Minimum Permissions to create/modify AD users and create Runbooks

Christina Tedesco 20 Reputation points
2024-02-27T13:18:46.4333333+00:00

Can anyone let me know the minimum permissions for a service account to have the ability to create / run / runbooks and create modify Entra ID's? Currently the service account is set to Global Admin - client is trying to limit the amount of Global Admin accts. Thank you.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,120 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,522 questions
0 comments
Accepted answer
  1. Dominique Schluep 320 Reputation points
    2024-02-27T14:42:52.6066667+00:00

    Hello Christina

    To manage runbooks in Azure Automation and modify Entra IDs, a service account typically needs:

    • Automation Runbook Operator role to run runbooks
    • Automation Contributor role to create and manage runbooks
    • User Administrator roles to create and modify user identities

    You can find details here https://learn.microsoft.com/en-us/azure/automation/automation-role-based-access-control and https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest