I created a user-assigned Managed Identity and granted it Sites.Read.All permission to MS Graph API. Then, I created a notebook instance on Azure Machine Learning and assigned it the created managed identity. Inside the instance I created a notebook with the following code:
import requests
from azure.identity import ManagedIdentityCredential
CLIENT_ID = "CLIENT_ID_OF_MANAGED_IDENTITY"
SITE_ID = "MY_SHAREPOINT_SITE_ID"
SCOPE = f"https://graph.microsoft.com/.default"
cred = ManagedIdentityCredential(client_id=CLIENT_ID)
token = cred.get_token(SCOPE).token
hdr = {"Authorization": f"Bearer {token}"}
url = f"https://graph.microsoft.com/v1.0/sites/{SITE_ID}"
response = requests.get(url, headers=hdr)
print(response.status_code)
print(response.json())
which returns:
401
{'error': {'code': 'unauthenticated', 'message': 'Request is allowed in this context.', 'innerError': {'date': '2025-11-19T08:23:57', 'request-id': '03478006-41c9-4b5f-9742-14c3b5338004', 'client-request-id': '03478006-41c9-4b5f-9742-14c3b5338004'}}}
If I use ManagedIdentityCredential or DefaultAzureCredential to authenticate I can run the code, but my goal is to figure out how to authenticate my application in production which runs on a cluster in Azure ML. There, I cannot use my user credentials.
I decoded the token and it contains aud = https://graph.microsoft.com and roles Sites.Read.All attached, as expected. It was verified that my organisation's policy does not block traffic to the MS Grap API. Machine Learning workspace containing the notebook is assigned the same managed identity as the notebook instance.
I am using Python 3.10, azure.identity 1.21.0, and machine Standard_NC4as_T4_v3 on Azure Machine Learning.
