Public/Get-IOPendingAdminConsent.ps1
|
function Get-IOPendingAdminConsent { <# .SYNOPSIS Lists applications waiting for admin consent with permission details. .EXAMPLE Get-IOPendingAdminConsent .EXAMPLE Get-IOPendingAdminConsent -ToCsv "pending-consent.csv" #> [CmdletBinding()] param( [string]$ToCsv ) $cmdName = $MyInvocation.MyCommand.Name Write-IOLog 'Fetching pending admin consent requests...' -Level Info -Component $cmdName $results = [System.Collections.Generic.List[PSCustomObject]]::new() try { $requests = Invoke-IOGraphRequest -Uri 'v1.0/identityGovernance/appConsent/appConsentRequests?$expand=userConsentRequests($select=id,status,createdDateTime,createdBy)' -NoPagination } catch { if ($_.Exception.Message -match '404|NotFound|400|BadRequest') { Write-IOLog 'Admin consent workflow is not configured or not available in this tenant.' -Level Warning -Component $cmdName return } throw } foreach ($req in $requests) { $pendingUserRequests = @($req.userConsentRequests | Where-Object { $_.status -eq 'InProgress' }) if ($pendingUserRequests.Count -eq 0) { continue } foreach ($ucr in $pendingUserRequests) { $requestedBy = 'Unknown' if ($ucr.createdBy -and $ucr.createdBy.user) { $requestedBy = $ucr.createdBy.user.displayName if ($ucr.createdBy.user.userPrincipalName) { $requestedBy = $ucr.createdBy.user.userPrincipalName } } $results.Add([PSCustomObject]@{ AppDisplayName = $req.appDisplayName AppId = $req.appId ConsentRequestId = $req.id UserRequestId = $ucr.id RequestStatus = $ucr.status RequestedBy = $requestedBy RequestedDate = if ($ucr.createdDateTime) { [datetime]::Parse($ucr.createdDateTime, [System.Globalization.CultureInfo]::InvariantCulture, [System.Globalization.DateTimeStyles]::AssumeUniversal).ToString('yyyy-MM-dd HH:mm') } else { '' } }) } } $sorted = $results | Sort-Object RequestedDate -Descending Export-IOResult -Data $sorted -ToCsv $ToCsv -CommandName $cmdName } |