Azure Runbooks and Service Managed Identity

Question

Dear Community,&nbsp;&nbsp;I use Connect-AzAccount -Identity with my service managed identity to authenticate, but I have an issue executing Get-AzADApplication command in my runbook. I get:&nbsp;Body:
{
  "odata.error": {
    "code": "Authorization_RequestDenied",
    "message": {
      "lang": "en",
      "value": "Insufficient privileges to complete the operation."
    },
    "requestId": "f5e5cb9d-f6ae-477e-aeb0-0438253deb26",
    "date": "2021-11-27T12:36:04"
  }
}

Caught exception, type: Microsoft.Azure.Graph.RBAC.Models.GraphErrorExceptionA command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Insufficient privileges to complete the operation.The role assignment for my system-assigned identity is "Owner" and the Scope is "Subscription".&nbsp;I also went to Active Directory -&gt; Enterprise Apps -&gt; All Applications, found my identity and gave it the following permissions:&nbsp;Would someone have any advice on why I am unable&nbsp;to list all the applications under my tenant using a runbook? What have I missed?

hspinto · Answer

MarkW130&nbsp;
&nbsp;
You should assign your Application the Global Reader role in Azure AD.
&nbsp;

&nbsp;

Forum Discussion

Azure Runbooks and Service Managed Identity

Share