I have an Azure Automation Account (Run As) with a runbook that will add an domain to the b2b whitelist. Now I recognized, that the Service Principle behind it needs "Global Admin" or "Security Admin" permissions to add a domain in the whitelist.
Are there other permissions that allow the Service Principle to write this data? Our security won't be happy, if my Automation Accounts needs one of those permissions.
The Graph API permissions won't work, because this is not yet included.