From 9427a536439d66d3a69ffa5d6bc6edd9bef4e687 Mon Sep 17 00:00:00 2001
From: Jeroen Burgerhout <jeroen@burgerhout.org>
Date: Mon, 12 Aug 2024 12:37:08 +0200
Subject: [PATCH] Update Set-GraphAPI-MI.ps1

---
 managed-identity/Set-GraphAPI-MI.ps1 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/managed-identity/Set-GraphAPI-MI.ps1 b/managed-identity/Set-GraphAPI-MI.ps1
index c8e41e8..b385b05 100644
--- a/managed-identity/Set-GraphAPI-MI.ps1
+++ b/managed-identity/Set-GraphAPI-MI.ps1
@@ -1,13 +1,13 @@
 Install-Module Microsoft.Graph -Force -AllowClobber
 
-Connect-MgGraph
+Connect-MgGraph -Scopes Application.Read.All, AppRoleAssignment.ReadWrite.All
 
-$managedIdentityId = "<MIObjectID>"
-$roleName = "DeviceManagementManagedDevices.Read.All, Device.Read.All, Group.ReadWrite.All, Directory.Read.All,	GroupMember.ReadWrite.All"
+$MId = "object-id of MI"
+$roleNames = "DeviceManagementManagedDevices.Read.All", "Device.Read.All", "Group.ReadWrite.All", "Directory.Read.All", "GroupMember.ReadWrite.All"
 
-$msgraph = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'"
-$role = $Msgraph.AppRoles| Where-Object {$_.Value -eq $roleName} 
+$getPerms = (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").approles | Where-Object Value -in $roleNames
+foreach ($perm in $getPerms) {
+    New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MID -PrincipalId $MID -ResourceId (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").id -AppRoleId $perm.id
+}
 
-New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityId -PrincipalId $managedIdentityId -ResourceId $msgraph.Id -AppRoleId $role.Id
- 
 Disconnect-MgGraph