Description
Affected Command:
Register-PnPAzureADApp -ApplicationName "testapp" -Tenant $TenantURL -Interactive -GraphApplicationPermissions Directory.Read.All,Group.ReadWrite.All,Sites.ReadWrite.All,User.ReadWrite.All,Tasks.Read.All -SharePointDelegatePermissions AllSites.FullControl -SharePointApplicationPermissions Sites.FullControl.All,User.ReadWrite.All
- Is the issue related to the cmdlet itself, its parameters, the syntax, or do you suspect it is the code of the cmdlet that is causing the issue?
Yes, itseems like an issue with the validate set
i tried running Get-PnPPlannerTask and it only works if i manually add Tasks.Read.All permission manually to the azure app registration...
Reporting an Issue or Missing Feature
issue with command Register-PnPAzureADApp
Expected behavior
I would expect the command to create a new azure app registration and add the permission to the azure app registration like it does for other permissions, but the command fails, i have to remove this specific permission for the command to complete and then manually add permission Tasks.Read.All to achieve what i need
Actual behavior
The error below is thrown:
Register-PnPAzureADApp: Cannot validate argument on parameter 'GraphApplicationPermissions'. The argument "Tasks.Read.All" does not belong to the set "AgreementAcceptance.Read.All,Agreement.ReadWrite.All,Agreement.Read.All,ConsentRequest.ReadWrite.All,Policy.ReadWrite.ConsentRequest,ConsentRequest.Read.All,Sites.Selected,PrintSettings.Read.All,Chat.Create,ChatMember.ReadWrite.All,ChatMember.Read.All,DataLossPreventionPolicy.Evaluate,SensitivityLabel.Evaluate,SensitiveInfoType.Detect,SensitiveInfoType.Read.All,APIConnectors.ReadWrite.All,APIConnectors.Read.All,TeamsTab.ReadWriteForUser.All,TeamsTab.ReadWriteForTeam.All,TeamsTab.ReadWriteForChat.All,ChatMessage.Read.All,CallRecord-PstnCalls.Read.All,RoleManagement.Read.All,Policy.Read.ConditionalAccess,ShortNotes.ReadWrite.All,ShortNotes.Read.All,ServiceMessage.Read.All,ServiceHealth.Read.All,TermStore.ReadWrite.All,TermStore.Read.All,TeamMember.ReadWriteNonOwnerRole.All,Team.Create,TeamsAppInstallation.ReadWriteSelfForUser.All,TeamsAppInstallation.ReadWriteSelfForTeam.All,TeamsAppInstallation.ReadWriteSelfForChat.All,TeamsAppInstallation.ReadWriteForUser.All,TeamsAppInstallation.ReadWriteForTeam.All,TeamsAppInstallation.ReadWriteForChat.All,TeamsAppInstallation.ReadForUser.All,TeamsAppInstallation.ReadForTeam.All,TeamsAppInstallation.ReadForChat.All,Teamwork.Migrate.All,PrintTaskDefinition.ReadWrite.All,PrintJob.ReadWriteBasic.All,PrintJob.ReadWrite.All,PrintJob.ReadBasic.All,PrintJob.Read.All,PrintJob.Manage.All,Printer.ReadWrite.All,Printer.Read.All,Policy.ReadWrite.PermissionGrant,Policy.Read.PermissionGrant,Chat.ReadBasic.All,Policy.ReadWrite.Authorization,Policy.ReadWrite.AuthenticationMethod,Policy.ReadWrite.AuthenticationFlows,ChannelMember.ReadWrite.All,ChannelMember.Read.All,TeamMember.ReadWrite.All,TeamMember.Read.All,TeamSettings.Read.All,TeamSettings.ReadWrite.All,Channel.ReadBasic.All,Team.ReadBasic.All,ChannelSettings.ReadWrite.All,ChannelSettings.Read.All,Channel.Delete.All,Channel.Create,EntitlementManagement.ReadWrite.All,EntitlementManagement.Read.All,Sites.Manage.All,Sites.FullControl.All,Notes.ReadWrite.All,UserShiftPreferences.ReadWrite.All,UserShiftPreferences.Read.All,User.ManageIdentities.All,Device.Read.All,Policy.ReadWrite.ApplicationConfiguration,Domain.Read.All,TeamsTab.ReadWrite.All,TeamsTab.Read.All,TeamsTab.Create,UserAuthenticationMethod.Read.All,UserAuthenticationMethod.ReadWrite.All,Policy.ReadWrite.ConditionalAccess,CallRecords.Read.All,Schedule.ReadWrite.All,Schedule.Read.All,ThreatAssessment.Read.All,Group.Create,GroupMember.ReadWrite.All,GroupMember.Read.All,BitlockerKey.ReadBasic.All,BitlockerKey.Read.All,Application.Read.All,UserNotification.ReadWrite.CreatedByApp,TeamsApp.ReadWrite.All,TeamsApp.Read.All,ApprovalRequest.ReadWrite.CustomerLockbox,ApprovalRequest.ReadWrite.AdminConsentRequest,ApprovalRequest.ReadWrite.EntitlementManagement,ApprovalRequest.ReadWrite.PriviligedAccess,ApprovalRequest.Read.CustomerLockbox,ApprovalRequest.Read.AdminConsentRequest,ApprovalRequest.Read.EntitlementManagement,ApprovalRequest.Read.PriviligedAccess,ThreatIndicators.Read.All,PrivilegedAccess.ReadWrite.AzureResources,PrivilegedAccess.ReadWrite.AzureADGroup,PrivilegedAccess.ReadWrite.AzureAD,PrivilegedAccess.Read.AzureResources,PrivilegedAccess.Read.AzureADGroup,PrivilegedAccess.Read.AzureAD,TeamsActivity.Send,TeamsActivity.Read.All,DelegatedPermissionGrant.ReadWrite.All,AppRoleAssignment.ReadWrite.All,DeviceManagementServiceConfig.ReadWrite.All,DeviceManagementRBAC.ReadWrite.All,DeviceManagementManagedDevices.ReadWrite.All,DeviceManagementManagedDevices.PrivilegedOperations.All,DeviceManagementConfiguration.ReadWrite.All,DeviceManagementApps.ReadWrite.All,OrgContact.Read.All,Calls.Initiate.All,Calls.InitiateGroupCall.All,Calls.JoinGroupCall.All,Calls.JoinGroupCallAsGuest.All,Calls.AccessMedia.All,OnlineMeetings.Read.All,OnlineMeetings.ReadWrite.All,IdentityUserFlow.ReadWrite.All,IdentityUserFlow.Read.All,Calendars.ReadWrite,Calendars.Read,Device.ReadWrite.All,Directory.ReadWrite.All,Directory.Read.All,Group.ReadWrite.All,Group.Read.All,Contacts.ReadWrite,Contacts.Read,Mail.Send,Mail.ReadWrite,Mail.Read,MailboxSettings.Read,Domain.ReadWrite.All,MailboxSettings.ReadWrite,Application.ReadWrite.All,ChannelMessage.UpdatePolicyViolation.All,ChannelMessage.Read.All,Chat.Read.All,Chat.UpdatePolicyViolation.All,People.Read.All,Reports.Read.All,AccessReview.Read.All,AccessReview.ReadWrite.All,ProgramControl.Read.All,ProgramControl.ReadWrite.All,Application.ReadWrite.OwnedBy,AuditLog.Read.All,User.Read.All,User.ReadWrite.All,IdentityRiskyUser.Read.All,EduAdministration.ReadWrite.All,EduAdministration.Read.All,EduAssignments.ReadWrite.All,EduAssignments.Read.All,EduAssignments.ReadWriteBasic.All,EduAssignments.ReadBasic.All,EduRoster.ReadWrite.All,EduRoster.Read.All,EduRoster.ReadBasic.All,IdentityRiskEvent.Read.All,Files.Read.All,IdentityRiskyUser.ReadWrite.All,IdentityRiskEvent.ReadWrite.All,Chat.ReadWrite.All,SecurityEvents.Read.All,SecurityEvents.ReadWrite.All,Sites.Read.All,SecurityActions.Read.All,SecurityActions.ReadWrite.All,ThreatIndicators.ReadWrite.OwnedBy,Files.ReadWrite.All,User.Invite.All,Notes.Read.All,InformationProtectionPolicy.Read.All,AdministrativeUnit.Read.All,AdministrativeUnit.ReadWrite.All,IdentityProvider.Read.All,IdentityProvider.ReadWrite.All,Policy.Read.All,Policy.ReadWrite.TrustFramework,TrustFrameworkKeySet.Read.All,TrustFrameworkKeySet.ReadWrite.All,OnPremisesPublishingProfiles.ReadWrite.All,DeviceManagementServiceConfig.Read.All,DeviceManagementRBAC.Read.All,DeviceManagementManagedDevices.Read.All,DeviceManagementApps.Read.All,DeviceManagementConfiguration.Read.All,AccessReview.ReadWrite.Membership,ExternalItem.ReadWrite.All,Member.Read.Hidden,Place.Read.All,Organization.Read.All,Organization.ReadWrite.All,RoleManagement.Read.Directory,RoleManagement.ReadWrite.Directory,Sites.ReadWrite.All,Policy.ReadWrite.FeatureRollout,Mail.ReadBasic,Mail.ReadBasic.All" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.
Steps to reproduce behavior
Install the module
Run the command against the target tenant
What is the version of the Cmdlet module you are running?
Get-Module -Name "PnP.PowerShell" -ListAvailable
Directory: /home/darwin/.local/share/powershell/Modules
ModuleType Version PreRelease Name PSEdition ExportedCommands
Manifest 2.4.0 PnP.PowerShell Desk {Add-PnPAdaptiveScopeProperty, Add-PnPEntraIDGroupMember, Add-PnPEntraIDGroupOwn…
Which operating system/environment are you running PnP PowerShell on?
- Windows
- [ x ] Linux
- MacOS
- Azure Cloud Shell
- Azure Functions
- Other : please specify