I am trying to retrieve the list of APIs each application has permissions amongst other information for.
However the following script gives me empty objects.
Script:
# Get all app registrations in the Azure Active Directory
$appRegistrations = Get-AzureADApplication
# Create an empty array to store app registration data
$appRegistrationData = @()
# Iterate over each app registration
foreach ($appRegistration in $appRegistrations) {
# Retrieve application client ID
$clientId = $appRegistration.AppId
# Retrieve object ID
$objectId = $appRegistration.ObjectId
# Retrieve display name
$displayName = $appRegistration.DisplayName
# Retrieve API permissions (RequiredResourceAccess)
$apiPermissions = $appRegistration.RequiredResourceAccess | ConvertTo-Json -Depth 5
# Retrieve AppRoles, OAuth2Permissions, delegated permissions, and application permissions
$servicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq '$clientId'"
$appRoles = $servicePrincipal.AppRoles | Select-Object -Property *
$oauth2Permissions = $servicePrincipal.Oauth2Permissions | Select-Object -Property *
$delegatedPermissions = $servicePrincipal.DelegatedPermissions | Select-Object -Property *
$applicationPermissions = $servicePrincipal.AppRoles | Where-Object { $_.AllowedMemberTypes -contains "Application" }
# Add the app registration data to the array
$appRegistrationData += [PSCustomObject]@{
DisplayName = $displayName
ClientId = $clientId
ObjectId = $objectId
ApiPermissions = $apiPermissions
AppRoles = $appRoles
OAuth2Permissions = $oauth2Permissions
DelegatedPermissions = $delegatedPermissions
ApplicationPermissions = $applicationPermissions
}
}
# Output the app registration data
$appRegistrationData | Format-Table -AutoSize
Output for: DelegatedPermissions and ApplicationPermissions is null