I'm not new to powershell or AzureAD, but I am new to the AzureAD powershell module, service principals, Applications, app registrations, and the Microsoft Graph API. As an admin vs a dev, nearly everything about azure applications is greek to me.
However, with new cybersecurity requirements wanting MFA on everything I thought it was time to write some powershell using a service principal instead of a username and password.
Initially, I'm just looking to gather the list of assigned O365 licenses.
I created an app registration, which seems to have created an application and service principal.
I went into the api permissions on my app registration/application and granted Microsoft Graph API LicenseAssignment.ReadWrite.All , said Yes as an Administrator.
I created a self signed cert and uploaded it to my app registration/application
I got the AzureAD module, connected to my tenant using my application/service principal and its certificate.
I try running Get-AzureADSubscribedSku and get the following error:
Get-AzureADSubscribedSku : Error occurred while executing GetSubscribedSkus
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
What am I missing here?
Above command works fine if I sign in with a normal global admin account.