Skip to content

Instantly share code, notes, and snippets.

@psignoret
psignoret / Grant_admin_consent.ps1
Last active November 1, 2022 09:12
Uses Microsoft Graph PowerShell to do roughly the same thing that happens when admin consent is granted.
@psignoret
psignoret / BarrierMouseSpeedFix.ps1
Last active November 26, 2022 22:22
Adjust the mouse speed when using Barrier (on Windows) to control another computer.
<#
.SYNOPSIS
Adjust the mouse speed when using Barrier (on Windows) to control another computer.
.DESCRIPTION
When using Barrier (https://github.com/debauchee/barrier) across two computers of different
resolutions/DPIs, the server's mouse speed may be too fast or too slow on the client computer:
https://github.com/debauchee/barrier/issues/741. This script monitors Barrier's log file and adjusts
the server's mouse speed when the mouse has moved onto the client.
@psignoret
psignoret / Get-AzureADPSPermissionGrants.ps1
Last active February 5, 2024 11:01
Get all permissions granted to an app in Azure AD
<#
.SYNOPSIS
Lists delegated permission grants (OAuth2PermissionGrants) and application permissions grants (AppRoleAssignments) granted to an app.
.PARAMETER ObjectId
The ObjectId of the ServicePrincipal object for the app in question.
.PARAMETER AppId
The AppId of the ServicePrincipal object for the app in question.
@psignoret
psignoret / index.html
Last active March 30, 2019 00:44
CORS for popups demo
<html>
<head>
<style>* { font-family: sans-serif; }</style>
</head>
<body>
<p>You are at https://bl.ocks.org/psignoret/raw/782d7b48d47685dbce4e9cc3433462db/. The page that launched this popup
is on a different domain (demo.psignoret.com), and cannot see anything here because of CORS.</p>
<p>Go to a page under the same domain as the page that opened the popup:
<a href="https://demo.psignoret.com/">https://demo.psignoret.com/spa/popup_test.html</a>
</p>
@psignoret
psignoret / New-AzureADPSApplicationAppRole.ps1
Created October 9, 2018 09:41
A PowerShell script to create a new AppRole on an Application object in Azure AD.
<#
.SYNOPSIS
Adds a new AppRole to an Application.
.PARAMETER Application
The Application object's object ID.
.PARAMETER AllowedMemberTypes
The allowed member types, Application, User or both.
@psignoret
psignoret / Get-AzureADPSRequiredPermissions.ps1
Last active December 14, 2023 09:34
Script to list all required permissions (RequiredResourceAccess) for all app registrations.
<#
.SYNOPSIS
Lists required permissions (RequiredResourceAccess) for all app registrations.
.EXAMPLE
PS C:\> .\Get-AzureADPSRequiredPermissions.ps1 | Export-Csv -Path "required_permissions.csv" -NoTypeInformation
Generates a CSV report of all required permissions declared by all apps.
#>
[CmdletBinding()]
@psignoret
psignoret / Manage_Mfa_State.ps1
Last active January 3, 2022 15:47
A couple utility cmdlets to simplify managing Azure MFA state
<#
Two helper functions to simplify managing user MFA state in Azure Active Directory.
Examples:
# Disable MFA for one user, keeping MFA methods intact
Get-MsolUser -UserPrincipalName "user@example.com" | Disable-Mfa -KeepMethods
# Disable MFA for all users, keeping their MFA methods intact
@psignoret
psignoret / Get-AzureADPSPermissions.ps1
Last active November 12, 2024 19:40
Script to list all delegated permissions and application permissions in Microsoft Entra ID
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" }
<#
@psignoret
psignoret / Manage-AzureADPSAppRoleAssignments.ps1
Created February 8, 2018 20:38
Add or remove application permissions to a client application.
<#
.SYNOPSIS
Grants (or removes) application permissions (app role assignments) to a client application.
.PARAMETER ClientId
The AppId or one of the ServicePrincipalNames of the client service principal.
.PARAMETER Permissions
A hashtable where the key is an identifier for the resource (either the AppId or one of the
ServicePrincipalNames) and the value is the space-separated list of app roles desired.
@psignoret
psignoret / ManageAppAndServicePrincipalOwner.ps1
Created October 20, 2016 13:15
Script to manage Azure AD app owners
# Adds, lists or removes owners of Azure AD Application and ServicePrincipal objects
<#
Examples:
# Add bob@contoso.com as owner to both app and service principal
.\ManageAppAndServicePrincipalOwner.ps1 -Add "bob@contoso.com" -Application -AppId "e1d83a3c-fea5-4315-9591-8d9f185d2d56"
# List owners for the app in the contoso.com tenant
.\ManageAppAndServicePrincipalOwner.ps1 -List -Application -AppId "e1d83a3c-fea5-4315-9591-8d9f185d2d56" -TenantId "contoso.com" | ft userPrincipalName