From e509cb1b20649993f24a5e6e941f747590dbe274 Mon Sep 17 00:00:00 2001
From: John Duprey <john@cyberdrain.com>
Date: Tue, 25 Feb 2025 13:52:46 -0500
Subject: [PATCH] improve error message for gdap invites

---
 .../HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1
index 04e76f5997d0..cdfc60021116 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1	
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1	
@@ -82,7 +82,14 @@ Function Invoke-ExecGDAPInvite {
     } catch {
         $Message = 'Error creating GDAP relationship, failed at step: ' + $Step
         Write-Host "GDAP ERROR: $($_.InvocationInfo.PositionMessage)"
-        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_)
+
+        if ($Step -eq 'Creating GDAP relationship' -and $_.Exception.Message -match 'The user (principal) does not have the required permissions to perform the specified action on the resource.') {
+            $Message = 'Error creating GDAP relationship, ensure that all users have MFA enabled and enforced without exception. Please see the Microsoft Partner Security Requirements documentation for more information. https://learn.microsoft.com/en-us/partner-center/security/partner-security-requirements'
+        } else {
+            $Message = "$($Message): $($_.Exception.Message)"
+        }
+
+        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $env:TenantID -message $Message -Sev 'Error' -LogData (Get-CippException -Exception $_)
     }
 
     $body = @{