Skip to content

Instantly share code, notes, and snippets.

@garrytrinder

garrytrinder/body.json

Last active July 24, 2020 22:16
Show Gist options
  • Save garrytrinder/7c9aa916fa7d234f1fcd08f2c7f321d5 to your computer and use it in GitHub Desktop.
Save garrytrinder/7c9aa916fa7d234f1fcd08f2c7f321d5 to your computer and use it in GitHub Desktop.
Download ZIP
Creates and configures a custom Azure AD app registration for use with the Office 365. The app registration is granted the Sites.FullControl.Read permission.
Raw
body.json
{
"isFallbackPublicClient": true,
"publicClient": {
"redirectUris": [
"https://login.microsoftonline.com/common/oauth2/nativeclient"
]
},
"web": {
"implicitGrantSettings": {
"enableIdTokenIssuance": false
}
}
}
Raw
cli-for-m365-identity.ps1
$spId = az ad app create --display-name "CLI for Microsoft 365 Identity" --oauth2-allow-implicit-flow false --query "objectId" --output tsv
$appId = az ad app show --id $spId --query "appId" --output tsv
$tenantId = az account show --query "homeTenantId" --output tsv
$graphId = az ad sp list --display-name "Microsoft Graph" --query "[0].appId" --output tsv
$sitesFullControlAllId = az ad sp show --id $graphId --query "oauth2Permissions[?value=='Sites.FullControl.All'].id" --output tsv
az ad app permission add --id $spId --api $graphId --api-permissions "$sitesFullControlAllId=Scope"
az ad app permission admin-consent --id $spId
az rest --method patch --uri "https://graph.microsoft.com/v1.0/applications/$spId" --headers "Content-Type=application/json" --body "@body.json"
$env:OFFICE365CLI_AADAPPID = $appId
$env:OFFICE365CLI_TENANT = $tenantId
m365 login
Raw
cli-for-m365-identity.sh
#!/usr/bin/env zsh
. ./functions.sh
echo "Creating app registration ..."
appId=`createAppRegistration "CLI for Microsoft 365"`
echo "Adding delegate permissions ..."
addDelegatePermission ${appId} "Microsoft Graph" "Sites.FullControl.All"
echo "Granting admin consent ..."
grantAdminConsent ${appId}
echo "Updating plaform configuration ..."
updatePlatformConfiguration ${appId}
tenantId=`az account show --query "homeTenantId" --output tsv`
echo "Execute the following commands in the prompt to use the identity and login to Microsoft 365 ..."
echo "<!--- BEGIN ---!>"
echo "export OFFICE365CLI_AADAPPID=${appId}"
echo "export OFFICE365CLI_TENANT=${tenantId}"
echo "m365 login"
echo "<!--- END ---!>"
echo "Done"
Raw
functions.sh
function createAppRegistration (){
local appName=$1
appObjectId=`az ad app create --display-name "${appName}" --oauth2-allow-implicit-flow false --query "objectId" --output tsv`
appId=`az ad app show --id ${appObjectId} --query "appId" --output tsv`
echo "${appId}"
}
function addDelegatePermission (){
local appId=$1
local sp=$2
local scope=$3
spId=`az ad sp list --display-name "${sp}" --query "[0].appId" --output tsv`
scopeId=`az ad sp show --id ${spId} --query "oauth2Permissions[?value=='${scope}'].id" --output tsv`
count=`az ad app permission list --id ${appId} --query "length([*].resourceAccess[?id=='${scopeId}'] | [])" --output tsv`
if [ $count -eq 0 ]; then
az ad app permission add --id ${appId} --api ${spId} --api-permissions "${scopeId}=Scope"
else
echo "Permission already granted ... skipping ..."
fi
}
function grantAdminConsent (){
local appId=$1
az ad app permission admin-consent --id ${appId}
}
function updatePlatformConfiguration () {
local appId=$1
appObjectId=`az ad app show --id ${appId} --query "objectId" --output tsv`
az rest --method patch --uri "https://graph.microsoft.com/v1.0/applications/${appObjectId}" --headers 'Content-Type=application/json' --body @body.json
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment