I have an azure function, that is backed by managed identity.
On the same AD there is office 365 with a SharePoint site called "demonews".
How do I add permissions/add the managed identity to the group "demonews" such it can access the SharePoint API?
I tried Add Member on SharePoint site, I tried on AD Group to add a member. The dropdown do not find a managed identity.
I think this what you are looking for:
Essentially you will get the azure service principal for office 365 SharePoint as well as the roles.
#Get the sharePoint principal $sharePoint = (Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint”).ObjectId
#Get the Roles for that principal $appRoles = Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint” | %{$_.AppRoles}
#Find the specific role $appRole = AppRoles.Where({ $_.Value -eq "Sites.Manage.All" }
#You will also need to get the service principal for your function app
#Get the function app object id $myfunctionapp = (Get-AzureADServicePrincipal -SearchString “myfunctionapp”).ObjectId
#assign the role to the MSI for the sharepoint resource New-AzureADServiceAppRoleAssignment -ObjectId $myfunctionapp -PrincipalId $myfunctionapp -ResourceId $sharePoint -Id $appRole
You can then use the local MSI endpoint and secret to obtain a token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.