Update Set-GraphAPI-MI.ps1

BurgerhoutJ · Aug 12, 2024 · 9427a53 · 9427a53
1 parent 1cdd2e9
commit 9427a53
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/managed-identity/Set-GraphAPI-MI.ps1 b/managed-identity/Set-GraphAPI-MI.ps1
@@ -1,13 +1,13 @@
 Install-Module Microsoft.Graph -Force -AllowClobber
 
-Connect-MgGraph
+Connect-MgGraph -Scopes Application.Read.All, AppRoleAssignment.ReadWrite.All
 
-$managedIdentityId = "<MIObjectID>"
-$roleName = "DeviceManagementManagedDevices.Read.All, Device.Read.All, Group.ReadWrite.All, Directory.Read.All,	GroupMember.ReadWrite.All"
+$MId = "object-id of MI"
+$roleNames = "DeviceManagementManagedDevices.Read.All", "Device.Read.All", "Group.ReadWrite.All", "Directory.Read.All", "GroupMember.ReadWrite.All"
 
-$msgraph = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'"
-$role = $Msgraph.AppRoles| Where-Object {$_.Value -eq $roleName} 
+$getPerms = (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").approles | Where-Object Value -in $roleNames
+foreach ($perm in $getPerms) {
+    New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MID -PrincipalId $MID -ResourceId (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").id -AppRoleId $perm.id
+}
 
-New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityId -PrincipalId $managedIdentityId -ResourceId $msgraph.Id -AppRoleId $role.Id
-
 Disconnect-MgGraph