# Identity - List access packages

<table align="left">
    <tr>
        <th>Permission type</th>
        <th>Permissions (from least to most privileged)</th>
    <tr align="center">
        <td>Delegated (work or school account)</td>
        <td>EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All</td>
    </tr>
    <tr align="center">
        <td>Delegated (personal Microsoft Account)</td>
        <td>Not Supported</td>
    </tr>
    <tr align="center">
        <td>Application</td>
        <td>Not Supported</td>
</table>

## Set your variables here

In [16]:
############ This is the credentials used to authenticate with the Graph API ###################
$credentials = @{
    tenantDomain = "domain.com"
    tenantId = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"        ## AAD Tenant ID
    client_id = "ae4fa870-23af-4ae5-a6ed-xxxxx"     ## Application Client ID
    client_secret = "x~xxxxxxx~xxxxx~xxxxxxxxx-xxx"   ## Application Client Secret
}

## Import required modules

In [1]:
$modules = @('pp-core','graph') ## These are the modules to import 
$credentialPath = "~/.credentials/graph.credential" ## Where to store credentials
################## Import Graph Authentication Module #############################
ForEach ($module in $modules) {
    Import-Module "~/Notebooks/Powershell-Playground/PowerShell/custom-modules/$module" -Force  ## import module 
    Get-Command -Module "$module"                                                        ## list commands in this module 
}

$credentials = New-StoreCredentials -credentialPath $credentialPath -credentialArray $credentials


CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Get-DecryptedStringUsingMasterPassword             0.0        pp-core
Function        Get-EncryptedStringUsingMasterPassword             0.0        pp-core
Function        Get-HashOfString                                   0.0        pp-core
Function        Get-MasterPassword                                 0.0        pp-core
Function        Get-StoredCredentials                              0.0        pp-core
Function        Invoke-CheckCredentials                            0.0        pp-core
Function        New-StoreCredentials                               0.0        pp-core
Function        Get-MSGraphAuthToken                               0.0        graph
Function        Invoke-GraphAuthentication                         0.0        graph
Function        Invoke-MSGraphQuery                        

 ·········





## Authenticate with Graph API and grab access token

In [3]:
## Get a token if authenticates properly.
$authParams = @{
    tenantId = $credentials.tenantId
    client_id = $credentials.client_id
    client_secret = $credentials.client_secret
    resource = "https://graph.microsoft.com"    ## resource Dont change since we want to query MDATP REST API Resource
    grant_type = "device_code"  ## This is using a appliation ID and secret to authenticate
};

$tokenResponse = Invoke-GraphAuthentication -authParams $authParams

[92m
Authentication Parameters detected[0m
Device Code Authentication. Standby and wait for Device Code below.

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FAB46JHG5 to authenticate. 
You can also goto https://aka.ms/devicelogin

Double click this code and CTRL-V to copy: [96mFAB46JHG5 [0m
[93m
Waiting for code [0m...[92m

Received Token![0m
[92mConnected and Access Token received and will expire 1593208700[0m


## Call Graph API for list of access packages
Calling the url ```https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages```

In [5]:
## Request Parameters
$URI = "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages" ## URL of what resource to query on Graph API
$authHeader = @{ 
    'Content-Type' = 'application/json'
    Accept = 'application/json'
    Authorization = "Bearer $($tokenResponse.access_token)" 
}

Write-Host "`nURI:",$URI
Write-Host "AUth Header:", ($authHeader | ConvertTo-JSON)

$Result = (Invoke-RestMethod -Method Get -Uri $URI -Headers $authHeader -ErrorAction Stop)

Write-Host -ForeGroundColor Cyan "`nHere is an example of one retrieved access package"
$Result.value | Select-Object -First 1 | FL  ## This will take the results and limit it to 1 item.


URI: https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages
AUth Header: {
  "Accept": "application/json",
  "Content-Type": "application/json",
  "Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6InNVUU9FMTdMRTk2dkg5ckRTMnYwWmdselUteGlOX0JJVVZuM1ozR1ZMbW8iLCJhbGciOiJSUzI1NiIsIng1dCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlJSSSIsImtpZCI6IlNzWnNCTmhaY0YzUTlTNHRycFFCVEJ5TlJSSSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kZTQwY2Y3ZS1hZDVmLTQyNDUtYTMxNy0xNGJlMzljYmIwZWYvIiwiaWF0IjoxNTkzMjA0ODAwLCJuYmYiOjE1OTMyMDQ4MDAsImV4cCI6MTU5MzIwODcwMCwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhRQUFBQUpLQWZhTE1JSGlyRXJHTEs3dkVDaEVDV01qZjJCb0lVWnZBaHBJdStWeVJpem5JZVlQL1hSdDFralgyQmZzMEk1OThqR0tYUUw0N1Nqc1psYWZQZmpRPT0iLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcF9kaXNwbGF5bmFtZSI6IkRlbW8tTG9hZGVyIFJlYWRPbmx5QWNjZXNzIiwiYXBwaWQiOiJhZTRmYTg3MC0yM2FmLTRhZTUtYTZlZC01YWIxODExODU4YzciLCJhcHBpZGFjciI6IjAiLCJnaXZlbl9uYW1lIjoiSmluZyIsImlwYWRk

## Parse Results

In [6]:
#query Graph API and insert into $graphresponse variable
$filterObjects = @('displayName','id','catalogId','description')
$Result = (Invoke-RestMethod -Method Get -Uri $URI -Headers $authHeader -ErrorAction Stop)
$Result.value | Select-Object -Property $filterObjects


displayName                id                                   catalogId
-----------                --                                   ---------                          
Demo-Loader Access Package e1c1bc0a-bf98-4370-97bb-752f00bac575 11bb3d92-8dac-4d66-9d7e-15c68fd9c7…
Skyserver.cc               36efa2d9-939b-46c3-afcb-d13cd77323d7 9c7a2ba0-5c7f-4b7e-8f3f-e087d7ab4b…

