Disable privileged account does not work, anymore #1992
Labels
Comments
ghost
added
the
|
Thanks for raising this @anthonyvandenbossche Is the user object being sent for the |
|
Hi @andrueastman, I was indeed referencing an object from a previous request. This is not a good idea so it seems. Code was adapted to:
This seems to work! Thanks for your feedback!! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a function app that creates user accounts in an Azure AD tenant using an app registration and application permissions. Since it is a PIM solution, it also adds newly created users to Role-Assigned groups (for example a group that is assigned to the Global Admins role). After an allotted amount of time, the tool will remove the user from the group (therefor removing the privilege), and then disable the account. This disable action fails since the beginning of this week with "Request_BadRequest Message: Property 'isSipEnabled' is read-only and cannot be set.". When an enable of that same user account is tried, the same error pops up. Deleting a privileged user is not a problem, strangely.
The app has a number of application api perms (user.readwrite.all, group.readwrite.all and RoleManagement.ReadWrite.Directory). To facilitate enabling/disabling of the account, an Azure AD role was granted to the app registration: Privileged Authentication Administrator.
Extra info: the app is using:
The text was updated successfully, but these errors were encountered: