Assigning roles to a Logic App’s managed identity using the Graph API can streamline application management while enhancing security. The process begins by enabling the Logic App’s system-assigned managed identity and noting its Object ID, which serves as a unique identifier. Next, the intended role, such as ‘WindowsDefenderATP.MachineIsolate’, has to be matched with its respective service principal ID and role ID using the Microsoft Graph API Explorer. An efficient start is by running a GET request filtering by the display name to locate the desired service principal.
Once the relevant ID is acquired, a POST request is made to assign the role to the Logic App. This involves replacing placeholders in your API call with specific values: the identity’s Object ID, and both the service principal and role IDs. Successfully executing this POST request results in the assigned permissions reflecting in the system’s managed identity. These steps leverage Microsoft Graph’s capabilities to fine-tune role assignments, facilitating more targeted access controls for applications across Azure services.
News: Using Graph API to assign roles to logic app managed identity
Documentation: List servicePrincipals – Microsoft Graph v1.0 | Microsoft Learn
