LeastPrivilegedMSGraph

2.0.0

Analyzes Microsoft Graph permissions and provides least privileged recommendations

Minimum PowerShell version

7.4

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name LeastPrivilegedMSGraph

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name LeastPrivilegedMSGraph

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) Morten Mynster. All rights reserved.

Package Details

Author(s)

  • Morten Mynster

Functions

Assert-LPMSGraph Export-PermissionAnalysisReport Get-AppActivityData Get-AppRoleAssignment Get-AppThrottlingData Get-PermissionAnalysis Initialize-LogAnalyticsApi Invoke-LPMSGraphScan

Dependencies

Release Notes

## [2.0.0] - 2026-02-24

### Added
- Delegated permissions is now included in the report to give better visibility into your apps and its permissions
- Dependencies to 'MSGraphPermissions', 'EntraAuth.Graph' which lets us get better visibility to the correct permission scopes for each url included EntraAuth.Graph for improved performance
- Improved limitation in activity gathering so you are able to both set a throtle limit on this along with specifying how many activities you would like to base your permission scoping upon
- Report Improvements as listed below:
- - Added permission scopes for each permission to difrenciate between application and delegated scopes
- - Ability to expand the optimal permissions to see which endpoints this permission will cover
- - Improved UI in regards to the vertical scope of the page and moved a button to the left
- - Added built in filters in the top overview to understand and apply filters faster
- - Added tenant information to the report
- - Added additional data to the csv export from the report
- - More filtering options

### Removed
- No longer supports powershell 5.1 minimum powershell version is now 7.4
- Permission complexity from this module and seperated into its own module 'MSGraphPermissions' with improved permission lookup (More endpoints and more accurate permission scoping)
- Activity gathering using PSFrameworks runspaces replaced with forech -parralel from powershell 7

### Fixed
- An issue in gathering activity data caused by runspaces crashing while attempting to pull data from the endpoints
- Throttling from the log analytics API causing some data to not be returned

### Acknowledgments
Jake Hildreth - Thanks for the sparring and feedback
Friedrich Weinmann - Thanks for the sparring and feedback


FileList

Version History

Version Downloads Last updated
2.0.0 (current version) 284 2/24/2026
1.1.0 27 12/19/2025
1.0.0 8 12/15/2025
0.1.2-preview 17 11/26/2025
0.1.1-preview 4 11/26/2025