1

I want to automate SharePoint admin tasks with Azure Automation. I don't want to use user/password but Service Principle. (We have MFA enforced.)

I set up a new "Azure Automation" account, including an "Azure Run As" account. I added PnP modules. I assigned the following rights via https://mytenant-admin.sharepoint.com/_layouts/15/AppInv.aspx

<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/Tenant" Right="Manage"/> </AppPermissionRequests>

In my scripts now I can Connect-PnPOnline or do some random other stuff, but whenever I want to do privileged things, like Get-PnPTenantSite I'm running into errors:

Get-PnPTenantSite : Current user is not a tenant administrator. At line:5 char:1 + Get-PnPTenantSite + ~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (:) [Get-PnPTenantSite], ServerException + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.GetTenantSite

How do I give the scripts in Azure Automation full SPO admin rights?

Improve this question
1

1 Answer 1

Reset to default
0

Here is a good cheat sheet for app permissions. To grant full access (tenant admin) you would use the following:

<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>
Improve this answer
4
  • 1
    It works. I marked the question as answered. Thank you! Commented Mar 12, 2020 at 6:47
  • Maybe it's a new question, but: How does this work cross-tenant? Commented Mar 12, 2020 at 6:47
  • You would need to set this up pr tenant Commented Mar 12, 2020 at 6:55
  • Understood. Thank you! Commented Mar 12, 2020 at 9:27

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.