Trying to add delegated permission scopes defined in Azure Virtual Desktop RBAC to AAD App registration by calling Microsoft Graph API - /applications
Cannot pass delegated permission scopes related to Azure Virtual Deskltop RBAC based permissions like Microsoft.DesktopVirtualization/hostpools/*/read defined here: https://learn.microsoft.com/en-us/azure/virtual-desktop/rbac as they are not listed in the full list defined here: https://learn.microsoft.com/en-us/graph/permissions-reference#all-permissions-and-ids
Trying to add delegated permission scopes to AAD App registration by calling https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http The full list of permission scope that can be passed is defined here: https://learn.microsoft.com/en-us/graph/permissions-reference#all-permissions-and-ids does not contain Microsoft.DesktopVirtualization/**
From the above documentation you have shared I was able to conclude that each RBAC role comes with a set of permission (which could not be assigned individually with built in roles).
For example Desktop Virtualization Reader come with following permissions:
Microsoft.DesktopVirtualization//read,*
Microsoft.Resources/subscriptions/resourceGroups/read,
Microsoft.Resources/deployments/read,
Microsoft.Authorization//read,*
Microsoft.Insights/alertRules/read,
Microsoft.Support/*
The reference GUID in Azure AD Graph API for Desktop Virtualization Reader is 49a72310-ab8d-41df-bbb0-79b649203868 reference doc Azure built-in roles.
You could assign the roles via REST API and not via Graph because Graph API only manages Azure AD resources rather than Azure resources.
- Get the Role Assignments - List For Resource
Example:
- Compare the role with Virtual desktop infrastructure for permission and [https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-desktop-infrastructure for Role ID
- Use Role Assignments - Create
Please do let me know if you have any further queries in the comments section.
Thanks,
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs