Azure Automation account admin consent for API issue

Hayward, Darrell 1 Reputation point

We have multiple Azure subscriptions.

An admin of one of these has subscriptions created an automation account, with run as privileges.

That run as account in Azure AD has API permissions to Azure Active Directory Graph (as picture) - this requires Admin consent to run.

My question is: If I grant permission on an AD level, does that grant permission for that account on all subscriptions using Azure Active Directory Graph, or only that subscription that the automation account is in?

I'm more concerned about the Application.ReadWrite.All permission


Hope that made sense.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,236 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,743 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
821 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 71,216 Reputation points MVP

    Only on the currently selected Azure AD instance. I would be wary granting such permissions though, at minimum try to understand why they are needed.

    1 person found this answer helpful.