Forum Discussion

JoostvdLinden's avatar
JoostvdLinden
Brass Contributor
Oct 11, 2023

SharePoint REST API - Get StorageQuotas from tenant admin site using managed identity

Hi everybody,

 

I would like to automate the process of sending alerts when the SharePoint tenant storage quota reaches certain level of thresholds.

 

I have found that I can perform a GET call on the following endpoint https://<mytenantname>-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2 to obtain information such as 'TenantStorageMB', 'GeoUsedStorageMB' and 'GeoAvailableStorageMB'.

 

I can use Logic Apps and perform the action 'Send an HTTP request to SharePoint' (built-in SharePoint Online connector) to obtain the information by connecting it with a SharePoint Administrator user account. However, I would like to use a managed identity instead for improved security. Hence, I have followed these steps:

  • enabled a system assigned managed identity on the Logic App
  • created a Key Vault in Azure
  • generated a certificate from within the Key Vault
  • created a new app registration in Entra ID
  • downloaded the certificate from the Key Vault (CER) and uploaded the certificate to the app registration
  • assigned application permissions (for testing purposes SharePoint Sites.FullControl.All), even tried to assign permissions to the Enterprise Application
  • allowed the Logic app to retrieve the certificate from the Key Vault

When I try to perform the same query, I get the following error message:

{
  "error": {
    "code""-2147024891, System.UnauthorizedAccessException",
    "message": {
      "lang""en-US",
      "value""Attempted to perform an unauthorized operation."
    }
  }
}
 
This is how I have configured the HTTP action, it always works, except for the query on this tenant admin site:

 

 
I would like to know how I could authorize the managed identity to perform the query on the SharePoint tenant admin site using the least privileged method. What am I doing wrong here?
 
Thanks for all help provided in advance!
 

Resources