Azure Automation Runas Account insufficient privileges
Question
I am trying to run the Get-AzADApplication cmdlet using azure automation. I have checked all of my subscription and the Runas Account has "Contributer" in all of them. I am still getting the following error though. I know the error says insufficient privileges, but with the account having "Contributer" in all of my subscriptions, that just can't be true right?
Get-AzADApplication: Insufficient privileges to complete the operation. At line:41 char:21
$Applications = Get-AzADApplication~~~~~~~~~~~~~~~~~~~- CategoryInfo: InvalidOperation: (:) [Get-AzADApplication], Exception
- FullyQualifiedErrorId: Microsoft.Azure.Commands.ActiveDirectory.GetAzureADApplicationCommand
Here is the first little snippet of my code, and it just can't get past Get-AzADApplication
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave –Scope Process
$connection = Get-AutomationConnection -Name AzureRunAsConnection
while(!($connectionResult) -and ($logonAttempt -le 10))
{
$LogonAttempt++
# Logging in to Azure...
$connectionResult = Connect-AzAccount `
-ServicePrincipal `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint
Start-Sleep -Seconds 30
}
#Get Applications
$Applications = Get-AzADApplication
$ServicePrincipals = Get-AzADServicePrincipal
1 answers
solution1
0 ACCPTED 2021-03-24 15:49:55
The contributer role is not enough. You need administrator privilages.
The minumum role that you need is application administrator.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.