🐛 Problem
The Export-RBACAssignmentsToBlobStorage runbook has been failing since May 1st, 2026. The runbook logs errors when attempting to retrieve RBAC assignments including classic administrator roles.
Microsoft removed the Azure endpoint that supported Azure Classic administrator role assignments, causing the Get-AzRoleAssignment -IncludeClassicAdministrators cmdlet to fail. Azure Classic administrator roles are largely obsolete with the transition to role-based access control (RBAC).
Workaround
Remove the -IncludeClassicAdministrators switch from the Get-AzRoleAssignment call on line 102:
# Before
$assignments = Get-AzRoleAssignment -IncludeClassicAdministrators -ErrorAction Continue
# After
$assignments = Get-AzRoleAssignment -ErrorAction Continue
This workaround restores immediate functionality and continues to capture all current RBAC assignments.
Performance Opportunity
This issue presents an opportunity to improve the runbook's performance and reliability by migrating to Azure Resource Graph (ARG)-based RBAC exports.
👣 Repro steps
Open any Export-RBACAssignmentsToBlobStorage job from May 1st onwards and you'll find Operation returned an invalid status code 'NotFound' log messages for every subscription under the scope of AOE.
🤔 Expected
Runbook jobs should exhibit the result/output observed prior to May 1st.
🔧 Environment
All AOE versions are currently impacted.
🙋♀️ Ask for the community
We could use your help:
- Please vote this issue up (👍) to prioritize it.
- Leave comments to help us solidify the vision.
🐛 Problem
The
Export-RBACAssignmentsToBlobStoragerunbook has been failing since May 1st, 2026. The runbook logs errors when attempting to retrieve RBAC assignments including classic administrator roles.Microsoft removed the Azure endpoint that supported Azure Classic administrator role assignments, causing the
Get-AzRoleAssignment -IncludeClassicAdministratorscmdlet to fail. Azure Classic administrator roles are largely obsolete with the transition to role-based access control (RBAC).Workaround
Remove the
-IncludeClassicAdministratorsswitch from theGet-AzRoleAssignmentcall on line 102:This workaround restores immediate functionality and continues to capture all current RBAC assignments.
Performance Opportunity
This issue presents an opportunity to improve the runbook's performance and reliability by migrating to Azure Resource Graph (ARG)-based RBAC exports.
👣 Repro steps
Open any
Export-RBACAssignmentsToBlobStoragejob from May 1st onwards and you'll findOperation returned an invalid status code 'NotFound'log messages for every subscription under the scope of AOE.🤔 Expected
Runbook jobs should exhibit the result/output observed prior to May 1st.
🔧 Environment
All AOE versions are currently impacted.
🙋♀️ Ask for the community
We could use your help: