Skip to content

AADCrossTenantAccessPolicy [Enhancement] Adding the Tenant GUID in the ConfigurationData output #6689

New issue
New issue
Open
Open
AADCrossTenantAccessPolicy [Enhancement] Adding the Tenant GUID in the ConfigurationData output#6689
@1Dimitri

Description

@1Dimitri
1Dimitri
opened on Nov 13, 2025

Description of the issue

In the context of Microsoft365DSC, the TenantID is usually the Primary Domain Name.
Some resources such as AADCrossTenantAccessPolicy include in the display name the tenant GUID (Tenant Id in the context of the Tenant Properties of the Azure Portal).

One enhancement could be to add the TenantGUID when creating the ConfigurationData.psd1 file so we could use it when doing tenant comparisons.

@{
    AllNodes = @(
        @{
[...]
        }
    )
    NonNodeData = @(
        @{
[...]
            TenantGUID = "deadbeef-dead-beef-dead-deadbeefdead"
[...]
        }
    )
}

One second enhancement could be to output the construction for those resources but may be subject to discussion depending if it is in the M365DSC guidelines...

        AADCrossTenantAccessPolicy "AADCrossTenantAccessPolicy"
        {
            AllowedCloudEndpoints = @();
            ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
            DisplayName           = "CrossTenantAccessPolicy for "+$ConfigurationData.NonNodeData.TenantGUID;
            Ensure                = "Present";
            IsSingleInstance      = "Yes";
            TenantId              = $OrganizationName;
        }

Microsoft 365 DSC Version

1.25.1015.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

# Generated with Microsoft365DSC version 1.25.1015.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
)

Configuration M365TenantConfig
{
    param (
    )

    $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.25.1015.1'

    Node localhost
    {
          AADCrossTenantAccessPolicy "AADCrossTenantAccessPolicy"
        {
            AllowedCloudEndpoints = @();
            ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
            DisplayName           = "CrossTenantAccessPolicy for deadbeef-dead-beef-dead-deadbeefdead";
            Ensure                = "Present";
            IsSingleInstance      = "Yes";
            TenantId              = $OrganizationName;
        }
     
    }
}

M365TenantConfig -ConfigurationData .\ConfigurationData.psd1

Verbose logs showing the problem

N/A

Environment Information + PowerShell Version

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions