Sharepoint M365DSC Export is not working

[KevinMaatman]

Description of the issue

Hello,

I'm trying to use the Export-M365DSCConfiguration command to export all Sharepoint settings, however, nothing seems to make it work. All other modules (Teams, Azure AD, Exchange, InTune, Security & Compliance) work correctly and export all settings. However, with Sharepoint, only 9 out of the 22 steps are completed no matter what permissions are assigned.

I authenticate with my own App Registration and certificate with the Graph permissions listed below:

Microsoft Graph (51)
AdministrativeUnit.Read.All
Agreement.Read.All
AppCatalog.ReadWrite.All
Application.Read.All
Application.ReadWrite.All
BrowserSiteLists.Read.All
Channel.Delete.All
ChannelMember.ReadWrite.All
ChannelSettings.Read.All
ChannelSettings.ReadWrite.All
CustomSecAttributeAssignment.Read.All
DeviceManagementApps.Read.All
DeviceManagementConfiguration.Read.All
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementManagedDevices.Read.All
DeviceManagementRBAC.Read.All
DeviceManagementServiceConfig.Read.All
Directory.Read.All
Domain.Read.All
EntitlementManagement.Read.All
ExternalConnection.Read.All
Group.Read.All
Group.ReadWrite.All
GroupMember.Read.All
IdentityProvider.Read.All
Organization.Read.All
OrgSettings-AppsAndServices.Read.All
OrgSettings-DynamicsVoice.Read.All
OrgSettings-Forms.Read.All
OrgSettings-Microsoft365Install.Read.All
OrgSettings-Todo.Read.All
Policy.Read.All
Policy.Read.ConditionalAccess
Policy.ReadWrite.AuthenticationMethod
ReportSettings.Read.All
RoleEligibilitySchedule.Read.Directory
RoleManagement.Read.Directory
RoleManagementPolicy.Read.Directory
SharePointTenantSettings.Read.All
Sites.FullControl.All
Sites.Manage.All
Sites.Manage.All
Sites.Read.All
TeamsActivity.Read.All
TeamsAppInstallation.Read.All
TeamSettings.Read.All
TeamSettings.ReadWrite.All
TeamsTab.Read.All
TeamsUserConfiguration.Read.All
User.Read
User.Read.All
Exchange.ManageAsApp

SharePoint (6)
AllSites.Read
AllSites.Write
Sites.Manage.All
Sites.Read.All
TermStore.Read.All
User.Read.All

I've also tried the following steps:

• Assigning Sharepoint Administrator to the App Registration
• Assigning Global Reader to the App Registration
• Logging in with a Global Administrator account (instead of the App Registration)

However, nothing seems to allow me to extract the Sharepoint settings.

Can someone explain what I'm doing wrong?

Thank you!
Kevin

Microsoft 365 DSC Version

1.24.1002.1

Which workloads are affected

SharePoint Online

The DSC configuration

Export-M365DSCConfiguration -Components @("SPOAccessControlSettings", "SPOApp", "SPOBrowserIdleSignout", "SPOHomeSite", "SPOHubSite", "SPOOrgAssetsLibrary", "SPOPropertyBag", "SPOSearchManagedProperty", "SPOSearchResultSource", "SPOSharingSettings", "SPOSite", "SPOSiteAuditSettings", "SPOSiteDesign", "SPOSiteDesignRights", "SPOSiteGroup", "SPOSiteScript", "SPOStorageEntity", "SPOTenantCdnEnabled", "SPOTenantCdnPolicy", "SPOTenantSettings", "SPOTheme", "SPOUserProfileProperty") -ApplicationId $ApplicationId -CertificateThumbprint $CertificateThumbprint -TenantId $TenantId

Verbose logs showing the problem

[2024/10/17 01:08:24]
{WriteError}
Microsoft.SharePoint.Client.ServerUnauthorizedAccessException: Attempted to perform an unauthorized operation.
at Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream responseStream)
at Microsoft.SharePoint.Client.ClientRequest.ProcessResponse()
at Microsoft.SharePoint.Client.ClientRequest.d__53.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientRequest.d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientRuntimeContext.d__65.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.SharePoint.Client.ClientContextExtensions.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext clientContext, Int32 retryCount, String userAgent)
at PnP.PowerShell.Commands.Admin.GetTenantTheme.ExecuteCmdlet()
at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord()
"Error during Export:"
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1002.1\DSCResources\MSFT_SPOTheme\MSFT_SPOTheme.psm1: line 400
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1002.1\Modules\M365DSCReverse.psm1: line 682
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1002.1\Modules\M365DSCUtil.psm1: line 1460
at , : line 1
TenantId: ipabv.onmicrosoft.com

Environment Information + PowerShell Version

OsName : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage : en-US
OsMuiLanguages : {en-US}

[ykuijs]

Please check if your app registration has the Public Client Flows setting enabled, which is required for SharePoint: