Updated with a modern GUI, smart renaming/restructuring rules, delegated or app auth, fast and parallel scanning….
Handy when your excel references break over 200+ url lengths, or you have sync issues when going beyond 256 characters!
Download/install the PS module from PSGallery!
Azure DevOp’s API’s still have a slight preference for delegated api calls (calls from users). For M365permissions scans run through a managed identity, which as a type of service principal cannot normally enumerate the organizations in a tenant. Not knowing the orgs, you also can’t enumerate projects etc.
I tried a year ago and failed. Coming back to it now in some spare time, after struggling a lot with Fiddler & PowerShell, I finally figured out how to get orgs without delegated authentication.
It was actually quite simple, as always…just a single GET to:
https://vsaex.dev.azure.com/_apis/EnterpriseCatalog/Organizations?tenantId=YOURTENANTIDHERE&api-version=7.1-preview.1This returns a csv type formatted string with all orgs your SPN has permissions to! Isn’t that cool?
Oh and don’t forget, the token you get should be for the audience 499b84ac-1321-427f-aa17-267ca6975798
Recently ran into a new one when setting up MFA for Microsoft 365:
{"Type":6,"VerificationState":0,"Data":null,"VerificationContext":null,"ErrorCode":29,"ErrorType":null}I can’t prove, but strongly suggest this means the phone number you’re trying to register is in use for too many accounts and/or tenants.
The M365Permissions free PowerShell module has been updated with a brand new GUI!
I’ll let you check it out for yourself 🙂
Here is something cool I made to use before going on trips to help select the place with the most ideal weather 🙂
You can find it at https://weatherradius.com for free!