Get-AzureRmADApplication insufficient privileges

[MouthOfMadness]

Description

I'm using a service principal to query and configure another application for the purpose of putting a policy in a key vault, but every powershell command returns insufficient privileges.

I have configured my service principal with every possible permission (see the attached screen shot).

Script/Steps for Reproduction

I can't get past the Get-AzureRmADApplication without a Authorization_RequestDenied error when I run a Powershell script in VSTS using the latest version of powershell. In testing, the commands work on my desktop, I suppose because I'm a user rather than a service principal.

$app = "NotificationService-6znxem2fcv6tq"
$rg = "***"
$tenantId = "***"

$DebugPreference="Continue"
$app = Get-AzureRmADApplication -DisplayNameStartWith $appName
$sp = New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
$cred = New-Object System.Management.Automation.PSCredential($sp.ApplicationId, $sp.Secret)
Connect-AzureRmAccount -Credential $cred -ServicePrincipal -TenantId $tenantId
New-AzureRmRoleAssignment -ResourceGroupName $rg -ObjectId $sp.Id -RoleDefinitionName Owner

Module Version

Get-Module -ListAvailable

Environment Data

2018-12-18T22:07:28.9271849Z mod
2018-12-18T22:07:48.4131567Z 
2018-12-18T22:07:48.4131912Z 
2018-12-18T22:07:48.4134010Z     Directory: C:\Modules\azurerm_6.7.0
2018-12-18T22:07:48.4134069Z 
2018-12-18T22:07:48.4134274Z 
2018-12-18T22:07:48.4143432Z ModuleType Version    Name                                ExportedCommands                                             
2018-12-18T22:07:48.4145781Z ---------- -------    ----                                ----------------                                             
2018-12-18T22:07:48.4171523Z Script     0.5.4      Azure.AnalysisServices              {Add-AzureAnalysisServicesAccount, Restart-AzureAnalysisSe...
2018-12-18T22:07:48.4208830Z Script     4.5.0      Azure.Storage                       {Get-AzureStorageTable, New-AzureStorageTableSASToken, New...
2018-12-18T22:07:48.4227374Z Script     6.7.0      AzureRM                                                                                          
2018-12-18T22:07:48.4264425Z Script     0.6.12     AzureRM.AnalysisServices            {Resume-AzureRmAnalysisServicesServer, Suspend-AzureRmAnal...
2018-12-18T22:07:48.4303048Z Script     6.1.3      AzureRM.ApiManagement               {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementS...
2018-12-18T22:07:48.4340650Z Script     0.1.6      AzureRM.ApplicationInsights         {Get-AzureRmApplicationInsights, New-AzureRmApplicationIns...
2018-12-18T22:07:48.4378456Z Script     5.0.4      AzureRM.Automation                  {Get-AzureRMAutomationHybridWorkerGroup, Get-AzureRmAutoma...
2018-12-18T22:07:48.4416350Z Script     4.0.8      AzureRM.Backup                      {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerRe...
2018-12-18T22:07:48.4454854Z Script     4.1.3      AzureRM.Batch                       {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-...
2018-12-18T22:07:48.4511848Z Script     0.14.5     AzureRM.Billing                     {Get-AzureRmBillingInvoice, Get-AzureRmBillingPeriod, Get-...
2018-12-18T22:07:48.4550132Z Script     5.0.3      AzureRM.Cdn                         {Get-AzureRmCdnProfile, Get-AzureRmCdnProfileSsoUrl, New-A...
2018-12-18T22:07:48.4588366Z Script     0.9.8      AzureRM.CognitiveServices           {Get-AzureRmCognitiveServicesAccount, Get-AzureRmCognitive...
2018-12-18T22:07:48.4626048Z Script     5.5.0      AzureRM.Compute                     {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet...
2018-12-18T22:07:48.4657199Z Script     0.3.7      AzureRM.Consumption                 {Get-AzureRmConsumptionBudget, Get-AzureRmConsumptionMarke...
2018-12-18T22:07:48.4696731Z Script     0.2.8      AzureRM.ContainerInstance           {New-AzureRmContainerGroup, Get-AzureRmContainerGroup, Rem...
2018-12-18T22:07:48.4734466Z Script     1.0.8      AzureRM.ContainerRegistry           {New-AzureRmContainerRegistry, Get-AzureRmContainerRegistr...
2018-12-18T22:07:48.4770981Z Script     5.0.3      AzureRM.DataFactories               {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get...
2018-12-18T22:07:48.4807652Z Script     0.5.8      AzureRM.DataFactoryV2               {Set-AzureRmDataFactoryV2, Update-AzureRmDataFactoryV2, Ge...
2018-12-18T22:07:48.4832864Z Script     5.1.2      AzureRM.DataLakeAnalytics           {Get-AzureRmDataLakeAnalyticsDataSource, New-AzureRmDataLa...
2018-12-18T22:07:48.4869540Z Script     6.1.2      AzureRM.DataLakeStore               {Get-AzureRmDataLakeStoreTrustedIdProvider, Remove-AzureRm...
2018-12-18T22:07:48.4905889Z Script     4.0.7      AzureRM.DevTestLabs                 {Get-AzureRmDtlAllowedVMSizesPolicy, Get-AzureRmDtlAutoShu...
2018-12-18T22:07:48.4945637Z Script     5.0.2      AzureRM.Dns                         {Get-AzureRmDnsRecordSet, New-AzureRmDnsRecordConfig, Remo...
2018-12-18T22:07:48.4979740Z Script     0.3.7      AzureRM.EventGrid                   {New-AzureRmEventGridTopic, Get-AzureRmEventGridTopic, Set...
2018-12-18T22:07:48.5016200Z Script     0.6.8      AzureRM.EventHub                    {New-AzureRmEventHubNamespace, Get-AzureRmEventHubNamespac...
2018-12-18T22:07:48.5051248Z Script     4.1.6      AzureRM.HDInsight                   {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefi...
2018-12-18T22:07:48.5082871Z Script     5.1.1      AzureRM.Insights                    {Get-AzureRmMetricDefinition, Get-AzureRmMetric, Remove-Az...
2018-12-18T22:07:48.5117937Z Script     3.1.6      AzureRM.IotHub                      {Add-AzureRmIotHubKey, Get-AzureRmIotHubEventHubConsumerGr...
2018-12-18T22:07:48.5153488Z Script     5.1.1      AzureRM.KeyVault                    {Add-AzureKeyVaultCertificate, Update-AzureKeyVaultCertifi...
2018-12-18T22:07:48.5185804Z Script     4.1.2      AzureRM.LogicApp                    {Get-AzureRmIntegrationAccountAgreement, Get-AzureRmIntegr...
2018-12-18T22:07:48.5218601Z Script     0.18.3     AzureRM.MachineLearning             {Move-AzureRmMlCommitmentAssociation, Get-AzureRmMlCommitm...
2018-12-18T22:07:48.5252683Z Script     0.4.6      AzureRM.MachineLearningCompute      {Get-AzureRmMlOpCluster, Get-AzureRmMlOpClusterKey, Test-A...
2018-12-18T22:07:48.5267286Z Script     0.2.5      AzureRM.MarketplaceOrdering         {Get-AzureRmMarketplaceTerms, Set-AzureRmMarketplaceTerms}   
2018-12-18T22:07:48.5760747Z Script     0.10.2     AzureRM.Media                       {Sync-AzureRmMediaServiceStorageKeys, Set-AzureRmMediaServ...
2018-12-18T22:07:48.6109243Z Script     6.5.0      AzureRM.Network                     {Add-AzureRmApplicationGatewayAuthenticationCertificate, G...
2018-12-18T22:07:48.6109648Z Script     5.0.3      AzureRM.NotificationHubs            {Get-AzureRmNotificationHub, Get-AzureRmNotificationHubAut...
2018-12-18T22:07:48.6109859Z Script     5.0.4      AzureRM.OperationalInsights         {New-AzureRmOperationalInsightsAzureActivityLogDataSource,...
2018-12-18T22:07:48.6110859Z Script     1.0.4      AzureRM.PolicyInsights              {Get-AzureRmPolicyEvent, Get-AzureRmPolicyState, Get-Azure...
2018-12-18T22:07:48.6111178Z Script     4.1.8      AzureRM.PowerBIEmbedded             {Remove-AzureRmPowerBIWorkspaceCollection, Get-AzureRmPowe...
2018-12-18T22:07:48.6111501Z Script     5.4.0      AzureRM.profile                     {Disable-AzureRmDataCollection, Disable-AzureRmContextAuto...
2018-12-18T22:07:48.6111798Z Script     4.1.6      AzureRM.RecoveryServices            {Get-AzureRmRecoveryServicesBackupProperty, Get-AzureRmRec...
2018-12-18T22:07:48.6112037Z Script     4.4.0      AzureRM.RecoveryServices.Backup     {Backup-AzureRmRecoveryServicesBackupItem, Get-AzureRmReco...
2018-12-18T22:07:48.6112213Z Script     0.2.8      AzureRM.RecoveryServices.SiteRec... {Edit-AzureRmRecoveryServicesAsrRecoveryPlan, Get-AzureRmR...
2018-12-18T22:07:48.6114100Z Script     5.0.3      AzureRM.RedisCache                  {Remove-AzureRmRedisCachePatchSchedule, New-AzureRmRedisCa...
2018-12-18T22:07:48.6114261Z Script     0.3.8      AzureRM.Relay                       {New-AzureRmRelayNamespace, Get-AzureRmRelayNamespace, Set...
2018-12-18T22:07:48.6114376Z Script     6.4.0      AzureRM.Resources                   {Get-AzureRmProviderOperation, Remove-AzureRmRoleAssignmen...
2018-12-18T22:07:48.6114493Z Script     0.16.8     AzureRM.Scheduler                   {Disable-AzureRmSchedulerJobCollection, Enable-AzureRmSche...
2018-12-18T22:07:48.6114609Z Script     0.6.9      AzureRM.ServiceBus                  {New-AzureRmServiceBusNamespace, Get-AzureRmServiceBusName...
2018-12-18T22:07:48.6114890Z Script     0.3.10     AzureRM.ServiceFabric               {Add-AzureRmServiceFabricApplicationCertificate, Add-Azure...
2018-12-18T22:07:48.6115121Z Script     4.11.1     AzureRM.Sql                         {Get-AzureRmSqlDatabaseTransparentDataEncryption, Get-Azur...
2018-12-18T22:07:48.6115253Z Script     5.0.2      AzureRM.Storage                     {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, ...
2018-12-18T22:07:48.6115398Z Script     4.0.8      AzureRM.StreamAnalytics             {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnal...
2018-12-18T22:07:48.6115491Z Script     4.0.5      AzureRM.Tags                        {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}          
2018-12-18T22:07:48.6115621Z Script     4.0.9      AzureRM.TrafficManager              {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTraf...
2018-12-18T22:07:48.6115777Z Script     4.0.5      AzureRM.UsageAggregates             Get-UsageAggregates                                          
2018-12-18T22:07:48.6142217Z Script     5.0.7      AzureRM.Websites                    {Get-AzureRmAppServicePlan, Set-AzureRmAppServicePlan, New...
2018-12-18T22:07:48.6149271Z 
2018-12-18T22:07:48.6149742Z 
2018-12-18T22:07:48.6151603Z     Directory: C:\Modules\azure_5.1.1
2018-12-18T22:07:48.6151713Z 
2018-12-18T22:07:48.6152247Z 
2018-12-18T22:07:48.6157610Z ModuleType Version    Name                                ExportedCommands                                             
2018-12-18T22:07:48.6159813Z ---------- -------    ----                                ----------------                                             
2018-12-18T22:07:48.6182195Z Script     5.1.1      Azure                               {Get-AzureAutomationCertificate, Get-AzureAutomationConnec...
2018-12-18T22:07:48.6216619Z Script     4.5.0      Azure.Storage                       {Get-AzureStorageTable, New-AzureStorageTableSASToken, New...
2018-12-18T22:07:48.6247993Z Script     5.4.0      AzureRM.profile                     {Disable-AzureRmDataCollection, Disable-AzureRmContextAuto...
2018-12-18T22:07:48.6268415Z 
2018-12-18T22:07:48.6268674Z 
2018-12-18T22:07:48.6269835Z     Directory: C:\Program Files\WindowsPowerShell\Modules
2018-12-18T22:07:48.6270120Z 
2018-12-18T22:07:48.6270823Z 
2018-12-18T22:07:48.6275532Z ModuleType Version    Name                                ExportedCommands                                             
2018-12-18T22:07:48.6278933Z ---------- -------    ----                                ----------------                                             
2018-12-18T22:07:48.6300849Z Script     2.1.0      Azure                               {Get-AzureAutomationCertificate, Get-AzureAutomationConnec...
2018-12-18T22:07:48.6336012Z Script     2.1.0      Azure.Storage                       {Get-AzureStorageBlob, Get-AzureStorageBlobContent, Get-Az...
2018-12-18T22:07:48.6349317Z Script     2.1.0      AzureRM                                                                                          
2018-12-18T22:07:48.6382669Z Script     2.1.0      AzureRM.ApiManagement               {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementS...
2018-12-18T22:07:48.6415008Z Script     2.1.0      AzureRM.Automation                  {Get-AzureRMAutomationHybridWorkerGroup, Get-AzureRmAutoma...
2018-12-18T22:07:48.6445204Z Script     2.1.0      AzureRM.Backup                      {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerRe...
2018-12-18T22:07:48.6475294Z Script     2.1.0      AzureRM.Batch                       {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-...
2018-12-18T22:07:48.6506442Z Script     2.1.0      AzureRM.Cdn                         {Get-AzureRmCdnCustomDomain, New-AzureRmCdnCustomDomain, R...
2018-12-18T22:07:48.6539661Z Script     0.3.0      AzureRM.CognitiveServices           {Get-AzureRmCognitiveServicesAccount, Get-AzureRmCognitive...
2018-12-18T22:07:48.6574501Z Script     2.1.0      AzureRM.Compute                     {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet...
2018-12-18T22:07:48.6608427Z Script     2.1.0      AzureRM.DataFactories               {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get...
2018-12-18T22:07:48.6643511Z Script     2.1.0      AzureRM.DataLakeAnalytics           {Get-AzureRmDataLakeAnalyticsDataSource, Remove-AzureRmDat...
2018-12-18T22:07:48.6677182Z Script     2.1.0      AzureRM.DataLakeStore               {Add-AzureRmDataLakeStoreItemContent, Export-AzureRmDataLa...
2018-12-18T22:07:48.6709506Z Script     2.1.0      AzureRM.DevTestLabs                 {Get-AzureRmDtlAllowedVMSizesPolicy, Get-AzureRmDtlAutoShu...
2018-12-18T22:07:48.6744504Z Script     2.1.0      AzureRM.Dns                         {Get-AzureRmDnsRecordSet, New-AzureRmDnsRecordConfig, Remo...
2018-12-18T22:07:48.6781704Z Script     2.1.0      AzureRM.HDInsight                   {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefi...
2018-12-18T22:07:48.6821837Z Script     2.1.0      AzureRM.Insights                    {Add-AzureRmMetricAlertRule, Add-AzureRmLogAlertRule, Add-...
2018-12-18T22:07:48.6857719Z Script     2.1.0      AzureRM.KeyVault                    {Add-AzureKeyVaultCertificate, Set-AzureKeyVaultCertificat...
2018-12-18T22:07:48.6892977Z Script     2.1.0      AzureRM.LogicApp                    {Get-AzureRmIntegrationAccountAgreement, Get-AzureRmIntegr...
2018-12-18T22:07:48.6927618Z Script     0.10.0     AzureRM.MachineLearning             {Export-AzureRmMlWebService, Get-AzureRmMlWebServiceKeys, ...
2018-12-18T22:07:48.6962807Z Script     0.2.0      AzureRM.Media                       {Get-AzureRmMediaServiceNameAvailability, New-AzureRmMedia...
2018-12-18T22:07:48.6998259Z Script     2.1.0      AzureRM.Network                     {Add-AzureRmApplicationGatewayAuthenticationCertificate, G...
2018-12-18T22:07:48.7046760Z Script     2.1.0      AzureRM.NotificationHubs            {Get-AzureRmNotificationHubsNamespaceAuthorizationRules, G...
2018-12-18T22:07:48.7077502Z Script     2.1.0      AzureRM.OperationalInsights         {New-AzureRmOperationalInsightsCustomLogDataSource, Disabl...
2018-12-18T22:07:48.7110834Z Script     2.1.0      AzureRM.PowerBIEmbedded             {Remove-AzureRmPowerBIWorkspaceCollection, Get-AzureRmPowe...
2018-12-18T22:07:48.7147022Z Script     2.1.0      AzureRM.profile                     {Enable-AzureRmDataCollection, Disable-AzureRmDataCollecti...
2018-12-18T22:07:48.7185667Z Script     2.1.0      AzureRM.RecoveryServices            {Get-AzureRmRecoveryServicesBackupProperties, Get-AzureRmR...
2018-12-18T22:07:48.7219122Z Script     2.1.0      AzureRM.RecoveryServices.Backup     {Backup-AzureRmRecoveryServicesBackupItem, Get-AzureRmReco...
2018-12-18T22:07:48.7252772Z Script     2.1.0      AzureRM.RedisCache                  {Remove-AzureRmRedisCachePatchSchedule, New-AzureRmRedisCa...
2018-12-18T22:07:48.7287943Z Script     3.1.0      AzureRM.Resources                   {Get-AzureRmADAppCredential, Get-AzureRmADApplication, Get...
2018-12-18T22:07:48.7329503Z Script     0.10.0     AzureRM.Scheduler                   {Disable-AzureRmSchedulerJobCollection, Enable-AzureRmSche...
2018-12-18T22:07:48.7385391Z Script     2.1.0      AzureRM.ServerManagement            {Install-AzureRmServerManagementGatewayProfile, Reset-Azur...
2018-12-18T22:07:48.7421181Z Script     2.1.0      AzureRM.SiteRecovery                {Stop-AzureRmSiteRecoveryJob, Get-AzureRmSiteRecoveryNetwo...
2018-12-18T22:07:48.7458137Z Script     2.1.0      AzureRM.Sql                         {Get-AzureRmSqlDatabaseRecommendedAction, Get-AzureRmSqlEl...
2018-12-18T22:07:48.7493510Z Script     2.1.0      AzureRM.Storage                     {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, ...
2018-12-18T22:07:48.7529237Z Script     2.1.0      AzureRM.StreamAnalytics             {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnal...
2018-12-18T22:07:48.7546202Z Script     2.1.0      AzureRM.Tags                        {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}          
2018-12-18T22:07:48.7582046Z Script     2.1.0      AzureRM.TrafficManager              {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTraf...
2018-12-18T22:07:48.7597207Z Script     2.1.0      AzureRM.UsageAggregates             Get-UsageAggregates                                          
2018-12-18T22:07:48.7632583Z Script     2.1.0      AzureRM.Websites                    {Get-AzureRmAppServicePlanMetrics, New-AzureRmWebAppDataba...
2018-12-18T22:07:48.7647388Z Script     1.0.0.5    DockerMsftProvider                                                                               
2018-12-18T22:07:48.7699209Z Script     0.0.1      ImageHelpers                        {Install-EXE, Test-MachinePath, Add-ContentToMarkdown, Add...
2018-12-18T22:07:48.7727530Z Script     1.0.1      Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}        
2018-12-18T22:07:48.7772472Z Script     1.1.7.2    PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-Packa...
2018-12-18T22:07:48.7811008Z Binary     1.0.0.1    PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-Packa...
2018-12-18T22:07:48.7826285Z Script     3.4.0      Pester                              {Describe, Context, It, Should...}                           
2018-12-18T22:07:48.7863109Z Script     2.0.0      PowerShellGet                       {Find-Command, Find-DSCResource, Find-Module, Find-RoleCap...
2018-12-18T22:07:48.7878444Z Script     1.0.0.1    PowerShellGet                       {Install-Module, Find-Module, Save-Module, Update-Module...} 
2018-12-18T22:07:48.7915368Z Script     1.2        PSReadline                          {Get-PSReadlineKeyHandler, Set-PSReadlineKeyHandler, Remov...
2018-12-18T22:07:48.8000544Z Binary     2.0.0.4    PSWindowsUpdate                     {Enable-WURemoting, Get-WUJob, Set-WUSettings, Get-WUSetti...
2018-12-18T22:07:48.8016584Z 
2018-12-18T22:07:48.8016679Z 
2018-12-18T22:07:48.8016969Z     Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
2018-12-18T22:07:48.8017147Z 
2018-12-18T22:07:48.8017253Z 
2018-12-18T22:07:48.8021151Z ModuleType Version    Name                                ExportedCommands                                             
2018-12-18T22:07:48.8024605Z ---------- -------    ----                                ----------------                                             
2018-12-18T22:07:48.8046337Z Manifest   1.0.0.0    AppBackgroundTask                   {Disable-AppBackgroundTaskDiagnosticLog, Enable-AppBackgro...
2018-12-18T22:07:48.8086078Z Manifest   2.0.0.0    AppLocker                           {Get-AppLockerFileInformation, Get-AppLockerPolicy, New-Ap...
2018-12-18T22:07:48.8124769Z Manifest   1.0.0.0    AppvClient                          {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add...
2018-12-18T22:07:48.8160994Z Manifest   2.0.0.0    Appx                                {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest...
2018-12-18T22:07:48.8196755Z Script     1.0.0.0    AssignedAccess                      {Clear-AssignedAccess, Get-AssignedAccess, Set-AssignedAcc...
2018-12-18T22:07:48.8211434Z Manifest   1.0        BestPractices                       {Get-BpaModel, Get-BpaResult, Invoke-BpaModel, Set-BpaResult}
2018-12-18T22:07:48.8247272Z Manifest   2.0.0.0    BitsTransfer                        {Add-BitsFile, Complete-BitsTransfer, Get-BitsTransfer, Re...
2018-12-18T22:07:48.8290396Z Manifest   1.0.0.0    BranchCache                         {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disa...
2018-12-18T22:07:48.8342217Z Manifest   1.0.0.0    CimCmdlets                          {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance,...
2018-12-18T22:07:48.8380101Z Manifest   1.0        ConfigCI                            {Get-SystemDriver, New-CIPolicyRule, New-CIPolicy, Get-CIP...
2018-12-18T22:07:48.8419189Z Binary     1.0.0.0    Containers                          {Add-ContainerNetworkAdapter, Add-ContainerNetworkAdapterS...
2018-12-18T22:07:48.8464455Z Manifest   1.0        Defender                            {Get-MpPreference, Set-MpPreference, Add-MpPreference, Rem...
2018-12-18T22:07:48.8501045Z Manifest   1.0.0.0    DirectAccessClientComponents        {Disable-DAManualEntryPointSelection, Enable-DAManualEntry...
2018-12-18T22:07:48.8538571Z Script     3.0        Dism                                {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-Window...
2018-12-18T22:07:48.8575027Z Manifest   1.0.0.0    DnsClient                           {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get...
2018-12-18T22:07:48.8609726Z Manifest   1.0.0.0    EventTracingManagement              {New-EtwTraceSession, Get-EtwTraceSession, Set-EtwTraceSes...
2018-12-18T22:07:48.8625240Z Binary     1.0.0.0    HostComputeService                  {Get-ComputeProcess, Stop-ComputeProcess}                    
2018-12-18T22:07:48.8667177Z Binary     2.0.0.0    Hyper-V                             {Add-VMAssignableDevice, Add-VMDvdDrive, Add-VMFibreChanne...
2018-12-18T22:07:48.8703514Z Binary     1.1        Hyper-V                             {Add-VMDvdDrive, Add-VMFibreChannelHba, Add-VMHardDiskDriv...
2018-12-18T22:07:48.8735593Z Script     1.0.0.0    IISAdministration                   {Get-IISAppPool, Start-IISCommitDelay, Stop-IISCommitDelay...
2018-12-18T22:07:48.8767348Z Manifest   2.0.0.0    International                       {Get-WinDefaultInputMethodOverride, Set-WinDefaultInputMet...
2018-12-18T22:07:48.8797575Z Manifest   1.0.0.0    iSCSI                               {Get-IscsiTargetPortal, New-IscsiTargetPortal, Remove-Iscs...
2018-12-18T22:07:48.8827952Z Manifest   2.0.0.0    IscsiTarget                         {Add-ClusteriSCSITargetServerRole, Add-IscsiVirtualDiskTar...
2018-12-18T22:07:48.8842585Z Script     1.0.0.0    ISE                                 {New-IseSnippet, Import-IseSnippet, Get-IseSnippet}          
2018-12-18T22:07:48.8877416Z Manifest   1.0.0.0    Kds                                 {Add-KdsRootKey, Get-KdsRootKey, Test-KdsRootKey, Set-KdsC...
2018-12-18T22:07:48.8891872Z Manifest   1.0.1.0    Microsoft.PowerShell.Archive        {Compress-Archive, Expand-Archive}                           
2018-12-18T22:07:48.8923236Z Manifest   3.0.0.0    Microsoft.PowerShell.Diagnostics    {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter...
2018-12-18T22:07:48.8937085Z Manifest   3.0.0.0    Microsoft.PowerShell.Host           {Start-Transcript, Stop-Transcript}                          
2018-12-18T22:07:48.8974126Z Manifest   1.0.0.0    Microsoft.PowerShell.LocalAccounts  {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser...
2018-12-18T22:07:48.9009233Z Manifest   3.1.0.0    Microsoft.PowerShell.Management     {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...
2018-12-18T22:07:48.9024071Z Script     1.0        Microsoft.PowerShell.ODataUtils     Export-ODataEndpointProxy                                    
2018-12-18T22:07:48.9037736Z Manifest   3.0.0.0    Microsoft.PowerShell.Security       {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential...}    
2018-12-18T22:07:48.9053308Z Manifest   3.1.0.0    Microsoft.PowerShell.Utility        {Format-List, Format-Custom, Format-Table, Format-Wide...}   
2018-12-18T22:07:48.9084310Z Manifest   3.0.0.0    Microsoft.WSMan.Management          {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredS...
2018-12-18T22:07:48.9114889Z Manifest   1.0        MMAgent                             {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent...
2018-12-18T22:07:48.9145976Z Manifest   1.0.0.0    MsDtc                               {New-DtcDiagnosticTransaction, Complete-DtcDiagnosticTrans...
2018-12-18T22:07:48.9180488Z Binary     1.0.0.0    MSMQ                                {Clear-MsmqOutgoingQueue, Clear-MsmqQueue, Enable-MsmqCert...
2018-12-18T22:07:48.9214495Z Manifest   2.0.0.0    NetAdapter                          {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-Ne...
2018-12-18T22:07:48.9228765Z Manifest   1.0.0.0    NetConnection                       {Get-NetConnectionProfile, Set-NetConnectionProfile}         
2018-12-18T22:07:48.9260340Z Manifest   1.0.0.0    NetEventPacketCapture               {New-NetEventSession, Remove-NetEventSession, Get-NetEvent...
2018-12-18T22:07:48.9292478Z Manifest   2.0.0.0    NetLbfo                             {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTea...
2018-12-18T22:07:48.9325563Z Manifest   1.0.0.0    NetNat                              {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMa...
2018-12-18T22:07:48.9360310Z Manifest   2.0.0.0    NetQos                              {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, ...
2018-12-18T22:07:48.9392472Z Manifest   2.0.0.0    NetSecurity                         {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPse...
2018-12-18T22:07:48.9424109Z Manifest   1.0.0.0    NetSwitchTeam                       {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTea...
2018-12-18T22:07:48.9456380Z Manifest   1.0.0.0    NetTCPIP                            {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol...
2018-12-18T22:07:48.9486171Z Manifest   1.0.0.0    NetWNV                              {Get-NetVirtualizationProviderAddress, Get-NetVirtualizati...
2018-12-18T22:07:48.9517863Z Manifest   1.0.0.0    NetworkConnectivityStatus           {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Rese...
2018-12-18T22:07:48.9548075Z Manifest   1.0.0.0    NetworkSwitchManager                {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEt...
2018-12-18T22:07:48.9585399Z Manifest   1.0.0.0    NetworkTransition                   {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfig...
2018-12-18T22:07:48.9624347Z Manifest   1.0        NFS                                 {Get-NfsMappedIdentity, Get-NfsNetgroup, Install-NfsMappin...
2018-12-18T22:07:48.9652187Z Manifest   1.0.0.0    PcsvDevice                          {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restar...
2018-12-18T22:07:48.9686204Z Manifest   1.0.0.0    PKI                                 {Add-CertificateEnrollmentPolicyServer, Export-Certificate...
2018-12-18T22:07:48.9699728Z Manifest   1.0.0.0    PlatformIdentifier                  Get-PlatformIdentifier                                       
2018-12-18T22:07:48.9734323Z Manifest   1.0.0.0    PnpDevice                           {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, D...
2018-12-18T22:07:48.9768116Z Manifest   1.1        PrintManagement                     {Add-Printer, Add-PrinterDriver, Add-PrinterPort, Get-Prin...
2018-12-18T22:07:48.9799125Z Manifest   1.1        PSDesiredStateConfiguration         {Set-DscLocalConfigurationManager, Start-DscConfiguration,...
2018-12-18T22:07:48.9829332Z Script     1.0.0.0    PSDiagnostics                       {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WS...
2018-12-18T22:07:48.9861612Z Binary     1.1.0.0    PSScheduledJob                      {New-JobTrigger, Add-JobTrigger, Remove-JobTrigger, Get-Jo...
2018-12-18T22:07:48.9878502Z Manifest   2.0.0.0    PSWorkflow                          {New-PSWorkflowExecutionOption, New-PSWorkflowSession, nwsn} 
2018-12-18T22:07:48.9892383Z Manifest   1.0.0.0    PSWorkflowUtility                   Invoke-AsWorkflow                                            
2018-12-18T22:07:48.9925576Z Manifest   2.0.0.0    RemoteDesktop                       {Get-RDCertificate, Set-RDCertificate, New-RDCertificate, ...
2018-12-18T22:07:48.9943024Z Manifest   1.0.0.0    ScheduledTasks                      {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledT...
2018-12-18T22:07:48.9974111Z Manifest   2.0.0.0    SecureBoot                          {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBoo...
2018-12-18T22:07:49.0007873Z Manifest   1.0.0.0    SecurityCmdlets                     {Backup-SecurityPolicy, Restore-SecurityPolicy, Backup-Aud...
2018-12-18T22:07:49.0021967Z Script     1.0.0.0    ServerCore                          {Get-DisplayResolution, Set-DisplayResolution}               
2018-12-18T22:07:49.0056077Z Script     2.0.0.0    ServerManager                       {Get-WindowsFeature, Install-WindowsFeature, Uninstall-Win...
2018-12-18T22:07:49.0089448Z Cim        1.0.0.0    ServerManagerTasks                  {Get-SMCounterSample, Get-SMPerformanceCollector, Start-SM...
2018-12-18T22:07:49.0122165Z Manifest   3.1.0.0    ServiceFabric                       {Get-ServiceFabricServiceName, Get-ServiceFabricApplicatio...
2018-12-18T22:07:49.0151383Z Manifest   2.0.0.0    SmbShare                            {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbSha...
2018-12-18T22:07:49.0184023Z Manifest   2.0.0.0    SmbWitness                          {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw...
2018-12-18T22:07:49.0213717Z Manifest   2.0.0.0    SoftwareInventoryLogging            {Get-SilComputer, Get-SilComputerIdentity, Get-SilSoftware...
2018-12-18T22:07:49.0226573Z Manifest   1.0.0.0    StartLayout                         {Export-StartLayout, Import-StartLayout, Get-StartApps}      
2018-12-18T22:07:49.0261312Z Manifest   2.0.0.0    Storage                             {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add...
2018-12-18T22:07:49.0296067Z Manifest   2.0.0.0    TLS                                 {New-TlsSessionTicketKey, Enable-TlsSessionTicketKey, Disa...
2018-12-18T22:07:49.0309318Z Manifest   1.0.0.0    TroubleshootingPack                 {Get-TroubleshootingPack, Invoke-TroubleshootingPack}        
2018-12-18T22:07:49.0323393Z Manifest   2.0.0.0    TrustedPlatformModule               {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm...}         
2018-12-18T22:07:49.0356312Z Binary     2.1.639.0  UEV                                 {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-Uev...
2018-12-18T22:07:49.0370585Z Manifest   1.0.0.0    UserAccessLogging                   {Enable-Ual, Disable-Ual, Get-Ual, Get-UalDns...}            
2018-12-18T22:07:49.0404667Z Manifest   2.0.0.0    VpnClient                           {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnectio...
2018-12-18T22:07:49.0418532Z Manifest   1.0.0.0    Wdac                                {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn...}
2018-12-18T22:07:49.0453310Z Manifest   1.0.0.0    WebAdministration                   {Start-WebCommitDelay, Stop-WebCommitDelay, Get-WebConfigu...
2018-12-18T22:07:49.0475650Z Manifest   2.0.0.0    Whea                                {Get-WheaMemoryPolicy, Set-WheaMemoryPolicy}                 
2018-12-18T22:07:49.0507392Z Manifest   1.0.0.0    WindowsDeveloperLicense             {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperL...
2018-12-18T22:07:49.0541154Z Script     1.0        WindowsErrorReporting               {Enable-WindowsErrorReporting, Disable-WindowsErrorReporti...
2018-12-18T22:07:49.0555055Z Manifest   1.0.0.0    WindowsSearch                       {Get-WindowsSearchSetting, Set-WindowsSearchSetting}         
2018-12-18T22:07:49.0567955Z Manifest   1.0.0.0    WindowsUpdate                       Get-WindowsUpdateLog                                         
2018-12-18T22:07:49.0584937Z 
2018-12-18T22:07:49.0585715Z 
2018-12-18T22:07:49.0586680Z     Directory: C:\Program Files\Microsoft SQL Server\130\Tools\PowerShell\Modules
2018-12-18T22:07:49.0587320Z 
2018-12-18T22:07:49.0587476Z 
2018-12-18T22:07:49.0589560Z ModuleType Version    Name                                ExportedCommands                                             
2018-12-18T22:07:49.0593717Z ---------- -------    ----                                ----------------                                             
2018-12-18T22:07:49.0614461Z Manifest   1.0        SQLPS                               {Backup-SqlDatabase, Save-SqlMigrationReport, Add-SqlAvail...
2018-12-18T22:07:49.0629289Z 
2018-12-18T22:07:49.0642913Z 
2018-12-18T22:07:49.0946430Z 
2018-12-18T22:07:49.0947088Z 

Debug Output

2018-12-18T21:28:35.6104328Z ##[section]Starting: Azure PowerShell script
2018-12-18T21:28:35.6109574Z ==============================================================================
2018-12-18T21:28:35.6109802Z Task         : Azure PowerShell
2018-12-18T21:28:35.6109874Z Description  : Run a PowerShell script within an Azure environment
2018-12-18T21:28:35.6109943Z Version      : 3.1.10
2018-12-18T21:28:35.6110049Z Author       : Microsoft Corporation
2018-12-18T21:28:35.6110121Z Help         : [More Information](https://go.microsoft.com/fwlink/?LinkID=613749)
2018-12-18T21:28:35.6110247Z ==============================================================================
2018-12-18T21:28:37.7147884Z ##[command]Import-Module -Name C:\Modules\azurerm_6.7.0\AzureRM\6.7.0\AzureRM.psd1 -Global
2018-12-18T21:28:46.6165709Z ##[command]Clear-AzureRmContext -Scope Process
2018-12-18T21:28:47.0554744Z ##[command]Clear-AzureRmContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
2018-12-18T21:28:47.4317288Z ##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud
2018-12-18T21:28:48.2109364Z ##[command] Select-AzureRMSubscription -SubscriptionId *** -TenantId ***
2018-12-18T21:28:48.8030035Z ##[command]& 'D:\a\r1\a\NotificationService-ASP.NET Core (.NET Framework)-CI\drop\Concentric.Service.Notification.Deploy\set-keyvaultAccess.ps1' -inputparms $env:templateOutputs
2018-12-18T21:28:48.8127080Z set debugpreference to 'continue'
2018-12-18T21:28:48.8158662Z 
2018-12-18T21:28:48.8179586Z Parse inputparms from json
2018-12-18T21:28:48.8441940Z params: an = 'NotificationService-6znxem2fcv6tq'
2018-12-18T21:28:48.8456327Z 
2018-12-18T21:28:48.8473706Z ********************** get application
2018-12-18T21:28:48.8820777Z DEBUG: 9:28:48 PM - GetAzureADApplicationCommand begin processing with ParameterSet 'SearchStringParameterSet'.
2018-12-18T21:28:48.8830522Z DEBUG: 9:28:48 PM - using account id '***'...
2018-12-18T21:28:49.3827537Z DEBUG: [Common.Authentication]: Authenticating using Account: '***', environment: 
2018-12-18T21:28:49.3831088Z DEBUG: 'AzureCloud', tenant: '***'
2018-12-18T21:28:49.3840833Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
2018-12-18T21:28:49.3853839Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - AcquireTokenHandlerBase: === Token Acquisition 
2018-12-18T21:28:49.3854891Z started:
2018-12-18T21:28:49.3860433Z DEBUG:  Authority: https://login.microsoftonline.com/***/
2018-12-18T21:28:49.3864036Z DEBUG:  Resource: https://graph.windows.net/
2018-12-18T21:28:49.3867759Z DEBUG:  ClientId: ***
2018-12-18T21:28:49.3874212Z DEBUG:  CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (1 items)
2018-12-18T21:28:49.3879001Z DEBUG:  Authentication Target: Client
2018-12-18T21:28:49.3881774Z DEBUG:  
2018-12-18T21:28:49.3885300Z DEBUG: 
2018-12-18T21:28:49.3894267Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
2018-12-18T21:28:49.3907745Z DEBUG: 12/18/2018 21:28:49:  - TokenCache: Deserialized 1 items to token cache.
2018-12-18T21:28:49.3911049Z DEBUG: 
2018-12-18T21:28:49.3920217Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
2018-12-18T21:28:49.3933427Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - TokenCache: Looking up cache for a token...
2018-12-18T21:28:49.3936444Z DEBUG: 
2018-12-18T21:28:49.3945554Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
2018-12-18T21:28:49.3960032Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - TokenCache: No matching token was found in the cache
2018-12-18T21:28:49.3962544Z DEBUG: 
2018-12-18T21:28:49.3971649Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
2018-12-18T21:28:49.3993105Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - TokenCache: Storing token in the cache...
2018-12-18T21:28:49.3995841Z DEBUG: 
2018-12-18T21:28:49.4005485Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
2018-12-18T21:28:49.4019623Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - TokenCache: An item was stored in the cache
2018-12-18T21:28:49.4023715Z DEBUG: 
2018-12-18T21:28:49.4032843Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
2018-12-18T21:28:49.4050358Z DEBUG: 12/18/2018 21:28:49: ce77e95c-6a22-448b-8f0e-f08e60ce2ee6 - AcquireTokenHandlerBase: === Token Acquisition 
2018-12-18T21:28:49.4050651Z finished 
2018-12-18T21:28:49.4056379Z DEBUG: successfully. An access token was retuned:
2018-12-18T21:28:49.4062971Z DEBUG:  Access Token Hash: aCtYCUYPFYzTsuPnG7oMUYYYXokhT9h2dBH3u+RWd90=
2018-12-18T21:28:49.4070564Z DEBUG:  Refresh Token Hash: [No Refresh Token]
2018-12-18T21:28:49.4076250Z DEBUG:  Expiration Time: 12/18/2018 22:28:48 +00:00
2018-12-18T21:28:49.4080830Z DEBUG:  User Hash: null
2018-12-18T21:28:49.4083833Z DEBUG:  
2018-12-18T21:28:49.4087234Z DEBUG: 
2018-12-18T21:28:49.4096544Z DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
2018-12-18T21:28:49.4109487Z DEBUG: 12/18/2018 21:28:49:  - TokenCache: Serializing token cache with 2 items.
2018-12-18T21:28:49.4113827Z DEBUG: 
2018-12-18T21:28:49.5624647Z DEBUG: ============================ HTTP REQUEST ============================
2018-12-18T21:28:49.5627188Z DEBUG: 
2018-12-18T21:28:49.5631796Z DEBUG: HTTP Method:
2018-12-18T21:28:49.5635046Z DEBUG: GET
2018-12-18T21:28:49.5639149Z DEBUG: 
2018-12-18T21:28:49.5643852Z DEBUG: Absolute Uri:
2018-12-18T21:28:49.5646296Z DEBUG: 
2018-12-18T21:28:49.5646852Z https://graph.windows.net/***/applications?$filter=startswith(displayName,'Notificatio
2018-12-18T21:28:49.5649066Z DEBUG: nService-6znxem2fcv6tq')&api-version=1.6
2018-12-18T21:28:49.5651903Z DEBUG: 
2018-12-18T21:28:49.5656032Z DEBUG: Headers:
2018-12-18T21:28:49.5661105Z DEBUG: x-ms-client-request-id        : dc116895-5db4-4eaf-8f53-45da3fd634c3
2018-12-18T21:28:49.5666815Z DEBUG: accept-language               : en-US
2018-12-18T21:28:49.5670316Z DEBUG: 
2018-12-18T21:28:49.5673782Z DEBUG: Body:
2018-12-18T21:28:49.5678428Z DEBUG: 
2018-12-18T21:28:49.5681841Z DEBUG: 
2018-12-18T21:28:49.5685329Z DEBUG: 
2018-12-18T21:28:49.5760727Z DEBUG: ============================ HTTP RESPONSE ============================
2018-12-18T21:28:49.5763642Z DEBUG: 
2018-12-18T21:28:49.5768984Z DEBUG: Status Code:
2018-12-18T21:28:49.5772460Z DEBUG: Forbidden
2018-12-18T21:28:49.5776472Z DEBUG: 
2018-12-18T21:28:49.5780316Z DEBUG: Headers:
2018-12-18T21:28:49.5785669Z DEBUG: Pragma                        : no-cache
2018-12-18T21:28:49.5790063Z DEBUG: ocp-aad-diagnostics-server-name: dmVT0SbrmkSb2ZD3WVFXMJJwCMrUT31L0P2HvAXwQfE=
2018-12-18T21:28:49.5795486Z DEBUG: request-id                    : c36d44d1-ed70-4f58-97e6-c49a261cdb6f
2018-12-18T21:28:49.5800168Z DEBUG: client-request-id             : 322a88f8-54e4-4637-8f2c-5d875af34316
2018-12-18T21:28:49.5803763Z DEBUG: x-ms-dirapi-data-contract-version: 1.6
2018-12-18T21:28:49.5809057Z DEBUG: ocp-aad-session-key           : 
2018-12-18T21:28:49.5809352Z UkSPCWxqEoebX727PjdrFL3RoMq72dJV99mAkmgZiukXpNKyP7KhYQ2xQ_s3Mpbg9CJe14vlNZDwBQVLaCBPwqJ
2018-12-18T21:28:49.5815054Z DEBUG: XHeDJrSSWEgMd4lUAgAFXKzhSxU9-x-IiufVbjYJe.xyRimeDLfDV1UgzYI5EVlTbKrBjvh0MA7SLwXjNNgX0
2018-12-18T21:28:49.5821143Z DEBUG: DataServiceVersion            : 3.0;
2018-12-18T21:28:49.5826695Z DEBUG: Strict-Transport-Security     : max-age=31536000; includeSubDomains
2018-12-18T21:28:49.5831433Z DEBUG: Access-Control-Allow-Origin   : *
2018-12-18T21:28:49.5835614Z DEBUG: Duration                      : 598154
2018-12-18T21:28:49.5841046Z DEBUG: Cache-Control                 : no-cache
2018-12-18T21:28:49.5849791Z DEBUG: Date                          : Tue, 18 Dec 2018 21:28:48 GMT
2018-12-18T21:28:49.5853897Z DEBUG: Server                        : Microsoft-IIS/10.0
2018-12-18T21:28:49.5858996Z DEBUG: X-AspNet-Version              : 4.0.30319
2018-12-18T21:28:49.5863680Z DEBUG: X-Powered-By                  : ASP.NET
2018-12-18T21:28:49.5867997Z DEBUG: 
2018-12-18T21:28:49.5872065Z DEBUG: Body:
2018-12-18T21:28:49.5875458Z DEBUG: {
2018-12-18T21:28:49.5879855Z DEBUG:   "odata.error": {
2018-12-18T21:28:49.5883914Z DEBUG:     "code": "Authorization_RequestDenied",
2018-12-18T21:28:49.5888827Z DEBUG:     "message": {
2018-12-18T21:28:49.5892914Z DEBUG:       "lang": "en",
2018-12-18T21:28:49.5901369Z DEBUG:       "value": "Insufficient privileges to complete the operation."
2018-12-18T21:28:49.5905478Z DEBUG:     },
2018-12-18T21:28:49.5910145Z DEBUG:     "requestId": "c36d44d1-ed70-4f58-97e6-c49a261cdb6f",
2018-12-18T21:28:49.5914954Z DEBUG:     "date": "2018-12-18T21:28:49"
2018-12-18T21:28:49.5918620Z DEBUG:   }
2018-12-18T21:28:49.5922163Z DEBUG: }
2018-12-18T21:28:49.5926148Z DEBUG: 
2018-12-18T21:28:49.5929567Z DEBUG: 
2018-12-18T21:28:49.5938880Z DEBUG: Caught exception, type: Microsoft.Azure.Graph.RBAC.Version1_6.Models.GraphErrorException
2018-12-18T21:28:49.9869300Z ##[error]Insufficient privileges to complete the operation.
2018-12-18T21:28:50.0816458Z ##[section]Finishing: Azure PowerShell script

![configuration](https://user-images.githubusercontent.com/29233402/50185584-d10f9c80-02dd-11e9-8f58-e3a3ecf5f443.JPG)

[cormacpayne]

@MouthOfMadness would you mind providing the following:

• What version of Az / AzureRM are you using?
  • This can be retrieved by running Get-Module -Name Az* -ListAvailable
• What is the resulting error when running the command?
  • This can be retrieved in full detail by running Resolve-AzError ( or Resolve-AzureRmError if you're using AzureRM)
• What is the resulting debug trace?
  • This can be retrieved by setting $DebugPreference = "Continue" and then running the failed command

[MouthOfMadness]

Sorry, it got away from, I'm still collecting the data.

[MouthOfMadness]

This is the stack trace of the Resolve-AzureRmError:

DEBUG: Caught exception, type: Microsoft.Azure.Graph.RBAC.Version1_6.Models.GraphErrorException
2018-12-18T22:20:49.8198823Z ********************** resolved -azurermerror
2018-12-18T22:20:49.8198923Z DEBUG: 10:20:49 PM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
2018-12-18T22:20:49.8199044Z DEBUG: 10:20:49 PM - using account id '***'...
2018-12-18T22:20:49.8199110Z 
2018-12-18T22:20:49.8199309Z 
2018-12-18T22:20:49.8199350Z    HistoryId: 1
2018-12-18T22:20:49.8199383Z 
2018-12-18T22:20:49.8199471Z 
2018-12-18T22:20:49.8199522Z Message        : Insufficient privileges to complete the operation.
2018-12-18T22:20:49.8199590Z StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
2018-12-18T22:20:49.8199669Z                  funcContext, Exception exception)
2018-12-18T22:20:49.8199732Z                     at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
2018-12-18T22:20:49.8199817Z                     at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
2018-12-18T22:20:49.8199885Z                  frame)
2018-12-18T22:20:49.8199962Z                     at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
2018-12-18T22:20:49.8200017Z                  frame)
2018-12-18T22:20:49.8200092Z                     at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
2018-12-18T22:20:49.8200159Z                     at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
2018-12-18T22:20:49.8200224Z                     at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke 
2018-12-18T22:20:49.8200311Z                  clauseToInvoke, Boolean createLocalScope, Dictionary`2 functionsToDefine, List`1 variablesToDefine, 
2018-12-18T22:20:49.8200379Z                  ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, 
2018-12-18T22:20:49.8200470Z                  Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)
2018-12-18T22:20:49.8200536Z                     at System.Management.Automation.ScriptBlock.<>c__DisplayClass57_0.<InvokeWithPipe>b__0()
2018-12-18T22:20:49.8208420Z                     at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck
2018-12-18T22:20:49.8210900Z                  (Action action)
2018-12-18T22:20:49.8214416Z                     at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, 
2018-12-18T22:20:49.8214534Z                  ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, 
2018-12-18T22:20:49.8215258Z                  Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List`1 
2018-12-18T22:20:49.8216365Z                  variablesToDefine, Dictionary`2 functionsToDefine, Object[] args)
2018-12-18T22:20:49.8219715Z                     at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(Cmdlet contextCmdlet, Boolean 
2018-12-18T22:20:49.8220099Z                  useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object 
2018-12-18T22:20:49.8220856Z                  scriptThis, Object[] args)
2018-12-18T22:20:49.8221774Z                     at Microsoft.PowerShell.Commands.ForEachObjectCommand.ProcessRecord()
2018-12-18T22:20:49.8222462Z                     at System.Management.Automation.CommandProcessor.ProcessRecord()
2018-12-18T22:20:49.8223590Z                     at System.Management.Automation.CommandProcessorBase.DoExecute()
2018-12-18T22:20:49.8224356Z                     at System.Management.Automation.Internal.Pipe.AddToPipe(Object obj)
2018-12-18T22:20:49.8226209Z                     at System.Management.Automation.MshCommandRuntime._WriteErrorSkipAllowCheck(ErrorRecord 
2018-12-18T22:20:49.8226311Z                  errorRecord, Nullable`1 actionPreference)
2018-12-18T22:20:49.8227484Z                     at System.Management.Automation.MshCommandRuntime.DoWriteError(Object obj)
2018-12-18T22:20:49.8229587Z                     at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, 
2018-12-18T22:20:49.8229667Z                  Object state)
2018-12-18T22:20:49.8231301Z                     at System.Management.Automation.MshCommandRuntime.WriteError(ErrorRecord errorRecord, Boolean 
2018-12-18T22:20:49.8231377Z                  overrideInquire)
2018-12-18T22:20:49.8232318Z                     at System.Management.Automation.Cmdlet.WriteError(ErrorRecord errorRecord)
2018-12-18T22:20:49.8240927Z                     at Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ActiveDirectoryBaseCmdlet.HandleException(
2018-12-18T22:20:49.8241006Z                  Exception exception)
2018-12-18T22:20:49.8242636Z                     at 
2018-12-18T22:20:49.8242741Z                  Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ActiveDirectoryBaseCmdlet.ExecutionBlock(Action 
2018-12-18T22:20:49.8243478Z                  execAction)
2018-12-18T22:20:49.8244477Z                     at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
2018-12-18T22:20:49.8245377Z Exception      : System.Management.Automation.RuntimeException
2018-12-18T22:20:49.8246712Z InvocationInfo : {Get-AzureRmADApplication}
2018-12-18T22:20:49.8247554Z Line           : $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8248449Z                  
2018-12-18T22:20:49.8250539Z Position       : At D:\a\r1\a\NotificationService-ASP.NET Core (.NET 
2018-12-18T22:20:49.8250624Z                  Framework)-CI\drop\Concentric.Service.Notification.Deploy\set-keyvaultAccess.ps1:32 char:8
2018-12-18T22:20:49.8251559Z                  + $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8252274Z                  +        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-18T22:20:49.8281886Z HistoryId      : 1
2018-12-18T22:20:49.8281955Z 
2018-12-18T22:20:49.8283756Z Message        : Insufficient privileges to complete the operation.
2018-12-18T22:20:49.8283852Z StackTrace     : 
2018-12-18T22:20:49.8284824Z Exception      : System.Exception
2018-12-18T22:20:49.8285531Z InvocationInfo : {Get-AzureRmADApplication}
2018-12-18T22:20:49.8287191Z Line           : $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8287301Z                  
2018-12-18T22:20:49.8289063Z Position       : At D:\a\r1\a\NotificationService-ASP.NET Core (.NET 
2018-12-18T22:20:49.8289171Z                  Framework)-CI\drop\Concentric.Service.Notification.Deploy\set-keyvaultAccess.ps1:32 char:8
2018-12-18T22:20:49.8290407Z                  + $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8291132Z                  +        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-18T22:20:49.8297580Z HistoryId      : 1
2018-12-18T22:20:49.8297677Z 
2018-12-18T22:20:49.8300229Z Message        : Insufficient privileges to complete the operation.
2018-12-18T22:20:49.8300302Z StackTrace     : 
2018-12-18T22:20:49.8301229Z Exception      : System.Exception
2018-12-18T22:20:49.8301923Z InvocationInfo : {Get-AzureRmADApplication}
2018-12-18T22:20:49.8303178Z Line           : $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8303251Z                  
2018-12-18T22:20:49.8304677Z Position       : At D:\a\r1\a\NotificationService-ASP.NET Core (.NET 
2018-12-18T22:20:49.8304782Z                  Framework)-CI\drop\Concentric.Service.Notification.Deploy\set-keyvaultAccess.ps1:32 char:8
2018-12-18T22:20:49.8306109Z                  + $app = Get-AzureRmADApplication -DisplayNameStartWith $appName
2018-12-18T22:20:49.8307055Z                  +        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-18T22:20:49.8310265Z HistoryId      : 1
2018-12-18T22:20:49.8310334Z 
2018-12-18T22:20:49.8368006Z DEBUG: AzureQoSEvent: CommandName - Resolve-AzureRmError; IsSuccess - True; Duration - 00:00:00.2897294; Exception - ;
2018-12-18T22:20:50.2726702Z DEBUG: Finish sending metric.

[cormacpayne]

@MouthOfMadness I would make sure that the account you're using to access the applications has proper permissions in the current tenant. Running Get-AzureRmContext will give you more information about the account you are currently using to make the call to AD.

[MouthOfMadness]

(From my script in VSTS), I won’t print the outcomes but this is the code I printed in my log, I’m exactly in the subscription that I want to be.

Write-Host("get context") $rc = Get-AzureRmContext Write-Host("rca = '$($rc.Account)'") Write-Host("rce = '$($rc.Environment)'") Write-Host("rcn = '$($rc.Name)'") Write-Host("rcs = '$($rc.Subscription)'") Write-Host("rct = '$($rc.Tenant)'")

There’s only the single subscription and tenant, my Service Principal has been configured with these APIs and every permission within the API. Is there a specific permission that you think I’m missing?

[cid:image001.png@01D4978C.AB581880]

From: Cormac McCarthy notifications@github.com Sent: Tuesday, December 18, 2018 5:53 PM To: Azure/azure-powershell azure-powershell@noreply.github.com Cc: James Mattern James.Mattern@aiworldwide.com; Mention mention@noreply.github.com Subject: Re: [Azure/azure-powershell] Get-AzureRmADApplication insufficient privileges (#8163)

@MouthOfMadnesshttps://github.com/MouthOfMadness I would make sure that the account you're using to access the applications has proper permissions in the current tenant. Running Get-AzureRmContext will give you more information about the account you are currently using to make the call to AD.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Azure/azure-powershell/issues/8163#issuecomment-448415778, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Ab4Q-shUReA88zMMLf3S3NRZljqGWapDks5u6X_UgaJpZM4ZZISH.

[MouthOfMadness]

Let me attach the picture that keeps getting dropped

[MouthOfMadness]

Based on the picture I attached, which permission do you think I'm missing?

[cormacpayne]

@MouthOfMadness Apologies for the delayed response. I would make sure of two things:

(1) The permissions you have above are fine (you should only need Windows Azure Active Directory for the calls being made with our cmdlets), but I would make sure that you clicked the Grant permissions button to ensure that your application is given the permissions.

(2) You've created a role assignment to grant the service principal access over the given subscription. From the subscriptions blade, select the subscription you want to grant the service principal access over, then select Access control (IAM), and then select Add role assignment. You can then select your application and the corresponding role you'd like it to have over the subscription (I usually select Contributor).

Please let me know if you're still seeing the same error above after confirming the above two.

[MouthOfMadness]

I have every permission granted for each API, and it won't let me assign a second Contributor Role as the role already exists.

[cormacpayne]

@grlin Hey Grace, the user above has a service principal with a role assignment over their given subscription, and the service principal has been granted the appropriate permissions in the tenant, but is still receiving the "Insufficient privileges to complete the operation." error message when trying to run the Get-AzADApplication cmdlet when authenticated in Azure PowerShell with the service principal. Is there anything additional that you can think of that would be causing this issue?

[lwajswaj]

You just need to grant this permission to make it work:

I've tested on my tenant and used AzureRM module and it works fine; so there's something weird with AZ Module

[lwajswaj]

OK.... now it's odd..... I didn't change anything but I logged once with an AppId using AzureRM module on PS 5.1..... after that, Get-AzADApplication in PSCore started to work. Even further, I created a new App thinking it might be related on how the cached token is accessed and it's working too..... really no-sense to me.... Right granted to the new app:

[MouthOfMadness]

I started with the default grants for a contributor; but in my desperation, I selected everything single API and permission to work around this problem without luck.

[oskarm93]

@MouthOfMadness Did you click "Grant permissions"? Ticking them might not be enough. They need to be granted by a tenant administrator. I had a similar issue in my tenant, but I am not an admin, so I was able to tick the permissions, but a tenant admin had to grant them. For reading AAD as a Service Principal you'd only need "Read directory data" application permission. Alternatively, your automation could log in as a domain user with Login-AzAccount -Credential.

[januschr]

Hello,

I came across this thread through a Google search, and I was wondering what the outcome of this issue is because I am experiencing the same issue: I have an App Registration that has "Directory.Read.All" in the Microsoft.Graph API with consent given by the admin. When I connect as the App Registration's service principal in PowerShell and run this command:

Get-AzADServicePrincipal -DisplayName "name of service principal"

I get this error:

Get-AzADServicePrincipal : Insufficient privileges to complete the operation.
At line:1 char:1
+ Get-AzADServicePrincipal -DisplayName "app-hdi-test"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Get-AzADServicePrincipal], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADServicePrincipalCommand

This looks awfully similar to the issue that @MouthOfMadness is expriencing, hence this post.

Thank you.

[MouthOfMadness]

@januschr The solution posted by @xenalite fixed my issue; he or she was correct, you have to grant them, ticking them isn't enough (even though it persists for ticks between sessions, they haven't been applied). This should really be a bug against the UI, as you really think you have them applied.

[januschr]

Thank you for the response. In my case the privileges granted to the service principal have been granted, so the cause of the issue must be different.

[arcotek-ltd]

It would appear that many of the PowerShell cmdlets use the old Azure Active Directory Graph API as opposed to the newer Microsoft Graph that is supposed to replace it.

Several cmdlets from Az.Resources (v. 1.13.0) refuse to authenticate using Microsoft Graph.

Perhaps someone from @Microsoft would care to comment.

[Akshat59]

Issue is not Resolved. Ples Reopen

[tylertownsend]

@cormacpayne Is there any progress or plans to make the change to the Microsoft Graph api? Our tenant manages our registered apps and we are only granted permissions for Microsoft Graph.

[cormacpayne]

@tylertownsend Hey there, I'm no longer a member of the Azure PowerShell team, but I think @dingmeng-xue should be able to help out with getting the right folks to take a look at this issue.

[tylertownsend]

Thank you for the follow up @cormacpayne. @dingmeng-xue if you could point me to the right folks, that would be greatly appreciated.