如何在 AzureADPreview Windows PowerShell 中修复 'Policy operations on v2 application are disabled'
How to fix 'Policy operations on v2 application are disabled' in AzureADPreview Windows PowerShell
我已经在 Azure AD 中注册了一个多租户应用程序,我想延长登录我的应用程序的用户收到的访问和刷新令牌的生命周期。尽管为令牌创建了默认策略,但我的用户收到的访问令牌是 1 小时。
我创建的策略是:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:00:00","MaxInactiveTime":"90.00:00:00","MaxAgeSingleFactor":"until-revoked","MaxAgeMultiFactor":"until-revoked","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
考虑到我的政策可能不适用于从其他租户登录的用户,我尝试使用以下方法专门将其应用于我的应用:
Add-AzureADApplicationPolicy -Id -RefObjectId
but I was presented the error:
Add-AzureADApplicationPolicy : Error occurred while executing AddApplicationPolicy
Code: Request_BadRequest
Message: Policy operations on v2 application are disabled.
InnerError:
RequestId: ...
DateTimeStamp: Mon, 02 Sep 2019 20:39:54 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:1
+ Add-AzureADApplicationPolicy -Id ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-AzureADApplicationPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.AddApplica
tionPolicy
The Add-AzureADApplicationPolicy cmdlet is not available at this time
.
您可以在 document 的顶部找到此消息。
但是,我只是在我这边测试过,如果您不选择个人帐户作为帐户类型,它会起作用。
任何租户的应用程序将无法添加 Azure AD 策略,此问题需要考虑为设计使然,因为 Azure AD 策略被视为 v1 策略,不能应用于 V2 应用程序.
以下是对问题的回复:
Some policies are blocked for converged Applications, since they are not supported by MSA (Microsoft Account) and Azure AD.
The Configurable Token Lifetime will be deprecated later this year and replaced by an new feature for Conditional Access policy.
So, we are not planning to invest into Configurable Token Lifetime to discourage taking dependencies with it.
在第二段中指出重要的可配置令牌生命周期策略将被弃用,请检查以下信息:
希望对您有所帮助。
我已经在 Azure AD 中注册了一个多租户应用程序,我想延长登录我的应用程序的用户收到的访问和刷新令牌的生命周期。尽管为令牌创建了默认策略,但我的用户收到的访问令牌是 1 小时。
我创建的策略是:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:00:00","MaxInactiveTime":"90.00:00:00","MaxAgeSingleFactor":"until-revoked","MaxAgeMultiFactor":"until-revoked","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
考虑到我的政策可能不适用于从其他租户登录的用户,我尝试使用以下方法专门将其应用于我的应用:
Add-AzureADApplicationPolicy -Id -RefObjectId but I was presented the error:
Add-AzureADApplicationPolicy : Error occurred while executing AddApplicationPolicy
Code: Request_BadRequest
Message: Policy operations on v2 application are disabled.
InnerError: RequestId: ... DateTimeStamp: Mon, 02 Sep 2019 20:39:54 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:1 + Add-AzureADApplicationPolicy -Id ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-AzureADApplicationPolicy], ApiException + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.AddApplica tionPolicy
The Add-AzureADApplicationPolicy cmdlet is not available at this time .
您可以在 document 的顶部找到此消息。
但是,我只是在我这边测试过,如果您不选择个人帐户作为帐户类型,它会起作用。
任何租户的应用程序将无法添加 Azure AD 策略,此问题需要考虑为设计使然,因为 Azure AD 策略被视为 v1 策略,不能应用于 V2 应用程序.
以下是对问题的回复:
Some policies are blocked for converged Applications, since they are not supported by MSA (Microsoft Account) and Azure AD.
The Configurable Token Lifetime will be deprecated later this year and replaced by an new feature for Conditional Access policy.
So, we are not planning to invest into Configurable Token Lifetime to discourage taking dependencies with it.
在第二段中指出重要的可配置令牌生命周期策略将被弃用,请检查以下信息:
希望对您有所帮助。