hansgafriedzal · August 20, 2020 18:55
diff --git a/Get-AzureADApplicationServicePrincipalPermission.ps1 b/Get-AzureADApplicationServicePrincipalPermission.ps1
 $searchString = ''

 $_servicePrincipals = Get-AzureADServicePrincipal -All 1

 [PSCustomObject] @{
    Applications = Get-AzureADApplication -All 1 -SearchString $searchString | %{
        $_requiredResourceAccess = $_.RequiredResourceAccess.ResourceAccess
    
        [PSCustomObject] @{
            ApplicationName = $_.DisplayName
            ServicePrincipals = $_servicePrincipals | %{
                [PSCustomObject] @{
                    ServicePrincipalName = $_.DisplayName
                    Permissions = `
                        ($_requiredResourceAccess | where Type -eq Role | `
                            Compare-Object $_.AppRoles `
                                -ExcludeDifferent -IncludeEqual `
                                -Property Id `
                                -PassThru | %{
                                    [PSCustomObject] @{
                                        Permission = $_.Value
                                        Type = "Application"
                                    }
                                }) `
                        + `
                        ($_requiredResourceAccess | where Type -eq Scope | `
                            Compare-Object $_.Oauth2Permissions `
                                -ExcludeDifferent -IncludeEqual `
                                -Property Id `
                                -PassThru | %{
                                    [PSCustomObject] @{
                                        Permission = $_.Value
                                        Type = "Delegated"
                                    }
                                })
                }
            } | ?{$_.Permissions.Count}
        }
    }
 }
	$searchString = ''

	$_servicePrincipals = Get-AzureADServicePrincipal -All 1

	[PSCustomObject] @{
	Applications = Get-AzureADApplication -All 1 -SearchString $searchString \| %{
	$_requiredResourceAccess = $_.RequiredResourceAccess.ResourceAccess

	[PSCustomObject] @{
	ApplicationName = $_.DisplayName
	ServicePrincipals = $_servicePrincipals \| %{
	[PSCustomObject] @{
	ServicePrincipalName = $_.DisplayName
	Permissions = `
	($_requiredResourceAccess \| where Type -eq Role \| `
	Compare-Object $_.AppRoles `
	-ExcludeDifferent -IncludeEqual `
	-Property Id `
	-PassThru \| %{
	[PSCustomObject] @{
	Permission = $_.Value
	Type = "Application"
	}
	}) `
	+ `
	($_requiredResourceAccess \| where Type -eq Scope \| `
	Compare-Object $_.Oauth2Permissions `
	-ExcludeDifferent -IncludeEqual `
	-Property Id `
	-PassThru \| %{
	[PSCustomObject] @{
	Permission = $_.Value
	Type = "Delegated"
	}
	})
	}
	} \| ?{$_.Permissions.Count}
	}
	}
	}