I'm trying to create DiskEncryptionSet resource in TDS and then fetch the managed identity with power shell script.
There are two ways could achieve this. The first is using New-AzDiskEncryptionSet and Get-AzServicePrincipal commands with Az Power Shell library. But TDS installs the AzureRm Power Shell by default and upgrade the library even to the lowest version, still existing a dependency conflict. Hence, we have to choose the AzureRm Power Shell, by using New-AzureRmResourceGroupDeployment and Get-AzureRmServicePrincipal. Creating the DES resource is successful, but when I fetch the managed identity information with Get-AzureRmServicePrincipal, I got 403 error (Note: we have Application.ReadWrite.OwnerBy permission for our application and it's weird we use our application service principal to connect the Azure and create the resource, but our application not the owner of the managed identity of DES).
So, what's difference between the two ways of creating the DES? Why could we fetch the managed identity info when creating DES with New-AzDiskEncryptionSet but not with New-AzureRmResourceGroupDeployment? Does there exist a solution to create DES resource with AzureRm Power Shell?