svarukala
/ Add-PermissionsForPnPManagementShellToCDS.ps1
Last active
January 19, 2021 20:58
By default PnP Management Shell and CLI for Microsoft 365 app doesn't have permissions to Common Data Service (or Dataverse)/Dynamics CRM. This script adds the permissions required to use with CDS/CRM.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Az module to login. Use allow no subscriptions if there is no active azure subcription assocaited with your tenant | |
| az login --allow-no-subscriptions | |
| #This app id corresponds to PnP Management Shell that is also used for CLI for Microsoft 365 | |
| $PnPPowerShellAppId = "31359c7f-bd7e-475c-86db-fdb8c937548e" | |
| #The guid 00000007-0000-0000-c000-000000000000 corresponds to Common Data Service/Dynamics CRM | |
| az ad app permission grant --id $PnPPowerShellAppId --api 00000007-0000-0000-c000-000000000000 --scope user_impersonation |
svarukala
/ access-spo.py
Last active
January 27, 2021 01:06
Python sample to get a SharePoint Online Site title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from office365.runtime.auth.client_credential import ClientCredential | |
| from office365.sharepoint.client_context import ClientContext | |
| client_id = '--clientid--' | |
| client_secret = '--clientsecret---' | |
| site_url = 'https://contoso.sharepoint.com/sites/Web01' | |
| credentials = ClientCredential(client_id, | |
| client_secret) |
svarukala
/ upload-file-spo.py
Created
January 27, 2021 01:08
Python sample to upload small to medium sized files to SharePoint Online document libraries
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from office365.runtime.auth.client_credential import ClientCredential | |
| from office365.sharepoint.client_context import ClientContext | |
| client_id = '--clientid--' | |
| client_secret = '--clientsecret---' | |
| site_url = 'https://contoso.sharepoint.com/sites/Web01' | |
| credentials = ClientCredential(client_id, |
svarukala
/ Get-SPOSiteListsUsingMSGraphAppOnly.ps1
Last active
February 9, 2021 06:43
Enumerate the lists from a SPO site using Microsoft Graph and app-only permissions on a Azure AD application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| # Application (client) ID, secret, tenant name and site | |
| $tenantPrefix = "CONTOSO"; #Pass 'Contoso' for contoso.onmicrosoft.com | |
| $clientId = "CLIENT ID"; #Pass the azure ad app id here | |
| $clientSecret = "CLIENT SECRET"; #Pass the azure ad app client secret | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| $sitePath = "https://contoso.sharepoint.com/sites/Web01" | |
| $siteName = $sitePath.Split("/")[4] |
svarukala
/ Add-SPOSiteGranularPermission.ps1
Last active
February 9, 2021 06:17
This script applies granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| # Provide tenant prefix, Application (client) ID, and Client secret of the admin app | |
| $tenantPrefix = "contoso"; | |
| $clientId = "client-id"; | |
| $clientSecret = "client-secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Provide the site url | |
| $sitePath = "https://contoso.sharepoint.com/sites/Web01" |
svarukala
/ Delete-SPOSiteGranularPermission.ps1
Last active
February 9, 2021 06:21
This script removes existing granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| #Provie tenant prefix, Application (client) ID, and client secret of the IT admin app | |
| #IT admin app must have sites.fullcontrol app-only perms | |
| $tenantPrefix = "Contoso"; | |
| $clientId = "Client-Id"; | |
| $clientSecret = "Client-Secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Site url |
svarukala
/ Manage-SPOSiteLevelPermissionsForAppOnlyAADAppUsingMSGraph.ps1
Created
February 8, 2021 21:59
This script helps your manage (add/remove) granular permissions (read or write) at the Site level for a SPO site using Microsoft Graph for the Azure AD Application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #sample script |
svarukala
/ Get-SPOSiteGranularPermissions.ps1
Created
February 9, 2021 06:26
Enumerate the SPO site level permissions given to a Azure AD app using MS Graph
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| #Provie tenant prefix, Application (client) ID, and client secret of the IT admin app | |
| #IT admin app must have sites.fullcontrol app-only perms | |
| $tenantPrefix = "Contoso"; | |
| $clientId = "Client-ID"; | |
| $clientSecret = "Client-Secret"; | |
| $tenantName = $tenantPrefix +".onmicrosoft.com"; | |
| $tenantDomain = $tenantPrefix +".sharepoint.com"; | |
| #Provide site url |
svarukala
/ Get-AzureADAppCredentialsInfo.ps1
Last active
September 25, 2024 00:37
This script uses Microsoft Graph PowerShell SDK. It is helpful to identify and inventorize all the Azure AD Applications registered in your tenant. The script enumerates the KeyCredentials (Certificates) and PasswordCredentials (Client Secret) keys, expiration dates, owner and other useful information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| $Apps = Get-MgApplication -All | |
| $today = Get-Date | |
| $credentials = @() | |
| $Apps | %{ | |
| $aadAppObjId = $_.Id | |
| $app = Get-MgApplication -ApplicationId $aadAppObjId | |
| $owner = Get-MgApplicationOwner -ApplicationId $aadAppObjId |
svarukala
/ Get-AzureADAllAppsPermissions.ps1
Last active
February 20, 2025 02:49
Get the delegated and application permissions for all the Azure AD Apps. The output clearly shows the roles and scopes (e.g. All.Sites.Manage, Mail.Read etc.) along with display names and resource (e.g. EXO, SPO etc.) information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| #https://graph.microsoft.com/v1.0/applications | |
| $Apps = Get-MgApplication -All | |
| $permissions = @() | |
| $Apps | %{ | |
| $app = $_ | |
| #https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '00000003-0000-0ff1-ce00-000000000000' | |
| #Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0ff1-ce00-000000000000'" | |
| $app.RequiredResourceAccess | %{ | |
| $resource = $_ |