MicrosoftWhat is the 'Get' command to see the assigned roles for your managed identity?
I would have thought Get-AzureAdServiceAppRoleAssignment would work, but it's not returning anything.
I'm using managed identities with Logic Apps using the playbooks in GitHub, eg:
$MIGuid = "<enter your MIGuid here>"
$MI = Get-AzureADServicePrincipal -ObjectId $MIGuid
$MDEAppId = "fc780465-2017-40d4-a0c5-307022471b92"
$PermissionName = "Machine.Read.All"
$MDEServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$MDEAppId'"
# Get the Permission
$AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
# Use the Permission Id and assign it to the Managed IDentity
New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id
I want to validate the permissions that were assigned to the managed identity above, using powershell.
Thanks!
