[GH-ISSUE #2127] CIPPStandardDisableViva does not function #1086

New issue

Closed

opened 2026-03-02 13:41:28 +03:00 by kerem · 3 comments

kerem commented 2026-03-02 13:41:28 +03:00

Owner

Copy link

Originally created by @kris6673 on GitHub (Feb 11, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2127

Description

Toggle remediate and run it.
Throws an "EXCEPTION: Tenant admin role is required" error. Have tried adding -AsApp $true but that does no difference.
Tried with tenant ID instead of default domain, but did nothing different.
The Graph explorer cannot patch it either, throws a really cryptic error thats too big to post here.

Environment data

Front end: 5.1.1
Back end: 5.1.1

Full error from the API terminal

EXCEPTION: Tenant admin role is required.
[2024-02-11T17:45:43.847Z] 
[2024-02-11T17:45:43.848Z] Exception             : 
[2024-02-11T17:45:43.848Z]     Type                        : System.Management.Automation.RuntimeException
[2024-02-11T17:45:43.849Z]     ErrorRecord                 : 
[2024-02-11T17:45:43.849Z]         Exception             : 
[2024-02-11T17:45:43.849Z]             Type    : System.Management.Automation.ParentContainsErrorRecordException
[2024-02-11T17:45:43.850Z]             Message : Tenant admin role is required.
[2024-02-11T17:45:43.850Z]             HResult : -2146233087
[2024-02-11T17:45:43.851Z]         CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
[2024-02-11T17:45:43.851Z]         FullyQualifiedErrorId : RuntimeException
[2024-02-11T17:45:43.852Z]     WasThrownFromThrowStatement : True
[2024-02-11T17:45:43.852Z]     Message                     : Tenant admin role is required.
[2024-02-11T17:45:43.852Z]     HResult                     : -2146233087
[2024-02-11T17:45:43.853Z] TargetObject          : Tenant admin role is required.
[2024-02-11T17:45:43.853Z] CategoryInfo          : OperationStopped: (Tenant admin role is required.:String) [], RuntimeException
[2024-02-11T17:45:43.854Z] FullyQualifiedErrorId : Tenant admin role is required.
[2024-02-11T17:45:43.854Z] InvocationInfo        : 
[2024-02-11T17:45:43.855Z]     ScriptLineNumber : 62
[2024-02-11T17:45:43.855Z]     OffsetInLine     : 17
[2024-02-11T17:45:43.855Z]     HistoryId        : -1
[2024-02-11T17:45:43.856Z]     ScriptName       : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1 
[2024-02-11T17:45:43.856Z]     Line             : throw $Message
[2024-02-11T17:45:43.857Z] 
[2024-02-11T17:45:43.857Z]     PositionMessage  : At C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1:62 char:17
[2024-02-11T17:45:43.858Z]                        +                 throw $Message
[2024-02-11T17:45:43.858Z]                        +                 ~~~~~~~~~~~~~~
[2024-02-11T17:45:43.859Z]     PSScriptRoot     : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper
[2024-02-11T17:45:43.859Z]     PSCommandPath    : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1 
[2024-02-11T17:45:43.860Z]     CommandOrigin    : Internal
[2024-02-11T17:45:43.860Z] ScriptStackTrace      : at New-GraphGetRequest, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1: line 62
[2024-02-11T17:45:43.861Z]                         at Invoke-CIPPStandardDisableViva, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\Standards\Invoke-CIPPStandardDisableViva.ps1: line 7
[2024-02-11T17:45:43.861Z]                         at Push-CIPPStandard, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\Entrypoints\Push-CIPPStandard.ps1: line 11
[2024-02-11T17:45:43.862Z]                         at Receive-CippQueueTrigger, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippEntrypoints\CippEntrypoints.psm1: line 30
[2024-02-11T17:45:43.862Z] 
[2024-02-11T17:45:43.862Z] 
[2024-02-11T17:45:43.863Z] Executed 'Functions.Z_CIPPQueueTrigger' (Failed, Id=18732a81-0987-46cf-aceb-0c60d311faf2, Duration=1075ms)
[2024-02-11T17:45:43.864Z] System.Private.CoreLib: Exception while executing function: Functions.Z_CIPPQueueTrigger. System.Private.CoreLib: Result: Failure
Exception: Tenant admin role is required.
Stack:    at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
[2024-02-11T17:45:43.864Z]    at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
[2024-02-11T17:45:43.865Z]    at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
[2024-02-11T17:45:43.865Z]    at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
[2024-02-11T17:45:43.866Z]    at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
[2024-02-11T17:45:43.866Z]    at System.Management.Automation.PowerShell.Invoke[T]()
[2024-02-11T17:45:43.867Z]    at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellExtensions.InvokeAndClearCommands[T](PowerShell pwsh) in D:\a\_work\1\s\src\PowerShell\PowerShellExtensions.cs:line 53
[2024-02-11T17:45:43.867Z]    at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellManager.ExecuteUserCode(Boolean addPipelineOutput, IDictionary outputBindings) in D:\a\_work\1\s\src\PowerShell\PowerShellManager.cs:line 307
[2024-02-11T17:45:43.868Z]    at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellManager.InvokeFunction(AzFunctionInfo functionInfo, Hashtable triggerMetadata, TraceContext traceContext, RetryContext retryContext, IList`1 inputData, FunctionInvocationPerformanceStopwatch stopwatch) in D:\a\_work\1\s\src\PowerShell\PowerShellManager.cs:line 238
[2024-02-11T17:45:43.868Z]    at Microsoft.Azure.Functions.PowerShellWorker.RequestProcessor.InvokeFunction(AzFunctionInfo functionInfo, PowerShellManager psManager, FunctionInvocationPerformanceStopwatch stopwatch, InvocationRequest invocationRequest) in D:\a\_work\1\s\src\RequestProcessor.cs:line 357
[2024-02-11T17:45:43.869Z]    at Microsoft.Azure.Functions.PowerShellWorker.RequestProcessor.ProcessInvocationRequestImpl(StreamingMessage request, AzFunctionInfo functionInfo, PowerShellManager psManager, FunctionInvocationPerformanceStopwatch stopwatch) in D:\a\_work\1\s\src\RequestProcessor.cs:line 329.

Error from Graph Explorer

{
    "error": {
        "code": "UnknownError",
        "message": "{\"errors\":{\"\":[\"Unexpected character encountered while parsing value: . Path '', line 0, position 0.\"]},\"type\":\"https://tools.ietf.org/html/rfc7231#section-6.5.1\",\"title\":\"One or more validation errors occurred.\",\"status\":400,\"traceId\":\"00-c310fbe66e374126a21b0055bf7f57a1-394b25f5c0a1b31e-01\"}",
        "innerError": {
            "date": "2024-02-11T17:49:59",
            "request-id": "c310fbe6-6e37-4126-a21b-0055bf7f57a1",
            "client-request-id": "fb4c824c-3200-6636-7cf5-83e5c94f2468"
        }
    }
}

Originally created by @kris6673 on GitHub (Feb 11, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2127 ### Description Toggle remediate and run it. Throws an "EXCEPTION: Tenant admin role is required" error. Have tried adding -AsApp $true but that does no difference. Tried with tenant ID instead of default domain, but did nothing different. The Graph explorer cannot patch it either, throws a really cryptic error thats too big to post here. ### Environment data ```PowerShell Front end: 5.1.1 Back end: 5.1.1 ``` ### Full error from the API terminal ```powershell EXCEPTION: Tenant admin role is required. [2024-02-11T17:45:43.847Z] [2024-02-11T17:45:43.848Z] Exception : [2024-02-11T17:45:43.848Z] Type : System.Management.Automation.RuntimeException [2024-02-11T17:45:43.849Z] ErrorRecord : [2024-02-11T17:45:43.849Z] Exception : [2024-02-11T17:45:43.849Z] Type : System.Management.Automation.ParentContainsErrorRecordException [2024-02-11T17:45:43.850Z] Message : Tenant admin role is required. [2024-02-11T17:45:43.850Z] HResult : -2146233087 [2024-02-11T17:45:43.851Z] CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException [2024-02-11T17:45:43.851Z] FullyQualifiedErrorId : RuntimeException [2024-02-11T17:45:43.852Z] WasThrownFromThrowStatement : True [2024-02-11T17:45:43.852Z] Message : Tenant admin role is required. [2024-02-11T17:45:43.852Z] HResult : -2146233087 [2024-02-11T17:45:43.853Z] TargetObject : Tenant admin role is required. [2024-02-11T17:45:43.853Z] CategoryInfo : OperationStopped: (Tenant admin role is required.:String) [], RuntimeException [2024-02-11T17:45:43.854Z] FullyQualifiedErrorId : Tenant admin role is required. [2024-02-11T17:45:43.854Z] InvocationInfo : [2024-02-11T17:45:43.855Z] ScriptLineNumber : 62 [2024-02-11T17:45:43.855Z] OffsetInLine : 17 [2024-02-11T17:45:43.855Z] HistoryId : -1 [2024-02-11T17:45:43.856Z] ScriptName : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1 [2024-02-11T17:45:43.856Z] Line : throw $Message [2024-02-11T17:45:43.857Z] [2024-02-11T17:45:43.857Z] PositionMessage : At C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1:62 char:17 [2024-02-11T17:45:43.858Z] + throw $Message [2024-02-11T17:45:43.858Z] + ~~~~~~~~~~~~~~ [2024-02-11T17:45:43.859Z] PSScriptRoot : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper [2024-02-11T17:45:43.859Z] PSCommandPath : C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1 [2024-02-11T17:45:43.860Z] CommandOrigin : Internal [2024-02-11T17:45:43.860Z] ScriptStackTrace : at New-GraphGetRequest, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\GraphHelper\New-GraphGetRequest.ps1: line 62 [2024-02-11T17:45:43.861Z] at Invoke-CIPPStandardDisableViva, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\Standards\Invoke-CIPPStandardDisableViva.ps1: line 7 [2024-02-11T17:45:43.861Z] at Push-CIPPStandard, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippCore\Public\Entrypoints\Push-CIPPStandard.ps1: line 11 [2024-02-11T17:45:43.862Z] at Receive-CippQueueTrigger, C:\Users\kris6\Documents\Programming\CIPP-Project\CIPP-API\Modules\CippEntrypoints\CippEntrypoints.psm1: line 30 [2024-02-11T17:45:43.862Z] [2024-02-11T17:45:43.862Z] [2024-02-11T17:45:43.863Z] Executed 'Functions.Z_CIPPQueueTrigger' (Failed, Id=18732a81-0987-46cf-aceb-0c60d311faf2, Duration=1075ms) [2024-02-11T17:45:43.864Z] System.Private.CoreLib: Exception while executing function: Functions.Z_CIPPQueueTrigger. System.Private.CoreLib: Result: Failure Exception: Tenant admin role is required. Stack: at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) [2024-02-11T17:45:43.864Z] at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke) [2024-02-11T17:45:43.865Z] at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync) [2024-02-11T17:45:43.865Z] at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings) [2024-02-11T17:45:43.866Z] at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings) [2024-02-11T17:45:43.866Z] at System.Management.Automation.PowerShell.Invoke[T]() [2024-02-11T17:45:43.867Z] at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellExtensions.InvokeAndClearCommands[T](PowerShell pwsh) in D:\a\_work\1\s\src\PowerShell\PowerShellExtensions.cs:line 53 [2024-02-11T17:45:43.867Z] at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellManager.ExecuteUserCode(Boolean addPipelineOutput, IDictionary outputBindings) in D:\a\_work\1\s\src\PowerShell\PowerShellManager.cs:line 307 [2024-02-11T17:45:43.868Z] at Microsoft.Azure.Functions.PowerShellWorker.PowerShell.PowerShellManager.InvokeFunction(AzFunctionInfo functionInfo, Hashtable triggerMetadata, TraceContext traceContext, RetryContext retryContext, IList`1 inputData, FunctionInvocationPerformanceStopwatch stopwatch) in D:\a\_work\1\s\src\PowerShell\PowerShellManager.cs:line 238 [2024-02-11T17:45:43.868Z] at Microsoft.Azure.Functions.PowerShellWorker.RequestProcessor.InvokeFunction(AzFunctionInfo functionInfo, PowerShellManager psManager, FunctionInvocationPerformanceStopwatch stopwatch, InvocationRequest invocationRequest) in D:\a\_work\1\s\src\RequestProcessor.cs:line 357 [2024-02-11T17:45:43.869Z] at Microsoft.Azure.Functions.PowerShellWorker.RequestProcessor.ProcessInvocationRequestImpl(StreamingMessage request, AzFunctionInfo functionInfo, PowerShellManager psManager, FunctionInvocationPerformanceStopwatch stopwatch) in D:\a\_work\1\s\src\RequestProcessor.cs:line 329. ``` ### Error from Graph Explorer ```json { "error": { "code": "UnknownError", "message": "{\"errors\":{\"\":[\"Unexpected character encountered while parsing value: . Path '', line 0, position 0.\"]},\"type\":\"https://tools.ietf.org/html/rfc7231#section-6.5.1\",\"title\":\"One or more validation errors occurred.\",\"status\":400,\"traceId\":\"00-c310fbe66e374126a21b0055bf7f57a1-394b25f5c0a1b31e-01\"}", "innerError": { "date": "2024-02-11T17:49:59", "request-id": "c310fbe6-6e37-4126-a21b-0055bf7f57a1", "client-request-id": "fb4c824c-3200-6636-7cf5-83e5c94f2468" } } } ```

kerem 2026-03-02 13:41:28 +03:00

• closed this issue
• added the
  bug
  unconfirmed-by-user
  labels

kerem commented 2026-03-02 13:41:29 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 11, 2024):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug."

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:1937813990 --> @github-actions[bot] commented on GitHub (Feb 11, 2024): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/ If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug." Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented 2026-03-02 13:41:29 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Feb 11, 2024):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

<!-- gh-comment-id:1937814061 --> @kris6673 commented on GitHub (Feb 11, 2024): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

kerem commented 2026-03-02 13:41:29 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Feb 18, 2024):

Seems like MS changed authentication to only allow GA, removing.

<!-- gh-comment-id:1951476791 --> @KelvinTegelaar commented on GitHub (Feb 18, 2024): Seems like MS changed authentication to only allow GA, removing.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1086

No description provided.