Comments (7)
Hello,
In case it helps you: I gave the enterprise application the "Global Reader" role and was then able to export all the elements.
Of course, that's far too many permissions, but only read and you can secure the company application accordingly. This works fine for my automated Backup.
Best Regards
from entraexporter.
By playing around with the type-parameter, I was possible to export a few entities.
So it seems that not every Type is supported by an Application-Based Permission.
I do like the idea of this script a lot. It would be great to have those enhancements in the feature or at least some kind of a table in the readme.md, which is illustrates something like this:
Type | Permission |
---|---|
User | Application & Delegated |
ConditionalAccess | Application & Delegated |
... | .... |
An additional suggestion would be to give the user a better hint by proper error-handling. My pipeline just stopped with e.g.:
Response status code does not indicate success: InternalServerError (Internal Server Error).
Response status code does not indicate success: Forbidden (Forbidden).
Response status code does not indicate success: BadRequest (Bad Request).
from entraexporter.
I've been using this module with application permissions and it works flawlessly.
Here is a screenshot of the needed permissions:
Here is a snippet to configure the permissions:
# Use application ObjectId rather than clientID
$applicationObjectId = '....'
$requiredPermissionsNames = @(
'AccessReview.Read.All',
'Agreement.Read.All',
'APIConnectors.Read.All',
'Application.Read.All',
'Directory.Read.All',
'EntitlementManagement.Read.All',
'IdentityProvider.Read.All',
'IdentityUserFlow.Read.All',
'Organization.Read.All',
'Policy.Read.All',
'Policy.Read.PermissionGrant',
'PrivilegedAccess.Read.AzureAD',
'PrivilegedAccess.Read.AzureResources',
'User.Read.All',
'UserAuthenticationMethod.Read.All'
)
# get service principal app roles for MS Graph
$sps = Get-MgServicePrincipalByAppId -AppId "00000003-0000-0000-c000-000000000000"
# Get list of permissions with the id
$requiredAppRoles = $sps.AppRoles | where {$_.value -in $requiredPermissionsNames}
# update the registered application.
Update-MgApplication -ApplicationId $applicationObjectId -RequiredResourceAccess (@{
ResourceAppId = '00000003-0000-0000-c000-000000000000'
resourceAccess = $requiredAppRoles | foreach {@{Id =$_.id; Type='Role'} }
})
from entraexporter.
@israem what version of powershell are you running this in?
from entraexporter.
I ran the module in both PS7 (up tp 7.2.14) and PS5 successfully. I ran the snippet of code I shared in PS7 but there is no reason it wouldn't work in PS5 if you have all the modules installed.
from entraexporter.
I see. I've been messing with it all week. Finally figured out that it gives me errors (same as in original post on this issue) in 7.X, but works fine in 5.1.
from entraexporter.
Seems like same issue I encountered too #57
from entraexporter.
Related Issues (20)
- Enhancement: User Manager Export HOT 1
- MUltiple HOT 2
- Use export tool for B2C Tenants via MSI HOT 1
- Recovery Capabilities for Disaster Scenarios HOT 1
- AzureADExporter refuses to write anything to disk HOT 1
- Extra urlencoded '$' sign in accessPackageResourceRoleScopes request
- The accessReviews endpoint is deprecated
- Publish a new version to PowerShell Gallery HOT 1
- USGov Support HOT 3
- Report of Exported Data
- Part of the B2C export not working due to Graph version HOT 1
- 403 Forbidden when used in PowerShell Core 7.3.7 (Azure DevOps pipeline) HOT 3
- Add export of AzureAD Connect configuration HOT 1
- Entra Exporter fails with latest mggraph release 2.11.0 HOT 2
- Export of 'privilegedAccess/azureResources/resources' not working with P1 license HOT 1
- Export of 'privilegedAccess/azureResources/resources' fails: 400 Bad Request HOT 6
- QUESTION: Is it possible to authenticate using managed identity in the Azure pipeline? HOT 1
- QUESTION (noob): What can folks recommend for IMPORTING this to a tenant? HOT 1
- Use EntrExporter behind corporative proxy
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from entraexporter.