When using in AzureChinaCloud environment, Find-MgGraphPermission changes MSGraph API endpoints from China to Global #2795
Labels
priority:p1
High priority/Major issue but not blocking or Big percentage of customers affected.Bug SLA <=7days
type:bug
A broken experience
Describe the bug
When using MSGraph Powershell calling AzureChinaCloud MSGraph APIs, right after calling Find-MgGraphPermission, the subsequent MSGraph calls will target https://graph.microsoft.com instead of https://microsoftgraph.chinacloudapi.cn.
Expected behavior
After calling Find-MgGraphPermission, the subsequent MSGraph calls still targets https://microsoftgraph.chinacloudapi.cn.
How to reproduce
Connect to tenant in AzureChinaCloud:
Connect-MgGraph -scopes ".default" -Environment China -TenantId $TenantID -AppId $ClientID -ContextScope Process
Try any MSGraph call, it works : Get-MgApplication -Top 1 -Debug
Run Find-MgGraphPermission "User.Read" -ExactMatch -PermissionType "Delegated" -Debug
In this step, you can see it's targeting https://graph.microsoft.com
Then run Get-MgApplication -Top 1 -Debug again. It fails with 401 as this time it targets https://graph.microsoft.com.
SDK Version
2.19.0
Latest version known to work for scenario above?
v2.8.0 has issue as well. Not test other versions
Known Workarounds
No workaround as of now.
Debug output
Click to expand log
Find-MgGraphPermission "User.Read" -ExactMatch -PermissionType "Delegated" -DebugConfiguration
Name Value
PSVersion 7.4.2
PSEdition Core
GitCommitId 7.4.2
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Other information
No response
The text was updated successfully, but these errors were encountered: