@@ -4090,22 +4090,39 @@ function Get-TenantDomains {
40904090 $QueryParameters = @ {
40914091 ' $select' = " id,authenticationType,isAdminManaged,isDefault,isVerified,supportedServices"
40924092 }
4093- $DomainsRaw = @ (Send-ApiRequest - Method GET - Uri " https://graph.microsoft.com/beta/domains" - AccessToken $GLOBALMsGraphAccessToken.access_token - QueryParameters $QueryParameters - UserAgent $ ($GlobalAuditSummary.UserAgent.Name ))
4093+ try {
4094+ $DomainsRaw = @ (Send-ApiRequest - Method GET - Uri " https://graph.microsoft.com/beta/domains" - AccessToken $GLOBALMsGraphAccessToken.access_token - QueryParameters $QueryParameters - UserAgent $ ($GlobalAuditSummary.UserAgent.Name ))
4095+ } catch {
4096+ Write-Host " [!] Could not retrieve tenant domains. Domain-related summary data will be incomplete."
4097+ Write-Log - Level Verbose - Message " Could not retrieve tenant domains: $ ( $_.Exception.Message ) "
4098+ $GlobalAuditSummary.Domains.Count = 0
4099+ $GlobalAuditSummary.Domains.Federated = 0
4100+ $GlobalAuditSummary.Domains.Verified = 0
4101+ $GlobalAuditSummary.Domains.Default = 0
4102+ $GlobalAuditSummary.Domains.AdminManaged = 0
4103+ return @ ()
4104+ }
40944105 Write-Log - Level Debug - Message " Retrieved $ ( $DomainsRaw.Count ) domains"
40954106
4107+ $federationLookupFailed = $false
40964108 $Domains = foreach ($domain in $DomainsRaw ) {
40974109 $federatedIdpMfaBehavior = $null
40984110 if ($domain.authenticationType -eq " Federated"
40994111 Write-Log - Level Debug - Message " Fetching federation configuration for domain: $ ( $domain.id ) "
4100- $FedConfig = @ (Send-ApiRequest - Method GET - Uri " https://graph.microsoft.com/beta/domains/$ ( $domain.id ) /federationConfiguration" - AccessToken $GLOBALMsGraphAccessToken.access_token - QueryParameters @ { ' $select' = ' federatedIdpMfaBehavior' - UserAgent $ ($GlobalAuditSummary.UserAgent.Name ))
4101- if ($FedConfig.Count -gt 0 ) {
4102- if ($FedConfig.Count -gt 1 ) {
4103- Write-Log - Level Debug - Message " Multiple federation configurations found for domain: $ ( $domain.id ) . Using the first entry."
4112+ try {
4113+ $FedConfig = @ (Send-ApiRequest - Method GET - Uri " https://graph.microsoft.com/beta/domains/$ ( $domain.id ) /federationConfiguration" - AccessToken $GLOBALMsGraphAccessToken.access_token - QueryParameters @ { ' $select' = ' federatedIdpMfaBehavior' - UserAgent $ ($GlobalAuditSummary.UserAgent.Name ))
4114+ if ($FedConfig.Count -gt 0 ) {
4115+ if ($FedConfig.Count -gt 1 ) {
4116+ Write-Log - Level Debug - Message " Multiple federation configurations found for domain: $ ( $domain.id ) . Using the first entry."
4117+ }
4118+ $federatedIdpMfaBehavior = [string ]$FedConfig [0 ].federatedIdpMfaBehavior
4119+ Write-Log - Level Debug - Message " federatedIdpMfaBehavior for $ ( $domain.id ) : $federatedIdpMfaBehavior "
4120+ } else {
4121+ Write-Log - Level Debug - Message " No federation configuration found for domain: $ ( $domain.id ) "
41044122 }
4105- $federatedIdpMfaBehavior = [string ]$FedConfig [0 ].federatedIdpMfaBehavior
4106- Write-Log - Level Debug - Message " federatedIdpMfaBehavior for $ ( $domain.id ) : $federatedIdpMfaBehavior "
4107- } else {
4108- Write-Log - Level Debug - Message " No federation configuration found for domain: $ ( $domain.id ) "
4123+ } catch {
4124+ $federationLookupFailed = $true
4125+ Write-Log - Level Verbose - Message " Could not retrieve federation configuration for domain $ ( $domain.id ) : $ ( $_.Exception.Message ) "
41094126 }
41104127 }
41114128 [PSCustomObject ]@ {
0 commit comments