Assigning permissions to a Managed Identity is more complex than an app registration; the only way is thru PowerShell or Microsoft Graph. So this time, I created a simple script to add permissions to a Managed Identity using the Graph PowerShell modules. Prerequisites You need two modules for this: Microsoft.Graph.Applications Microsoft.Graph.Authentication Rights The rights that are needed to assign rights and find the correct IDs are Directory.Read.All AppRoleAssignment.ReadWrite.All The script $objectID = "<ObjectID of the Managed Identity>" $ServicePrincipal = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'" $approle = $ServicePrincipal.
In the last few weeks, I took some time to refactor most of my scripts and Azure Automation script to use the Microsoft Graph Modules over the Azure AD Module. As I explained in my previous blog, the Azure AD module is declared deprecated. How to start updating The first thing to do of course is to install the latest Microsoft Graph Modules with: Install-Module Microsoft.Graph Connecting to the Graph Connecting to the Microsoft Graph is almost the same as via Azure AD, except there are a few extra options