m8r1us/register_ms_serviceprincipals.ps1

## register_ms_serviceprincipals.ps1
# Connect to Microsoft Graphp
Connect-MgGraph

# Get list of FOCI clients and register them with Entra ID
(Invoke-WebRequest -Method GET -Uri 'https://raw.githubusercontent.com/secureworks/family-of-client-ids-research/main/known-foci-clients.csv' | ConvertFrom-Csv).client_id | ForEach-Object {
        $sp = Get-MgServicePrincipal -Filter "appId eq '$_'"
        if (-not $sp) {
            $SPnew += New-MgServicePrincipal -AppId $_
        }
}

# add Azure AD PowerShell
$SPnew += New-MgServicePrincipal -AppId 1b730954-1685-4b74-9bfd-dac224a7b894

# AppRoleAssignmentRequired -> Review the newly created SP and decide whether to set the AppRoleAssignmentRequired flag.
# Do not forget to assign the accounts who are still allowed to use the application to the Enterprise Applications afterward.

# Update-MgServicePrincipal -ServicePrincipalId <objectid> -AppRoleAssignmentRequired:$true
	# Connect to Microsoft Graphp
	Connect-MgGraph

	# Get list of FOCI clients and register them with Entra ID
	(Invoke-WebRequest -Method GET -Uri 'https://raw.githubusercontent.com/secureworks/family-of-client-ids-research/main/known-foci-clients.csv' \| ConvertFrom-Csv).client_id \| ForEach-Object {
	$sp = Get-MgServicePrincipal -Filter "appId eq '$_'"
	if (-not $sp) {
	$SPnew += New-MgServicePrincipal -AppId $_
	}
	}

	# add Azure AD PowerShell
	$SPnew += New-MgServicePrincipal -AppId 1b730954-1685-4b74-9bfd-dac224a7b894

	# AppRoleAssignmentRequired -> Review the newly created SP and decide whether to set the AppRoleAssignmentRequired flag.
	# Do not forget to assign the accounts who are still allowed to use the application to the Enterprise Applications afterward.

	# Update-MgServicePrincipal -ServicePrincipalId <objectid> -AppRoleAssignmentRequired:$true