Created
January 12, 2022 16:28
-
-
Save pmatthews05/813f368b92a724bb5dc137dd68ebd5cb to your computer and use it in GitHub Desktop.
Using AZ CLI and REST commands, a simple way setting the App Registration Selected Site for MS Graph.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-TenantDefaultName { | |
| <# | |
| .SYNOPSIS | |
| Returns the Default and Root Tenant name. | |
| .DESCRIPTION | |
| Returns the Default and Root Tenant name. | |
| .EXAMPLE | |
| Get-TenantDefaultName | |
| .FUNCTIONALITY | |
| AzureAd | |
| .LINK | |
| https://docs.microsoft.com/en-us/graph/api/domain-list?view=graph-rest-1.0&tabs=http | |
| #> | |
| $azureDomain = $(az rest --method get --url "https://graph.microsoft.com/v1.0/domains" | ConvertFrom-Json).value | Where-object { $_.isDefault -eq $true -and $_.isRoot -eq $true } | |
| $azureTenantName = $azureDomain.Id.split(".") | Select-Object -First 1 | |
| return $azureTenantName | |
| } | |
| function Get-MSGraphSiteId { | |
| <# | |
| .SYNOPSIS | |
| Gets the MS Graph Site Id for a SharePoint Site. | |
| .DESCRIPTION | |
| Gets the MS Graph Site Id for a SharePoint Site. | |
| .PARAMETER HostName | |
| SharePoint Tenant Name. | |
| .PARAMETER Path | |
| RelativePath to SharePoint Site. | |
| .EXAMPLE | |
| Get-MSGraphSiteId -HostName:<tenant>-sharepoint.com -Path:/sites/testsite1 | |
| .FUNCTIONALITY | |
| MSGraph | |
| SharePoint | |
| .LINK | |
| https://docs.microsoft.com/en-us/graph/api/site-get?view=graph-rest-1.0&tabs=http | |
| #> | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $HostName, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $Path | |
| ) | |
| $siteInfo = "az rest --method get --url https://graph.microsoft.com/v1.0/sites/${HostName}:${Path}?`$select=id" | ConvertFrom-Json | |
| return $siteInfo.id | |
| } | |
| function Set-MSGraphSitePermission { | |
| <# | |
| .SYNOPSIS | |
| Sets "Microsoft Graph - Selected.Sites" permission with the associated SharePoint Site. | |
| .DESCRIPTION | |
| Sets "Microsoft Graph - Selected.Sites" permission with the associated SharePoint Site. | |
| .PARAMETER SiteId | |
| Graph Id for the SharePoint site, use Get-MSGraphSiteId. | |
| .PARAMETER Roles | |
| Array of Roles, current only ["Read","Write"] | |
| .PARAMETER AppId | |
| The AppId of the App Registration that has been assigned Microsoft Graph - Selected.Sites permissions. | |
| .PARAMETER DisplayName | |
| The DisplayName of the App Registration. | |
| .EXAMPLE | |
| Set-MSGraphSitePermission ` | |
| -SiteId:"contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE" ` | |
| -Roles: @("Read","Write") ` | |
| -ObjectId:<GUID> ` | |
| -DisplayName:<DisplayName> | |
| .FUNCTIONALITY | |
| MSGraph | |
| SharePoint | |
| AppRegistration | |
| .LINK | |
| https://docs.microsoft.com/en-us/graph/api/site-post-permissions?view=graph-rest-1.0&tabs=http | |
| #> | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $SiteId, | |
| [Parameter(Mandatory = $true)] | |
| [string[]] | |
| $Roles, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $AppId, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $DisplayName | |
| ) | |
| $body = $(@{ | |
| roles = $Roles | |
| grantedToIdentities = @( | |
| @{ | |
| "application" = @{ | |
| id = $AppId | |
| displayName = $DisplayName | |
| } | |
| }) | |
| } | | |
| ConvertTo-Json -Depth:100 -Compress) -replace '"', '\"' | |
| az rest --method post --headers "Content-Type=application/json" --url "https://graph.microsoft.com/v1.0/sites/${SiteId}/permissions" --body "${body}" | |
| } | |
| function Set-AppRegistrationSelectedSites { | |
| <# | |
| .SYNOPSIS | |
| Sets the Application Registrations API | |
| .DESCRIPTION | |
| Sets the Application Registrations API. | |
| .PARAMETER AppRegistration | |
| The AppRegistration object retreived from "az ad app show" | |
| .PARAMETER Path | |
| RelativePath to SharePoint Site. | |
| .PARAMETER Roles | |
| Array of Roles, current only ["Read","Write"] | |
| .EXAMPLE | |
| Set-AppRegistrationSelectedSites ` | |
| -AppRegistration:$AppRegistration ` | |
| -Path:/sites/examplesite ` | |
| -Roles: @("Read","Write") | |
| .FUNCTIONALITY | |
| AppRegistration | |
| #> | |
| param( | |
| [Parameter(Mandatory = $true)] | |
| [object] | |
| $AppRegistration, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $Path, | |
| [Parameter(Mandatory = $true)] | |
| [string[]] | |
| $Roles | |
| ) | |
| $azureTenantName = Get-TenantDefaultName | |
| $siteId = Get-MSGraphSiteId ` | |
| -HostName:"$azureTenantName.sharepoint.com" ` | |
| -Path:$Path | |
| Set-MSGraphSitePermission ` | |
| -SiteId:$siteId ` | |
| -Roles:$Roles ` | |
| -AppId:$AppRegistration.appId ` | |
| -DisplayName:$AppRegistration.displayName | |
| } | |
| az login | |
| $nameofApp = "testapp" | |
| $pathSite = "/sites/mytestsite" | |
| $appReg = az ad app list --all --display-name $nameofApp | ConvertFrom-Json | Select -first 1 | |
| Set-AppRegistrationSelectedSites ` | |
| -AppRegistration:$appReg ` | |
| -Path:$pathSite ` | |
| -Roles: @("Read","Write") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment