Feb 10 2023 09:53 AM
I have a Runbook (Automation Accounts) parsing AAD SignIn and Audit logs, however, when it executes Get-AzureADAuditSignInLogs I'm getting the following error:
Get-AzureADAuditSignInLogs : Error occurred while executing GetAuditSignInLogs Code: Authentication_MSGraphPermissionMissing Message: Calling principal does not have required MSGraph permissions AuditLog.Read.All
The Managed Identity I'm using in Runbook has Security Reader role, but it doesn't seem to be enough?
Feb 12 2023 08:01 AM
SolutionJul 28 2023 03:08 AM
@VasilMichev
Can you please elaborate the answer ? the steps are not straightforward. I suppose this is involving the creation of a new app.
Aug 17 2023 03:03 AM
@VasilMichev This is a terrible response and you get 'best answer' for this? Not helpful at all.
Aug 17 2023 03:05 AM
Aug 17 2023 03:19 AM
I solved the issue giving the Graph permission without registering any app, and with a small powershell script.
Please follow this article and you'll be able to solve it as well.
Unfortunately graph api permissions are something different than Azure AD roles.
Aug 17 2023 03:27 AM
Good job calling this out, as I think lots of people tend to conflate the two, where, as you say, they're very different beasts.
Cheers,
Lain
Feb 12 2023 08:01 AM
Solution