Run Get-AzADApplication from an Azure Runbook using a Managed Identity

Question

Hi I am wanting to get App registration information for several applications within my tenant (but different subscriptions) using an Automation Account Runbook. I currently have a System Assigned managed identity on the automation account. Inside my powreshell workflow runbook I have the following snippet of code:

try{
            "Logging in to Azure..."
            #Connect-AzAccount
            Connect-AzAccount -Identity
            $token = (Get-AzAccessToken -ResourceTypeName MSGraph).token
            $secreToken = ConvertTo-SecureString -String $token -AsPlainText -Force
            Connect-MgGraph -AccessToken $secreToken
            }
            catch{
                Write-Error -Message $_.Exception
                throw $_.Exception
                }


$apps = Get-AzADApplication

When I run the runbook I get an Insufficient privileges to complete the operation. error message. Is there anyway to run Get-AzADApplication using a managed identity in this way? If not, is there a better authentication method to use?

Answer 1

Firstly, I have tried your code and got similar error as you got as below:

Now, Firstly go to azure active directory and then click on Roles and administrators:

Then search directory Readers as below and then click on it:

Then click on add Assignments as below:

Then select a member as below:

then click on next:

Now then I go back to runbook and when I run the error is resolved: