SystemAdmins.M365Assessment

1.0.12

private/helper/m365/entra/user/Get-EntraIdUserRole.ps1

                                function Get-EntraIdUserRole

{

    <#

    .SYNOPSIS

        Get current admin roles for current user.

    .DESCRIPTION

        Return list of Entra ID roles assigned to the logged in user.

    .NOTES

        Uses the following modules:

        - Microsoft.Graph.Users

        - Microsoft.Graph.Authentication

    .EXAMPLE

        Get-EntraIdUserRole;

    #>

    [cmdletbinding()]

    param

    (

    )

    BEGIN

    {

        # Get Microsoft Graph context.

        $mgContext = Get-MgContext;

        # List to store roles.

        $roles = New-Object System.Collections.ArrayList;

    }

    PROCESS

    {

        # Get user roles.

        $userMemberOf = Get-MgUserMemberOf -UserId $mgContext.account;

        # Foreach item.

        foreacH( $item in $userMemberOf )

        {

            # If item is not a role.

            if(($item.AdditionalProperties).'@odata.type' -ne '#microsoft.graph.directoryRole')

            {

                # Skip.

                continue;

            }

            # Variables.

            $roleTemplateId = ($item.AdditionalProperties).roleTemplateId;

            $roleDisplayName = ($item.AdditionalProperties).displayName;

            # Write to log.

            Write-CustomLog -Category 'Authentication' -Message ("Account '{0}' have the role '{1}' ({2})" -f $mgContext.account, $roleDisplayName, $roleTemplateId) -Level Verbose;

            # Add to list.

            $roles += [PSCustomObject]@{

                Account = $mgContext.account;

                RoleTemplateId = ($item.AdditionalProperties).roleTemplateId;

                DisplayName = ($item.AdditionalProperties).displayName;

            };

        }

    }

    END

    {

        # Return roles.

        return $roles;

    }

}