From f28ce84f76cea588c72a2f11c4ca9c8a3aea48de Mon Sep 17 00:00:00 2001 From: Eunice Waweru <73849846+msewaweru@users.noreply.github.com> Date: Wed, 16 Oct 2024 18:37:09 +0300 Subject: [PATCH 1/4] Add example --- .../Get-EntraBetaOAuth2PermissionGrant.md | 26 ++++++++- .../Get-EntraOAuth2PermissionGrant.md | 55 +++++++++++++------ 2 files changed, 63 insertions(+), 18 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md index 56104b7f3..058c9f590 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md @@ -68,7 +68,7 @@ H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal This command gets the OAuth2 permission grants. -### Example 2: Get All the OAuth2 permission grants +### Example 2: Get all the OAuth2 permission grants ```powershell Connect-Entra -Scopes 'Directory.Read.All' @@ -86,7 +86,29 @@ H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal This command gets all the OAuth2 permission grants. -### Example 3: Get top 2 OAuth2 permission grants record +### Example 3: Get OAuth2 permission grants for a user in a service principal + +```powershell +Connect-Entra -Scopes 'Directory.Read.All' +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' +$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "DisplayName eq 'Your_SERVICE_PRINCIPAL_Here'" +Get-EntraBetaOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | FL +``` + +```Output +ObjectId : E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2 +ClientId : 22223333-cccc-4444-dddd-5555eeee6666 +ConsentType : Principal +Id : E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2 +PrincipalId : aaaaaaaa-bbbb-cccc-1111-222222222222 +ResourceId : c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 +Scope : User.Read.All openid profile offline_access Organization.Read.All User.ReadWrite.All Device.Read.All Device.ReadWrite.All Directory.Read.All User.Read RoleManagement.ReadWrite.Directory Group.ReadWrite.All +AdditionalProperties : {} +``` + +This example gets the OAuth2 permission grants for a user in a service principal. + +### Example 4: Get top 2 OAuth2 permission grants record ```powershell Connect-Entra -Scopes 'Directory.Read.All' diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md index d3c98c691..627cbdf73 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md @@ -57,17 +57,17 @@ Get-EntraOAuth2PermissionGrant ``` ```Output -Id ClientId ConsentType PrincipalId ResourceId Scope --- -------- ----------- ----------- ---------- ----- -A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All -C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read -E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read -H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read +Id ClientId ConsentType PrincipalId ResourceId Scope +-- -------- ----------- ----------- ---------- ----- +A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All +C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read +E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read +H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read ``` This command gets the OAuth2 permission grants. -### Example 2: Get All the OAuth2 permission grants +### Example 2: Get all the OAuth2 permission grants ```powershell Connect-Entra -Scopes 'Directory.Read.All' @@ -75,17 +75,40 @@ Get-EntraOAuth2PermissionGrant -All ``` ```Output -Id ClientId ConsentType PrincipalId ResourceId Scope --- -------- ----------- ----------- ---------- ----- -A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All -C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read -E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read -H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read +Id ClientId ConsentType PrincipalId ResourceId Scope +-- -------- ----------- ----------- ---------- ----- +A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All +C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read +E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read +H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read ``` This command gets all the OAuth2 permission grants. -### Example 3: Get top 2 OAuth2 permission grants record +### Example 3: Get OAuth2 permission grants for a user in a service principal + +```powershell +Connect-Entra -Scopes 'Directory.Read.All' +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq 'Your_SERVICE_PRINCIPAL_Here'" +Get-EntraOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | FL +``` + +```Output +ObjectId : E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2 +ClientId : 22223333-cccc-4444-dddd-5555eeee6666 +ConsentType : Principal +Id : E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2 +PrincipalId : aaaaaaaa-bbbb-cccc-1111-222222222222 +ResourceId : c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 +Scope : User.Read.All openid profile offline_access Organization.Read.All User.ReadWrite.All Device.Read.All Device.ReadWrite.All Directory.Read.All User.Read RoleManagement.ReadWrite.Directory Group.ReadWrite.All +AdditionalProperties : {} +``` + +This example gets the OAuth2 permission grants for a user in a service principal. + + +### Example 4: Get top 2 OAuth2 permission grants record ```powershell Connect-Entra -Scopes 'Directory.Read.All' @@ -95,8 +118,8 @@ Get-EntraOAuth2PermissionGrant -Top 2 ```output Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- -A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All -C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read +A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All +C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read ``` This command gets top 2 OAuth2 permission grants records. From 04bc8a72b785365459d6439b5aed74178285d5f8 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 17 Oct 2024 07:54:13 +0300 Subject: [PATCH 2/4] Update module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md --- .../Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md index 627cbdf73..4a1eba184 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md @@ -122,7 +122,7 @@ A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 Al C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read ``` -This command gets top 2 OAuth2 permission grants records. +This command retrieves the top 2 OAuth2 permission grant records. ## Parameters From ccd17c4750a5e072ab0514009498594af9cfc2cd Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 17 Oct 2024 08:31:00 +0300 Subject: [PATCH 3/4] Adding full format --- .../Get-EntraBetaOAuth2PermissionGrant.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md index 058c9f590..4212c9ca2 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaOAuth2PermissionGrant.md @@ -4,7 +4,7 @@ description: This article provides details on the Get-EntraBetaOAuth2PermissionG ms.topic: reference -ms.date: 08/09/2024 +ms.date: 10/16/2024 ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG @@ -91,8 +91,8 @@ This command gets all the OAuth2 permission grants. ```powershell Connect-Entra -Scopes 'Directory.Read.All' $user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "DisplayName eq 'Your_SERVICE_PRINCIPAL_Here'" -Get-EntraBetaOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | FL +$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "DisplayName eq 'Helpdesk Application'" +Get-EntraBetaOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | Format-List ``` ```Output @@ -187,3 +187,4 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Related Links [Remove-EntraBetaOAuth2PermissionGrant](Remove-EntraBetaOAuth2PermissionGrant.md) +[New-EntraBetaOAuth2PermissionGrant](New-EntraBetaOauth2PermissionGrant.md) From e20a47689132e65a4b525eef59400c2b94b04933 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 17 Oct 2024 08:32:35 +0300 Subject: [PATCH 4/4] Adding full formatting --- .../Get-EntraOAuth2PermissionGrant.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md index 4a1eba184..7d77a9299 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant.md @@ -4,7 +4,7 @@ description: This article provides details on the Get-EntraOAuth2PermissionGrant ms.topic: reference -ms.date: 06/26/2024 +ms.date: 10/16/2024 ms.author: eunicewaweru ms.reviewer: stevemutungi manager: CelesteDG @@ -90,8 +90,8 @@ This command gets all the OAuth2 permission grants. ```powershell Connect-Entra -Scopes 'Directory.Read.All' $user = Get-EntraUser -UserId 'SawyerM@contoso.com' -$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq 'Your_SERVICE_PRINCIPAL_Here'" -Get-EntraOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | FL +$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq 'Helpdesk Application'" +Get-EntraOAuth2PermissionGrant | Where-Object {$_.ClientId -eq $servicePrincipal.Id -and $_.PrincipalId -eq $user.Id} | Format-List ``` ```Output @@ -187,3 +187,4 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Related Links [Remove-EntraOAuth2PermissionGrant](Remove-EntraOAuth2PermissionGrant.md) +[New-EntraOAuth2PermissionGrant](New-EntraOauth2PermissionGrant.md)