Playbook / Auth. and Mail problems

Copper Contributor


Hello community!

I have two challenges in a logic app / playbook. I have created an app registration to use it as a service principle.


Problem 1:

Part - Run query and visualize results

So my understanding is, that we have to grant the Role "Monitoring Reader" or "LogAnalytics Reader" the App Registration. But we got the same error message.. Whats the right way?

Raw output:


body": {
        "ResultStatus": "Forbidden",
        "Content": {
            "error": {
                "code": "AuthorizationFailed",
                "message": "The client 'APP REG ID' with object id 'xxxxxxxxxxx' does not have authorization to perform action 'Microsoft.OperationalInsights/workspaces/read' over scope '/subscriptions/XXXXX/resourcegroups/XXXXXX/providers/Microsoft.OperationalInsights/workspaces/A2-Sentinel01' or the scope is invalid. If access was recently granted, please refresh your credentials."



Problem 2:

Send Mail with a MFA enabled account


The second challenge is to send a mail with active MFA. I read about APP Registration with OAuth. I couldn´t find any tutorials but i think we are not the first customer with that challange :) Any ideas?


Thank you!








2 Replies

@Garfield-P Not sure about question 2, but for question 1 it appears that you need to give you app the rights on the resource directly.  It looks like it has no rights to the workspace so it cannot read it.

@Garfield-PIt seems like the first issue is likely due to insufficient app permissions. Many of the permissions sometimes looks very similar in the first look but you need to make sure you have provided the right one if the error is persistent.
The second issue should not be much of a problem as 'OAuth' can absolutely be used as a authentication parameter in playbooks. Can you please elaborate more on what's the issue there?