Azure Active Directory breaking change impacting Azure CLI and Azure PowerShell
source link: https://techcommunity.microsoft.com/t5/azure-tools/azure-active-directory-breaking-change-impacting-azure-cli-and/ba-p/2848388?WT_mc_id=DOP-MVP-4025064
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Azure Active Directory breaking change impacting Azure CLI and Azure PowerShell
Context
Starting 10/15/2021, Azure Active directory will require the AppId Uri in single tenant applications to use default scheme or verified domains. If you have not upgraded Azure CLI or Azure PowerShell to the most recent versions, you will receive the following error message when creating a service principal:
Values of identifierUris property must use a verified domain of the organization or its subdomain
Solution
You must upgrade to the following versions for reach impacted:
You can read more about the impact of this breaking change in each tool:
Workaround
We understand that upgrading to a new version of an automation tool is not always straightforward, the workaround consists of the following steps:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
%3CLINGO-SUB%20id%3D%22lingo-sub-2848388%22%20slang%3D%22en-US%22%3EAzure%20Active%20Directory%20breaking%20change%20impacting%20Azure%20CLI%20and%20Azure%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2848388%22%20slang%3D%22en-US%22%3E%3CH2%20id%3D%22toc-hId--324623095%22%20id%3D%22toc-hId--324623071%22%3EContext%3C%2FH2%3E%0A%3CP%3EStarting%2010%2F15%2F2021%2C%20Azure%20Active%20directory%20will%20require%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fdevelop%2Freference-breaking-changes%23appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAppId%20Uri%20in%20single%20tenant%20applications%20to%20use%20default%20scheme%20or%20verified%20domains%3C%2FA%3E.%20If%20you%20have%20not%20upgraded%20Azure%20CLI%20or%20Azure%20PowerShell%20to%20the%20most%20recent%20versions%2C%20you%20will%20receive%20the%20following%20error%20message%20when%20creating%20a%20service%20principal%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EValues%20of%20identifierUris%20property%20must%20use%20a%20verified%20domain%20of%20the%20organization%20or%20its%20subdomain%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--2132077558%22%20id%3D%22toc-hId--2132077534%22%3ESolution%3C%2FH2%3E%0A%3CP%3EYou%20must%20upgrade%20to%20the%20following%20versions%20for%20reach%20impacted%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EAzure%20CLI%3C%2FSTRONG%3E%20version%20%3CSTRONG%3E2.25.0%20%3C%2FSTRONG%3Eor%20later%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EAzure%20PowerShell%26nbsp%3B%3C%2FSTRONG%3Eversion%20%3CSTRONG%3E6.0.0%3C%2FSTRONG%3E%20or%20later%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20read%20more%20about%20the%20impact%20of%20this%20breaking%20change%20in%20each%20tool%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAzure%20CLI%3A%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-cli%2Fissues%2F19892%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-cli%2Fissues%2F19892%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EAzure%20PowerShell%3A%20%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-powershell%2Fissues%2F16097%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-powershell%2Fissues%2F16097%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-355435275%22%20id%3D%22toc-hId-355435299%22%3EWorkaround%3C%2FH2%3E%0A%3CP%3EWe%20understand%20that%20upgrading%20to%20a%20new%20version%20of%20an%20automation%20tool%20is%20not%20always%20straightforward%2C%20the%20workaround%20consists%20of%20the%20following%20steps%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EIf%20needed%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Ffundamentals%2Fadd-custom-domain%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eadd%20your%20custom%20domain%20name%20using%20Azure%20Active%20Directory%20portal%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3ECreate%20the%20application%20with%20an%20authorized%20IdentifierUri%3C%2FLI%3E%0A%3CLI%3ECreate%20the%20service%20principal%20referring%20to%20this%20application%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2848388%22%20slang%3D%22en-US%22%3E%3CP%3EAddressing%20%E2%80%9CValues%20of%20identifierUris%20property%20must%20use%20a%20verified%20domain%20of%20the%20organization%20or%20its%20subdomain%E2%80%9D%20issue%20with%20Azure%20CLI%20or%20Azure%20PowerShell%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2848388%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzureCLI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Oct 14 2021 05:20 PM
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK