Get-AzADApplication Insufficient privileges to complete the operation in azure devop

Question

In my azure devop, I am using Azure PowerShell task and run this:

$app = Get-AzADApplication -ObjectId $appObjectId

This is failing and I see error Get-AzADApplication : Insufficient privileges to complete the operation.

I can see from log, these are run before calling my code

2021-03-16T12:15:02.0180171Z ##[command]Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
2021-03-16T12:15:02.9752631Z ##[command]Clear-AzContext -Scope Process
2021-03-16T12:15:03.4700483Z ##[command]Connect-AzAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
2021-03-16T12:15:05.6845552Z ##[command] Set-AzContext -SubscriptionId c5ffe1d4-c935-4559-9d67-5ea6546a8ec2 -TenantId ***

From this subscription, I can trace the SPN in azure portal and I already set as many permission as I can think of. But it still says not enough privileges.

In the azure AD, for

What am I missing?

It could be that the task doesn't setup the authentication correctly for the AzureAD module, just the Az module. — juunas, Mar 16 '21 at 12:40

score 0 · Accepted Answer · answered Mar 16 '21 at 13:33

0

Azure AD is rather confusing. I found answer in this question

az ad app permission add - Insufficient privileges to complete the operation

As that answer, apparently Microsoft Graph doesn't work and you will have to add it under Azure Active Directory Graph, the so called legacy API.

answered Mar 16 '21 at 13:33

daxu

3,514
5
38
76

Hi daxu, Thanks for the sharing, you could Accept it as an Answer, it could help other community members who get the same issues and we could archive this thread, thank you very much. – Edward Han-MSFT Mar 25 '21 at 08:10

Get-AzADApplication Insufficient privileges to complete the operation in azure devop

1 Answers1

Linked