Can't view license info via service principal using AzureAD powershell module

Sara 1 Reputation point
2022-04-12T18:31:58.247+00:00

I'm not new to powershell or AzureAD, but I am new to the AzureAD powershell module, service principals, Applications, app registrations, and the Microsoft Graph API. As an admin vs a dev, nearly everything about azure applications is greek to me.
However, with new cybersecurity requirements wanting MFA on everything I thought it was time to write some powershell using a service principal instead of a username and password.

Initially, I'm just looking to gather the list of assigned O365 licenses.

I created an app registration, which seems to have created an application and service principal.
I went into the api permissions on my app registration/application and granted Microsoft Graph API LicenseAssignment.ReadWrite.All , said Yes as an Administrator.
I created a self signed cert and uploaded it to my app registration/application
I got the AzureAD module, connected to my tenant using my application/service principal and its certificate.

I try running Get-AzureADSubscribedSku and get the following error:
Get-AzureADSubscribedSku : Error occurred while executing GetSubscribedSkus
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.

What am I missing here?

Above command works fine if I sign in with a normal global admin account.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,124 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,435 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,185 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.8K Reputation points MVP
    2022-04-12T18:41:10.99+00:00