MG Module

Need credentials or some kind or token from here on out.

Mg Module

To be able to use this PowerShell module, we must connect to MS Graph first. Below command opens a credential prompt:

Connect-MgGraph

We can also login using an access token (obtained using Az Powershell module or any other method)

$Token = eyJ0…
Connect-MgGraph –AccessToken ($Token | ConvertTo-
SecureString -AsPlainText -Force)

1

Get the current session state

Get-MgContext
2

Get details of the current tenant (Available in Beta version)

Get-MgOrganization | fl *
3

Enumerate all users

Get-MgUser -All

Mg Module — Users

1

Enumerate all users

Get-MgUser -All
2

Enumerate a specific user

Get-MgUser -UserId test@defcorphq.onmicrosoft.com
3

Search for a user based on string in first characters of DisplayName or userPrincipalName (wildcard not supported)

Get-MgUser -Filter "startsWith(DisplayName, 'a')" -ConsistencyLevel eventual
4

Search for users who contain the word "admin" in their Display name:

Get-MgUser -All |?{$_.Displayname -match "admin"}
Get-MgUser -Search '"DisplayName:admin"' -ConsistencyLevel eventual
5

List all the attributes for a user

Get-MgUser -UserId test@defcorphq.onmicrosoft.com | fl *
Get-MgUser -UserId test@defcorphq.onmicrosoft.com | %{$_.PSObject.Properties.Name}
6

Search attributes for all users that contain the string "password"

Get-MgUser -All |%{$Properties = $_;$Properties.PSObject.Properties.Name | % {if ($Properties.$_ -match 'password') {"$($Properties.UserPrincipalName) - $_ - $($Properties.$_)"}}}
7

All users who are synced from on-prem

Get-MgUser -All | ?{$_.OnPremisesSecurityIdentifier -ne $null}
8

All users who are from Entra ID

Get-MgUser -All | ?{$_.OnPremisesSecurityIdentifier -eq $null}
9

Objects created by any user (use -ObjectId for a specific user)

Get-MgUserCreatedObject -UserId test@defcorphq.onmicrosoft.com | fl *
10

Objects owned by a specific user

Get-MgUserOwnedObject -UserId test@defcorphq.onmicrosoft.com | fl *

Mg Module — Groups

1

List all Groups

Get-MgGroup -All
2

Enumerate a specific group

Get-MgGroup -GroupId 783a312d-0de2-4490-92e4-539b0e4ee03e
3

Search for a group based on string in first characters of DisplayName (wildcard not supported)

Get-MgGroup -ConsistencyLevel eventual -Search '"DisplayName:A"'
4

To search for groups which contain the word "admin" in their name:

Get-MgGroup -ConsistencyLevel eventual -Search '"DisplayName:Admin"'
5

Get Groups that allow Dynamic membership

Get-MgGroup | ?{$_.GroupTypes -eq 'DynamicMembership'}
6

All groups that are synced from on-prem (note that security groups are not synced)

Get-MgGroup -All| ?{$_.OnPremisesSecurityIdentifier -ne $null}
7

Get members of a group

Get-MgGroupMember -GroupId 783a312d-0de2-4490-92e4-539b0e4ee03e
8

Get groups and roles where the specified user is a member ( "()" are not a mistake)

(Get-MgUserMemberOf -UserId test@defcorphq.onmicrosoft.com ).AdditionalProperties

Mg Module — Roles

1

Get all available role templates

Get-MgDirectoryRoleTemplate
2

Get all enabled roles (a built-in role must be enabled before usage)

Get-MgDirectoryRole
3

Enumerate users to whom roles are assigned

$RoleId = (Get-MgDirectoryRole -Filter "DisplayName eq 'Global Administrator'").Id
(Get-MgDirectoryRoleMember -DirectoryRoleId $RoleId).AdditionalProperties

Mg Module — Devices

1

Get all Azure joined and registered devices

Get-MgDevice –All | fl *
2

List all the active devices (and not the stale devices)

Get-MgDevice –All | ?{$_.ApproximateLastSignInDateTime -ne $null}
3

List registered owners of all the devices

$Ids = (Get-MgDevice –All).Id; foreach($i in $Ids){ (Get-MgDeviceRegisteredOwner -DeviceId $i).AdditionalProperties}
$Ids = (Get-MgDevice –All).Id; foreach($i in $Ids){ (Get-MgDeviceRegisteredUser -DeviceId $i).AdditionalProperties.userPrincipalName}
4

List registered users of all the devices

$Ids = (Get-MgDevice –All).Id; foreach($i in $Ids){ (Get-MgDeviceRegisteredUser -DeviceId $i).AdditionalProperties}
$Ids = (Get-MgDevice –All).Id; foreach($i in $Ids){ (Get-MgDeviceRegisteredUser -DeviceId $i).AdditionalProperties.userPrincipalName}
5

List devices owned by a user

(Get-MgUserOwnedDevice -userId michaelmbarron@defcorphq.onmicrosoft.com).AdditionalProperties
6

List devices registered by a user

(Get-MgUserRegisteredDevice -userId michaelmbarron@defcorphq.onmicrosoft.com).AdditionalProperties
7

List devices managed using Intune

Get-MgDevice -All| ?{$_.IsCompliant -eq "True"} | fl *

Mg Module — Apps

1

Get all the application objects registered with the current tenant (visible in App Registrations in Azure portal). An application object is the global representation of an app.

Get-MgApplication -All
2

Get all details about an application

Get-MgApplicationByAppId -AppId f072c4a6-b440-40de-983f-a7f3bd317d8f | fl *
3

Get an application based on the display name

Get-MgApplication -All | ?{$_.DisplayName -match "app"}
4

The Get-MgApplication will show all the applications details including password but password value is not shown. List all the apps with an application password

Get-MgApplication -All| ?{$_.PasswordCredentials -ne $null}
5

Get owner of an application

(Get-MgApplicationOwner -ApplicationId 35589758-714e-43a9-be9e-94d22fdd34f6).AdditionalProperties.userPrincipalName
6

Get Apps where a User has a role (exact role is not shown)

Get-MgUserAppRoleAssignment -UserId roygcain@defcorphq.onmicrosoft.com | fl *
7

Get Apps where a Group has a role (exact role is not shown)

Get-MgGroupAppRoleAssignment -GroupId 57ada729-a581-4d6f-9f16-3fe0961ada82 | fl *

Mg Module — Service Principals

Service principal is local representation for an app in a specific tenant and it is the security object that has privileges. This is the 'service account'! Service Principals can be assigned Azure roles.

1

Get all service principals

Get-MgServicePrincipal -All
2

Get all details about a service principal

Get-MgServicePrincipal -ServicePrincipalId fd518680-b290-4db2-b92a-5dbd025c6791 | fl *
3

Get a service principal based on the display name

Get-MgServicePrincipal –All | ?{$_.DisplayName -match "app"}
4

List all the service principals with an application password

Get-MgServicePrincipal –All | ?{$_.KeyCredentials -ne $null}
5

Get owner of a service principal

(Get-MgServicePrincipalOwner -ServicePrincipalId fd518680-b290-4db2-b92a-5dbd025c6791).AdditionalProperties.userPrincipalName
6

Get objects owned by a service principal

Get-MgServicePrincipalOwnedObject -ServicePrincipalId fd518680-b290-4db2-b92a-5dbd025c6791
7

Get objects created by a service principal

Get-MgServicePrincipalCreatedObject -ServicePrincipalId fd518680-b290-4db2-b92a-5dbd025c6791
8

Get group and role memberships of a service principal

Get-MgServicePrincipalMemberOf -ServicePrincipalId fd518680-b290-4db2-b92a-5dbd025c6791 | fl *
PreviousEnumerationNextAz PowerShell

Last updated