If you are passing tokens generated with delegation permission, the "roles" attribute from "Get-MdeAuthorizationInfo" is empty
This does block you from using cmdlets like Get-MdeMachine with an error message saying not having enough permission.
Please change the following lines inside Get-MdeAuthorizationInfo.ps in Line 23-35 to allow this:
if($parsedToken.roles) {
$roles = $parsedToken.roles # Existing for Application Token (App only)
}else {
$roles = $parsedToken.scp # Fix for Delegation Token (User)
}
$resultObject = @{
tokenExpired = $expired
#roles = (Get-ParsedToken -token $tc).roles
#roles = $parsedToken.role
roles = $roles
}
If you are passing tokens generated with delegation permission, the "roles" attribute from "Get-MdeAuthorizationInfo" is empty
This does block you from using cmdlets like
Get-MdeMachinewith an error message saying not having enough permission.Please change the following lines inside
Get-MdeAuthorizationInfo.psin Line 23-35 to allow this: