Permission to run Get-AzADApplication within a Runbook

olti88 · ‎Nov 15 2021

Dear all,

i have a project that i want to monitor the expiry date for some service principals in Azure.My company uses only one tenant and this tenant has more than 1000 service prinicpals,my goal is to monitor only some of them,which belong to my department.So i wrote a PS script which lists all service prinicpals and then filters only them that matchs my requiment.I used the cmdlet 'Get-AzADApplication'.My problem is that if i run this cmdlet in cloud PS(in Azure) it works,but if i run it within a Runbook in Azure i get the error:

 30 |  Get-AzADApplication
     |  ~~~~~~~~~~~~~~~~~~~
     | Insufficient privileges to complete the operation.

Any idea how to handle it?Some google search have shown that i need "application directory.read.all" permission in AAD but since i am from devops team i dont think i will get this permission from sysadmin team.

Below a snippet of script to get an idea what i am doing

#List all subscriptions
$subID = get-AzSubscription

#List all terraform users
$applications=@(foreach ($name in $subID.Id)
{
   Get-AzADApplication -DisplayNameStartWith  terraform-$name
})

Luke Murray · ‎Jan 15 2022

Not entirely sure of the answer to your original question, especially when you may not be able to get the actual rights you need.

here are some options:

Power Automate: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/use-power-automate-to-notify...

PowerShell runbook with SendGrid email: https://github.com/SIbanez1990/azautomation/blob/main/auditexpireingspns.ps1

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Permission to run Get-AzADApplication within a Runbook

Permission to run Get-AzADApplication within a Runbook

Re: Permission to run Get-AzADApplication within a Runbook