-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathInstall_Graph_and_Service_Principal.ps1
45 lines (31 loc) · 1.49 KB
/
Install_Graph_and_Service_Principal.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Set-Location C:\
Clear-Host
#https://docs.microsoft.com/en-us/graph/powershell/installation
#For a list of available Microsoft Graph modules
Find-Module Microsoft.Graph*
#Install the module
Install-Module Microsoft.Graph -Verbose -AllowClobber -Force
#Look at all the service principals
#region ServicePrincipals
#Connect
#Each API in graph has a certain permission scope required
#https://docs.microsoft.com/en-us/graph/permissions-reference
#Application.Read.All to read the service principals
Connect-MgGraph -Scopes "Application.Read.All"
#Switch to beta profile to light up features
Select-MgProfile -Name "beta"
#View my scope
Get-MgContext #note my TenantId
(Get-MgContext).Scopes
#Environments, i.e. various clouds
Get-MgEnvironment
#View a regular app registration and its service principal
Get-MgApplication -Filter "DisplayName eq 'twwebapp2021'"
Get-MgServicePrincipal -Filter "DisplayName eq 'twwebapp2021'" |
Format-Table DisplayName, Id, AppId, SignInAudience, AppOwnerOrganizationId
#Same for an enterprise application that is enabled in my tenant
Get-MgServicePrincipal -Filter "DisplayName eq 'AWS Single-Account Access' or DisplayName eq 'Microsoft Teams'" |
Format-Table DisplayName, Id, AppId, SignInAudience, AppOwnerOrganizationId
#View all managed identities. Note the different types of resource
Get-MgServicePrincipal -Filter "ServicePrincipalType eq 'ManagedIdentity'" |
Format-Table DisplayName, Id, AlternativeNames -AutoSize