Azure Access Permissions. Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.
Background details can be found in the accompanied blog posts:
- Untangling Active Directory Principals & Access Permissions
- Untangling Active Directory Permissions II: Privileged Access
Requirements
To run this script you’ll need these two PowerShell modules:
- Microsoft.Graph
- AADInternals
- ADPreview
All of these can be installed directly within PowerShell:
PS:> Install-Module Microsoft.Graph
PS:> Install-Module AADInternals
PS:> Install-Module AzureADPreviewUsage of Azure Access Permissions
First time use
The script uses a browser-based Login UI to connect to. If you run the tool for the first time you might experience the following error
[*] Connecting to Microsoft Graph...
WARNING: WebBrowser control emulation not set for PowerShell or PowerShell ISE!
Would you like set the emulation to IE 11? Otherwise the login form may not work! (Y/N): Y
Emulation set. Restart PowerShell/ISE!
To solve this simply allow PowerShell to emulate the browser and rerun your command.
Example use of Azure Access Permissions
Import and run, no argumentes needed.
Note: On your first run you will likely have to authenticate twice (once Microsoft Graph and once against AD Graph). I might wrap this into a single login in the future…
PS:> Import-Module .\Azure-AccessPermissions.ps1
For more Script click HERE
