Update-MgIdentityConditionalAccessPolicy cmdlet doesn´t pass empty arrays in the BodyParameter

[JanSchmidt2]

Describe the bug

To manage conditional access as code, I want to update existing conditional access policies with the help of the Update-MgIdentityConditionalAccessPolicy cmdlet. This works fine until I have attributes which are configured but shall be removed to have the attributes not configured any more. When I pass the empty array, it disappears in the body and the values are not removed.

Expected behavior

The empty array is being passed and the existing policy is updated as the requested values are removed from the attribute/condition.

How to reproduce

1. $params = @{
   conditions = @{
   userRiskLevels = @()
   }
   }
2. Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId "" -BodyParameter $params
3. Result: cmdlet sends: "{}" to API

SDK Version

2.26.1

Latest version known to work for scenario above?

2.24.0

Known Workarounds

As a workaround, you can delete and recreate the policy to remove all values of an attribute.

Debug output

DEBUG: [CmdletBeginProcessing]: - Update-MgIdentityConditionalAccessPolicy begin processing with parameterSet 'Update'.
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientSecret', ContextScope: 'Process', AppName: 'ConditionalAccess-testing'.
DEBUG: [Authentication]: - Scopes: [Policy.ReadWrite.ConditionalAccess, Policy.Read.All, Application.Read.All].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Linux; Ubuntu 22.04.5 LTS; ),PowerShell/7.4.7
SdkVersion : graph-powershell/2.26.1
client-request-id : xxx-xxx-xxx
Accept-Encoding : gzip,deflate,b

Body:
{}

Configuration

User-Agent : Mozilla/5.0,(Linux; Ubuntu 22.04.5 LTS; ),PowerShell/7.4.7
SdkVersion : graph-powershell/2.26.1

Other information

Until 19-02-2025, the cmdlet worked fine, but on 21-02-2025, the exact same script didn´t work any more.

[timayabi2020]

Hi @JanSchmidt2 sorry for the inconvenience. There is an already existing merged PR to address this issue, and it will be available in the next release.

[timayabi2020]

Upgrade to the latest version 2.28.0