You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the PNP module within an Azure function managed indentity (Connect-PnPOnline -ManagedIdentity -Url:'Contoso.microsoft.com'), the command Add-PnPTeamsChannel returns: Insufficient privileges to complete the operation.
This works fine under other connection methods but seems to fail when using -ManagedIdentity
The managed identity has been granted permissions:
Add-PnPTeamsChannel should complete succesfully if the require permissions are granted
Actual behavior
It failes with error: "Insufficient privileges to complete the operation."
The verbose output is:
2024-06-05T04:48:47.237 [Trace] VERBOSE: Acquiring token for resource graph.microsoft.com using Managed Identity
2024-06-05T04:48:47.237 [Trace] VERBOSE: Using scope https://graph.microsoft.com/ for managed identity token coming from the cmdlet permission attribute
2024-06-05T04:48:47.237 [Trace] VERBOSE: Using identity endpoint: http://127.0.0.1:41131/msi/token/
2024-06-05T04:48:47.237 [Trace] VERBOSE: Using identity header: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2024-06-05T04:48:47.237 [Trace] VERBOSE: Using the system assigned managed identity
2024-06-05T04:48:47.238 [Trace] VERBOSE: Sending token request to http://127.0.0.1:41131/msi/token/?resource=https://graph.microsoft.com/&api-version=2019-08-01
2024-06-05T04:48:47.238 [Trace] VERBOSE: Acquiring token for resource graph.microsoft.com using Managed Identity
2024-06-05T04:48:47.238 [Trace] VERBOSE: Using scope https://graph.microsoft.com/ for managed identity token coming from the cmdlet permission attribute
2024-06-05T04:48:47.238 [Trace] VERBOSE: Using identity endpoint: http://127.0.0.1:41131/msi/token/
2024-06-05T04:48:47.238 [Trace] VERBOSE: Using identity header: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2024-06-05T04:48:47.238 [Trace] VERBOSE: Using the system assigned managed identity
2024-06-05T04:48:47.238 [Trace] VERBOSE: Sending token request to http://127.0.0.1:41131/msi/token/?resource=https://graph.microsoft.com/&api-version=2019-08-01
Reporting an Issue or Missing Feature
When using the PNP module within an Azure function managed indentity (Connect-PnPOnline -ManagedIdentity -Url:'Contoso.microsoft.com'), the command Add-PnPTeamsChannel returns: Insufficient privileges to complete the operation.
This works fine under other connection methods but seems to fail when using -ManagedIdentity
The managed identity has been granted permissions:
Expected behavior
Add-PnPTeamsChannel should complete succesfully if the require permissions are granted
Actual behavior
It failes with error: "Insufficient privileges to complete the operation."
The verbose output is:
Steps to reproduce behavior
Create an azure powershell function following this: https://pnp.github.io/powershell/articles/azurefunctions.html
Grant the following permissions to the managed identity:
Run the following code in an azure powershell function:
What is the version of the Cmdlet module you are running?
2.4.0
Which operating system/environment are you running PnP PowerShell on?
The text was updated successfully, but these errors were encountered: