Last active
December 27, 2019 09:22
-
-
Save watahani/cd14196dc858f4c0d60a898b63a402bc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get all OAuth scopes | |
try { | |
$allAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true | |
$allServicePrincipals = Get-AzureADServicePrincipal -All $true | |
$allUsers = Get-AzureADUser -All $true | |
$servicePrincipalScope = New-Object System.Collections.ArrayList | |
# Get Service Principal Name | |
foreach ($permissions in $allAuth2PermissionsGrants) { | |
$sp = $allServicePrincipals | Where-Object { $_.ObjectId -eq $permissions.clientId } | |
$resource = $allServicePrincipals | Where-Object { $_.ObjectId -eq $permissions.ResourceId } | |
$upn = $null | |
if ($permissions.PrincipalId){ | |
$upn = $($allUsers | Where-Object { $_.ObjectId -eq $permissions.PrincipalId}).UserPrincipalName | |
} | |
$scopeResult = New-Object -TypeName PSObject -Property @{ | |
'DisplayName' = $sp.DisplayName | |
'ObjectId' = $sp.ObjectId | |
'AppId' = $sp.AppId | |
'AppOwnerTenantId' = $sp.AppOwnerTenantId | |
'PublisherName' = $sp.PublisherName | |
'ResourceId' = $permissions.ResourceId | |
'ResourceDisplayName' = $resource.DisplayName | |
'ConsentType' = $permissions.ConsentType | |
'PrincipalId' = $permissions.PrincipalId | |
'Upn' = $upn | |
'scope' = $permissions.scope | |
} | |
$servicePrincipalScope.add($scopeResult) | Out-Null | |
} | |
# Output csv | |
$servicePrincipalScope | Select-Object DisplayName, ObjectId, AppId, AppOwnerTenantId, PublisherName, ConsentType, Upn, PrincipalId, ResourceDisplayName, ResourceId, scope | ConvertTo-Csv | Out-File -Encoding utf8 -PSPath "servicePrincipalScope.csv" | |
} | |
catch { | |
$ErrorMessage = $_.Exception.Message | |
Write-Error "Get Tenant Details failed. Please Check You have permissions or signed in.\n\r $ErrorMessage" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[{"resourceName":"Microsoft Graph","resourceAppId":"409550e3-a27e-4b16-9fad-53062181102c","permissionType":"Delegated","permissionDisplayName":"Sign in and read user profile","permissionDescription":"Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.","permissionId":"User.Read","consentType":"Admin","roleOrScopeClaim":"User.Read","principalIds":[null]},{"resourceName":"Microsoft Graph","resourceAppId":"409550e3-a27e-4b16-9fad-53062181102c","permissionType":"Application","permissionDisplayName":"Read directory data","permissionDescription":"Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.","permissionId":"7ab1d382-f21e-4acd-a863-ba3e13f7da61","consentType":"Admin","roleOrScopeClaim":"Directory.Read.All","principalIds":null},{"resourceName":"Microsoft Graph","resourceAppId":"409550e3-a27e-4b16-9fad-53062181102c","permissionType":"Application","permissionDisplayName":"Read all audit log data","permissionDescription":"Allows the app to read and query your audit log activities, without a signed-in user.","permissionId":"b0afded3-3588-46d8-8b3d-9842eff778da","consentType":"Admin","roleOrScopeClaim":"AuditLog.Read.All","principalIds":null}] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment