Azure Managed Identification gives a safe and handy strategy to authenticate purposes and providers inside the Azure ecosystem.
With Managed Identification, you’ll be able to simply authenticate your utility with varied Azure providers, together with Microsoft Graph.
By assigning the suitable permissions to your Managed Identification, you’ll be able to management entry to Graph assets and guarantee safe interactions.
The principle benefit is it’s password much less and transfer away from strategies the place we have to use secrets and techniques, passwords and many others for authentication.
Majority of the Azure providers now assist it.
On this current instance a group member of ours was writing automation utilizing azure automation account and require Gadget.Learn.All graph permission to be supplied to managed id owned by automation account.
Listed below are the steps that may be taken to realize this aim:
2. Outline under variables
$TenantID=”S6a89h403-2356-6htr-9k89-raa464e3k9821” # Add your tenant id
$GraphAppId = “00000003-0000-0000-c000-000000000000” # this might be identical for each tenant
$ManagedIdentity=”TechWizard-AutomationACCt” # managed id
$PermissionName = “Gadget.Learn.All” #permissions
3. Fetch the managed id
$MI = (Get-AzureADServicePrincipal -Filter “displayName eq ‘$ManagedIdentity’”)
4. Fetch the permissions
$GraphSP= Get-AzureADServicePrincipal -Filter “appId eq ‘$GraphAppId’”
$AppRole = $GraphSP.AppRoles | The place-Object {$_.Worth -eq $PermissionName -and $_.AllowedMemberTypes -contains “Software”}
5. Present permissions to managed id
New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId -ResourceId $GraphSP.ObjectId -Id $AppRole.Id
Now when you’ll test the managed id you will note Gadget.Learn.All permissions utilized.
In the identical method you’ll be able to assign another permissions to managed id.
Thanks for studying …
Tech Wizard
