svarukala
/ Get-AzureADAppPermissions.ps1
Created
November 9, 2021 03:06
Get the delegated and application permissions for a given Azure AD App. The output clearly shows the roles and scopes (e.g. All.Sites.Manage, Mail.Read etc.) along with display names and resource (e.g. EXO, SPO etc.) information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| #Get-Command -Module Microsoft.Graph* *serviceprincipal* | |
| #Get-MgUser | |
| #Use below if you have exact name to get the service principal of the AAD application | |
| $azureAdAppName = "MGT-App" | |
| $sp = Get-MgServicePrincipal -Filter "DisplayName eq '$azureAdAppName'" | |
| #Use below if you have partial name to get the service principal of the AAD application | |
| #$sp = Get-MgServicePrincipal -Search "DisplayName:MGT" -ConsistencyLevel "eventual" |
svarukala
/ Get-AzureADAllAppsPermissions.ps1
Last active
November 29, 2023 20:40
Get the delegated and application permissions for all the Azure AD Apps. The output clearly shows the roles and scopes (e.g. All.Sites.Manage, Mail.Read etc.) along with display names and resource (e.g. EXO, SPO etc.) information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| #https://graph.microsoft.com/v1.0/applications | |
| $Apps = Get-MgApplication -All | |
| $permissions = @() | |
| $Apps | %{ | |
| $app = $_ | |
| #https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '00000003-0000-0ff1-ce00-000000000000' | |
| #Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0ff1-ce00-000000000000'" | |
| $app.RequiredResourceAccess | %{ | |
| $resource = $_ |
svarukala
/ Get-AzureADAppCredentialsInfo.ps1
Last active
November 28, 2022 14:14
This script uses Microsoft Graph PowerShell SDK. It is helpful to identify and inventorize all the Azure AD Applications registered in your tenant. The script enumerates the KeyCredentials (Certificates) and PasswordCredentials (Client Secret) keys, expiration dates, owner and other useful information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| $Apps = Get-MgApplication -All | |
| $today = Get-Date | |
| $credentials = @() | |
| $Apps | %{ | |
| $aadAppObjId = $_.Id | |
| $app = Get-MgApplication -ApplicationId $aadAppObjId | |
| $owner = Get-MgApplicationOwner -ApplicationId $aadAppObjId |
svarukala
/ Get-SPOSiteGranularPermissions.ps1
Created
February 9, 2021 06:26
Enumerate the SPO site level permissions given to a Azure AD app using MS Graph
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| #Provie tenant prefix, Application (client) ID, and client secret of the IT admin app | |
| #IT admin app must have sites.fullcontrol app-only perms | |
| $tenantPrefix = "Contoso"; | |
| $clientId = "Client-ID"; | |
| $clientSecret = "Client-Secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Provide site url |
svarukala
/ Manage-SPOSiteLevelPermissionsForAppOnlyAADAppUsingMSGraph.ps1
Created
February 8, 2021 21:59
This script helps your manage (add/remove) granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #sample script |
svarukala
/ Delete-SPOSiteGranularPermission.ps1
Last active
February 9, 2021 06:21
This script removes existing granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| #Provie tenant prefix, Application (client) ID, and client secret of the IT admin app | |
| #IT admin app must have sites.fullcontrol app-only perms | |
| $tenantPrefix = "Contoso"; | |
| $clientId = "Client-Id"; | |
| $clientSecret = "Client-Secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Site url |
svarukala
/ Add-SPOSiteGranularPermission.ps1
Last active
February 9, 2021 06:17
This script applies granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| # Provide tenant prefix, Application (client) ID, and Client secret of the admin app | |
| $tenantPrefix = "contoso"; | |
| $clientId = "client-id"; | |
| $clientSecret = "client-secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Provide the site url | |
| $sitePath = "https://contoso.sharepoint.com/sites/Web01" |
svarukala
/ Get-SPOSiteListsUsingMSGraphAppOnly.ps1
Last active
February 9, 2021 06:43
Enumerate the lists from a SPO site using Microsoft Graph and app-only permissions on a Azure AD application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| # Application (client) ID, secret, tenant name and site | |
| $tenantPrefix = "CONTOSO"; #Pass 'Contoso' for contoso.onmicrosoft.com | |
| $clientId = "CLIENT ID"; #Pass the azure ad app id here | |
| $clientSecret = "CLIENT SECRET"; #Pass the azure ad app client secret | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| $sitePath = "https://contoso.sharepoint.com/sites/Web01" | |
| $siteName = $sitePath.Split("/")[4] |
svarukala
/ upload-file-spo.py
Created
January 27, 2021 01:08
Python sample to upload small to medium sized files to SharePoint Online document libraries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from office365.runtime.auth.client_credential import ClientCredential | |
| from office365.sharepoint.client_context import ClientContext | |
| client_id = '--clientid--' | |
| client_secret = '--clientsecret---' | |
| site_url = 'https://contoso.sharepoint.com/sites/Web01' | |
| credentials = ClientCredential(client_id, |
svarukala
/ access-spo.py
Last active
January 27, 2021 01:06
Python sample to get a SharePoint Online Site title
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from office365.runtime.auth.client_credential import ClientCredential | |
| from office365.sharepoint.client_context import ClientContext | |
| client_id = '--clientid--' | |
| client_secret = '--clientsecret---' | |
| site_url = 'https://contoso.sharepoint.com/sites/Web01' | |
| credentials = ClientCredential(client_id, | |
| client_secret) |
NewerOlder