I am creating a business process for my org and am currently utilizing Azure runbooks to get the job done. The concern is that I don't want a Signed in user to be validated to run them and would like to granulate the permissions this "runbook" would have.
i have currently created the runbook to manipulate a user account. Created service principal and tried to adjust the API permission accordingly. And a service account that is for On-prem permissions. I was told that the API permissions for Azure active directory were being depricated and i could use the Graph API permissions instead, but the User.ReadWrite.All permission still does not allow me to use the set-azureaduser command in my runbook.
Is there a permission I may be missing or a process of running the runbook as the service principal? Currently I have an account that is part of the enterprise application authenticating on the runbook and the "run as" account.
Any help or guidance would be great.

