Skip to content

Instantly share code, notes, and snippets.

@m8r1us
Last active February 27, 2024 09:36
Show Gist options
  • Save m8r1us/397db515591bb7918a38e22a090e2f96 to your computer and use it in GitHub Desktop.
Save m8r1us/397db515591bb7918a38e22a090e2f96 to your computer and use it in GitHub Desktop.
Add well known Microsoft Service Principals to the Tenant
# Connect to Microsoft Graphp
Connect-MgGraph
# Get list of FOCI clients and register them with Entra ID
(Invoke-WebRequest -Method GET -Uri 'https://raw.githubusercontent.com/secureworks/family-of-client-ids-research/main/known-foci-clients.csv' | ConvertFrom-Csv).client_id | ForEach-Object {
$sp = Get-MgServicePrincipal -Filter "appId eq '$_'"
if (-not $sp) {
$SPnew += New-MgServicePrincipal -AppId $_
}
}
# add Azure AD PowerShell
$SPnew += New-MgServicePrincipal -AppId 1b730954-1685-4b74-9bfd-dac224a7b894
# AppRoleAssignmentRequired -> Review the newly created SP and decide whether to set the AppRoleAssignmentRequired flag.
# Do not forget to assign the accounts who are still allowed to use the application to the Enterprise Applications afterward.
# Update-MgServicePrincipal -ServicePrincipalId <objectid> -AppRoleAssignmentRequired:$true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment