[英]Is it possible to add Microsoft Graph delegated permissions to Azure AD app via Powershell?
我使用以下腳本在 Azure AD 從 PowerShell 注冊了一個應用程序。
//To create new application
$myapp = New-AzureADApplication -DisplayName MyApp
$myappId=$myapp.AppId
//To set ApplicationID URI
Set-AzureADApplication -ApplicationId $myappId -IdentifierUris "api://$myappId"
//To retrieve details of new application
Get-AzureADApplication -Filter "DisplayName eq $myapp"
現在我想為此應用程序設置委托 API 權限(Calendars.Read、Application.Read.All、Directory.Read.All)。
從Azure 傳送門,我知道如何分配這些。 但是可以通過 PowerShell 添加這些權限嗎? 如果是,誰能幫我處理腳本或 cmdlet?
任何幫助將不勝感激。 謝謝你。
是的,可以通過PowerShell設置委托 API 權限
最初,請注意可以通過以下 cmdlet 檢索的新應用程序的AppID :
Get-AzureADApplication -Filter "DisplayName eq $myapp"
使用以下 cmdlet 檢查您是否有名為“ Microsoft Graph ”的服務主體:
Get-AzureADServicePrincipal -All $true | ? { $_.DisplayName -eq "Microsoft Graph" }
為了通過 PowerShell 分配 API 權限,您應該知道可以使用以下 cmdlet 顯示的那些委派權限的GUID :
$MSGraph.Oauth2Permissions | FT ID, Value
記下所需權限的 ID,例如 Calendars.Read、Application.Read.All 和 Directory.Read.All
請在下面找到完整的腳本:
$myapp = New-AzureADApplication -DisplayName MyApp
$myappId=$myapp.ObjectId
Get-AzureADApplication -Filter "DisplayName eq 'MyApp'"
$MSGraph = Get-AzureADServicePrincipal -All $true | ? { $_.DisplayName -eq "Microsoft Graph" }
$MSGraph.Oauth2Permissions | FT ID, Value
# Create a Resource Access resource object and assign the service principal’s App ID to it.
$Graph = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$Graph.ResourceAppId = $MSGraph.AppId
# Create a set of delegated permissions using noted IDs
$Per1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "c79f8feb-a9db-4090-85f9-90d820caa0eb","Scope"
$Per2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "465a38f9-76ea-45b9-9f34-9e8b0d4b0b42","Scope"
$Per3 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "06da0dbc-49e2-44d2-8312-53f166ab848a","Scope"
$Graph.ResourceAccess = $Per1, $Per2, $Per3
# Set the above resource access object to your application ObjectId so permissions can be assigned.
Set-AzureADApplication -ObjectId $myappId -RequiredResourceAccess $Graph
參考:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.