Forum Discussion
Calling principal does not have required MSGraph permissions AuditLog.Read.All
I have a Runbook (Automation Accounts) parsing AAD SignIn and Audit logs, however, when it executes Get-AzureADAuditSignInLogs I'm getting the following error:
Get-AzureADAuditSignInLogs : Error occurred while executing GetAuditSignInLogs Code: Authentication_MSGraphPermissionMissing Message: Calling principal does not have required MSGraph permissions AuditLog.Read.All
The Managed Identity I'm using in Runbook has Security Reader role, but it doesn't seem to be enough?
- It isn't, you should add/consent to the AuditLog.Read.All permission.
- It isn't, you should add/consent to the AuditLog.Read.All permission.
VasilMichev
Can you please elaborate the answer ? the steps are not straightforward. I suppose this is involving the creation of a new app.- Chris2705 I'm trying to work this out myself at the moment. There is a known bug documented at
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/108
I'll post an actual technical answer here when i find it 🙂
VasilMichev This is a terrible response and you get 'best answer' for this? Not helpful at all.
