Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Azure Automation Account Runbook using -ManagedIdentity 404 #4744

Open
1 of 7 tasks
nicolaibaralmueller opened this issue Feb 20, 2025 · 0 comments
Open
1 of 7 tasks

[BUG] Azure Automation Account Runbook using -ManagedIdentity 404 #4744

nicolaibaralmueller opened this issue Feb 20, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@nicolaibaralmueller
Copy link

nicolaibaralmueller commented Feb 20, 2025
edited
Loading

Reporting an Issue or Missing Feature

Unable to connect with managed identity via Azure Automation Runbook (Powershell 7.2)

Add-PnPAzureADServicePrincipalAppRole -Principal "mymanagedidentity" -AppRole "Sites.FullControl.All" -BuiltInType SharePointOnline

Managed Identity also has the following rights:

  • AllSites.Read
  • Sites.FullControl.All
  • TermStore.ReadWrite.All
  • User.ReadWrite.All

Actual behavior

Please describe what you see instead. Please provide samples of output or screenshots.
(404) Unauthorized when using cmdlets.

Connect-PnPOnline returnconnection string:

ConnectionMethod                           : ManagedIdentity
ConnectionType                             : O365
InitializationType                         : Unknown
Scopes                                     : 
PSCredential                               : 
ClientId                                   : 31359c7f-bd7e-475c-86db-fdb8c937548e
ClientSecret                               : 
ApplicationInsights                        : PnP.PowerShell.ALC.ApplicationInsights
Url                                        : https://mysite.sharepoint.com/sites/mysite
TenantAdminUrl                             : 
Certificate                                : 
DeleteCertificateFromCacheOnDisconnect     : False
Context                                    : PnP.Framework.PnPClientContext
Tenant                                     : 
UserAssignedManagedIdentityObjectId        : 
UserAssignedManagedIdentityClientId        : 
UserAssignedManagedIdentityAzureResourceId : 
AzureEnvironment                           : Production

Why is client id 31359c7f-bd7e-475c-86db-fdb8c937548e still shown when using managed identity?

I can connect "manually" on my device with my own account in powershell 7.5 using:

Connect-PnPOnline -Url "https://mysite.sharepoint.com/sites/mysite" -Interactive -ClientId "mymanagedidentity"

Return connection then shows the correct client ID.

Steps to reproduce behavior

Please include complete script or code samples in-line or linked from gists

try{
    $connection = Connect-PnPOnline -Url $url -ManagedIdentity -ReturnConnection 
    Write-Output "Connected to url: $($url)"
    Write-Output $connection
}catch{
    Write-Output "Connection failed."
    Write-Error $_
}

try{
    $web = Get-PnPSite -Connection $connection
    Write-Output "Connected to site: $($web.url)"
}catch{
    Write-Output "Get-PnPWeb failed."
    Write-Error $_
}

What is the version of the Cmdlet module you are running?

(you can retrieve this by executing Get-Module -Name "PnP.PowerShell" -ListAvailable)
2.12.0

Which operating system/environment are you running PnP PowerShell on?

  • Windows
  • Linux
  • MacOS
  • Azure Cloud Shell
  • Azure Functions
  • Azure Runbook
  • Other : please specify
@nicolaibaralmueller nicolaibaralmueller added the bug Something isn't working label Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nicolaibaralmueller