functions/Tenant/Get-HawkTenantConsentGrants.ps1
|
Function Get-HawkTenantConsentGrants { <# .SYNOPSIS Gathers application grants .DESCRIPTION Used the script from https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants to gather information about application and delegate grants. Attempts to detect high risk grants for review. .OUTPUTS File: Consent_Grants.csv Path: \Tenant Description: Output of all consent grants .EXAMPLE Get-HawkTenantConsentGrants Gathers Grants #> Out-LogFile "Gathering Oauth / Application Grants" Test-AzureADConnection Send-AIEvent -Event "CmdRun" # Gather the grants # Using the script from the article https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants [array]$Grants = Get-AzureADPSPermissions -ShowProgress [bool]$flag = $false # Search the Grants for the listed bad grants that we can detect if ($Grants.consenttype -contains 'AllPrinciples') { Out-LogFile "Found at least one `'AllPrinciples`' Grant" -notice $flag = $true } if ([bool]($Grants.permission -match 'all')){ Out-LogFile "Found at least one `'All`' Grant" -notice $flag = $true } if ($flag){ Out-LogFile 'Review the information at the following link to understand these results' -notice Out-LogFile 'https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants#inventory-apps-with-access-in-your-organization' -notice } else { Out-LogFile "To review this data follow:" Out-LogFile "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants#inventory-apps-with-access-in-your-organization" } $Grants | Out-MultipleFileType -FilePrefix "Consent_Grants" -csv -json } |