New-MgBetaDirectorySetting not working

[AlyaKoni]

Describe the bug

Trying to create a new Password Rule Directory Settings :

# Configuring settings template
Write-Host "Configuring settings template" -ForegroundColor $CommandInfo
$SettingTemplate = Get-MgBetaDirectorySettingTemplate | Where-Object { $_.DisplayName -eq "Password Rule Settings" }
$Setting = Get-MgBetaDirectorySetting | Where-Object { $_.TemplateId -eq $SettingTemplate.Id }
if (-Not $Setting)
{
    Write-Warning "Setting not yet created. Creating one based on template."
    $Values = @()
    foreach($dval in $SettingTemplate.Values) {
	    $Values += @{Name = $dval.Name; Value = $dval.DefaultValue}
    }
    $Setting = New-MgBetaDirectorySetting -DisplayName "Password Rule Settings" -TemplateId $SettingTemplate.Id -Values $Values
    $Setting = Get-MgBetaDirectorySetting | Where-Object { $_.TemplateId -eq $SettingTemplate.Id }
}

This gives the error:

New-MgBetaDirectorySetting_CreateExpanded: D:\Repos\PFIBDO-ADM-CloudConfiguration\scripts\security\Set-BannedPasswords.ps1:91:5
Line |
  91 |      $Setting = New-MgBetaDirectorySetting -DisplayName "Password Rule …
     |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Cannot convert the literal 'True' to the expected type 'Edm.String'.  Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-02-28T17:40:56        
     | Headers: Cache-Control                 : no-cache Vary                          : Accept-Encoding Strict-Transport-Security     : max-age=31536000 request-id 
     | : f525f837-aecc-4a16-9882-a8ddb34b45df client-request-id             : f237a0ac-15ca-4390-887f-3595e7fca430 x-ms-ags-diagnostic           :
     | {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"ZR1PEPF0000065F"}} x-ms-resource-unit            : 1 
     | Date                          : Fri, 28 Feb 2025 17:40:55 GMT

  Recommendation: See service error codes: https://learn.microsoft.com/graph/errors

This code works since years.

Expected behavior

The directory setting should be created

How to reproduce

Run above code

SDK Version

Microsoft.Graph.Authentication 2.26.1 and Microsoft.Graph.Beta.Identity.DirectoryManagement 2.26.1

Latest version known to work for scenario above?

2.25.X

Known Workarounds

None known

Debug output

Click to expand log

``` [DBG]: PS D:\Repos\PFIBDO-ADM-CloudConfiguration> New-MgBetaDirectorySetting -DisplayName "Password Rule Settings" -TemplateId $SettingTemplate.Id -Values $Values -Debug [CmdletBeginProcessing]: - New-MgBetaDirectorySetting begin processing with parameterSet 'CreateExpanded'. [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'. [Authentication]: - Scopes: [Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, AuditLog.Read.All, ChannelMessage.Send, Contacts.Read, CrossTenantInformation.ReadBasic.All, DelegatedPermissionGrant.ReadWrite.All, DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfig.ReadWrite.All, Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, Domain.ReadWrite.All, email, Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, Organization.ReadWrite.All, OrganizationalBranding.ReadWrite.All, Policy.Read.All, Policy.ReadWrite.AuthenticationMethod, Policy.ReadWrite.Authorization, Policy.ReadWrite.ConditionalAccess, Policy.ReadWrite.CrossTenantAccess, Policy.ReadWrite.DeviceConfiguration, Policy.ReadWrite.PermissionGrant, profile, RoleAssignmentSchedule.ReadWrite.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory, SharePointTenantSettings.ReadWrite.All, TeamMember.ReadWrite.All, TeamsApp.ReadWrite.All, TeamsAppInstallation.ReadWriteForTeam, TeamsAppInstallation.ReadWriteSelfForTeam, TeamSettings.ReadWrite.All, TeamsTab.ReadWrite.All, User.Read.All, User.ReadWrite.All, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All, WindowsUpdates.ReadWrite.All].

Confirm
Are you sure you want to perform this action?
Performing the operation "New-MgBetaDirectorySetting_CreateExpanded" on target "Call remote 'POST /settings' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/beta/settings

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; de-CH),PowerShell/2025.0.0
SdkVersion : graph-powershell-beta/2.26.1
client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
Accept-Encoding : gzip,deflate,br

Body:
{
"displayName": "Password Rule Settings",
"templateId": "5cf42378-d67d-4f36-ba46-e8b86229381d",
"values": [
{
"name": "BannedPasswordCheckOnPremisesMode",
"value": "Audit"
},
{
"name": "EnableBannedPasswordCheckOnPremises",
"value": true
},
{
"name": "EnableBannedPasswordCheck",
"value": true
},
{
"name": "LockoutDurationInSeconds",
"value": 60
},
{
"name": "LockoutThreshold",
"value": 10
},
{
"name": "BannedPasswordList",
"value": ""
}
]
}

============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 03f53341-d485-4054-beae-938f0cbca8a6
client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E0"}}
x-ms-resource-unit : 1
Date : Fri, 28 Feb 2025 17:47:11 GMT

Body:
{
"error": {
"code": "Request_BadRequest",
"message": "Cannot convert the literal 'True' to the expected type 'Edm.String'.",
"innerError": {
"date": "2025-02-28T17:47:12",
"request-id": "03f53341-d485-4054-beae-938f0cbca8a6",
"client-request-id": "bdeb9ef0-fa7d-49f5-826a-7640057b3884"
}
}
}

New-MgBetaDirectorySetting_CreateExpanded: D:\WindowsPowerShell\Modules\Microsoft.Graph.Beta.Identity.DirectoryManagement\2.26.1\exports\ProxyCmdletDefinitions.ps1:104703:23
Line |
104703 | $scriptCmd = {& $wrappedCmd @PSBoundParameters}
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert the literal 'True' to the expected type 'Edm.String'. Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-02-28T17:47:12
| Headers: Cache-Control : no-cache Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000
| request-id : 03f53341-d485-4054-beae-938f0cbca8a6 client-request-id : bdeb9ef0-fa7d-49f5-826a-7640057b3884
| x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E0"}}
| x-ms-resource-unit : 1 Date : Fri, 28 Feb 2025 17:47:11 GMT

Recommendation: See service error codes: https://learn.microsoft.com/graph/errors

</details>


### Configuration

[DBG]: PS D:\Repos\PFIBDO-ADM-CloudConfiguration> $PSVersionTable
Name                           Value
----                           -----
PSVersion                      7.5.0
PSEdition                      Core
GitCommitId                    7.5.0
OS                             Microsoft Windows 10.0.26100
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Architecture: x64

### Other information

_No response_