Skip to content

Instantly share code, notes, and snippets.

@Fabaderheld

Fabaderheld/Set-AzAPIPermission.ps1

Last active July 7, 2022 18:32
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Fabaderheld/547a50406205473675512aad2e5736ff to your computer and use it in GitHub Desktop.
Save Fabaderheld/547a50406205473675512aad2e5736ff to your computer and use it in GitHub Desktop.
Download ZIP
Permissions Ids for Graph
Raw
Set-AzAPIPermission.ps1
Get Permissions
# MS Graph Permissions
(Get-AzAdServicePrincipal -ApplicationId 00000003-0000-0000-c000-000000000000).AppRole | Select *
(Get-AzAdServicePrincipal -ApplicationId 00000003-0000-0000-c000-000000000000).Oauth2PermissionScope | Select *
# Azure AD Graph
(Get-AzAdServicePrincipal -ApplicationId 00000002-0000-0000-c000-000000000000).AppRole | Select *
(Get-AzAdServicePrincipal -ApplicationId 00000002-0000-0000-c000-000000000000).Oauth2PermissionScope | Select *
# https://docs.microsoft.com/en-us/powershell/module/az.resources/add-azadapppermission?view=azps-8.1.0
# Get "Group.Read.All" from Azure AD Graph
$ADPermission = (Get-AzAdServicePrincipal -ApplicationId 00000003-0000-0000-c000-000000000000).AppRole | ? {$_.value -like "Group.Read.All"}
# Get Application to set permissions
$AzApp = Get-AzADApplication -DisplayName MyApp
# Add API Permissions to Application
Add-AzADAppPermission -PermissionId $ADPermission.id -ApplicationId $AzApp.AppId -ApiId 00000003-0000-0000-c000-000000000000 -Type Role
# Consent has to be done via GUI though
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment