Pre-submission checklist
Describe the bug
When I run M2.1 the new access package tests fail with forbidden due to lack of P2 entitlement.
Select-Object: C:\Program Files\PowerShell\Modules\Maester\2.1.0\public\maester\azure\Get-MtAzureManagementGroup.ps1:29
Line |
29 | Select-Object -ExpandProperty value
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "value" cannot be found.
Test-MtEntitlementManagementDeletedGroups: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementDeletedGroups.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementDeletedGroups
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error checking access packages and catalogs: Response status code does not indicate success: Forbidden
| (Forbidden).
Test-MtEntitlementManagementInactivePolicies: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementInactivePolicies.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementInactivePolicies
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error checking access package assignment policies: Response status code does not indicate success: Forbidden
| (Forbidden).
Test-MtEntitlementManagementOrphanedResources: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementOrphanedResources.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementOrphanedResources
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Test-MtEntitlementManagementValidApprovers: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementValidApprovers.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementValidApprovers
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Test-MtEntitlementManagementValidResourceRoles: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementValidResourceRoles.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementValidResourceRoles
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Tenant is a M365 Business Premium tenant
Steps to reproduce
- Run Maester
- Error
Select-Object: C:\Program Files\PowerShell\Modules\Maester\2.1.0\public\maester\azure\Get-MtAzureManagementGroup.ps1:29
Line |
29 | Select-Object -ExpandProperty value
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "value" cannot be found.
Test-MtEntitlementManagementDeletedGroups: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementDeletedGroups.Tests.ps1:3
Expected behavior
Silently fail with error P2 License required
Debug output
DEBUG: GET /beta/identityGovernance/entitlementManagement/accessPackages HTTP/1.1
HTTP: graph.microsoft.com
ConsistencyLevel: eventual
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.26200; en-US) PowerShell/7.6.1 Invoke-MgGraphRequest
DEBUG: GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages
HTTP/2.0 403 Forbidden
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 380e16bb-fa40-44c1-ad42-1fc50cee4718
client-request-id: 90339f0c-8c25-4d89-998d-ac1c8b14c86e
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East US 2","Slice":"E","Ring":"5","ScaleUnit":"006","RoleInstance":"BN5PEPF0002D427"}}
Date: Mon, 04 May 2026 23:25:48 GMT
Content-Type: application/json
{"error":{"code":"NoLicense","message":"User is not authorized to perform the operation. Reason: Tenant does not meet license requirement!","details":[],"innerError":{"date":"2026-05-04T23:25:48","request-id":"380e16bb-fa40-44c1-ad42-1fc50cee4718","client-request-id":"90339f0c-8c25-4d89-998d-ac1c8b14c86e"}}}
Test-MtEntitlementManagementDeletedGroups: Error checking access packages and catalogs: Response status code does not indicate success: Forbidden (Forbidden).
Module version
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.1.0 Maester {Add-MtMaesterAppFederatedCredential, Add-MtTestResultDetail, Clear-MtDnsCache, Clear-MtExoCache…}
Environment data
Name Value
---- -----
PSVersion 7.6.1
PSEdition Core
GitCommitId 7.6.1
OS Microsoft Windows 10.0.26200
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.4
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Screenshots
No response
Additional context
No response
Pre-submission checklist
Describe the bug
When I run M2.1 the new access package tests fail with forbidden due to lack of P2 entitlement.
Select-Object: C:\Program Files\PowerShell\Modules\Maester\2.1.0\public\maester\azure\Get-MtAzureManagementGroup.ps1:29
Line |
29 | Select-Object -ExpandProperty value
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "value" cannot be found.
Test-MtEntitlementManagementDeletedGroups: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementDeletedGroups.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementDeletedGroups
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error checking access packages and catalogs: Response status code does not indicate success: Forbidden
| (Forbidden).
Test-MtEntitlementManagementInactivePolicies: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementInactivePolicies.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementInactivePolicies
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error checking access package assignment policies: Response status code does not indicate success: Forbidden
| (Forbidden).
Test-MtEntitlementManagementOrphanedResources: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementOrphanedResources.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementOrphanedResources
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Test-MtEntitlementManagementValidApprovers: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementValidApprovers.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementValidApprovers
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Test-MtEntitlementManagementValidResourceRoles: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementValidResourceRoles.Tests.ps1:3
Line |
3 | $result = Test-MtEntitlementManagementValidResourceRoles
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error running test: Response status code does not indicate success: Forbidden (Forbidden).
Tenant is a M365 Business Premium tenant
Steps to reproduce
Select-Object: C:\Program Files\PowerShell\Modules\Maester\2.1.0\public\maester\azure\Get-MtAzureManagementGroup.ps1:29
Line |
29 | Select-Object -ExpandProperty value
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "value" cannot be found.
Test-MtEntitlementManagementDeletedGroups: ~\OneDrive\PowerShell\Maester\Tests\Maester\Entra\Test-MtEntitlementManagementDeletedGroups.Tests.ps1:3
Expected behavior
Silently fail with error P2 License required
Debug output
Module version
Environment data
Screenshots
No response
Additional context
No response