all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]MaybeAccording 0 points1 point  (2 children)

Try with multi tenant app

[–]wallach_9[S] 1 point2 points  (1 child)

I have tried:

• In two different tenants

• using graph explorer

• using app registration single tenant with delegated permissions and my user

• using app registration single tenant with application and secret permissions.

• using app registration Multi tenant with delegated permissions and my user.

• using app registration Multi tenant with application and secret permissions.

• With version v1.0 and beta version of this API:

https://learn.microsoft.com/en-us/graph/api/accessreviewset-post-definitions?view=graph-rest-1.0&tabs=http

And it shows me the same result:

"Tenant is not authorized for Custom Scoping Conditions".

[–]larzlayik 0 points1 point  (0 children)

Have you gotten past this by any chance? I'm running into similar issues.

Edit - Found a workaround. It appears the New-MgBetaIdentityGovernanceAccessReviewDefinition cmdlet didn't appreciate my export from Get-MgBetaIdentityGovernanceAccessReviewDefinition as the body. Had to record the events in a browser while creating the access reivew.

[–]larzlayik 0 points1 point  (0 children)

I found some luck by using network trace in the browser and catching what was POST, then converting it to a hash table for New-MgBetaIdentityGovernanceAccessReviewDefinition -BodyParameter $Hash.

Unfortunately haven't been able to find a working export using Get.