Cannot run Add-AzureAssessmentTask command with Managed Service Account RRS feed

  • Question

  • The documentation from Microsoft states that it is possible for this specific assessment

    When I attempt to run the command according to the documentation I get this error:

    [AzureAssessment][3034]Error: This assessment cannot be run with MSA Account at present. Please try again specifying values for both: -Schedule
    Add-AzureAssessmentTask : Cannot bind parameter 'RunWithManagedServiceAccount' to the target. Exception setting "RunWithManagedServiceAccount":
    At line:1 char:245
    + ... x-xxxx-xxxx-xxxxxxxxxxxx' -RunWithManagedServiceAccount $true -Schedu ...
    +                                                             ~~~~~
        + CategoryInfo          : WriteError: (:) [Add-AzureAssessmentTask], ParameterBindingException
        + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.PowerShell.Oms.Assessments.Commandlets.Configuration.AddAzureAssessmentTask

    Why does the document state that I can, when in reality it is not supported?  Why has the documentation not been updated to reflect this?  I cannot find any other documentation on this.  This is preventing us from running the assessment due to security restrictions.  We prefer MSAs over standard users where possible.  It says this is possible.  Am I missing something?  The AD and AD Security Assessment cmdlets work fine with the MSA.  We would like an explanation please.


    "I live and die by the command line" -JL 2010 © ©

    • Edited by JL-4 Wednesday, October 7, 2020 6:28 PM remove HVI info
    Wednesday, October 7, 2020 6:26 PM