Comments (11)
Thanks for opening the issue. We're looking into it and will assign someone to the issue soon.
Can you step through each baseline and maybe identify which baseline is generating the error? It seems like Teams runs fine, but one of the others might be the problem.
from scubagear.
When you run the base lines individually the issue is not duplicated. However as soon as you run it all of them together (the default in the script) then I get this. I have tested this against multiple tenants and the results are all the same.
from scubagear.
When you run the base lines individually the issue is not duplicated. However as soon as you run it all of them together (the default in the script) then I get this. I have tested this against multiple tenants and the results are all the same.
- In a text editor that can highlight invalid JSON like VS Code, could you screenshot the line (line 184) that is causing the error in the JSON. The JSON file should be in your output path in a folder called "M365BaselineConformance_*" with the name "ProviderSettingsExport.json"
- Could you run the tool with multiple combinations of products to see if it's a specific combination is causing the issue? For example @("aad", "teams"), @("exo", "sharepoint", "onedrive") or @("defender").
- What licenses do the tenants you're running the tool against have? E3/E5, Azure AD Premium Plan 1/2, and/or Microsoft Defender for Office 365 Plan 1/2 etc.
from scubagear.
I have the same issue, except it's occurring on a different line. Tried two separate tenants, one with Business Premium licenses, and the other with a mix of many different license types.
from scubagear.
Here's the line from ProviderSettingsExport.json file
from scubagear.
Here's the line from ProviderSettingsExport.json file
Thank you for the screenshot. Looks like the error is being caused by the JSON conversion of the Get-CsTenant
cmdlet from the MicrosoftTeams
PowerShell module.
Short version: If anyone else is facing this issue the quickest solution until the next release is to remove "teams"
from $ProductNames
in RunScuba.ps1
What's causing this issue
OPA Rego will output the unable to parse input : yaml: ...
error when encountering \
"backslash" characters. Even though this is valid JSON, we've seen Rego throw the same error for backslash characters in other instances and do some minor sanitization to remove such characters from the ProviderSettingExport.json
. The sanitization was NOT being done on this specific function in the code Get-TeamsTenantDetail
where an invocation of Get-CsTenant
is located.
However, we're unable to reproduce the error ourselves, even with an E5 tenant that has similar output in the JSON. See image below. This line is not being used for the configuration assessment so we're unsure why the error is being thrown in this instance. Regardless, for the next release we'll add in the fix for this by adding full JSON sanitization to this function.
Temporary solutions
- As mentioned above omit
teams
from$ProductNames
inRunScuba.ps1
. - Another solution is to edit the
Get-TeamsTenantDetail
function inExportTeamsProvider.psm1
yourself and add this line$TenantInfo.SyncInLyncAdInfo = @()
somewhere before theConvertTo-Json
call in the function.
from scubagear.
Thanks, I was able to use the omit Teams workaround to get the reports generated. I was running the scripts from Windows Terminal on Win 11, just in case it helps
`
Name Value
PSVersion 5.1.22621.608
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22621.608
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
`
from scubagear.
Thanks, I was able to use the omit Teams workaround to get the reports generated. I was running the scripts from Windows Terminal on Win 11, just in case it helps
` Name Value
PSVersion 5.1.22621.608 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.22621.608 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 `
Thanks for the additional information. I spun up a Windows 11 VM and reran my tests. No errors thrown from OPA with the JSON on my side. So, Windows 11 doesn't seem to be part of the root issue.
from scubagear.
I apologize for the delay in responding. Here is line 184:
"StopSyncTimestamp": "\/Date(1657087007367)\/"
I am currently testing out the various combinations and will post any finding once I have completed.
For licensing the following is true:
1 tenant has o365 E3
2 tenants have M365 E5
All 3 tenants have Azure AD P2
The error is observable in all 3 tenants.
from scubagear.
I apologize for the delay in responding. Here is line 184:
"StopSyncTimestamp": "\/Date(1657087007367)\/"
I am currently testing out the various combinations and will post any finding once I have completed. For licensing the following is true: 1 tenant has o365 E3 2 tenants have M365 E5 All 3 tenants have Azure AD P2
The error is observable in all 3 tenants.
Thank you for the reply and additional information. The issue is definitely related to the backslashes in the StopSyncTimeStamp
then and from the evidenced gathered has nothing to do with different Tenant licensing levels.
Doesn't seem operating system related as we are able to successfully run on both Windows 10 and 11. The issue seems to be related to the OPA exe and how that's being run with the Rego on a client system.
Sanitizing the JSON will resolve the issue but still a mystery of what is making OPA behave differently between systems.
from scubagear.
Closed in #24
from scubagear.
Related Issues (20)
- Document Support for Config Files HOT 1
- Config file has poor (no) defaults
- AAD 2.10 ScubaGear Change to Deprecate Browser Persistence Policy HOT 1
- AAD 2.14 bugs (in implementation instructions and tool) HOT 10
- Revised AAD 2.18 guest user access restrictions per feedback received HOT 2
- Update ScubaGear AAD 2.18 guest user access restrictions per feedback received HOT 1
- Update ScubaGear AAD for 2.9 Sign-In Frequency policy deprecation
- Update ScubaGear AAD 2.4 2.4 MFA policies per feedback and discussion
- Finalize standard front matter and other content that will be included in all baselines HOT 11
- Adjudicate AAD comments not addressed in Emerald
- Invert Stance on Defender Preset Policies (Code) HOT 1
- Adjudicate Code updates for new SharePoint Baseline
- Add rationale to SharePoint Baseline HOT 2
- Baseline Implementation Section Style Guide HOT 5
- TODO: Remove emerald branch from run_opa_test.yaml
- Teams Policy 3 (MS.TEAMS.3.1v1) - 'Implementation' steps need to be revised HOT 1
- Update ContentStyleGuide
- Markdown Pester tests silently failing in Action HOT 1
- Defender Markdown Check failing
- UninstallModules.ps1 does not uninstall all required ScubaGear dependencies. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scubagear.