Merge pull request Azure#13284 from Azure/v-sabiraj-updatingscriptforplaybook

Update script to use Microsoft.Graph module for Add-IP-Entity-To-Named-Location playbook

Author: v-atulyadav

Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1

@@ -1,30 +1,30 @@
 # This script grants the necessary Microsoft Graph API permissions to the Service Principal.
-# Before running, change the $TenantID (line5) to your AAD Tenant ID and the $DisplayNameofMSI (line6) to the name of your Logic App
-# This script requires the AzureAD Powershell Module,  Install-Module AzureAD
+# Before running, change the $TenantID (line5) to your Entra ID Tenant ID and the $DisplayNameofMSI (line6) to the name of your Logic App
+# This script requires the Microsoft.Graph PowerShell Module: Install-Module Microsoft.Graph -Scope CurrentUser
 
-$TenantID=""  #AAD Tenant Id
+$TenantID=""  #Entra ID Tenant Id
 $DisplayNameOfMSI="Add-IP-Entity-To-Named-Location" # Name of the managed identity
 
-Connect-AzureAD -TenantId $TenantID
+Connect-MgGraph -TenantId $TenantID -Scopes "Application.Read.All", "AppRoleAssignment.ReadWrite.All"
 
-$MSI = (Get-AzureADServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'")
+$MSI = Get-MgServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'"
 
 Start-Sleep -Seconds 5
 
 #Microsoft Graph API - Policy.Read.All
 $GraphAppId = "00000003-0000-0000-c000-000000000000"
 $PermissionName = "Policy.Read.All" 
-$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
+$GraphServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$GraphAppId'"
 $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
-New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId -ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
+New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MSI.Id -PrincipalId $MSI.Id -ResourceId $GraphServicePrincipal.Id -AppRoleId $AppRole.Id
 
 Start-Sleep -Seconds 5
 
 #Microsoft Graph API - Policy.ReadWrite.ConditionalAccess
 $GraphAppId = "00000003-0000-0000-c000-000000000000"
 $PermissionName = "Policy.ReadWrite.ConditionalAccess" 
-$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
+$GraphServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$GraphAppId'"
 $AppRole = $GraphServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
-New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId -ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
+New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MSI.Id -PrincipalId $MSI.Id -ResourceId $GraphServicePrincipal.Id -AppRoleId $AppRole.Id
 
-#  Disconnect-AzureAD
+Disconnect-MgGraph

Playbooks/Add-IP-Entity-To-Named-Location/readme.md

@@ -6,7 +6,7 @@ This playbook will execute using an incident based trigger and add the IP entiti
 
 ## Quick Deployment
 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FStandalone%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FStandalone%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json)
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FPlaybooks%2FAdd-IP-Entity-To-Named-Location%2Fazuredeploy.json)
 
 ## Prerequisites
 
@@ -17,7 +17,7 @@ This playbook will execute using an incident based trigger and add the IP entiti
 - Grant the Logic App Managed Identity access to the Microsoft Graph Policy.Read.All & Policy.ReadWrite.ConditionalAccess which can be done with the included PowerShell script [AddApiPermissions.ps1](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Standalone/Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1)
 - Attach this playbook to an **automation rule** so it runs when specified incidents are created.
 
-[Learn more about automation rules](https://docs.microsoft.com/azure/sentinel/automate-incident-handling-with-automation-rules#creating-and-managing-automation-rules)
+[Learn more about automation rules](https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1)
 
 ## Screenshots
-![Designer](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Standalone/Playbooks/Add-IP-Entity-To-Named-Location/images/designer-light.jpg)
+![Designer](https://github.com/Azure/Azure-Sentinel/blob/1b9d62978fc39278c2debbe8bc720b1d08d233d2/Playbooks/Add-IP-Entity-To-Named-Location/images/designer-light.jpg?raw=true)