Update script to use Microsoft.Graph module

Replaced AzureAD PowerShell module commands with Microsoft.Graph equivalents in AddApiPermissions.ps1 and updated related comments. Also updated deployment and documentation links in readme.md to reflect new repository paths and improved accuracy.

Author: v-sabiraj

Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1

@@ -1,30 +1,30 @@
 # This script grants the necessary Microsoft Graph API permissions to the Service Principal.
-# Before running, change the $TenantID (line5) to your AAD Tenant ID and the $DisplayNameofMSI (line6) to the name of your Logic App
-# This script requires the AzureAD Powershell Module,  Install-Module AzureAD
+# Before running, change the $TenantID (line5) to your Entra ID Tenant ID and the $DisplayNameofMSI (line6) to the name of your Logic App
+# This script requires the Microsoft.Graph PowerShell Module: Install-Module Microsoft.Graph -Scope CurrentUser
 
-$TenantID=""  #AAD Tenant Id
+$TenantID=""  #Entra ID Tenant Id
 $DisplayNameOfMSI="Add-IP-Entity-To-Named-Location" # Name of the managed identity
 
-Connect-AzureAD -TenantId $TenantID
+Connect-MgGraph -TenantId $TenantID -Scopes "Application.Read.All", "AppRoleAssignment.ReadWrite.All"
 
-$MSI = (Get-AzureADServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'")
+$MSI = Get-MgServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'"
 
 Start-Sleep -Seconds 5
 
 #Microsoft Graph API - Policy.Read.All
 $GraphAppId = "00000003-0000-0000-c000-000000000000"
 $PermissionName = "Policy.Read.All" 
-$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
+$GraphServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$GraphAppId'"
 $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
-New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId -ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
+New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MSI.Id -PrincipalId $MSI.Id -ResourceId $GraphServicePrincipal.Id -AppRoleId $AppRole.Id
 
 Start-Sleep -Seconds 5
 
 #Microsoft Graph API - Policy.ReadWrite.ConditionalAccess
 $GraphAppId = "00000003-0000-0000-c000-000000000000"
 $PermissionName = "Policy.ReadWrite.ConditionalAccess" 
-$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
+$GraphServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$GraphAppId'"
 $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
-New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId -ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
+New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MSI.Id -PrincipalId $MSI.Id -ResourceId $GraphServicePrincipal.Id -AppRoleId $AppRole.Id
 
-#  Disconnect-AzureAD
+Disconnect-MgGraph

Playbooks/Add-IP-Entity-To-Named-Location/readme.md

@@ -6,7 +6,7 @@ This playbook will execute using an incident based trigger and add the IP entiti
 
 ## Quick Deployment
 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FStandalone%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FStandalone%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json)
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json)
 
 ## Prerequisites
 
@@ -17,7 +17,7 @@ This playbook will execute using an incident based trigger and add the IP entiti
 - Grant the Logic App Managed Identity access to the Microsoft Graph Policy.Read.All & Policy.ReadWrite.ConditionalAccess which can be done with the included PowerShell script [AddApiPermissions.ps1](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Standalone/Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1)
 - Attach this playbook to an **automation rule** so it runs when specified incidents are created.
 
-[Learn more about automation rules](https://docs.microsoft.com/azure/sentinel/automate-incident-handling-with-automation-rules#creating-and-managing-automation-rules)
+[Learn more about automation rules](https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1)
 
 ## Screenshots
-![Designer](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Standalone/Playbooks/Add-IP-Entity-To-Named-Location/images/designer-light.jpg)
+![Designer](https://github.com/Azure/Azure-Sentinel/blob/1b9d62978fc39278c2debbe8bc720b1d08d233d2/Playbooks/Add-IP-Entity-To-Named-Location/images/designer-light.jpg?raw=true)