{"id":57014,"date":"2022-08-17T06:00:00","date_gmt":"2022-08-17T10:00:00","guid":{"rendered":"https:\/\/practical365.com\/?p=57014"},"modified":"2025-04-30T15:37:06","modified_gmt":"2025-04-30T19:37:06","slug":"managed-identity-powershell","status":"publish","type":"post","link":"https:\/\/practical365.com\/managed-identity-powershell\/","title":{"rendered":"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Azure_Managed_Identities_Work_for_Some_but_Not_All_Microsoft_365_Modules\" >Azure Managed Identities Work for Some but Not All Microsoft 365 Modules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Creating_an_Azure_Automation_Account\" >Creating an Azure Automation Account<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Permissions_and_Roles_for_Managed_Identities\" >Permissions and Roles for Managed Identities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Working_Example\" >Working Example<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Connecting_Authenticating_and_Permissions\" >Connecting, Authenticating, and Permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Checking_Permissions\" >Checking Permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Posting_to_Teams\" >Posting to Teams<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Learnings_and_Conclusion\" >Learnings and Conclusion<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/#Cybersecurity_Risk_Management_for_Active_Directory\" >Cybersecurity Risk Management for Active Directory<\/a><\/li><\/ul><\/nav><\/div>\n<div id=\"bsf_rt_marker\"><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-azure-managed-identities-work-for-some-but-not-all-microsoft-365-modules\"><span class=\"ez-toc-section\" id=\"Azure_Managed_Identities_Work_for_Some_but_Not_All_Microsoft_365_Modules\"><\/span>Azure Managed Identities Work for Some but Not All Microsoft 365 Modules<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><em>Updated 15 July 2023<\/em><\/p>\n\n\n\n<p>Using Azure Automation runbooks is a great way to run PowerShell scripts on a regularly scheduled basis. In previous articles, I\u2019ve explored using runbooks to process Exchange Online data, sending a welcome email to new employees with <a href=\"https:\/\/practical365.com\/microsoft-graph-sdk-powershell-azure-automation\/\" target=\"_blank\" rel=\"noreferrer noopener\">the Microsoft Graph PowerShell SDK<\/a>, and <a href=\"https:\/\/practical365.com\/azure-automation-spo-create-files\/\" target=\"_blank\" rel=\"noreferrer noopener\">creating files in SharePoint Online<\/a>. All are good examples of how to take advantage of Azure Automation. In this article, I explore using a Managed Identity for authentication in Azure Automation runbooks.<\/p>\n\n\n\n<p>A managed identity is a system-assigned and managed identity that can be used to access resources. <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/overview#managed-identity-types\" target=\"_blank\" rel=\"noreferrer noopener\">Two types of managed identities<\/a> are available: system and user. In this article, I cover system-managed identities rather than user-managed identities, System managed identities are tied to a resource like an automation account. As we\u2019ll see later, being able to assign Graph API permissions and Azure AD administrative roles to the service principal of an automation account is a critical part of the implementation.<\/p>\n\n\n\n<p>Microsoft documents the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/managed-identities-status?WT.mc_id=M365-MVP-9501\" target=\"_blank\" rel=\"noreferrer noopener\">set of Azure services that can authenticate managed identities<\/a>, but there\u2019s a lack of documentation for the Microsoft 365 PowerShell modules. My assessment is:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Microsoft Graph PowerShell SDK<\/strong> (Azure AD accounts and groups): works.<\/li>\n\n\n\n<li><strong>Microsoft Teams<\/strong>: works.<\/li>\n\n\n\n<li><strong>Exchange Online management<\/strong>: <a href=\"https:\/\/docs.microsoft.com\/en-us\/answers\/questions\/689972\/azure-automation-connect-exchangeonline-using-mana.html\" target=\"_blank\" rel=\"noreferrer noopener\">not yet supported<\/a> for the Exchange Online management (V2) module. You can connect the older Exchange V1 module and use it with a managed identity. We\u2019ll cover that in another article.<\/li>\n\n\n\n<li><strong>SharePoint Online<\/strong>: There are examples of using SharePoint Online PowerShell with a managed identity (<a href=\"https:\/\/learningbydoing.cloud\/blog\/connecting-to-sharepoint-online-using-managed-identity-with-granular-access-permissions\/\" target=\"_blank\" rel=\"noreferrer noopener\">here\u2019s one<\/a> and <a href=\"https:\/\/finarne.wordpress.com\/2019\/03\/17\/azure-function-using-a-managed-identity-to-call-sharepoint-online\/\" target=\"_blank\" rel=\"noreferrer noopener\">a second example<\/a>). The <a href=\"https:\/\/pnp.github.io\/powershell\/articles\/azurefunctions.html#by-using-a-managed-identity\" target=\"_blank\" rel=\"noreferrer noopener\">SharePoint PnP module<\/a> supports a limited set of functionality with managed identities. Parsing the finer points of using SharePoint Online with a managed identity lies outside the scope of this article. As we\u2019ll see later, to write a message into a Teams channel, I use the SharePoint PnP module.<\/li>\n<\/ul>\n\n\n\n<p>The overall impression is that Microsoft designed Azure Automation and managed identities to deal with Azure resources and hasn\u2019t paid much attention to making Azure Automation work as well with Microsoft 365 resources. Still, life (and IT) is a journey, so let\u2019s explore the possibilities.<\/p>\n\n\n\n<div class=\"q-blockads-inside-content q-blockads-entity-placement\" id=\"q-blockads-3086521953\"><div id=\"q-blockads-3229817489\"><p><a href=\"https:\/\/www.quest.com\/P365_On_Demand_Migration\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-62892\" src=\"https:\/\/practical365.com\/wp-content\/uploads\/2024\/09\/1901-10-20-2025-Redone-300x31.jpg\" alt=\"\" width=\"861\" height=\"89\" srcset=\"https:\/\/practical365.com\/wp-content\/uploads\/2024\/09\/1901-10-20-2025-Redone-300x31.jpg 300w, https:\/\/practical365.com\/wp-content\/uploads\/2024\/09\/1901-10-20-2025-Redone-768x80.jpg 768w, https:\/\/practical365.com\/wp-content\/uploads\/2024\/09\/1901-10-20-2025-Redone.jpg 860w\" sizes=\"auto, (max-width: 861px) 100vw, 861px\" \/><\/a><\/p>\n<\/div><\/div><h2 class=\"wp-block-heading\" id=\"h-creating-an-azure-automation-account\"><span class=\"ez-toc-section\" id=\"Creating_an_Azure_Automation_Account\"><\/span>Creating an Azure Automation Account<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To get started, you need an Azure Automation account that\u2019s associated with an Azure subscription. Some recommend that you use a separate account for managed identities, but you can use an existing account if you want. I discuss <a href=\"https:\/\/practical365.com\/use-azure-automation-exchange-online\/\" target=\"_blank\" rel=\"noreferrer noopener\">how to create an Azure Automation account in this article<\/a>, the big difference being that RunAs accounts are not needed for managed identities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-permissions-and-roles-for-managed-identities\"><span class=\"ez-toc-section\" id=\"Permissions_and_Roles_for_Managed_Identities\"><\/span>Permissions and Roles for Managed Identities<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Microsoft\u2019s documentation explains <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/automation\/enable-managed-identity-for-automation?WT.mc_id=M365-MVP-9501\" target=\"_blank\" rel=\"noreferrer noopener\">how a system-assigned managed identity works<\/a>. The same article also covers how to create a managed identity. For this article, I use an automation account called <em>ManagedIdentitiesAutomation<\/em>. This account stores the resources we\u2019ll use in the example, primarily the PowerShell modules. Make sure that before you begin, you load the Graph modules containing the cmdlets used in the runbook (like <em>Microsoft.Graph.Authentication <\/em>and <em>Microsoft.Graph.Teams<\/em>) as resources for the automation account.<\/p>\n\n\n\n<p>When you create a managed identity, Azure AD creates a service principal object for the managed identity. This is critical because the service principal is \u201ca convenient way to assign permissions.\u201d In other words, like the service principals of other Azure AD registered and enterprise apps, you can assign permissions and administrative roles to a managed identity\u2019s service principal to make those rights available to the managed identity.<\/p>\n\n\n\n<p>To see details of the roles and permissions available to the service principal, access the Azure AD admin center, select Enterprise applications, and filter for Managed identities. When you find the managed identity you created in Azure Automation, you can see the permissions assigned to its service principal (Figure 1).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"759\" src=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions-1024x759.jpg\" alt=\"The permissions for a Service Principal for a Managed Identity\" class=\"wp-image-57015\" srcset=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions-1024x759.jpg 1024w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions-300x222.jpg 300w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions-768x569.jpg 768w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions-1536x1139.jpg 1536w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Service-Principal-and-Permissions.jpg 1550w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Figure 1: The permissions for a Service Principal for a Managed Identity<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Many permissions are listed in Figure 1. That\u2019s because I used the same account for different tests. To figure out what permissions you need for cmdlets that use Graph APIs, you can <a href=\"https:\/\/practical365.com\/microsoft-graph-api-permission\/\" target=\"_blank\" rel=\"noreferrer noopener\">follow the advice in this article<\/a>. We\u2019ll come back to permission management shortly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-working-example\"><span class=\"ez-toc-section\" id=\"Working_Example\"><\/span>Working Example<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A working example is a great way to explore the possibilities of any technology. In my case, I decided to move a script I wrote to <a href=\"https:\/\/office365itpros.com\/2022\/08\/09\/populate-teams-shared-channel\/\" target=\"_blank\" rel=\"noreferrer noopener\">populate the membership of a shared channel in a team<\/a> to Azure Automation. The script searches for new Azure AD accounts and adds them to the <a href=\"https:\/\/practical365.com\/microsoft-prepares-debut-teams-shared-channels\/\" target=\"_blank\" rel=\"noreferrer noopener\">shared channel<\/a> to make sure that everyone in the organization can access the channel. Moving the script to Azure Automation allowed me to schedule it to run periodically to detect new and add new accounts.<\/p>\n\n\n\n<p>The script uses the <a href=\"https:\/\/office365itpros.com\/2021\/05\/13\/microsoft-teams-powershell-module\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Teams<\/a> and Microsoft Graph PowerShell SDK modules. As a bonus, I updated the script to post the results of its processing to the <a href=\"http:\/\/bit.ly\/3zyueCL\" target=\"_blank\" rel=\"noreferrer noopener\">shared channel<\/a> so that everyone would see details of new members. We\u2019ll get to that part soon.<\/p>\n\n\n\n<div class=\"q-blockads-content q-blockads-entity-placement\" id=\"q-blockads-409531246\"><div id=\"q-blockads-3787078250\"><p><a href=\"https:\/\/www.quest.com\/Security_Guardian_P365\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-62893\" src=\"https:\/\/practical365.com\/wp-content\/uploads\/2024\/04\/1902-10-20-2025-Redone-300x31.jpg\" alt=\"\" width=\"861\" height=\"89\" srcset=\"https:\/\/practical365.com\/wp-content\/uploads\/2024\/04\/1902-10-20-2025-Redone-300x31.jpg 300w, https:\/\/practical365.com\/wp-content\/uploads\/2024\/04\/1902-10-20-2025-Redone-768x80.jpg 768w, https:\/\/practical365.com\/wp-content\/uploads\/2024\/04\/1902-10-20-2025-Redone.jpg 860w\" sizes=\"auto, (max-width: 861px) 100vw, 861px\" \/><\/a><\/p>\n<\/div><\/div><h2 class=\"wp-block-heading\" id=\"h-connecting-authenticating-and-permissions\"><span class=\"ez-toc-section\" id=\"Connecting_Authenticating_and_Permissions\"><\/span>Connecting, Authenticating, and Permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The script needs to connect to the Microsoft Graph and Microsoft Teams endpoints. The easiest way to get an accesss token is to run the <em>Connect-AzAccount<\/em> cmdlet. You can run the <em>Connect-MicrosoftTeams<\/em> cmdlet with an Identity parameter to use a managed identity, which leads to:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Connect to Microsoft Graph in Azure Automation\nConnect-AzAccount -Identity\n$AccessToken = Get-AzAccessToken -ResourceUrl \"https:\/\/graph.microsoft.com\"\n# Connect to the Graph SDK with the acquired access token\nConnect-Graph -AccessToken $AccessToken.Token -Scopes AppRoleAssignment.ReadWrite.All\n# Connect to Teams\nConnect-MicrosoftTeams -Identity<\/pre>\n\n\n\n<p><a href=\"https:\/\/office365itpros.com\/2023\/07\/10\/graph-powershell-sdk-v2\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Graph PowerShell SDK V2.0<\/a> (or later) supports managed identities, so you can replace the connection with:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Connect-MgGraph -Identity<\/pre>\n\n\n\n<p>Remember that V2 of the SDK divides cmdlets into production and beta modules. If your code uses beta cmdlets, remember to import the necessary beta modules (like <em>Microsoft.Graph.Beta.Users<\/em>) into the Azure Automation account. The <em>Select-MgProfile<\/em> cmdlet is not in the SDK V2 and should be removed from runbooks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Checking_Permissions\"><\/span>Checking Permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>We\u2019ve now connected to the Graph and Teams, but the <a href=\"https:\/\/office365itpros.com\/2022\/02\/17\/understanding-azure-ad-access-token\/\" target=\"_blank\" rel=\"noreferrer noopener\">access token generated by Azure AD<\/a> won\u2019t allow us to do much unless the managed identity has permissions to run cmdlets or Graph requests. Before moving on, I had to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Add the Teams management role to the service principal of the managed identity.<\/li>\n\n\n\n<li>Assign the necessary Graph API permissions for the tasks performed in the script to the service principal.<\/li>\n<\/ul>\n\n\n\n<p>When looking at the set of permissions assigned to the managed identity in Figure 1, you don\u2019t see options to add or remove permissions (the full screen isn\u2019t shown, but no options are available). The Azure AD admin center says: \u201c<em>The ability to consent to this application is disabled as the app does not require consent<\/em>.\u201d &nbsp;In practical terms, this means that all management of permissions must be done through PowerShell.<\/p>\n\n\n\n<p>After making sure that the account used has the <em>Directory.ReadWrite.All<\/em> and <em>Application.ReadWrite.All<\/em> permissions (to update Azure AD and the application details), here&#8217;s how I assigned the Teams management role to the service principal:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Fetch the details of the automation account that we want to add the permission to\n$ManagedIdentity = Get-MgServicePrincipal -Filter \"displayName eq 'ManagedIdentitiesAutomation'\"\n# Fetch details of the Teams management app\n$TeamsApp = Get-MgServicePrincipal -Filter \"AppId eq '48ac35b8-9aa8-4d74-927d-1f4a14a0b239'\"  \n$AppPermission = $TeamsApp.AppRoles | Where-Object {$_.DisplayName -eq \"Application_access\"} # Create the payload for the assignment\n$AppRoleAssignment = @{\n    \"PrincipalId\" = $ManagedIdentity.Id\n    \"ResourceId\" = $TeamsApp.Id\n    \"AppRoleId\" = $AppPermission.Id }\n# Assign the role to the service principal for the managed identity.\nNew-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ManagedIdentity.Id -BodyParameter $AppRoleAssignment\n<\/pre>\n\n\n\n<p>And after that, I followed up by assigning the necessary Graph permissions to the service principal. Here\u2019s how I added the permission needed to add a new member to a channel:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">$GraphApp = Get-MgServicePrincipal -Filter \"AppId eq '00000003-0000-0000-c000-000000000000'\" # Microsoft Graph\n$Role = $GraphApp.AppRoles | Where-Object {$_.Value -eq  'ChannelMember.ReadWrite.All'}\n$AppRoleAssignment = @{\n    \"PrincipalId\" = $ManagedIdentity.Id\n    \"ResourceId\" = $GraphApp.Id\n    \"AppRoleId\" = $Role.Id }\n# Assign the Graph permission\nNew-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ManagedIdentity.Id -BodyParameter $AppRoleAssignment\n<\/pre>\n\n\n\n<p>If you make a mistake and assign a permission that isn\u2019t necessary, you can remove it by finding the identifier for the assignment of the permission in the set held by the service principal and running the <em>Remove-MgServicePrincipalAppRoleAssignment<\/em> cmdlet. Here\u2019s what I did to remove the <em>TeamWork.Migrate.All<\/em> permission.<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[Array]$SPPermissions = Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ManagedIdentity.Id\n$Role = $GraphApp.AppRoles | Where-Object {$_.Value -eq \"TeamWork.Migrate.All\"}\n$Assignment = $SpPermissions | Where-Object {$_.AppRoleId -eq $Role.Id}\nRemove-MgServicePrincipalAppRoleAssignment -AppRoleAssignmentId $Assignment.Id -ServicePrincipalId $ManagedIdentity.Id\n<\/pre>\n\n\n\n<p>Two things might go through your mind at this point. First, are all these steps documented by Microsoft? And second, why is the process of permission management for a managed identity so complex? My view is that the area lacks coherent documentation. Microsoft covers the basics in different places but bringing everything together to make permission management for a managed identity a straightforward operation doesn\u2019t appear to have happened. Instead, Microsoft leaves it to others to turn the theory into practice.<\/p>\n\n\n\n<p>In any case, after adding the necessary roles and permissions to the managed identity, when the script authenticates, the access token generated by Azure AD includes all the permissions and the script can do some real work (Figure 2).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"628\" src=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Test-1024x628.jpg\" alt=\"Testing that the managed identity can update Teams channel membership\" class=\"wp-image-57016\" srcset=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Test-1024x628.jpg 1024w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Test-300x184.jpg 300w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Test-768x471.jpg 768w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Test.jpg 1262w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Figure 2: Testing that the managed identity can update Teams channel membership<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-posting-to-teams\"><span class=\"ez-toc-section\" id=\"Posting_to_Teams\"><\/span>Posting to Teams<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>As mentioned above, I wanted the script to output details of new members in a channel. Two issues presented themselves:<\/p>\n\n\n\n<ol style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>We\u2019re posting to a shared channel. Access to the channel is limited to the channel membership. The managed identity isn\u2019t a member of the channel and there doesn\u2019t seem to be a way to impersonate a channel member.<\/li>\n\n\n\n<li>Shared channels don\u2019t support connectors, so it\u2019s not possible to use the incoming webhook connector to post a message (unless you decide to post to another channel in the host team).<\/li>\n<\/ol>\n\n\n\n<p><a href=\"https:\/\/office365itpros.com\/2022\/08\/15\/Azure-Key-Vault-PowerShell\" target=\"_blank\" rel=\"noreferrer noopener\">I used Azure KeyVault to store the user credentials and other information<\/a> needed to connect to PnP. Storing this information in Azure Key Vault makes it easy to change the account used to post messages or the target channel. To post the message, I used much the same code as <a href=\"https:\/\/office365itpros.com\/2022\/04\/08\/post-teams-channels\/\" target=\"_blank\" rel=\"noreferrer noopener\">explained in this article<\/a> to create an HTML body part containing details of the new channel members (Figure 3).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"361\" src=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Teams-Channel-Post-1-1024x361.jpg\" alt=\"The managed identity can post a message to a Teams shared channel\" class=\"wp-image-57018\" srcset=\"https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Teams-Channel-Post-1-1024x361.jpg 1024w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Teams-Channel-Post-1-300x106.jpg 300w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Teams-Channel-Post-1-768x271.jpg 768w, https:\/\/practical365.com\/wp-content\/uploads\/2022\/08\/Managed-Identities-Teams-Channel-Post-1.jpg 1106w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Figure 3: The managed identity can post a message to a Teams shared channel<\/figcaption><\/figure>\n<\/div>\n\n\n<p>After I got everything working, I published the runbook and added it to a schedule so that Azure Automation would run the script every week. The script has hummed away quite happily for a couple of weeks, so I\u2019m calling that a success. You can <a href=\"https:\/\/github.com\/12Knocksinna\/Office365itpros\/blob\/master\/AzureAutomationAddMembersTeamChannels.PS1\" target=\"_blank\" rel=\"noreferrer noopener\">download the full script from GitHub<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-learnings-and-conclusion\"><span class=\"ez-toc-section\" id=\"Learnings_and_Conclusion\"><\/span>Learnings and Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Even with some rough edges, the combination of the Microsoft Graph APIs, Azure Automation, and managed identities is a nice way to offload the processing of resource-intensive scripts, like those that scan all tenant members to generate reports. Things would be even better if all the mainline PowerShell modules used for Microsoft 365 management supported managed identities more thoroughly and elegantly than they do today. That might come in time.<\/p>\n\n\n\r\n    <div id=\"qcb-cybersecurityriskmanagementforactivedirectory\" data-v3=\"Promo\" class=\"q-custom-block promo-block contact-v3 centered pt-v3 pb-v3 \">\r\n        <div class=\"container\">\r\n                        <div class=\"contact-info bg-cyan \">\r\n                <h2 class=\"title-v3\"><span class=\"ez-toc-section\" id=\"Cybersecurity_Risk_Management_for_Active_Directory\"><\/span>Cybersecurity Risk Management for Active Directory<span class=\"ez-toc-section-end\"><\/span><\/h2>                <div class=\"intro-v3 txt-v3\" data-v3-action=\"Content\">\r\n                    <p>Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.<\/p>\n                <\/div>\r\n                                    <div class=\"cta-v3 center\">\r\n                                                                                    <a data-v3-action=\"CTA Button\" class=\"btn-v3 btn-block-xs btn-default\" target=\"_blank\" href=\"https:\/\/www.quest.com\/P365_Cybersecurity_risk_management_for_Active_Directory\">Learn More<\/a>\r\n                                                                        <\/div> <!-- \/* Ends CTA Buttons *\/ -->\r\n                            <\/div>\r\n        <\/div>\r\n    <\/div>\r\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article covers how to use an Azure managed identity with the Microsoft Graph PowerShell SDK and Microsoft Teams modules in an automation runbook. <\/p>\n","protected":false},"author":84,"featured_media":45948,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[10900,1153,9055],"tags":[1201,10640,10639],"class_list":["post-57014","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-entra-id","category-microsoft-365","category-powershell","tag-azure-key-vault","tag-azure-managed-identities","tag-managed-identity","entry","has-media"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Using an Azure Managed Identity with Microsoft 365 PowerShell<\/title>\n<meta name=\"description\" content=\"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/practical365.com\/managed-identity-powershell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules\" \/>\n<meta property=\"og:description\" content=\"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/practical365.com\/managed-identity-powershell\/\" \/>\n<meta property=\"og:site_name\" content=\"Practical 365\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Practical365\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-17T10:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-30T19:37:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"734\" \/>\n\t<meta property=\"og:image:height\" content=\"396\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tony Redmond\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/12Knocksinna\" \/>\n<meta name=\"twitter:site\" content=\"@Practical365\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tony Redmond\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/\"},\"author\":{\"name\":\"Tony Redmond\",\"@id\":\"https:\\\/\\\/practical365.com\\\/#\\\/schema\\\/person\\\/19d7b2f404dd1da1d87586fb07015a19\"},\"headline\":\"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules\",\"datePublished\":\"2022-08-17T10:00:00+00:00\",\"dateModified\":\"2025-04-30T19:37:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/\"},\"wordCount\":1655,\"commentCount\":12,\"publisher\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg\",\"keywords\":[\"Azure Key Vault\",\"Azure Managed Identities\",\"Managed Identity\"],\"articleSection\":[\"Entra ID\",\"Microsoft 365\",\"PowerShell\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/\",\"url\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/\",\"name\":\"Using an Azure Managed Identity with Microsoft 365 PowerShell\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg\",\"datePublished\":\"2022-08-17T10:00:00+00:00\",\"dateModified\":\"2025-04-30T19:37:06+00:00\",\"description\":\"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#primaryimage\",\"url\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg\",\"contentUrl\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg\",\"width\":734,\"height\":396,\"caption\":\"p Blog Azure Automation and SharePoint Online Part Two LOW\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/practical365.com\\\/managed-identity-powershell\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/practical365.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Entra ID\",\"item\":\"https:\\\/\\\/practical365.com\\\/entra-id\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/practical365.com\\\/#website\",\"url\":\"https:\\\/\\\/practical365.com\\\/\",\"name\":\"Practical 365\",\"description\":\"Practical Office 365 News, Tips, and Tutorials\",\"publisher\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/practical365.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/practical365.com\\\/#organization\",\"name\":\"Practical 365\",\"url\":\"https:\\\/\\\/practical365.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/practical365.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/Logo-P365-stacked.jpg\",\"contentUrl\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/Logo-P365-stacked.jpg\",\"width\":1176,\"height\":696,\"caption\":\"Practical 365\"},\"image\":{\"@id\":\"https:\\\/\\\/practical365.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Practical365\",\"https:\\\/\\\/x.com\\\/Practical365\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/practical365-com\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/practical365.com\\\/#\\\/schema\\\/person\\\/19d7b2f404dd1da1d87586fb07015a19\",\"name\":\"Tony Redmond\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg\",\"url\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/practical365.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg\",\"caption\":\"Tony Redmond\"},\"description\":\"Tony Redmond has written thousands of articles about Microsoft technology since 1996. He is the lead author for the Office 365 for IT Pros eBook, the only book covering Office 365 that is updated monthly to keep pace with change in the cloud. Apart from contributing to Practical365.com, Tony also writes at Office365itpros.com to support the development of the eBook. He has been a Microsoft MVP since 2004.\",\"sameAs\":[\"https:\\\/\\\/office365itpros.com\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/12Knocksinna\"],\"url\":\"https:\\\/\\\/practical365.com\\\/author\\\/tony-redmondredmondassociates-org\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Using an Azure Managed Identity with Microsoft 365 PowerShell","description":"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/practical365.com\/managed-identity-powershell\/","og_locale":"en_US","og_type":"article","og_title":"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules","og_description":"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.","og_url":"https:\/\/practical365.com\/managed-identity-powershell\/","og_site_name":"Practical 365","article_publisher":"https:\/\/www.facebook.com\/Practical365","article_published_time":"2022-08-17T10:00:00+00:00","article_modified_time":"2025-04-30T19:37:06+00:00","og_image":[{"width":734,"height":396,"url":"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg","type":"image\/jpeg"}],"author":"Tony Redmond","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/12Knocksinna","twitter_site":"@Practical365","twitter_misc":{"Written by":"Tony Redmond","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/practical365.com\/managed-identity-powershell\/#article","isPartOf":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/"},"author":{"name":"Tony Redmond","@id":"https:\/\/practical365.com\/#\/schema\/person\/19d7b2f404dd1da1d87586fb07015a19"},"headline":"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules","datePublished":"2022-08-17T10:00:00+00:00","dateModified":"2025-04-30T19:37:06+00:00","mainEntityOfPage":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/"},"wordCount":1655,"commentCount":12,"publisher":{"@id":"https:\/\/practical365.com\/#organization"},"image":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg","keywords":["Azure Key Vault","Azure Managed Identities","Managed Identity"],"articleSection":["Entra ID","Microsoft 365","PowerShell"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/practical365.com\/managed-identity-powershell\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/practical365.com\/managed-identity-powershell\/","url":"https:\/\/practical365.com\/managed-identity-powershell\/","name":"Using an Azure Managed Identity with Microsoft 365 PowerShell","isPartOf":{"@id":"https:\/\/practical365.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/#primaryimage"},"image":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg","datePublished":"2022-08-17T10:00:00+00:00","dateModified":"2025-04-30T19:37:06+00:00","description":"This article explains how to use an Azure Managed Identity with the Microsoft Graph PowerShell SDK and Teams PowerShell modules to do real work.","breadcrumb":{"@id":"https:\/\/practical365.com\/managed-identity-powershell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/practical365.com\/managed-identity-powershell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/practical365.com\/managed-identity-powershell\/#primaryimage","url":"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg","contentUrl":"https:\/\/practical365.com\/wp-content\/uploads\/2019\/06\/130-p365-Blog-Azure-Automation-and-SharePoint-Online-Part-Two-LOW.jpg","width":734,"height":396,"caption":"p Blog Azure Automation and SharePoint Online Part Two LOW"},{"@type":"BreadcrumbList","@id":"https:\/\/practical365.com\/managed-identity-powershell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/practical365.com\/"},{"@type":"ListItem","position":2,"name":"Entra ID","item":"https:\/\/practical365.com\/entra-id\/"},{"@type":"ListItem","position":3,"name":"Using Managed Identities with the Microsoft Graph SDK and Teams PowerShell Modules"}]},{"@type":"WebSite","@id":"https:\/\/practical365.com\/#website","url":"https:\/\/practical365.com\/","name":"Practical 365","description":"Practical Office 365 News, Tips, and Tutorials","publisher":{"@id":"https:\/\/practical365.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/practical365.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/practical365.com\/#organization","name":"Practical 365","url":"https:\/\/practical365.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/practical365.com\/#\/schema\/logo\/image\/","url":"https:\/\/practical365.com\/wp-content\/uploads\/2022\/06\/Logo-P365-stacked.jpg","contentUrl":"https:\/\/practical365.com\/wp-content\/uploads\/2022\/06\/Logo-P365-stacked.jpg","width":1176,"height":696,"caption":"Practical 365"},"image":{"@id":"https:\/\/practical365.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Practical365","https:\/\/x.com\/Practical365","https:\/\/www.linkedin.com\/company\/practical365-com"]},{"@type":"Person","@id":"https:\/\/practical365.com\/#\/schema\/person\/19d7b2f404dd1da1d87586fb07015a19","name":"Tony Redmond","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/practical365.com\/wp-content\/uploads\/2022\/06\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg","url":"https:\/\/practical365.com\/wp-content\/uploads\/2022\/06\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg","contentUrl":"https:\/\/practical365.com\/wp-content\/uploads\/2022\/06\/cropped-TonyRedmondHeadShot2016-1200-96x96.jpg","caption":"Tony Redmond"},"description":"Tony Redmond has written thousands of articles about Microsoft technology since 1996. He is the lead author for the Office 365 for IT Pros eBook, the only book covering Office 365 that is updated monthly to keep pace with change in the cloud. Apart from contributing to Practical365.com, Tony also writes at Office365itpros.com to support the development of the eBook. He has been a Microsoft MVP since 2004.","sameAs":["https:\/\/office365itpros.com","https:\/\/x.com\/https:\/\/twitter.com\/12Knocksinna"],"url":"https:\/\/practical365.com\/author\/tony-redmondredmondassociates-org\/"}]}},"_links":{"self":[{"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/posts\/57014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/comments?post=57014"}],"version-history":[{"count":0,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/posts\/57014\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/media\/45948"}],"wp:attachment":[{"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/media?parent=57014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/categories?post=57014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/practical365.com\/wp-json\/wp\/v2\/tags?post=57014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}