New AzureADPolicy:在windows powershell中执行NewPolicy时出错

我正在尝试按照Microsoft网站（）上的说明配置自定义令牌过期策略

然而，我得到了一个无法理解的错误消息。这似乎不是一个暂时的错误，因为在过去的几天里我已经试过几次了

我曾经尝试过以正常和“管理员”的身份运行Powershell，这对结果没有影响

PS C:\Users\sheakbar> New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1,”MaxInactiveTime”:”14.00:00:00″,”MaxAgeSing
leFactor”:”90.00:00:00″,”MaxAgeMultiFactor”:”90.00:00:00″,”MaxAgeSessionSingleFactor”:”until-revoked”,”MaxAgeSessionMultiFactor”:”unti
l-revoked”}}’) -DisplayName “OrganizationDefaultPolicyScenario” -IsOrganizationDefault $true -Type “TokenLifetimePolicy”
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
InnerError:
  RequestId: 4c0f01de-96b4-4483-8a19-43b411149880
  DateTimeStamp: Thu, 07 Jun 2018 04:28:08 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1, ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureADPolicy], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy

---

根据错误消息，您的帐户似乎不是租户中的全局管理员，并且没有足够的权限执行此powershell命令

解决方案：

如果我们使用（xxx.onmicrosoft.com）帐户连接AzureAD，请运行Connect命令

Connect AzureAD

登录您的Azure AD管理员帐户

然后我们可以制定新的AzureADPolicy，我用下面的命令在我这边测试它

New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"14.00:00:00","MaxAgeSingleFactor":"90.00:00:00","MaxAgeMultiFactor":"90.00:00:00","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

---

使用azure ad管理员帐户登录，仍然会收到相同的问题hi@aleemakbarsk，此管理员帐户是此租户的成员吗？或客户用户？帐户中的成员