nathanmcnulty’s gists

nathanmcnulty / mi-graph-permissions.ps1

Created May 14, 2025 06:16

Add permissions to Managed Identity

	$SP_ID = '3b3c5db1-c095-41c7-af10-2a958ccaf91a'

	Connect-MgGraph -Scopes appRoleAssignment.ReadWrite.All,Application.Read.All,Group.ReadWrite.All

	$GraphSP = Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
	$AppRole = $GraphSP.AppRoles \| Where-Object {$_.Value -eq "SecurityEvents.Read.All" -and $_.AllowedMemberTypes -contains "Application"}
	New-MgServicePrincipalAppRoleAssignment -AppRoleId $AppRole.Id -ServicePrincipalId $SP_ID -ResourceId $GraphSP.Id -PrincipalId $SP_ID

nathanmcnulty / graph-api-reports-ca-blocked-sign-ins.txt

Last active May 13, 2025 17:53

Graph API Reports for CA Blocked Sign-Ins

	Graph PowerShell:

	(Invoke-MgGraphRequest -Uri "/beta/reports/serviceActivity/getMetricsForConditionalAccessBlockedSignIn(inclusiveIntervalStartDateTime=$((Get-Date).AddMinutes(-5).ToString("yyyy-MM-ddTHH:mm:ssZ")),exclusiveIntervalEndDateTime=$((Get-Date).ToString("yyyy-MM-ddTHH:mm:ssZ")),aggregationIntervalInMinutes=5)").value

	Logic App:

	{
	"definition": {
	"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
	"contentVersion": "1.0.0.0",

nathanmcnulty / propertiesCatalog.json

Created December 8, 2024 00:19

Properties catalog

	{
	"description": "",
	"name": "Properties Catalog",
	"roleScopeTagIds": [
	"0"
	],
	"platforms": "windows10",
	"technologies": "extensibility",
	"settings": [
	{

nathanmcnulty / gist:445aea7d5966a267e904f74525721233

Created November 24, 2024 23:25

For Tony

	$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
	$session.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"
	$session.Cookies.Add((New-Object System.Net.Cookie("MC1", "<redacted>", "/", ".microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("ai_user", "<redacted>", "/", "security.microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("MicrosoftApplicationsTelemetryDeviceId", "<redacted>", "/", "security.microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("SSR", "<redacted>", "/", "security.microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("msresearch", "<redacted>", "/", ".microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("MSFPC", "<redacted>", "/", "security.microsoft.com")))
	$session.Cookies.Add((New-Object System.Net.Cookie("X-PortalEndpoint-RouteKey", "wusprod_westus", "/", "security.microsoft.com")))
	$session.Coo

nathanmcnulty / gist:8c2e28b76f18dcdec12f78799724cffe

Created September 6, 2024 01:48

CA policy for pim-strong-reauth-compliant-device

	{
	"@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",
	"id": "876aef31-50a3-4c79-b77a-7ba8f8941317",
	"createdDateTime": "2024-09-06T01:23:30.5342067Z",
	"displayName": "PIM - Require strong re-authentication from compliant device",
	"state": "enabledForReportingButNotEnforced",
	"conditions": {
	"clientAppTypes": [ "all" ],
	"signInRiskLevels": [ ],
	"userRiskLevels": [ ],

nathanmcnulty / gist:c353279b9704140a1a8a11c26932f969

Created August 7, 2024 07:34

Set up Maester permissions

	# list of permissions
	[array]$permissions = "Directory.Read.All","Policy.Read.All","Reports.Read.All","DirectoryRecommendations.Read.All","PrivilegedAccess.Read.AzureAD","IdentityRiskEvent.Read.All","RoleEligibilitySchedule.Read.Directory","RoleManagement.Read.All","Policy.Read.ConditionalAccess","UserAuthenticationMethod.Read.All"

	# create application
	$app = New-MgApplication -DisplayName "Maester DevOps"

	# create service principal
	$graphSpId = (Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'").Id
	$sp = New-MgServicePrincipal -AppId $app.appId

nathanmcnulty / gist:7501f7cc6962dcf75d57a4343232535f

Created August 1, 2024 06:01

Logic App for Company Branding Custom CSS

	{
	"definition": {
	"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
	"actions": {
	"Condition": {
	"actions": {},
	"else": {
	"actions": {}
	},
	"expression": {

nathanmcnulty / gist:a9a92e41f0a5bec4b3019656a8bbe8b0

Created February 13, 2024 00:31

Convert @AshishRocks AAD script to MS Graph

	# Connect to Microsoft Graph
	Connect-MgGraph -Scopes Application.Read.All

	# Get all Entra ID applications
	$allApps = Get-MgApplication -All $true
	$array = @()
	# Loop through each application
	foreach ($app in $allApps) {
	Write-Host "Application Name: $($app.DisplayName)"

nathanmcnulty / gist:44552e0f39df5b855c0dacd54261e533

Created November 25, 2023 06:32

AirThings API

	# Get Access Token
	$auth = @{
	Method = "POST"
	Uri = "https://accounts-api.airthings.com/v1/token"
	Body = [Ordered] @{
	"grant_type" = "client_credentials"
	"client_id" = "49e83d9d-994b-4e8a-962d-a92cc9dfb874"
	"client_secret" = "58c5318a-afc0-4d0a-b517-42e650c2289e"
	"scope" = "read:device:current_values"
	}

nathanmcnulty / gist:f991ad95d356bd43e4b2c5fcc57c2ae2

Created October 24, 2023 22:50

Use LAPS to get user profile folder list

	Get-ADComputer -Filter * \| ForEach-Object {
	$laps = (Get-LapsADPassword $_)
	$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $laps.Account, $laps.Password
	Invoke-Command -ComputerName $_ -Credential $cred -ScriptBlock { $env:COMPUTERNAME; (Get-ChildItem).Name }
	}

Nathan McNulty nathanmcnulty