Azure-AccessPermissions – Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment
Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.
Background details can be found in the accompanied blog posts:
- Untangling Azure Active Directory Principals & Access Permissions
- Untangling Azure Active Directory Permissions II: Privileged Access
Requirements
To run this script you’ll need these two PowerShell modules:
All of these can be installed directly within PowerShell:
First time use
The script uses a browser-based Login UI to connect to Azure. If you run the tool for the first time you might experience the following error
[*] Connecting to Microsoft Graph...
WARNING: WebBrowser control emulation not set for PowerShell or PowerShell ISE!
Would you like set the emulation to IE 11? Otherwise the login form may not work! (Y/N): Y
Emulation set. Restart PowerShell/ISE!
To solve this simply allow PowerShell to emulate the browser and rerun your command.
Example use
Import and run, no argumentes needed.
Note: On your first run you will likely have to authenticate twice (once Microsoft Graph and once against Azure AD Graph). I might wrap this into a single login in the future…
PS:> Import-Module .\Azure-AccessPermissions.ps1
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
