Created
August 11, 2020 12:47
-
-
Save michevnew/98b446fe5909aad7f4086bed0d4dd963 to your computer and use it in GitHub Desktop.
Toggle Azure AD Security Defaults on or off via Graph API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Set the authentication details | |
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain | |
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.Read.All and Policy.ReadWrite.ConditionalAccess scopes granted | |
$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app | |
$body = @{ | |
client_id = $AppId | |
scope = "https://graph.microsoft.com/.default" | |
client_secret = $client_secret | |
grant_type = "client_credentials" | |
} | |
#Get a token | |
$authenticationResult = Invoke-WebRequest -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body -ErrorAction Stop | |
$token = ($authenticationResult.Content | ConvertFrom-Json).access_token | |
$authHeader = @{'Authorization'="Bearer $token"} | |
#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint to check the current value | |
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" | |
$result = ($res.Content | ConvertFrom-Json) | |
$result | |
#Change the value to "true" via a PATCH operation | |
$body = (@{"isEnabled"="true"} | ConvertTo-Json) | |
$authHeader = @{'Authorization'="Bearer $token";"Content-Type" = "application/json"} | |
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" -Method Patch -Body $body | |
#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint again to confirm the new value | |
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" | |
$result = ($res.Content | ConvertFrom-Json) | |
$result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment