microsoftgraph
Get-CsOnlineApplicationInstance
Hi there,
I am using the cmdlet Get-CsOnlineApplicationInstance in combination with managed identity authentication in an azure runbook. The managed identity is teams administrator. But when I execute the the script, I got "Access Denied". I have installed the newest teams module.
Can someone please help me:)
You are running into 1 of 2 possible issues:
- The command doesn't allow non-user identities to run, so your managed identity is no bueno, or
- The command requires more permissions than what you have given
For the first idea, you could try to run the command with a normal user identity to see if that resolves the issue. It might relate to this command also not being allowed for application-based authentication: https://learn.microsoft.com/en-us/microsoftteams/teams-powershell-application-authentication#cmdlets-supported
For the second idea, you could assign Global Admin to the Managed Identity and see if that helps. If it does, there is probably a lesser privilege that would suffice. If I had to guess, it's probably User Administrator
Let me know if any one of those solutions helped :)
@InDieTasten it doesn't work with the user administrator role
Do you have another idea?
@nicole-ge You could try Global Administrator. If that doesn't work, then you have to resort to my first suggestion and not interact with the PowerShell Module using Managed Identity.
This cmdlet should work in combination with managed identity within azure automation. Could this be realized? BR Nicole
The limitations stand as they are. There are ways to work with the Teams Administration API directly, but that together with Azure Automation is very out of scope of this repo. Feel free to reach out to me directly for a detailed discussion on that matter.