This is a bug in the script.

There is no scope named ‘Policy.Read.AuthenticationMethod’, the proper scope name is ‘Policy.ReadWrite.AuthenticationMethod’.

This is the line causing the error:

$ConnectionGraph.Scopes = $ConnectionGraph.Scopes -replace “write”,”” | select -Unique

It appears that what the author was trying to do was simplify the next block of code, but he failed to consider that some scopes may require the “write” section. Just comment the line out. (Add a ‘#’ in front of the ‘$’.) That worked for me.

Error: PS C:\Windows\System32> Get-MgPimRoleAssignment -RoleName ‘Global Administrator’
InvalidOperation: The property ‘Scopes’ cannot be found on this object. Verify that the property exists and can be set.

PS C:\Windows\System32> Get-MgPimRoleAssignment -Verbose
VERBOSE: GET https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions with 0-byte payload
Invoke-MgGraphRequest: InteractiveBrowserCredential authentication failed: AADSTS650053: The application ‘Microsoft Graph Command Line Tools’
asked for scope ‘Policy.Read.AuthenticationMethod’ that doesn’t exist on the resource
‘00000003-0000-0000-c000-000000000000’. Contact the app vendor. Trace ID: 06b08658-cc2a-47b9-8206-b949cae25e00
Correlation ID: bc224d57-e9b6-4ff5-884c-c3c94b769878 Timestamp: 2024-03-21 03:41:57Z

Post/Script has been updated for scopes.