Azure Automation Account - Connect-MGGraph - Insufficient priveleges

Question

I have created an Automation Account and assigned the Contributor role (this account will be used to update Entra from our HR System). I have specified System Managed Identity.

Here is the role assignment:

Connect-MGGraph -Identity successfully connects, but a simple get-mguser fails with insufficient privileges.

System.Exception: [Authorization_RequestDenied] : Insufficient privileges to complete the operation.

Do I need to do more with the system-managed identity?

Answer 1

Ran the following command for the system-managed identity to grant the permissions:

Connect-MgGraph -Scopes Application.Read.All, AppRoleAssignment.ReadWrite.All, RoleManagement.ReadWrite.Directory

$managedIdentityId = "YourIdentity"
$roleName = "Role You want to add from below"
#"Group.ReadWrite.All"
#"User.ReadWrite.All"

$msgraph = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'"
$role = $Msgraph.AppRoles| Where-Object {$_.Value -eq $roleName} 

New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityId -PrincipalId $managedIdentityId -ResourceId $msgraph.Id -AppRoleId $role.Id

This will grant the permissions required to the Managed identity object.