Tenant/Get-HawkTenantOauthConsentGrants.ps1
|
# Retrives a list of all applciations that have the ability to access user data # There are Azure AD Cmdlets for these # https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/AzureAppEnumerationViaGraph.ps1 Function Get-HawkTenantOauthConsentGrants { Out-LogFile "Gathering Oauth Consent Grants" Test-AzureADConnection Send-AIEvent -Event "CmdRun" # Next up gather the consent grants using the azureadcommand [array]$Grant = Get-AzureADOauth2PermissionGrant -all:$true # Check if we have a return if ($null -eq $Grant) { Out-LogFile "No Grants Found." } # If we do then we need to pull some addtional information then output else { Out-LogFile ("Found " + $Grant.count + " OAuth Grants") Out-LogFile "Processing Grants" # Add in the display name information $FullGrantInfo = $Grant | Select-Object -Property *, @{Name = "DisplayName"; Expression = {(Get-AzureADServicePrincipal -ObjectId $_.clientid).displayname}} # Push our data out to a file Out-MultipleFileType -Object $FullGrantInfo -FilePrefix AzureADOauthGrants -csv } <# .SYNOPSIS Gathers application Oauth grants .DESCRIPTION Gathers Application Oauth grants along with their display names. The grants listed are applications that have been granted access to various data inside the tenant. The scope field outlines what data a given application has access to. .OUTPUTS File: AzureADOauthGrants.csv Path: \ Description: Output of all grants as CSV. File: AzureADOauthGrants.txt Path: \ Description: Output of all grants as txt .EXAMPLE Get-HawkTenantOauthConsentGrants Gathers all Oauth Grants #> } |