Azure getting metrics "Authentication failed" issue

Denis Mukhamedov 20 Reputation points
2024-01-17T11:25:18.6133333+00:00

Hello I'm creating a PowerShell script to get metrics from Azure. I have an app registration with API permission to Insights-UserMetric.Read.All and User.Read. Also Monitoring Reader role assigned to this app at subscription level. When running a script I'm getting error:

{   "error": {     "code": "AuthenticationFailed",     "message": "Authentication failed."   } }

I tried to raise role to Contributor just to check if I don't have sufficient permissions, but even with Contributor role I'm getting same error. Also tried to give Contributor and Monitoring Reader roles at ServiceBus level and Recourse Group level, didn't work. Here is the script:

$ClientId = 'someClientId'
$ClientSecret = 'someClientSecret'
$Tenantid = 'someTenantId'

$TokenBody = @{
    Grant_Type = "client_credentials"
    Scope = "https://graph.microsoft.com/.default"
    Client_Id = $ClientId
    Client_Secret = $ClientSecret
}
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$Tenantid/oauth2/v2.0/token" -Method POST -Body $TokenBody

$Headers = @{
    "Authorization" = "Bearer $($TokenResponse.access_token)"
    "Content-type" = "application/json"
}

$Uri = 'https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.ServiceBus/namespaces/$serviceBus/providers/Microsoft.Insights/metrics?api-version=2021-05-01'

Invoke-RestMethod -Headers $Headers -Uri $Uri -Method GET

I'm getting the token, no issues there. Also tried to use token from my accounts, and that worked. Appreciate any kind of guidance

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,081 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,818 questions
0 comments No comments
{count} votes

Accepted answer
  1. Deepanshu katara 14,005 Reputation points MVP
    2024-01-17T12:13:09.3266667+00:00
    $ClientId = 'someClientId'
    $ClientSecret = 'someClientSecret'
    $TenantId = 'someTenantId'
    $SubscriptionId = 'yourSubscriptionId'
    $ResourceGroup = 'yourResourceGroup'
    $ServiceBus = 'yourServiceBusNamespace'
    
    # Token request
    $TokenBody = @{
        Grant_Type = "client_credentials"
        Scope = "https://management.azure.com/.default"
        Client_Id = $ClientId
        Client_Secret = $ClientSecret
        Tenant_Id = $TenantId
    }
    $TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -Method POST -Body $TokenBody
    
    # Headers
    $Headers = @{
        "Authorization" = "Bearer $($TokenResponse.access_token)"
        "Content-type" = "application/json"
    }
    
    # Resource URI
    $Uri = "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.ServiceBus/namespaces/$ServiceBus/providers/Microsoft.Insights/metrics?api-version=2021-05-01"
    
    # Make the REST call
    Invoke-RestMethod -Headers $Headers -Uri $Uri -Method GET
    
    
    

    Please try once above script and Make sure to replace the placeholder values Please accept answer if it helps , Thanks

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.