Azure B2B whitelisting using Azure Automation - permission problem

%3CLINGO-SUB%20id%3D%22lingo-sub-968854%22%20slang%3D%22de-DE%22%3EAzure%20B2B%20whitelisting%20using%20Azure%20Automation%20-%20permission%20problem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-968854%22%20slang%3D%22de-DE%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EYou%20are%20my%20last%20hope%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EI%20have%20an%20Azure%20Automation%20Account%20(Run%20As)%20with%20a%20runbook%20that%20will%20add%20a%20domain%20to%20the%20b2b%20whitelist.%20Now%20I%20recognized%20that%20the%20Service%20Principle%20behind%20it%20needs%20%22Global%20Admin%22%20or%20%22Security%20Admin%22%20permissions%20to%20add%20a%20domain%20in%20the%20whitelist.%3C%2FP%3E%3CP%3EAre%20there%20other%20permissions%20that%20allow%20the%20Service%20Principle%20to%20write%20this%20data%3F%20Our%20security%20won't%20be%20happy%2C%20if%20my%20Automation%20Accounts%20needs%20one%20of%20those%20permissions.%3C%2FP%3E%3CP%3EThe%20Graph%20API%20permissions%20won't%20work%2C%20because%20this%20is%20not%20yet%20included.%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EDominik%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-968854%22%20slang%3D%22de-DE%22%3E%3CLINGO-LABEL%3EAutomation%20%26amp%3B%20Control%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1934527%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20B2B%20whitelisting%20using%20Azure%20Automation%20-%20permission%20problem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1934527%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F437426%22%20target%3D%22_blank%22%3E%40efingdmi%3C%2FA%3E%26nbsp%3BHi%2C%3CBR%20%2F%3Edid%20you%20find%20any%20answer%2Fsolution%3F%20Which%20permission%20did%20you%20take%20to%20be%20able%20to%20whitelist%20domains%3F%3CBR%20%2F%3E%3CBR%20%2F%3EBR%2C%20Elisabeth%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi all,

you are my last hope :)

I have an Azure Automation Account (Run As) with a runbook that will add an domain to the b2b whitelist. Now I recognized, that the Service Principle behind it needs "Global Admin" or "Security Admin" permissions to add a domain in the whitelist.

Are there other permissions that allow the Service Principle to write this data? Our security won't be happy, if my Automation Accounts needs one of those permissions.

The Graph API permissions won't work, because this is not yet included.

Any ideas?

 

Thanks,

Dominik

1 Reply

@efingdmi Hi,
did you find any answer/solution? Which permission did you take to be able to whitelist domains?

BR, Elisabeth