private/graph/Get-ZtRole.ps1

<#
 .Synopsis
  Returns all the role definitions in the tenant.

 .Description

 .Parameter CisaHighlyPrivilegedRoles
  Filters the returned roles to only those described
  by CISA as highly privieleged.

 .Example
  Get-ZtRole
#>


Function Get-ZtRole {
  [CmdletBinding()]
  param(
    [switch]$CisaHighlyPrivilegedRoles
  )

  #https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/aad.md#highly-privileged-roles
  $highlyPrivilegedRoles = @(
    "62e90394-69f5-4237-9190-012177145e10",
    "fe930be7-5e62-47db-91af-98c3a49a38b1",
    "29232cdf-9323-42fd-ade2-1d097af3e4de",
    "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
    "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
    "e8611ab8-c189-46e8-94e1-60213ab1f814",
    "158c047a-c907-4556-b7ef-446551a6b5f7",
    "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2"
  )

  Write-PSFMessage -Message "Getting directory role definitions."

  $roles = Invoke-ZtGraphRequest -RelativeUri 'roleManagement/directory/roleDefinitions' -ApiVersion v1.0

  if ($CisaHighlyPrivilegedRoles){
    return $roles | Where-Object {`
      $_.id -in $highlyPrivilegedRoles
    }
  }

  return $roles
}