Run Get-AzADApplication from an Azure Runbook using a Managed Identity
Hi I am wanting to get App registration information for several applications within my tenant (but different subscriptions) using an Automation Account Runbook. I currently have a System Assigned managed identity on the automation account. Inside my powreshell workflow runbook I have the following snippet of code:
try{
"Logging in to Azure..."
#Connect-AzAccount
Connect-AzAccount -Identity
$token = (Get-AzAccessToken -ResourceTypeName MSGraph).token
$secreToken = ConvertTo-SecureString -String $token -AsPlainText -Force
Connect-MgGraph -AccessToken $secreToken
}
catch{
Write-Error -Message $_.Exception
throw $_.Exception
}
$apps = Get-AzADApplication
When I run the runbook I get an Insufficient privileges to complete the operation. error message. Is there anyway to run Get-AzADApplication using a managed identity in this way? If not, is there a better authentication method to use?
Firstly, I have tried your code and got similar error as you got as below:
Now, Firstly go to azure active directory and then click on Roles and administrators:
Then search directory Readers as below and then click on it:
Then click on add Assignments as below:
Then select a member as below:
then click on next:
Now then I go back to runbook and when I run the error is resolved:
- Can't signin into microsoft account
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Azure Function App Kudu Functions API with empty response
- Get Azure Active Directory password expiry date in PowerShell
- Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
- Azure Logic App HTTP Request Authentication Scope
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Privileged Identity Management - My roles
- Creating a VM in Azure using Powershell
- Creating multiple function apps with one Flex Consumption plan
- Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
- Trigger azure function on user registration in b2c
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure DevOps Pipeline Expression Evaluation
- Using Event Hubs binding for Azure Functions with managed identities?
- How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
- Cosmos DB for MongoDB private endpoint requests blocked by network firewall
- Specifying SAS Token Authorization header with Azure REST API
- Databricks ui is different between different Azure Tenants with activated SCIM Integration
- Download large files in Azure image builder process
- TriggerBuild Could not queue the build because there were validation errors or warnings
- How to filter users in directory by company name with Microsoft Graph Java SDK?
- How to get the azure subscription current cost using PowerShell
- How to automate Azure Data Factory (ADF) credential updates from development to production using Azure DevOps?
- Azure Form Recognizer Set API Version
- Is there a way to deploy a azure function directly to a storage account with private endpoint
- How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?