Azure Active Directory configuration


I am setting up Octopus Deployment on a VM inside our Azure environment. I want to deploy to Web Apps in that environment, and have set up a Active Directory application to authenticate OD into Azure.

I keep getting this error here when OD tries to read the resource group list:
Microsoft.Rest.Azure.CloudException: The client ‘{guid}’ with object id ‘{guid}’ does not have authorization to perform action ‘Microsoft.Resources/subscriptions/resourcegroups/read’ over scope ‘/subscriptions/{guid2}’.

It seems that the AAD Application does not have the rights to read the resource group list. How do I configure this?


Thanks for reaching out! It does seem like the account you are using doesn’t have enough permissions on the Azure side of things. This lengthy MS doc might help as it shows how to manage such permissions from the Azure portal:

Let me know how that goes.