使用PowerShell脚本自动执行AAD应用并分配委派权限 [英] PowerShell script to Automate AAD app and assigning delegated Permissions
问题描述
继续我的最后一个问题,如何自动创建Azure AD应用程序 我可以设法使用PowerShell脚本自动创建AAD,但想向前迈一步,为MS graph/Azure AD,Office 365等应用程序分配权限.
Continue to my last question how to automate azure AD app creation I could manage to automate AAD creation using PowerShell script, but wanted to go one step ahead and assign permissions to application like MS graph/ Azure AD, office 365 etc .
我在MS上找不到任何帮助.任何人都可以给它一些提示.
I don't find any help on MS. Can anybody give some hint on it.
推荐答案
其他应用程序"的权限存储在属性requiredResourceAccess下的应用程序对象"上.
Permissions to Other Applications is stored on the Application Object under the property requiredResourceAccess.
这是我创建的应用程序中该属性的示例.我从应用程序清单"中提取了此信息:
Here is an example of that property from an app I created. I pulled this from the Application Manifest:
"requiredResourceAccess": [
{
"resourceAppId": "ba7111b6-5517-4c9a-8f65-68dffe1f44c4",
"resourceAccess": [
{
"id": "76514d0f-b098-4ff1-9606-26ddd811ba05",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "cba73afc-7f69-4d86-8450-4978e04ecd1a",
"type": "Scope"
},
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
],
您可以看到该属性由两部分组成:资源的应用ID和在该资源上公开的权限ID.
You can see that the property is composed of two parts: the App ID of the resource, and the Permission ID exposed on that Resource.
您在这里可以做的最好的事情是使用UX在租户中设置一个应用程序,然后查看设置requiredResourceAccess的方式.
The best thing you can do here is set up an app in your tenant using the UX, and then look at the way that the requiredResourceAccess is set.
然后,您可以使用此PowerShell Cmdlet 可以在您的自动化工作流程中更新该属性.
Then you can use this PowerShell Cmdlet to update that property in your automated workflow.
Set-AzureADApplication -ObjectId <guid> -RequiredResourceAccess <RRAList>
我希望这会有所帮助!
这篇关于使用PowerShell脚本自动执行AAD应用并分配委派权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
