Get-AzADSpCredential -ObjectId

Question

Hello Team,

I am using the code Get-AzADSpCredential -ObjectId xxxxxx , to get the service principle End date. When the same piece of code run in Azure Cli, it works and I could get the end date. I am trying to write the power shell code in Azure Automation Account and validate the end date of a service principle. So when trying this I am getting the error as "Insufficient Privilege to do this operation". Is this because of some permission that needs to be done in Azure Active Directory.

Thanks,
Monica.M

Answer 1

Hi @Monica Manoharan

Replenish:

If you are using Connect-AzAccount to log in users interactively, then you need to grant the Application.Read.All delegated permission and grant admin consent for that permission.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hello MonicaManoharan,

You need to use an account that is Owner of the Service Principal: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object

---------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 3

Azure AD calls from PowerShell cmdlets need Graph API to have necessary permissions to be assigned. So, just give permissions to Graph API and try again.

• Go to Azure Active Directory > App registrations and select the application used
• Under the API permissions of the application, add Microsoft Graph
  
• After adding the necessary permissions, try the PowerShell query again and see, if the issue is able to resolve

----------

If the Answer is helpful, please click "Accept Answer" and upvote it