2,600 questions
New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 15%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
john john Pter
1,065
Reputation points
I have an azure function and i enable its managed identity , and i got a principle id "1***1":-
now i tried to run this commands:-
Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All"
$managedIdentityObjectId = "1***1"
$scopeName = "Sites.Selected"
$resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'"
$targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName
$appRoleAssignment = @{
"principalId" = $managedIdentityObjectId
"resourceId" = $resourceAppPrincipalObj.Id
"appRoleId" = $targetAppPrincipalAppRole.Id
}
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List
but got this error:-
New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present. Status: 404 (NotFound) ErrorCode: Request_ResourceNotFound Date: 2025-04-23T22:20:58 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 040d2f19-76a0-4972-b509-100ec172d5b0 client-request-id : f853a3b5-ebd5-46b1-85dd-9dd9ad5afeb6 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Italy North","Slice":"E","Ring":"3","ScaleUnit":"002","RoleInstance":"MI3PEPF000001C0"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 23 Apr 2025 22:20:58 GMT At line:1 char:1 + New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedI ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ ServicePrinci...oleAssignment }:<>f__AnonymousType23) [New-MgServi cePr...signment_Create], Exception + FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Graph.PowerShell.Cmdlets.NewMgServicePrincipalAppRole Assignment_Create
so what could be the reason for this error?
Microsoft Security | Microsoft Entra | Other
{count} votes
-
Luis Arias 8,621 Reputation points Volunteer Moderator2025-04-24T10:49:15.0433333+00:00 Hello john,
Welcome to Q&A, this error is telling you that the resource with the ID 1***1 can't be found or something it's referencing doesn't exist. Here's what's probably going on:
- Make sure that the "Office 365 SharePoint Online" service principal exists and includes the Sites.Selected role. If the AppRoles property doesn't have that role, you'll need to add it.
- Confirm that your Azure Function's managed identity and the Office 365 SharePoint Online service principal are in the same tenant. Cross-tenant scenarios can get tricky.
- Be sure you're using the latest version of the Microsoft Graph PowerShell module—it just makes everything smoother. You can test directly from azure cloud shell:
Get-MgServicePrincipal -Filter "displayName eq 'Azure Function Name'"
It's basically a matter of double-checking your setup and permissions. If everything looks right you can run the powershell command again but step by step to identify where is your issue.
$managedIdentityObjectId = "1***1" $scopeName = "Sites.Selected" # Get the service principal for Office 365 SharePoint Online $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # Find the app role matching the scope name $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | Where-Object { $_.Value -eq $scopeName } # Assign the app role directly New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $managedIdentityObjectId -AppRoleId $targetAppPrincipalAppRole.Id -ResourceId $resourceAppPrincipalObj.Id | Format-ListIf the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
Regards,
Luis
-
john john Pter 1,065 Reputation points
2025-04-24T11:19:16.8533333+00:00 I run this command:-
$managedIdentityObjectId = "1***1" $scopeName = "Sites.Selected" # Get the service principal for Office 365 SharePoint Online $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # Find the app role matching the scope name $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | Where-Object { $_.Value -eq $scopeName } # Assign the app role directly New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $managedIdentityObjectId -AppRoleId $targetAppPrincipalAppRole.Id -ResourceId $resourceAppPrincipalObj.Id | Format-Listbut i got the same error:-
New-MgServicePrincipalAppRoleAssignedTo : Resource '11' does not exist or one of its**
queried reference-property objects are not present.
Status: 404 (NotFound)
ErrorCode: Request_ResourceNotFound
-
john john Pter 1,065 Reputation points
2025-04-24T11:20:24.42+00:00 and i am using the latest Microsoft Graph PowerShell, i just installed it yesterday!!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 17%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator2025-04-25T14:39:50.9033333+00:00 Hello john john Pter,
I reqeust you to run the below Powershell command and let us know if you get the result.
Get-MgServicePrincipal -ServicePrincipalId "managed-identity-object-id"
-
Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator
2025-04-28T08:48:25.17+00:00 Hello john john Pter,
Did you get a chance to review my previous comment on this thread. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, I reqeust you to share the result of the below command.
Get-MgServicePrincipal -ServicePrincipalId "managed-identity-object-id"
-
Venkata Jagadeep 1,400 Reputation points Microsoft External Staff Moderator
2025-04-29T07:30:00.0966667+00:00 Hello john john Pter,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
Sign in to answer