Hello all,
I’m trying to get used to the new MS Graph Module.
For managed Identites I found out it is possible to assign permissions via the MS Graph module.
There are two commands Update-MgApplication and New-MgServicePrincipalAppRoleAssignment)
I wonder if it’s possible to assign Service Principal Permissions also with the update-MgApplication command. I’ve listed my PS code below, New-MgServicePrincipalAppRoleAssignment is working, but Update-MgApplication not. May you can tell me if it’s possible to assign Graph Permissions to the Graph Application using this command Update-MgApplication or if it’s possible to assign Graph Permissions to the serviceprincipal using this command, or neither of those?
$newMicrosoftGraphPermissions = @{
ResourceAppID = $MicrosoftGraphAppId;
ResourceAccess = @(
## Replace the following with values of ID and type for all Microsoft Graph permissions you want to configure for the app
<#@{
# User.Read scope (delegated permission) to sign-in and read user profile
id = "62a82d76-70ea-41e2-9197-370581804d09";
type = "Scope"
},#>
@{
# Application.Read.All app role (application permission) to view application data
id = "9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30";
type = "Role";
}
)
} Update-MgApplication -ApplicationId $clientObjectId -RequiredResourceAccess $newMicrosoftGraphPermissions
And
$oAppRoleAssignment = @{
#PrincipalID is Serviceprincipal ID of Managed Identity Application
“PrincipalId” = $oMSI.Id
#ResourceId is Serviceprincipal ID of Graph Application
“ResourceId” = $oGraphSpn.Id
#ApproleID is PermissionId
“AppRoleId” = $AppRole.Id
}
New-MgServicePrincipalAppRoleAssignment-ServicePrincipalId $oAppRoleAssignment.PrincipalId
-BodyParameter $oAppRoleAssignment `
-Verbose
Best Regards,
baschi