Skip to content

Commit f0c53f0

Browse files
EmilienCourtEmilienCourt
authored andcommitted
Add "Update-Application -permissions"
1 parent bbd080a commit f0c53f0

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

DFIR-O365RC/Manage-Applications.ps1

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -295,6 +295,9 @@ function Update-Application {
295295
PS C:\>$certificateb64 = [Convert]::ToBase64String([IO.File]::ReadAllBytes("example.der"))
296296
PS C:\>Update-Application -certificateb64 $certificateb64 -organizations -subscriptions
297297
Update the application to add a certificate ("example.der") and access to Azure DevOps organizations and Azure Resource Manager subscriptions.
298+
299+
PS C:\>Update-Application -permissions
300+
Update the application to add required Entra ID permissions.
298301
#>
299302

300303
param (
@@ -304,6 +307,8 @@ function Update-Application {
304307
[Switch]$subscriptions,
305308
[Parameter(Mandatory = $false)]
306309
[Switch]$organizations,
310+
[Parameter(Mandatory = $false)]
311+
[Switch]$permissions,
307312
[String]$logFile = "Update-Application.log"
308313
)
309314

@@ -368,6 +373,13 @@ function Update-Application {
368373
if ($organizations){
369374
Add-OrganizationPermissions -servicePrincipalId $alreadyExistingServicePrincipalCheck.Id -logFile $logFile
370375
}
376+
if ($permissions){
377+
$graphRequiredAccess = Get-EntraIDPermissions -logFile $logFile
378+
Write-Host "Updating permissions for $applicationName"
379+
"Updating permissions for $applicationName" | Write-Log -LogPath $logFile
380+
Update-MgApplication -ApplicationId $alreadyExistingAppCheck.Id -RequiredResourceAccess $graphRequiredAccess
381+
Wait-AdminConsent -appId $alreadyExistingAppCheck.AppId -servicePrincipalId $alreadyExistingServicePrincipalCheck.Id -logFile $logFile
382+
}
371383
}
372384
}
373385
}

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,10 @@ Once the application is created, you can still, using the `Update-Application` c
183183

184184
`Update-Application -organizations`
185185

186+
- You can update the permissions of the application, which is especially useful if you have an old application and the permissions have been updated since you created it:
187+
188+
`Update-Application -permissions`
189+
186190
### Removing the application
187191

188192
Once you are done with the log collection you can delete the application using the `Remove-Application` cmdlet from the module.

0 commit comments

Comments
 (0)