Not
Bu sayfaya erişim yetkilendirme gerektiriyor. Oturum açmayı veya dizinleri değiştirmeyi deneyebilirsiniz.
Bu sayfaya erişim yetkilendirme gerektiriyor. Dizinleri değiştirmeyi deneyebilirsiniz.
Bu öğreticide, Genel yöneticiler tarafından kaynaklara kapsam sağlamak için kullanılacak bir PowerShell betiğinin nasıl oluşturulacağı gösterilmektedir. Genel yöneticinin/kullanıcının, kullanım örneğine göre hangi izinlerin gerekli olduğunu belirlemesi gerekir.
Aşağıdaki PowerShell kod parçacıklarını kullanarak 'ManagePermissionGrant.ps1' adlı bir betik oluşturun ve çalıştırın
Adım 1 - Giriş ve kurulum
Write-Host "########################################################" Write-Host "# 'HTTP with Microsoft Entra ID' connector - Permission grant configuration" Write-Host "# This script will guide you through the process of granting the required permissions" Write-Host "# to the HttpWithAADApp Microsoft 1st party app 'ServiceApp_NoPreAuths' to access the selected resources." Write-Host "########################################################" Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted Install-Module Microsoft.Graph -Scope CurrentUser -WarningAction Ignore Import-Module Microsoft.Graph.Applications Import-Module Microsoft.Graph.Identity.SignIns $ErrorActionPreference = "Stop" Disconnect-Graph -ErrorAction IgnoreAdım 2 - Uygulama için sınıf tanımı
class App { [bool]$IsCommonlyUsedApp [string]$ApplicationName [string]$AppId }3. Adım - Birinci taraf uygulama listesini alın
[!NOT] - Burada bahsedilen AppId'ler referans amaçlıdır. AppId'de herhangi bir değişiklik olup olmadığını kontrol etmek ve gerektiğinde güncelleştirmek kullanıcıya kalmıştır.
# 1st party app list from: https://learn.microsoft.com/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications function Get-FirstPartyAppList{ @( [App]@{IsCommonlyUsedApp=$false;ApplicationName='ACOM Azure Website';AppId='23523755-3a2b-41ca-9315-f81f3f566a95'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='AEM-DualAuth';AppId='69893ee3-dd10-4b1c-832d-4870354be3d8'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='App Service';AppId='7ab7862c-4c57-491e-8a45-d52a7e023983'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='ASM Campaign Servicing';AppId='0cb7b9ec-5336-483b-bc31-b15b5788de71'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Azure Advanced Threat Protection';AppId='7b7531ad-5926-4f2d-8a1d-38495ad33e17'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Azure Data Lake';AppId='e9f49c6b-5ce5-44c8-925d-015017e9f7ad'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Azure Lab Services Portal';AppId='835b2a73-6e10-4aa5-a979-21dfda45231c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Azure Portal';AppId='c44b4083-3bb0-49c1-b47d-974e53cbdf3c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='AzureSupportCenter';AppId='37182072-3c9c-4f6a-a4b3-b3f91cacffce'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Bing';AppId='9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='ContactsInferencingEmailProcessor';AppId='20a11fe0-faa8-4df5-baf2-f965f8f9972e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='CPIM Service';AppId='bb2a2e3a-c5e7-4f0a-88e0-8e01fd3fc1f4'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='CRM Power BI Integration';AppId='e64aa8bc-8eb4-40e2-898b-cf261a25954f'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Dataverse';AppId='00000007-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Enterprise Roaming and Backup';AppId='60c8bde5-3167-4f92-8fdb-059f6176dc0f'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Exchange Admin Center';AppId='497effe9-df71-4043-a8bb-14cf78c4b63b'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='FindTime';AppId='f5eaa862-7f08-448c-9c4e-f4047d4d4521'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Focused Inbox';AppId='b669c6ea-1adf-453f-b8bc-6d526592b419'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='GroupsRemoteApiRestClient';AppId='c35cb2ba-f88b-4d15-aa9d-37bd443522e1'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='HxService';AppId='d9b8ec3a-1e4e-4e08-b3c2-5baf00c0fcb0'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='IAM Supportability';AppId='a57aca87-cbc0-4f3c-8b9e-dc095fdc8978'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='IrisSelectionFrontDoor';AppId='16aeb910-ce68-41d1-9ac3-9e1673ac9575'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='MCAPI Authorization Prod';AppId='d73f4b35-55c9-48c7-8b10-651f6f2acb2e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Media Analysis and Transformation Service';AppId='944f0bd1-117b-4b1c-af26-804ed95e767e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Media Analysis and Transformation Service #2';AppId='0cd196ee-71bf-4fd6-a57c-b491ffd4fb1e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft 365 Support Service';AppId='ee272b19-4411-433f-8f28-5c13cb6fd407'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft App Access Panel';AppId='0000000c-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Approval Management';AppId='65d91a3d-ab74-42e6-8a2f-0add61688c74'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Approval Management #2';AppId='38049638-cc2c-4cde-abe4-4479d721ed44'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Authentication Broker';AppId='29d9ed98-a469-4536-ade2-f981bc1d605e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Azure CLI';AppId='04b07795-8ddb-461a-bbee-02f9e1bf7b46'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Azure PowerShell';AppId='1950a258-227b-4e31-a9cf-717495945fc2'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='MicrosoftAzureActiveAuthn';AppId='0000001a-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Bing Search';AppId='cf36b471-5b44-428c-9ce7-313bf84528de'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Bing Search for Microsoft Edge';AppId='2d7f3606-b07d-41d1-b9d2-0d0c9296a6e8'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Bing Default Search Engine';AppId='1786c5ed-9644-47b2-8aa0-7201292175b6'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Defender for Cloud Apps';AppId='3090ab82-f1c1-4cdf-af2c-5d7a6f3e2cc7'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Docs';AppId='18fbca16-2224-45f6-85b0-f7bf2b39b3f3'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Dynamics ERP';AppId='00000015-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Edge Insider Addons Prod';AppId='6253bca8-faf2-4587-8f2f-b056d80998a7'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Exchange ForwardSync';AppId='99b904fd-a1fe-455c-b86c-2f9fb1da7687'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Exchange Online Protection';AppId='00000007-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Exchange ProtectedServiceHost';AppId='51be292c-a17e-4f17-9a7e-4b661fb16dd2'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Exchange REST API Based Powershell';AppId='fb78d390-0c51-40cd-8e17-fdbfab77341b'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Forms';AppId='c9a559d2-7aab-4f13-a6ed-e7e9c52aec87'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Microsoft Graph';AppId='00000003-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Intune Web Company Portal';AppId='74bcdadc-2fdc-4bb3-8459-76d06952a0e9'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Intune Windows Agent';AppId='fc0f3af4-6835-4174-b806-f7db311fd2f3'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Office';AppId='d3590ed6-52b3-4102-aeff-aad2292ab01c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Office 365 Portal';AppId='00000006-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Office Web Apps Service';AppId='67e3df25-268a-4324-a550-0de1c7f97287'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Online Syndication Partner Portal';AppId='d176f6e7-38e5-40c9-8a78-3998aab820e7'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft password reset service';AppId='93625bc8-bfe2-437a-97e0-3d0060024faa'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Microsoft Power BI';AppId='871c010f-5e61-4fb1-83ac-98610a7e9110'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Storefronts';AppId='28b567f6-162c-4f54-99a0-6887f387bbcc'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Stream Portal';AppId='cf53fce8-def6-4aeb-8d30-b158e7b1cf83'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Substrate Management';AppId='98db8bd6-0cc0-4e67-9de5-f187f1cd1b41'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Support';AppId='fdf9885b-dd37-42bf-82e5-c3129ef5a302'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Teams';AppId='1fec8e78-bce4-4aaf-ab1b-5451cc387264'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Teams Services';AppId='cc15fd57-2c6c-4117-a88c-83b1d56b4bbe'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Teams Web Client';AppId='5e3ce6c0-2b1f-4285-8d4b-75ee78787346'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Microsoft Whiteboard Services';AppId='95de633a-083e-42f5-b444-a4295d8e9314'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='O365 SkypeSpaces Ingestion Service';AppId='dfe74da8-9279-44ec-8fb2-2aed9e1c73d0'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='O365 Suite UX';AppId='4345a7b9-9a63-4910-a426-35363201d503'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Office 365 Exchange Online';AppId='00000002-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office 365 Management';AppId='00b41c95-dab0-4487-9791-b9d2c32c80f2'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office 365 Search Service';AppId='66a88757-258c-4c72-893c-3e8bed4d6899'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Office 365 SharePoint Online';AppId='00000003-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Delve';AppId='94c63fef-13a3-47bc-8074-75af8c65887a'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Add-in SSO';AppId='93d53678-613d-4013-afc1-62e9e444a0a5'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Client AAD- Augmentation Loop';AppId='2abdc806-e091-4495-9b10-b04d93c3f040'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Client AAD- Loki';AppId='b23dd4db-9142-4734-867f-3577f640ad0c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Client AAD- Maker';AppId='17d5e35f-655b-4fb0-8ae6-86356e9a49f5'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Client MSA- Loki';AppId='b6e69c34-5f1f-4c34-8cdf-7fea120b8670'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Core SSO';AppId='243c63a3-247d-41c5-9d83-7788c43f1c43'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office Online Search';AppId='a9b49b65-0a12-430b-9540-c80b3332c127'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office.com';AppId='4b233688-031c-404b-9a80-a4f3f2351f90'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Office365 Shell WCSS-Client';AppId='89bee1f7-5e6e-4d8a-9f3d-ecd601259da7'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OfficeClientService';AppId='0f698dd4-f011-4d23-a33e-b36416dcb1e6'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OfficeHome';AppId='4765445b-32c6-49b0-83e6-1d93765276ca'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OfficeShredderWacClient';AppId='4d5c2d63-cf83-4365-853c-925fd1a64357'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OMSOctopiPROD';AppId='62256cef-54c0-4cb4-bcac-4c67989bdc40'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OneDrive SyncEngine';AppId='ab9b8c07-8f02-4f72-87fa-80105867a763'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='OneNote';AppId='2d4d3d8e-2be3-4bef-9f87-7875a61c29de'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Outlook Mobile';AppId='27922004-5251-4030-b22d-91ecd9a37ea4'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Partner Customer Delegated Admin Offline Processor';AppId='a3475900-ccec-4a69-98f5-a65cd5dc5306'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Password Breach Authenticator';AppId='bdd48c81-3a58-4ea9-849c-ebea7f6b6360'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='PeoplePredictions';AppId='35d54a08-36c9-4847-9018-93934c62740c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Power BI Service';AppId='00000009-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Scheduling';AppId='ae8e128e-080f-4086-b0e3-4c19301ada69'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='SharedWithMe';AppId='ffcb16e8-f789-467c-8ce9-f826a080d987'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='SharePoint Online Web Client Extensibility';AppId='08e18876-6177-487e-b8b5-cf950c1e598c'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Signup';AppId='b4bddae8-ab25-483e-8670-df09b9f1d0ea'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Skype for Business Online';AppId='00000004-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='SpoolsProvisioning';AppId='61109738-7d2b-4a0b-9fe3-660b1ff83505'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Sticky Notes API';AppId='91ca2ca5-3b3e-41dd-ab65-809fa3dffffa'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Substrate Context Service';AppId='13937bba-652e-4c46-b222-3003f4d1ff97'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='SubstrateDirectoryEventProcessor';AppId='26abc9a8-24f0-4b11-8234-e86ede698878'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Substrate Search Settings Management Service';AppId='a970bac6-63fe-4ec5-8884-8536862c42d4'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Sway';AppId='905fcf26-4eb7-48a0-9ff0-8dcc7194b5ba'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Transcript Ingestion';AppId='97cb1f73-50df-47d1-8fb0-0271f2728514'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Universal Store Native Client';AppId='268761a2-03f3-40df-8a8b-c3db24145b6b'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Viva Engage (formerly Yammer)';AppId='00000005-0000-0ff1-ce00-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='WeveEngine';AppId='3c896ded-22c5-450f-91f6-3d1ef0848f6e'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Azure Active Directory';AppId='00000002-0000-0000-c000-000000000000'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Azure Security Resource Provider';AppId='8edd93e1-2103-40b4-bd70-6e34e586362d'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Azure Service Management API';AppId='797f4846-ba00-4fd7-ba43-dac1f8f63013'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='WindowsDefenderATP Portal';AppId='a3b79187-70b2-4139-83f9-6016c58cd27b'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Search';AppId='26a7ee05-5602-4d76-a7ba-eae8b7b67941'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Spotlight';AppId='1b3c667f-cde3-4090-b60b-3d2abd0117f0'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Windows Store for Business';AppId='45a330b1-b1ec-4cc1-9161-9f03992aa49f'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Yammer Web';AppId='c1c74fed-04c9-4704-80dc-9f79a2e515cb'}, [App]@{IsCommonlyUsedApp=$false;ApplicationName='Yammer Web Embed';AppId='e1ef36fd-b883-4dbf-97f0-9ece4b576fc6'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Azure Key Vault';AppId='cfa8b339-82a2-471a-a3c9-0fc0be7a4093'}, [App]@{IsCommonlyUsedApp=$true;ApplicationName='Azure Storage';AppId='e406a681-f3d4-42a8-90b6-c2b029497af1'} ) | Sort-Object -Property ApplicationName }Adım 4 - Nasıl bağlanmak istiyorsunuz?
if($Host.UI.PromptForChoice("Cloud selection", "Most customers access to the Global Azure environment. Do you want to connect using azure global or do you want to select from a list?", ('&Azure Global (recommended)', '&Select from a list (advanced)'), 0) -eq 0) { $selectedEnvName = "Global" } else { $selectedEnv = Get-MgEnvironment | Out-GridView -Title "Choose Cloud Environment" -OutputMode Single If (!$selectedEnv) { Write-Warning "No environment selected. Please select an environment and try again." Exit } $selectedEnvName = $selectedEnv.Name } Connect-MgGraph -Environment $selectedEnvName -Scopes "User.ReadWrite.All Directory.AccessAsUser.All" -NoWelcomeAdım 5 - HttpWithAADApp Microsoft 1. taraf uygulamasıyla ilişkili yerel kiracıda Hizmet sorumlusunu bulun
$HttpWithAADAppAppId = 'd2ebd3a9-1ada-4480-8b2d-eac162716601' $HttpWithAADAppServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$HttpWithAADAppAppId'" If (!$HttpWithAADAppServicePrincipal) { Write-Host "No service principal was found in the current tenant with appId: $HttpWithAADAppAppId. Attempting to create one." $AppIDForSpCreation=@{ "AppId" = "$HttpWithAADAppAppId" } $HttpWithAADAppServicePrincipal = New-MgServicePrincipal -BodyParameter $AppIDForSpCreation If (!$HttpWithAADAppServicePrincipal) { Write-Warning "Not able to create a service principal for appId : $HttpWithAADAppAppId." Exit } } $HttpWithAADAppServicePrincipalId = $HttpWithAADAppServicePrincipal.Id $HttpWithAADAppServicePrincipalDisplayName = $HttpWithAADAppServicePrincipal.DisplayName Write-Host "HttpWithAADApp Service principal was found:" $HttpWithAADAppServicePrincipal | Format-Table -wrap -autoAdım 6 - Kapsam seçimi için 1. taraf uygulamasını seçin
if($Host.UI.PromptForChoice("Resource and scope selection", "Most customers access to widely used resources (e.g. Graph, Sharepoint, Dataverse, etc.). Do you want to display only the commonly used apps?", ('&Commonly used Apps', '&All apps (advanced)'), 0) -eq 0) { $filteredFirstPartyAppList = Get-FirstPartyAppList | Where-Object {$_.IsCommonlyUsedApp -eq $true} } else { $filteredFirstPartyAppList = Get-FirstPartyAppList } $selectedApp = $filteredFirstPartyAppList | Select-Object ApplicationName, AppId | Out-GridView -Title "Choose 1st party app for resource and scope selection" -OutputMode Single If (!$selectedApp) { Write-Warning "No app selected. Please select an app and try again." Exit } Write-Host "The app was selected:" $selectedApp | Format-Table -wrap -auto $selectedAppId = $selectedApp.AppIdAdım 7 - Seçilen 1. taraf uygulama için kapsamları seçin ve seçili uygulamayla ilişkili SP seçin
$selectedSP = Get-MgServicePrincipal -Filter "appId eq '$selectedAppId'" If (!$selectedSP) { Write-Warning "No service principal found in the current tenant with appId: $selectedAppId" Exit } $selectedSPId = $selectedSP.Id ### List of Admin and User Scopes $scopes = $selectedSP.Oauth2PermissionScopes | Sort-Object Value | Select-Object Type, Value, UserConsentDisplayName, UserConsentDescription $selectedScopes = $scopes | Out-GridView -Title "Choose Scopes" -OutputMode Multiple $joinedScopes = $selectedScopes | Join-String -Property {$_.Value} -Separator ' ' Write-Host "The following user scopes have been selected: $joinedScopes" If (!$selectedScopes) { Write-Warning "No scopes selected. Please select at least one and try again." Exit }Adım 8 - Bir onay türü seçin (AllPrincipals vs Principal)
if($Host.UI.PromptForChoice("Select consent type", "Do you want the service principal '$HttpWithAADAppServicePrincipalDisplayName' ($HttpWithAADAppServicePrincipalId) to be able to impersonate all users?", ('&Yes', '&No (I need to select a specific user)'), 0) -eq 0) { $grantParams = @{ clientId = $HttpWithAADAppServicePrincipalId consentType = "AllPrincipals" resourceId = $selectedSPId scope = $joinedScopes } } else { # let the user select a specific principal $users = Get-MgUser -All | Select-Object ID, DisplayName, Mail, UserPrincipalName $selectedUser = $users | Out-GridView -Title "Choose a user" -OutputMode Single $grantParams = @{ clientId = $HttpWithAADAppServicePrincipalId consentType = "Principal" principalId = $selectedUser.Id resourceId = $selectedSPId scope = $joinedScopes } }Adım 9 - Hizmet sorumlusu ve kaynak için geçerli izinleri görüntüleme
$existingOauth2PermissionGrant = Get-MgOauth2PermissionGrant -Filter "clientId eq '$HttpWithAADAppServicePrincipalId' and resourceId eq '$selectedSPId'" if($existingOauth2PermissionGrant) { Write-Host "The service principal '$HttpWithAADAppServicePrincipalDisplayName' ($HttpWithAADAppServicePrincipalId) has the following oAuth2PermissionGrant objects already defined for resourceId '$selectedSPId':" $existingOauth2PermissionGrant | Format-Table -wrap -auto # allow deletion of existing grants if($Host.UI.PromptForChoice("Grant deletion", "Do you want to delete any of the existing grants?", ('&No', '&Yes, I want to first delete existing grants'), 0) -eq 1) { # deletion flow $selectedGrantsToDelete = $existingOauth2PermissionGrant | Out-GridView -Title "Select the grants you want to delete" -OutputMode Multiple Write-Host "The following grants are going to be deleted:" $selectedGrantsToDelete | Format-Table -wrap -auto $selectedGrantsToDelete | ForEach-Object { Remove-MgOauth2PermissionGrant -OAuth2PermissionGrantId $_.Id } } } else { Write-Host "No existing oAuth2PermissionGrant object were found for service principal '$HttpWithAADAppServicePrincipalDisplayName' ($HttpWithAADAppServicePrincipalId) and resourceId '$selectedSPId'" } Write-Host "The following grant is going to be persisted:" $grantParams | Format-Table -wrap -autoAdım 10 - oAuth2PermissionGrant nesnesi tarafından temsil edilen bir temsilci izin izni oluşturun/güncelleştirin (varsa var olanı silin)
if ($grantParams.consentType -eq "AllPrincipals") { $existingOauth2PermissionGrant = Get-MgOauth2PermissionGrant -Filter "clientId eq '$HttpWithAADAppServicePrincipalId' and resourceId eq '$selectedSPId' and consentType eq 'AllPrincipals'" if($existingOauth2PermissionGrant) { Write-Warning "An existing oAuth2PermissionGrant object was found with the same key properties. (clientId: $HttpWithAADAppServicePrincipalId, resourceId: $selectedSPId, consentType: AllPrincipals)" } } elseif ($grantParams.consentType -eq "Principal") { $grantParamsPrincipalId = $grantParams.principalId $existingOauth2PermissionGrant = Get-MgOauth2PermissionGrant -Filter "clientId eq '$HttpWithAADAppServicePrincipalId' and resourceId eq '$selectedSPId' and consentType eq 'Principal'" | Where-Object { $_.PrincipalId -eq $grantParamsPrincipalId } if($existingOauth2PermissionGrant) { Write-Warning "An existing oAuth2PermissionGrant object was found with the same key properties. (clientId: $HttpWithAADAppServicePrincipalId, resourceId: $selectedSPId, consentType: Principal, principalId: $grantParamsPrincipalId)" } } if($existingOauth2PermissionGrant) { Write-Warning "This means that the existing oAuth2PermissionGrant object is about to be updated with the new parameters provided." Write-Warning "Existing permission grant:" $existingOauth2PermissionGrant | Format-Table -wrap -auto Write-Warning "New permission grant requested:" $grantParams | Format-Table -wrap -auto if($Host.UI.PromptForChoice("Confirm permission grant update", "Do you want to proceed and update the above permission grant?", ('&Yes', '&No'), 0) -eq 1) { Write-Warning "Execution terminated." Exit } Update-MgOauth2PermissionGrant -OAuth2PermissionGrantId $existingOauth2PermissionGrant.Id -BodyParameter $grantParams } else { if($Host.UI.PromptForChoice("Confirm permission grant creation", "Do you want to proceed and create the permission grant?", ('&Yes', '&No'), 0) -eq 1) { Write-Warning "Execution terminated." Exit } New-MgOauth2PermissionGrant -BodyParameter $grantParams } Write-Host "A delegated permission grant was persisted with the following parameters:" $grantParams | Format-Table -wrap -auto Disconnect-MgGraph Write-Host "Script execution completed successfully"Adım 11 - PowerShell betiğini kaydedin ve çalıştırın
Komut dosyasını kaydettikten sonra aşağıdaki komutu yazın ve Enter'a basın:
.\ ManagePermissionGrant.ps1