Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reset-AADPassword Prerequisites is wrong. #9035

Closed
ankkp opened this issue Sep 18, 2023 · 6 comments
Closed

Reset-AADPassword Prerequisites is wrong. #9035

ankkp opened this issue Sep 18, 2023 · 6 comments
Assignees
@v-rbajaj @v-sudkharat
Labels
Playbook Playbook specialty review needed

Comments

@ankkp
Copy link

ankkp commented Sep 18, 2023
edited
Loading

Describe the bug
I was testing Reset-AADPassword playbook and followed the permission steps. But I still get error for https-reset password step.

{
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {

To Reproduce
Steps to reproduce the behavior:
follow link above

Expected behavior
playbook should run sucessfully.

Screenshots
image

Desktop (please complete the following information):
NA

Smartphone (please complete the following information):
NA

Additional context
I think MI needs more permission.

Example:
$MIGuid = "<Enter your managed identity guid here>" $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid $GraphAppId = "00000003-0000-0000-c000-000000000000" $PermissionName = "User.ReadWrite.All" $GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'" $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"} New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId
-ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id`
@github-actions
Copy link
Contributor

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

@ankkp
Copy link
Author

ankkp commented Sep 18, 2023

@rahul0216

If you could look at this or get the right person to review it.

Thank you

@v-amolpatil v-amolpatil added the Playbook Playbook specialty review needed label Sep 18, 2023
@rahul0216
Copy link
Contributor

Thanks @ankkp for reporting this. @v-rbajaj and @v-sudkharat will look into the issue.

@v-rbajaj
Copy link
Contributor

v-rbajaj commented Oct 5, 2023

Hi @ankkp, we are investigating this issue but most probably looking at the error message, it looks like there aren't sufficient privileges to run this playbook for you and hence you are getting authorization error.

@ankkp
Copy link
Author

ankkp commented Oct 5, 2023

hello @v-rbajaj Please resolve it I missed part MI needing GA permission for admin accounts.

1 similar comment
@ankkp
Copy link
Author

ankkp commented Oct 5, 2023

hello @v-rbajaj Please resolve it I missed part MI needing GA permission for admin accounts.

@ankkp ankkp closed this as completed Oct 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-rbajaj v-rbajaj

@v-sudkharat v-sudkharat

Labels
Playbook Playbook specialty review needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rahul0216 @v-amolpatil @ankkp @v-rbajaj @v-sudkharat