microsoftgraph
Connect-MgGraph is using an unsupported browser
Describe the bug
Simply using Connect-MgGraph with an account that is in the periodic "Is this info up to date?" verification state causes Powershell to fail as it's tries to use an "unsupported browser". This is on any Win10 machine I try, all of which are fully patched and have Edge as their default (and only) browser.
Here's an example
This only happens for accounts in the info-verification state. If I manually browse to office.com then this is the page that Powershell is trying to display:
Expected behavior
Back in the days of IE, Powershell used to just display the "Is this info up to date?" page.
How to reproduce
Using an account that is in the periodic details verification state
Import-Module Microsoft.Graph.Authentication Connect-MgGraph Select the account Click "next" on the "More information required" pop-up
SDK Version
ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 2.19.0 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-MgGraph, G...
Latest version known to work for scenario above?
2.19.0
Known Workarounds
Clearing the "Is this info up to date" by manually browsing to a Microsoft site (i.e. office.com) and confirming details there will reset the state and then the user can go back to using Connect-MgGraph in Powershell without issue. This is fine for admins and tech users but isn't satisfactory for average users where we use Connect-MgGraph in logon scripts.
Debug output
Click to expand log
```</details>
### Configuration
$PSVersionTable
Name Value
---- -----
PSVersion 5.1.19041.4291
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.4291
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Multiple Windows 10 Enterprise x64 desktops running fully-patched 22H2
### Other information
_No response_
@Ndiritu Can we influence the authentication flow from within the cmdlet?
+1 If Microsoft loaded the default browser on the system, we could either avoid or work around the problem...
@DanKOleary @sncorreia @passCulture-JL Connect-MgGraph uses Azure Identity's InteractiveBrowserCredential which loads the system's default browser. The SDK doesn't handle the browser. We might have to push this issue upstream to Azure Identity.
Could you try logging in using the same affected accounts on Graph explorer (top right button) and let me know if you get the same error.
@Ndiritu Can we influence the authentication flow from within the cmdlet?
The auth flow is influenced by the parameters provided e.g. client-secret etc => app-only. We default to delegated interactive browser auth.
We don't support customizing the browser options via the params. Azure Identity defaults to using the system's default browser. However, this can be overridden to use an embedded browser via BrowserCustomizationOptions
Hi Philip,
The PC's default browser is Edge. If I open Graph Explorer while logged in as an account in that state then it correctly takes me to the "Is this info up to date?" page, just as it does if I go to any other Microsoft site
It's only when we use Windows PowerShell and Connect-MgGraph that we see the problem.
Worth noting that using the same module on the same PC but in PowerShell v7 works correctly, spawning an Edge session as seen here:
Thanks, Dan
Could you try logging in using the same affected accounts on Graph explorer (top right button) and let me know if you get the same error.
Hi, sorry, I don't have access to this service/application actually (Graph explorer), because company policy. For information, I have used the second link (https://aka.ms/mysecurityinfo) from my true default browser (not Microsoft based) and that is also a workaround.
Same issue here. Problem is that the Module is using IE 7.0 and does not support Strong Authentication (Fido Keys etc) so effectively I can't use Connect-Msgraph at the moment without weaking our Conditional Access Policies. What a shame.
