Azure Access Permissions – Easy to use PowerShell script

Azure Access Permissions. Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.

Background details can be found in the accompanied blog posts:

  • Untangling Active Directory Principals & Access Permissions
  • Untangling Active Directory Permissions II: Privileged Access

Requirements

To run this script you’ll need these two PowerShell modules:

  • Microsoft.Graph
  • AADInternals
  • ADPreview

All of these can be installed directly within PowerShell:

PS:> Install-Module Microsoft.Graph
PS:> Install-Module AADInternals
PS:> Install-Module AzureADPreview

Usage of Azure Access Permissions

First time use

The script uses a browser-based Login UI to connect to. If you run the tool for the first time you might experience the following error

[*] Connecting to Microsoft Graph...
WARNING: WebBrowser control emulation not set for PowerShell or PowerShell ISE!
Would you like set the emulation to IE 11? Otherwise the login form may not work! (Y/N): Y
Emulation set. Restart PowerShell/ISE!

Azure Access Permissions

To solve this simply allow PowerShell to emulate the browser and rerun your command.

Example use of Azure Access Permissions

Import and run, no argumentes needed.

Note: On your first run you will likely have to authenticate twice (once Microsoft Graph and once against AD Graph). I might wrap this into a single login in the future…

PS:> Import-Module .\Azure-AccessPermissions.ps1

Azure Access Permissions

Azure Access Permissions

For more Script click HERE

Download