Forum Discussion
Azure Automation: issues connecting to security and compliance center in remote session
I'm at a loss here. I'm trying to use a Azure Automation PowerShell runbook to connect to the Security and Compliance Center. Specifically I am looking to use the Get-RetentionCompliancePolicy and Set-RetentionCompliancePolicy commands.
$cred = Get-AutomationPSCredential -Name "Admin"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking -AllowClobber | Out-Null
Get-RetentionCompliancePolicy
Get-PSSession | Remove-PSSession
It turned out to be a permission issue on my service account. I had it setup as a Security Center Admin but apparently that is not enough for this to work. After giving the account more capabilities under the Security and Compliance center it started working.
I have not tested exactly what minimum permissions is required but when I checked all these it started working. Previously I only had Security admin checked.
So lesson here is don't assume Security Admin role means they can do everything in the Security and Compliance center. Seems backwards but there you have it.
- thinkhavenCopper Contributor
It turned out to be a permission issue on my service account. I had it setup as a Security Center Admin but apparently that is not enough for this to work. After giving the account more capabilities under the Security and Compliance center it started working.
I have not tested exactly what minimum permissions is required but when I checked all these it started working. Previously I only had Security admin checked.
So lesson here is don't assume Security Admin role means they can do everything in the Security and Compliance center. Seems backwards but there you have it.