Posts

Showing posts from November, 2023

SOLVED: Error message ResourceTypeNotSupported "Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/summarize'" using the Azure REST API.

To generate a state summary of a of an Azure policy assignment you can use the Azure PowerShell cmdlet Get-AzPolicyStateSummary. However when you call this using REST you get the error https://management.azure.com/Subscriptions/ {{subscriptionId}} /providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01 {      "error" : {          "code" :  "ResourceTypeNotSupported" ,          "message" :  "Unsupported resource type: 'Microsoft.PolicyInsights/policyStates/summarize'."     } } This is because the method must be called with the verb POST (not GET).

SOLVED: Using the Azure Command-Line Interface (CLI) behind Fiddler - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Image
If you want to use Fiddler to monitor the commands and REST calls that are executed by the Microsoft Azure Command-Line Interface (CLI) you may find you hit this error. Using the Azure Command-Line Interface (CLI) behind Fiddler - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate The Azure Command-Line Interface (CLI) does use the built in system certificates in the machine store that you probably updated when you installed Fiddler and instead you need to up a configuration file. In the certificates MMC find the DO_NOT_TRUST_FidderRoot certificate, right click, and select All Tasks > Export. Select to not  export the private key. Select BASE-64 encoded X.509 (.CER) and select a file location to export the file If you don't have the certficate in here you can goto Fiddler goto Tools > Options > HTTPS > Actions > Export Root Certificate to Desktop. You can then import the certificate, then export it in BASE-64 encoding....

SOLVED: Connect-ExchangeOnline: Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower.

Image
When you try and connect to Exchange Online using a service principal and client certificate such as this Connect-ExchangeOnline -AppId " identifier " -CertificateThumbprint " thumbprint " -Organization "yourdomain.onmicrosoft.com"; You may see the following error Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion.  Problem: The certificate you're using is too secure  for the Exchange Online PowerShell cmdlets. If you read the Microsoft Guidance here you'll see their examples use older encryption which does work correctly. https://learn.microsoft.com/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-3-generate-a-self-sig...