Set-AzureADMSTrustFrameworkPolicy powershell cmdlet works on laptop but not in github actions. No changes done

Question

I have created a service principle in Azure AD B2C and want to upload TrustFrameworkExtensions.xml file to it using Set-AzureADMSTrustFrameworkPolicy powershell cmdlet in GHA. Everything in this works for me except the last line. I get an error Set-AzureADMSTrustFrameworkPolicy is not know cmdlet even though I am able to successfully import Powershell AzureADPreview module without any issues. I am pulling my hair out to figure this out.

Also note this works on my laptop. But i am getting an error while running it in github actions. I am running windows powershell

this is the error:

Set-AzureADMSTrustFrameworkPolicy : The term 'Set-AzureADMSTrustFrameworkPolicy' is not recognized as the name of a 
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify 
that the path is correct and try again.
At D:\a\_temp\e4c3721f-2770-44f1-897e-b9434474d966.ps1:23 char:1
+ Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_TrustFrameworkExtensions ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Set-AzureADMSTrustFrameworkPolicy:String) [], ParentContainsErrorRecord 
   Exception
    + FullyQualifiedErrorId : CommandNotFoundException
 
Error: Process completed with exit code 1.

This is the code:

  run-script:
    runs-on: windows-latest  # Run on Windows for PowerShell compatibility

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Azure login
        uses: azure/login@v2
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Upload Files to Azure AD B2C
        run: |
          Install-Module -Name AzureADPreview -Scope CurrentUser -Force -AllowClobber
          Import-Module AzureADPreview
          if (Get-Module -Name AzureADPreview -ListAvailable) {
                  Write-Host "AzureADPreview module is installed."
          } else {
                  Write-Host "AzureADPreview module is not installed."
          }
          az login --service-principal --username $service-principal-clientId --password $service-principal-password --tenant $tenantId --allow-no-subscriptions
          $aadToken = az account get-access-token --resource-type aad-graph | ConvertFrom-Json
          $graphToken = az account get-access-token --resource-type ms-graph | ConvertFrom-Json
          Connect-AzureAD -AadAccessToken $aadToken.accessToken -AccountId $service-principal-clientId -TenantId $tenantId -MsAccessToken $graphToken.accessToken
          Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_TrustFrameworkExtensions -InputFilePath .\Templates\TrustFrameworkExtensions.xml
        shell: powershell
        ```

Answer 1

Note that: AzureAD, AzureADPreview modules are deprecated, you need make use of Microsoft Graph Module or any other modules to perform the action. Refer this blog

Hence as a workaround, I used Microsoft Graph API query to upload custom policy like below:

I uploaded the policy in the GitHub repository:

And used the below yml file to upload the policy:

name: Azure AD B2C Policy Upload

on:
  push:
    branches:
      - main

jobs:
  install-and-upload:
    runs-on: windows-latest  # Use a Windows runner
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v3  # Checkout your repository code to access the PowerShell script

      - name: Azure login
        run: |
          # Log in to Azure using the service principal credentials directly
          az login --service-principal --username "B2CAppClientID" --password "B2CAppClientSecret" --tenant "B2CTenantID" --allow-no-subscriptions

          # Get the access token for Microsoft Graph API
          access_token=$(az account get-access-token --resource-type ms-graph --query accessToken -o tsv | tr -d '\r')

          # Define the path to your policy file
          policy_file="B2C_1A_TESTPOLICY.xml"

          # Upload the policy file to Azure AD B2C
          az rest --method post \
            --uri "https://graph.microsoft.com/beta/trustFramework/policies" \
            --headers "Content-Type=application/xml" "Authorization=Bearer $access_token" \
            --body "@$policy_file"
        shell: bash

The policy uploaded successfully:

• Also make sure to grant Policy.ReadWrite.TrustFramework API permission:

• Refer this MsDoc, to perform different operations on custom policy.
• Otherwise, refer Deploy custom policies with GitHub Actions - Azure AD B2C | Microsoft to know more in detail.
• You can also make use of direct PowerShell commands like New-MgBetaTrustFrameworkPolicy, Update-MgBetaTrustFrameworkPolicy to create, update respectively. Refer this GitHub blog