Minimum Permissions to create/modify AD users and create Runbooks

Christina Tedesco 45 Reputation points
2024-02-27T13:18:46.4333333+00:00

Can anyone let me know the minimum permissions for a service account to have the ability to create / run / runbooks and create modify Entra ID's? Currently the service account is set to Global Admin - client is trying to limit the amount of Global Admin accts. Thank you.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,241 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,367 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dominique Schluep 330 Reputation points
    2024-02-27T14:42:52.6066667+00:00

    Hello Christina

    To manage runbooks in Azure Automation and modify Entra IDs, a service account typically needs:

    • Automation Runbook Operator role to run runbooks
    • Automation Contributor role to create and manage runbooks
    • User Administrator roles to create and modify user identities

    You can find details here https://learn.microsoft.com/en-us/azure/automation/automation-role-based-access-control and https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.