Public/TenantConfiguration/Baseline/Add-AuthorizationPolicies.ps1
|
function Add-AuthorizationPolicies { param( [Parameter(Mandatory)] [string]$TenantId ) try { Connect-CustomerGraph -CustomerTenantId $TenantId $AuthorizationPolicy = Get-MgPolicyAuthorizationPolicy if($AuthorizationPolicy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned -notcontains "ManagePermissionGrantsForSelf.microsoft-user-default-low") { Update-MgPolicyAuthorizationPolicy -DefaultUserRolePermissions @{PermissionGrantPoliciesAssigned = @("ManagePermissionGrantsForSelf.microsoft-user-default-low")} Write-Host "Set OAUTH permission grant policy for default user role in authorization policy!" -ForegroundColor Green } else { Write-Host "OAUTH permission grant policy for default user role already set." -ForegroundColor Yellow } } catch { throw "Failed to update authorization policy: $_" } } |