Create MgId_removePermissions.ps1

AkosBakos · May 22, 2023 · cd3360c · cd3360c
1 parent 5950c27
commit cd3360c
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/Automations/AZ Automation with Managed Identity/MgId_removePermissions.ps1 b/Automations/AZ Automation with Managed Identity/MgId_removePermissions.ps1
@@ -0,0 +1,15 @@
+# Connect to Microsoft Graph
+Connect-MgGraph -Scopes "Application.Read.All","AppRoleAssignment.ReadWrite.All,RoleManagement.ReadWrite.Directory"
+
+# Select beta profile
+Select-MgProfile Beta
+
+# You will be prompted for the Name of you Managed Identity
+$MdId_Name = Read-Host "Name of your Managed Identity"
+$MdId_ID = (Get-MgServicePrincipal -Filter "displayName eq '$MdId_Name'").id
+
+# Removing all Graph scopes
+$MdId_permissions = Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $MdId_ID
+ForEach($Assignment in $MdId_permissions){
+  Remove-MgServicePrincipalAppRoleAssignment -AppRoleAssignmentId $Assignment.Id -ServicePrincipalId $MdId_ID
+}