powershell - New-AzureADPolicy：在 Windows Powershell 中执行 NewPolicy 时发生错误

问题描述

我正在尝试按照 Microsoft 网站 ( https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes ) 上的说明配置自定义令牌到期策略。

但是，我收到一条难以理解的错误消息。这似乎不是一个临时错误，因为我在过去几天尝试了几次。

我尝试过以正常和“管理员”身份运行 Powershell，这对结果没有任何影响。

PS C:\Users\sheakbar> New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1,”MaxInactiveTime”:”14.00:00:00″,”MaxAgeSing
leFactor”:”90.00:00:00″,”MaxAgeMultiFactor”:”90.00:00:00″,”MaxAgeSessionSingleFactor”:”until-revoked”,”MaxAgeSessionMultiFactor”:”unti
l-revoked”}}’) -DisplayName “OrganizationDefaultPolicyScenario” -IsOrganizationDefault $true -Type “TokenLifetimePolicy”
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
InnerError:
  RequestId: 4c0f01de-96b4-4483-8a19-43b411149880
  DateTimeStamp: Thu, 07 Jun 2018 04:28:08 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1, ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureADPolicy], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy

标签： powershellazureazure-active-directory