I have a scenario where I need to add an application to a security group from a DevOps pipeline. I have the following scenario that is working just fine:
- in pipeline I have the following powershel script:
if (!((Get-AzADGroupMember -ObjectId ((Get-AzADGroup -DisplayName $groupName).id)).DisplayName -eq $appName)) {Add-AzADGroupMember -MemberObjectId (Get-AzADServicePrincipal -DisplayName $appName).id -TargetGroupObjectId (Get-AzADGroup -DisplayName $groupName).id} else {"member is already part of the group"}
- the service principal has API permission of Azure Active Directory Graph with Directory.Read.All permission:
- the service principal is owner of the security group:
The problem is that Azure Active Directory Graph is on a deprecation path so I changed the permission to the recommended Microsoft Graph permission:
but now I receive the "Insufficient privileges to complete the operation." error
Please could anybody advise what else do I need to configure for this to work?
Thank you.