-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathFind_cmdlets_scopes_perms_connect.ps1
90 lines (62 loc) · 2.24 KB
/
Find_cmdlets_scopes_perms_connect.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#Finding Available cmdlets
Import-Module Microsoft.Graph
Get-Command -Module Microsoft.Graph*
Get-Command -Module Microsoft.Graph* *Team*
Get-Command -Module Microsoft.Graph* *User*
Get-Command -Module Microsoft.Graph* -Noun *Group*
Get-Command -Module Microsoft.Graph.Authentication
#Getting Help for a cmdlet
Get-Help Get-MgUser
Get-Help Get-MgUser -Category Cmdlet
Get-Help Get-MgUser -Category Function
Get-Help Get-MgUser -Detailed
Get-Help Get-MgUser -Full
Get-Help Get-MgUser -ShowWindow
#Connect to Microsoft 365 using Scopes
#Scopes to Manage Users and Groups with Full Read Write Access
$scopes = @(
"User.ReadWrite.All"
"Directory.ReadWrite.All"
"Group.ReadWrite.All"
)
#Scopes to Create Teams
$scopes = @("Team.Create"
"Group.ReadWrite.All"
)
#Scopes to Manage SharePoint Online Sites and Files
$scopes = @("Sites.FullControl.All"
"Sites.Manage.All"
"Sites.ReadWrite.All"
"Files.ReadWrite.All"
"Files.ReadWrite.AppFolder"
)
#Scopes to Manage Mail
$scopes = @("Mail.ReadWrite"
"Mail.ReadWrite.Shared"
"Mail.Send"
)
#Finding Available Permissions
#SharePoint Sites
Find-MgGraphPermission sites -PermissionType Delegated
Find-MgGraphPermission sites -PermissionType Application
#Microsoft Teams
Find-MgGraphPermission teams -PermissionType Delegated
Find-MgGraphPermission teams -PermissionType Application
#Users
Find-MgGraphPermission user -PermissionType Delegated
Find-MgGraphPermission user -PermissionType Application
#eDiscovery
Find-MgGraphPermission ediscovery -PermissionType Delegated
#We search for the permissions
Find-MgGraphCommand -Command Get-MgUserMailFolder | Select-Object -First 1 -ExpandProperty Permissions
Find-MgGraphCommand -Command Get-MgUserMailboxSetting | Select-Object -First 1 -ExpandProperty Permissions
#Connect Using the Standard Command and Scopes
$scopes = @("User.ReadWrite.All"
"Directory.Read.All"
"Group.Read.All"
)
Connect-MgGraph -Scopes $scopes
#Connect Using an Azure App Registration
Connect-MgGraph -ClientId "your ClientId" -TenantId "your TenantId" -CertificateThumbprint "your CertificateThumbprint"
#We check the permissions
(Get-MgContext).Scopes