Forum Discussion

MarkW130's avatar
MarkW130
Copper Contributor
Nov 27, 2021

Azure Runbooks and Service Managed Identity

Dear Community, 

 

I use Connect-AzAccount -Identity with my service managed identity to authenticate, but I have an issue executing Get-AzADApplication command in my runbook. I get: 

Body:
{
  "odata.error": {
    "code": "Authorization_RequestDenied",
    "message": {
      "lang": "en",
      "value": "Insufficient privileges to complete the operation."
    },
    "requestId": "f5e5cb9d-f6ae-477e-aeb0-0438253deb26",
    "date": "2021-11-27T12:36:04"
  }
}

Caught exception, type: Microsoft.Azure.Graph.RBAC.Models.GraphErrorException
A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Insufficient privileges to complete the operation.

The role assignment for my system-assigned identity is "Owner" and the Scope is "Subscription".

 

I also went to Active Directory -> Enterprise Apps -> All Applications, found my identity and gave it the following permissions:

 

Would someone have any advice on why I am unable to list all the applications under my tenant using a runbook? What have I missed?

Resources