Grant permissions to System Managed Identity

Get System Managed Identity Object ID using PowerShell

In this example, the System Managed Identity is enabled on the Automation Account called test-aa

Get-AzADServicePrincipal -DisplayName "test-aa"
 
$MI = Get-AzADServicePrincipal -DisplayName "test-aa"
$MI.id

Copy the Object ID

Get System Managed Identity Object ID from Azure Portal

Automation Accounts - select Account
Identity - System assigned

Copy the Object (principal) ID

Grant System Managed Identity permissions

Assign System Managed Identity permissions using PowerShell New-AzRoleAssignment

The Managed Identity needs Reader permissions to the Automation Account resource group so it can execute Runbooks

$RGName = "test-rg"
$SystemMI = "e0b3c7f5-6717-4335-82f6-71416fa8cfb0"
 
New-AzRoleAssignment -ObjectId $SystemMI -ResourceGroupName $RGName -RoleDefinitionName "Reader"

Check Managed Identity Azure Role Assignments

Automation Account - Identity
System assigned - Azure Role Assignments

Reader role has been assigned to the Resource Group

Managed Identity Enterprise Application

You can also view the System assigned Managed Identity under Enterprise applications

Entra ID - Enterprise applications
Application type: Managed Identities

Note the Object ID and Application ID

References:

Az PowerShell - Get-AzADServicePrincipal
https://learn.microsoft.com/en-us/powershell/module/az.resources/get-azadserviceprincipal

Az PowerShell - New-AzRoleAssignment
https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azroleassignment

Grant Azure permissions to System assigned Managed Identity

Get System Managed Identity Object ID using PowerShell

Get System Managed Identity Object ID from Azure Portal

Grant System Managed Identity permissions

Managed Identity Enterprise Application

Subscribe to our Newsletter