svarukala
/ Get-AzureADAppPermissions.ps1
Created
November 9, 2021 03:06
Get the delegated and application permissions for a given Azure AD App. The output clearly shows the roles and scopes (e.g. All.Sites.Manage, Mail.Read etc.) along with display names and resource (e.g. EXO, SPO etc.) information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All" | |
| #Get-Command -Module Microsoft.Graph* *serviceprincipal* | |
| #Get-MgUser | |
| #Use below if you have exact name to get the service principal of the AAD application | |
| $azureAdAppName = "MGT-App" | |
| $sp = Get-MgServicePrincipal -Filter "DisplayName eq '$azureAdAppName'" | |
| #Use below if you have partial name to get the service principal of the AAD application | |
| #$sp = Get-MgServicePrincipal -Search "DisplayName:MGT" -ConsistencyLevel "eventual" |
OlderNewer