Forum Discussion
Alex_Rechs
Feb 10, 2023Brass Contributor
Calling principal does not have required MSGraph permissions AuditLog.Read.All
I have a Runbook (Automation Accounts) parsing AAD SignIn and Audit logs, however, when it executes Get-AzureADAuditSignInLogs I'm getting the following error: Get-AzureADAuditSignInLogs : Error occ...
- Feb 12, 2023It isn't, you should add/consent to the AuditLog.Read.All permission.
VasilMichev
MVP
It isn't, you should add/consent to the AuditLog.Read.All permission.
Chris2705
Jul 28, 2023Copper Contributor
VasilMichev
Can you please elaborate the answer ? the steps are not straightforward. I suppose this is involving the creation of a new app.
- roystoniusAug 17, 2023Copper ContributorChris2705 I'm trying to work this out myself at the moment. There is a known bug documented at
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/108
I'll post an actual technical answer here when i find it 🙂- Chris2705Aug 17, 2023Copper Contributor
I solved the issue giving the Graph permission without registering any app, and with a small powershell script.
Please follow this article and you'll be able to solve it as well.Unfortunately graph api permissions are something different than Azure AD roles.
- LainRobertsonAug 17, 2023Silver Contributor
Good job calling this out, as I think lots of people tend to conflate the two, where, as you say, they're very different beasts.
Cheers,
Lain