Cannot use 'New-PnPTerm' within Azure Function - w/ Managed Identity

[kachihro]

Reporting an Issue or Missing Feature

I'm trying to add a new TERM to TermStore, from within an Azure Function, with PNP PowerShell.

I can connect to the ADMIN site within AZF/PowerShell.
I've used this to create a new site - that works OK (Sites.FullControl.All) ✅
And also - add a list/content type, and add a SPFeature. ✅

This is using Connect-PnPOnline $siteUrl -ManagedIdentity

I've added "TermStore.ReadWrite.All" for the AppPrincipal
And, I can 'read' from TermStore - but get INSUFFICIENT PERMISSIONS for "New-PnPTerm".

I've seen in other articles, to add app@sharepoint - but it still doesn't work.

Expected behavior

New Term added - this is working with a Connect-PnPOnline using -UseWebLogin or -Interactive.

Actual behavior

Error > "The current user has insufficient permissions to perform this operation"

Steps to reproduce behavior

• Connect-PnPOnline $adminSiteUrl -ManagedIdentity
• New-PnPTerm -Name "Melbourne" -TermSet "CompanyTerms" -TermGroup "Locations"

What is the version of the Cmdlet module you are running?

PowerShell 2.* within Azure Function

Which operating system/environment are you running PnP PowerShell on?

• Windows
• Linux
• MacOS
• Azure Cloud Shell
• [ X ] Azure Functions
• Other : please specify