Insights and tracking on Azure Active Directory Service Principals (Enterprise Applications and Applications)
- HTML export
- JSON export
- CSV export (wip)
- ServicePrincipals by type
- ServicePrincipal owners
- Application owners
- ServicePrincipal owned objects
- ServicePrincipal AAD Role assignments
- ServicePrincipal AAD Role assignedOn
- Application AAD Role assignedOn
- App Role assignments (API permissions Application)
- App Roles assignedTo (Users and Groups)
- Oauth permission grants (API permissions delegated)
- Azure Role assignments (Azure Resources; Management Groups, Subscriptions, Resource Groups, Resources)
- ServicePrincipal Group memberships
- Application Secrets
- Application Certificates
Management Group (Tenant Root Management Group) RBAC: Reader
Microsoft Graph API | Application | Application.Read.All
Microsoft Graph API | Application | Group.Read.All
Microsoft Graph API | Application | RoleManagement.Read.All
Microsoft Graph API | Application | User.Read.All
The Build Service Account or Project Collection Build Service Account (which ever you use) requires Contribute permissions on the repository (Project settings - Repos - Security)
#USER: 'Application (client) ID' of the App registration OR 'Application ID' of the Service Principal (Enterprise Application)
#PASSWORD: Secret of the App registration
$pscredential = Get-Credential
Connect-AzAccount -ServicePrincipal -TenantId "<tenantId>" -Credential $pscredential