Reputation: 13
New-AzureADPolicy : Error occurred while executing NewPolicy in windows powershell
I am trying to follow the instructions on the Microsoft website (https://learn.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes) to configure a custom token expiry policy.
However I am getting an incomprehensible error message. It does not appear to be a temporary error as I have tried it a few times over the last few days.
I have tried running Powershell as both normal and "as administrator", it makes no difference to the outcome.
PS C:\Users\sheakbar> New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1,”MaxInactiveTime”:”14.00:00:00″,”MaxAgeSing
leFactor”:”90.00:00:00″,”MaxAgeMultiFactor”:”90.00:00:00″,”MaxAgeSessionSingleFactor”:”until-revoked”,”MaxAgeSessionMultiFactor”:”unti
l-revoked”}}’) -DisplayName “OrganizationDefaultPolicyScenario” -IsOrganizationDefault $true -Type “TokenLifetimePolicy”
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
InnerError:
RequestId: 4c0f01de-96b4-4483-8a19-43b411149880
DateTimeStamp: Thu, 07 Jun 2018 04:28:08 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1, ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
Upvotes: 0
Views: 1303
Answers (2)
Reputation: 24549
If we use global administrator(xxx.onmicrosoft.com) account to connect-AzureAD.
Then we could New-AzureADPolicy, and I test it on my side with following command
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"14.00:00:00","MaxAgeSingleFactor":"90.00:00:00","MaxAgeMultiFactor":"90.00:00:00","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
Upvotes: 0
Reputation: 9401
According to the error message, it seems like your account is not a global admin in your tenant and doesn't enough permissions to excute this powershell command.
Solution:
Run the Connect command Connect-AzureAD to sign in to your Azure AD admin account.
Upvotes: 1
Related Questions
- Set-AzureADUserLicense error when trying to create license object
- How to get New-AzureADPolicy to work in azure cloud shell
- Get-AzureADPolicy : The term 'Get-AzureADPolicy' is not recognized
- Add-AzureADGroupMember error "Error occurred while executing AddGroupMember"
- Azure: New-AzRoleAssignment Input string was not in a correct format - error with double parsing... without any number
- Add-AzureADApplicationPolicy: Error occurred while executing AddApplicationPolicy (Request_ResourceNotFound)
- AzureAD PowerShell New-AzureRmRoleAssignment keeps failing
- New-AzureADPolicy missed in the Azure cloud shell
- New-AzureADPolicy : Error occurred while executing NewPolicy
- New azure active directory with powershell