Thanks for your kind words, Raeed - glad you found the blog post valuable! To successfully approve the endpoint request, the identity being used needs to have at least Contributor or Owner permissions on the resource. Alternatively, a custom role with the necessary permissions could also work.
While I haven’t tested it myself, the Azure AI Enterprise Network Connection Approver role might also have the required privileges - worth exploring if you're looking for a more scoped access option.
Raeed Ali
Great blogpost. I’m running into a 403 error when the script tries to auto-approve the private endpoint. Any idea what the reason could be? Any specific permissions necessary for the SPN with regards to these endpoints?