "Request_BadRequest",
"message": "Invalid property 'b2BDirectConnectInbound'.",
"innerError": {
"date": "2025-05-13T06:44:52",
"request-id": "7d9535da-4800-428f-a206-c62b7c9a72ae",
"client-request-id": "609d7952-b795-4417-a495-d9e32fe7db0b"
}
}
}
New-MgPolicyCrossTenantAccessPolicyPartner_Create: Invalid property 'b2BDirectConnectInbound'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-13T06:44:52
Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 7d9535da-4800-428f-a206-c62b7c9a72ae
client-request-id : 609d7952-b795-4417-a495-d9e32fe7db0b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"007","RoleInstance":"AM4PEPF0004390C"}}
x-ms-resource-unit : 1
Date : Tue, 13 May 2025 06:44:52 GMT
Recommendation: See service error codes: https://learn.microsoft.com/graph/errors
DEBUG: [CmdletEndProcessing]: - New-MgPolicyCrossTenantAccessPolicyPartner end processing.
</details>
### Configuration
Both Azure DevOps Microsoft Managed Windows agents and Windows 11 x64
### Other information
No idea