astaykov/AddEmailVerifiedToIdTokensInAAD.ps1

## AddEmailVerifiedToIdTokensInAAD.ps1
Connect-AzureAD -Confirm
Import-Module AzeruADPreview

$appID = "...guid-of-the-AppID..."
$policyName = "Add email_verified to claims"

$sp = Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq '$appID')"

$existingPolicies = Get-AzureADServicePrincipalPolicy -Id $sp.ObjectId `
                    | Where-Object { $_.Type -eq "ClaimsMappingPolicy" }
if ($existingPolicies) {
    $existingPolicies | Remove-AzureADPolicy
}

$policy = New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"value":"true","JwtClaimType":"email_verified"}]}}') -DisplayName $policyName -Type "ClaimsMappingPolicy"

Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
Write-Output ("New claims mapping policy '{0}' set for app '{1}'." -f $policy.DisplayName, $sp.DisplayName)
	Connect-AzureAD -Confirm
	Import-Module AzeruADPreview

	$appID = "...guid-of-the-AppID..."
	$policyName = "Add email_verified to claims"

	$sp = Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq '$appID')"

	$existingPolicies = Get-AzureADServicePrincipalPolicy -Id $sp.ObjectId `
	\| Where-Object { $_.Type -eq "ClaimsMappingPolicy" }
	if ($existingPolicies) {
	$existingPolicies \| Remove-AzureADPolicy
	}

	$policy = New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"value":"true","JwtClaimType":"email_verified"}]}}') -DisplayName $policyName -Type "ClaimsMappingPolicy"

	Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
	Write-Output ("New claims mapping policy '{0}' set for app '{1}'." -f $policy.DisplayName, $sp.DisplayName)