Hello,
Firstly, here is the context of my problem: I’m trying to use an Automation Account to run a script that will extract information for a couple of subscriptions (active directory Groups, users in those groups, role assignments for those users, the resource groups and resources to which those roles are assigned). I have set up the Automation Account per the instructions here: https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-automation
It also currently has the following API Permissions for Microsoft.Graph: Directory.Read.All, Group.Read.All, RoleManagement.Read.All, RoleManagement.Read.Directory, User.Read.All and they are all application and not delegated permissions. The account also has a "Reader" role assignment for the subscriptions.
The problem is the following: I am having trouble getting a list of role assignments. If I try using Get-MgRoleManagementDirectoryRoleAssignment my output contains only Ids and empty objects for Principal, RoleDefinition, AppScope and DirectoryScope. If I try to use Get-AzRole Assignment, RoleDefinitionName and Scope seem to display appropriately, but DisplayName and SigninName are again empty and if I try running the command for a specific user ID I get a completely empty output. I can view the active directory groups and users by using Get-MgGroup, Get-MgGroupMember and Get-MgUser and I can also view resource groups and resources using Get-AzResourceGroup and Get-AzResource. Does anyone have any ideas for a solution to this?
Many thanks in advance for the help!