nathanmcnulty/gist:a9a92e41f0a5bec4b3019656a8bbe8b0

## gistfile1.txt
# Connect to Microsoft Graph
Connect-MgGraph -Scopes Application.Read.All

# Get all Entra ID applications
$allApps = Get-MgApplication -All $true
$array = @()
# Loop through each application
foreach ($app in $allApps) {
    Write-Host "Application Name: $($app.DisplayName)"

    # Get the required resource access (application permissions)
    $appPermissions = $app.RequiredResourceAccess | ForEach-Object {
        $resourceAppId = $_.ResourceAppId
        $resourceSP = Get-MgServicePrincipal -Filter "AppId eq '$resourceAppId'"
        $_.ResourceAccess | ForEach-Object {
            $permissionId = $_.Id
            $permissionType = $_.Type
            $permission = $null
            #$resourceSP
            if ($permissionType -eq 'Role') {
                $permission = $resourceSP.AppRoles | Where-Object { $_.Id -eq $permissionId }
            } elseif ($permissionType -eq 'Scope') {
                $permission = $resourceSP.Oauth2Permissions | Where-Object { $_.Id -eq $permissionId }
            }

            if ($permission) {
                [PSCustomObject]@{
                    'Application Name' = $app.DisplayName
                    'API' = $resourceSP.DisplayName
                    'Permission Name' = $permission.Value
                    'Permission Description' = $permission.Description
                    'Permission Type' = $permissionType
                }
            }
        }
    }
    $array+=$appPermissions
    # Output the permissions
    #$appPermissions | Format-Table
}
$array | Export-Csv "output.csv"
	# Connect to Microsoft Graph
	Connect-MgGraph -Scopes Application.Read.All

	# Get all Entra ID applications
	$allApps = Get-MgApplication -All $true
	$array = @()
	# Loop through each application
	foreach ($app in $allApps) {
	Write-Host "Application Name: $($app.DisplayName)"

	# Get the required resource access (application permissions)
	$appPermissions = $app.RequiredResourceAccess \| ForEach-Object {
	$resourceAppId = $_.ResourceAppId
	$resourceSP = Get-MgServicePrincipal -Filter "AppId eq '$resourceAppId'"
	$_.ResourceAccess \| ForEach-Object {
	$permissionId = $_.Id
	$permissionType = $_.Type
	$permission = $null
	#$resourceSP
	if ($permissionType -eq 'Role') {
	$permission = $resourceSP.AppRoles \| Where-Object { $_.Id -eq $permissionId }
	} elseif ($permissionType -eq 'Scope') {
	$permission = $resourceSP.Oauth2Permissions \| Where-Object { $_.Id -eq $permissionId }
	}

	if ($permission) {
	[PSCustomObject]@{
	'Application Name' = $app.DisplayName
	'API' = $resourceSP.DisplayName
	'Permission Name' = $permission.Value
	'Permission Description' = $permission.Description
	'Permission Type' = $permissionType
	}
	}
	}
	}
	$array+=$appPermissions
	# Output the permissions
	#$appPermissions \| Format-Table
	}
	$array \| Export-Csv "output.csv"