RickVanRousselt · October 25, 2020 06:00
diff --git a/GiveServicePrincipalAccess.ps1 b/GiveServicePrincipalAccess.ps1
 #Depending if you are already connected execute this first part
 Connect-AzureAD

 #Get the Service Principal that was created when you created a Managed Identity from your Web App
 $MyMI = Get-AzureADServicePrincipal -ObjectId <ID(GUID) of your managed identity shown in the Azure portal>

 #Get the Office 365 SharePoint Online API
 $SharePointAPI = Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint”

 #Select the User.ReadWrite.All App-Only Permissions. If you want another App-Only permission then search for another value
 $UserReadWrite = $SharePointAPI.AppRoles | where Value -like 'Sites.FullControl.All'

 #Add the User.ReadWrite.All permissions from the Office 365 SharePoint Online API 
 New-AzureADServiceAppRoleAssignment -Id $UserReadWrite.Id -ObjectId $MyMI.ObjectId -PrincipalId $MyMI.ObjectId -ResourceId $SharePointAPI.ObjectId
	#Depending if you are already connected execute this first part
	Connect-AzureAD

	#Get the Service Principal that was created when you created a Managed Identity from your Web App
	$MyMI = Get-AzureADServicePrincipal -ObjectId <ID(GUID) of your managed identity shown in the Azure portal>

	#Get the Office 365 SharePoint Online API
	$SharePointAPI = Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint”

	#Select the User.ReadWrite.All App-Only Permissions. If you want another App-Only permission then search for another value
	$UserReadWrite = $SharePointAPI.AppRoles \| where Value -like 'Sites.FullControl.All'

	#Add the User.ReadWrite.All permissions from the Office 365 SharePoint Online API
	New-AzureADServiceAppRoleAssignment -Id $UserReadWrite.Id -ObjectId $MyMI.ObjectId -PrincipalId $MyMI.ObjectId -ResourceId $SharePointAPI.ObjectId