Last active
February 27, 2024 09:36
-
-
Save m8r1us/397db515591bb7918a38e22a090e2f96 to your computer and use it in GitHub Desktop.
Add well known Microsoft Service Principals to the Tenant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Connect to Microsoft Graphp | |
Connect-MgGraph | |
# Get list of FOCI clients and register them with Entra ID | |
(Invoke-WebRequest -Method GET -Uri 'https://raw.githubusercontent.com/secureworks/family-of-client-ids-research/main/known-foci-clients.csv' | ConvertFrom-Csv).client_id | ForEach-Object { | |
$sp = Get-MgServicePrincipal -Filter "appId eq '$_'" | |
if (-not $sp) { | |
$SPnew += New-MgServicePrincipal -AppId $_ | |
} | |
} | |
# add Azure AD PowerShell | |
$SPnew += New-MgServicePrincipal -AppId 1b730954-1685-4b74-9bfd-dac224a7b894 | |
# AppRoleAssignmentRequired -> Review the newly created SP and decide whether to set the AppRoleAssignmentRequired flag. | |
# Do not forget to assign the accounts who are still allowed to use the application to the Enterprise Applications afterward. | |
# Update-MgServicePrincipal -ServicePrincipalId <objectid> -AppRoleAssignmentRequired:$true | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment