zhijli
commented
4 years ago Can you try if adding Application.ReadWrite.OwnedBy to Azure Active Diectory Graph will resolve the issue?
Closed upadhyayatul15 closed 4 years ago
zhijli
commented
4 years ago Can you try if adding Application.ReadWrite.OwnedBy to Azure Active Diectory Graph will resolve the issue?
zhijli
commented
4 years ago @upadhyayatul15 as mention in the doc, New-AzureADApplicationKeyCredential use ADAL library, I suspect it's still using Azure Active Directory Graph API underneath, so adding Application.ReadWrite.OwnedBy to Microsoft Graph won't work.
However, I cannot test it out handily as I need to go through some process to get admin consent to grant the permission.
zhijli
commented
4 years ago @upadhyayatul15 Also I found in Doc said ADAL is in maintain mode, use MSAL instead. Looks like it proves that ADAL is calling Azure Active Directory Graph API, while MSAL should call Microsoft Graph API.
upadhyayatul15
commented
4 years ago Yes , adding Azure Active Directory Graph API permissions worked for me as well, Thank you .
upadhyayatul15
commented
4 years ago It has been resolved adding permissions to Azure Active directory graph API
while executing New-AzureADApplicationKeyCredential from Azure Automation runbook its throwing error :
Error occurred while executing SetApplication Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. RequestId: 59574612-93fa-4e13-b409-4fab03e6fe6f DateTimeStamp: Mon, 22 Jun 2020 11:08:33 GMT HttpStatusCode: Forbidden HttpStatusDescription: Forbidden HttpResponseStatus: Completed (Error occurred while executing SetApplication Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. RequestId: 59574612-93fa-4e13-b409-4fab03e6fe6f DateTimeStamp: Mon, 22 Jun 2020 11:08:33 GMT HttpStatusCode: Forbidden HttpStatusDescription: Forbidden HttpResponseStatus: Completed )
I have already provided below API permissions for the Azure application of Automation Account :