New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present

Question

New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present

john john Pter 995

I have an azure function and i enable its managed identity , and i got a principle id "1***1":-

User's image

now i tried to run this commands:-

Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All"

$managedIdentityObjectId = "1***1"

$scopeName = "Sites.Selected"

$resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'"

$targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName

$appRoleAssignment = @{

"principalId" = $managedIdentityObjectId

"resourceId" = $resourceAppPrincipalObj.Id

"appRoleId" = $targetAppPrincipalAppRole.Id

}

New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List

but got this error:-

New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present. Status: 404 (NotFound) ErrorCode: Request_ResourceNotFound Date: 2025-04-23T22:20:58 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 040d2f19-76a0-4972-b509-100ec172d5b0 client-request-id : f853a3b5-ebd5-46b1-85dd-9dd9ad5afeb6 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Italy North","Slice":"E","Ring":"3","ScaleUnit":"002","RoleInstance":"MI3PEPF000001C0"}} x-ms-resource-unit : 1 Cache-Control : no-cache Date : Wed, 23 Apr 2025 22:20:58 GMT At line:1 char:1 + New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedI ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ ServicePrinci...oleAssignment }:<>f__AnonymousType23) [New-MgServi cePr...signment_Create], Exception + FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Graph.PowerShell.Cmdlets.NewMgServicePrincipalAppRole Assignment_Create

so what could be the reason for this error?

1 answer

Your answer

Answer 1

Hello john,

Welcome to Q&A, this error is telling you that the resource with the ID 1***1 can't be found or something it's referencing doesn't exist. Here's what's probably going on:

Make sure that the "Office 365 SharePoint Online" service principal exists and includes the Sites.Selected role. If the AppRoles property doesn't have that role, you'll need to add it.
Confirm that your Azure Function's managed identity and the Office 365 SharePoint Online service principal are in the same tenant. Cross-tenant scenarios can get tricky.
Be sure you're using the latest version of the Microsoft Graph PowerShell module—it just makes everything smoother. You can test directly from azure cloud shell:
```
  Get-MgServicePrincipal -Filter "displayName eq 'Azure Function Name'"
```

It's basically a matter of double-checking your setup and permissions. If everything looks right you can run the powershell command again but step by step to identify where is your issue.

$managedIdentityObjectId = "1***1"
$scopeName = "Sites.Selected"
# Get the service principal for Office 365 SharePoint Online
$resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'"
# Find the app role matching the scope name
$targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | Where-Object { $_.Value -eq $scopeName }
# Assign the app role directly
New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $managedIdentityObjectId -AppRoleId $targetAppPrincipalAppRole.Id -ResourceId $resourceAppPrincipalObj.Id | Format-List

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

Regards,

Luis

john john Pter 995 Reputation points

2025-04-24T11:19:16.8533333+00:00

Luis Arias

I run this command:-

$managedIdentityObjectId = "1***1" $scopeName = "Sites.Selected" # Get the service principal for Office 365 SharePoint Online $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # Find the app role matching the scope name $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | Where-Object { $_.Value -eq $scopeName } # Assign the app role directly New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $managedIdentityObjectId -AppRoleId $targetAppPrincipalAppRole.Id -ResourceId $resourceAppPrincipalObj.Id | Format-List

but i got the same error:-

New-MgServicePrincipalAppRoleAssignedTo : Resource '11' does not exist or one of its**

queried reference-property objects are not present.

Status: 404 (NotFound)

ErrorCode: Request_ResourceNotFound
john john Pter 995 Reputation points

2025-04-24T11:20:24.42+00:00

and i am using the latest Microsoft Graph PowerShell, i just installed it yesterday!!

Share via

New-MgServicePrincipalAppRoleAssignment : Resource '1***1' does not exist or one of its queried reference-property objects are not present

1 answer

Your answer