Skip to content

Instantly share code, notes, and snippets.

Philippe Signoret psignoret

View GitHub Profile
psignoret / Get-AzureADPSPermissionGrants.ps1
Last active May 29, 2020
Get all permissions granted to an app in Azure AD
View Get-AzureADPSPermissionGrants.ps1
Lists delegated permission grants (OAuth2PermissionGrants) and application permissions grants (AppRoleAssignments) granted to an app.
The ObjectId of the ServicePrincipal object for the app in question.
The AppId of the ServicePrincipal object for the app in question.
psignoret / index.html
Last active Mar 30, 2019
CORS for popups demo
View index.html
<style>* { font-family: sans-serif; }</style>
<p>You are at The page that launched this popup
is on a different domain (, and cannot see anything here because of CORS.</p>
<p>Go to a page under the same domain as the page that opened the popup:
<a href=""></a>
psignoret / New-AzureADPSApplicationAppRole.ps1
Created Oct 9, 2018
A PowerShell script to create a new AppRole on an Application object in Azure AD.
View New-AzureADPSApplicationAppRole.ps1
Adds a new AppRole to an Application.
.PARAMETER Application
The Application object's object ID.
.PARAMETER AllowedMemberTypes
The allowed member types, Application, User or both.
psignoret / Get-AzureADPSRequiredPermissions.ps1
Last active May 27, 2020
Script to list all required permissions (RequiredResourceAccess) for all app registrations.
View Get-AzureADPSRequiredPermissions.ps1
Lists required permissions (RequiredResourceAccess) for all app registrations.
PS C:\> .\Get-AzureADPSRequiredPermissions.ps1 | Export-Csv -Path "required_permissions.csv" -NoTypeInformation
Generates a CSV report of all required permissions declared by all apps.
psignoret / Manage_Mfa_State.ps1
Last active Jan 9, 2020
A couple utility cmdlets to simplify managing Azure MFA state
View Manage_Mfa_State.ps1
Two helper functions to simplify managing user MFA state in Azure Active Directory.
# Disable MFA for one user, keeping MFA methods intact
Get-MsolUser -UserPrincipalName "" | Disable-Mfa -KeepMethods
# Disable MFA for all users, keeping their MFA methods intact
psignoret / Get-AzureADPSPermissions.ps1
Last active Jul 3, 2020
Script to list all delegated permissions and application permissions in Azure AD
View Get-AzureADPSPermissions.ps1
Lists delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments).
.PARAMETER DelegatedPermissions
If set, will return delegated permissions. If neither this switch nor the ApplicationPermissions switch is set,
both application and delegated permissions will be returned.
.PARAMETER ApplicationPermissions
If set, will return application permissions. If neither this switch nor the DelegatedPermissions switch is set,
psignoret / Manage-AzureADPSAppRoleAssignments.ps1
Created Feb 8, 2018
Add or remove application permissions to a client application.
View Manage-AzureADPSAppRoleAssignments.ps1
Grants (or removes) application permissions (app role assignments) to a client application.
The AppId or one of the ServicePrincipalNames of the client service principal.
.PARAMETER Permissions
A hashtable where the key is an identifier for the resource (either the AppId or one of the
ServicePrincipalNames) and the value is the space-separated list of app roles desired.
psignoret / ManageAppAndServicePrincipalOwner.ps1
Created Oct 20, 2016
Script to manage Azure AD app owners
View ManageAppAndServicePrincipalOwner.ps1
# Adds, lists or removes owners of Azure AD Application and ServicePrincipal objects
# Add as owner to both app and service principal
.\ManageAppAndServicePrincipalOwner.ps1 -Add "" -Application -AppId "e1d83a3c-fea5-4315-9591-8d9f185d2d56"
# List owners for the app in the tenant
.\ManageAppAndServicePrincipalOwner.ps1 -List -Application -AppId "e1d83a3c-fea5-4315-9591-8d9f185d2d56" -TenantId "" | ft userPrincipalName
psignoret /
Last active Jun 30, 2020
Minimal sample app using ADAL.JS and vanilla JavaScript

Using ADAL.JS with vanilla JavaScript

A minimal sample app using ADAL.JS and plain old vanilla JavaScript to obtain an access token from Azure Active Directory and use that access token to make an API request. In this case, the API we're requesting a token for is the Microsoft Graph API, which is used to retrieve the signed-in user's basic profile.

You can see (and test) this live at:

You can’t perform that action at this time.