How to give Azure AD application access to required permissions using powershell Az module

问题

I'm trying to rewrite powershell script that creates Azure AD application and assigns permission to it. The script is using AzureAD module, I would like to use new Az module, so I can run it on Linux/MacOS.

Creating a new application is easy (New-AzADApplication) but I have a problem with permissions.

Old script is using this code to assign permissions:

#=============Graph Permissions========================
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "df021288-bdef-4463-88db-98f22de89214","Role"

$req.ResourceAccess = $acc1
$req.ResourceAppId = "00000003-0000-0000-c000-000000000000" #Microsoft Graph   

Set-AzureADApplication -ObjectId $AppObjectId  -RequiredResourceAccess $req

But this will not work on Linux/MacOS. Is there any way to do this? If not from powershell than maybe using some other method? The main goal is to run it from Linux.

回答1:

The Azure CLI is easy to get started with and best used for Microsoft's cross-platform command-line experience for managing Azure resources on macOS, Linux, or Windows and run it from the command line.

Your case

In your case you could try with Following CLI command for application permission:

az ad app permission add --api --api-permissions --id [--subscription]

For example

See add a Graph API permission of "Sign in and read user profile" command below:

az ad app permission add --id eeba0b46-78e5-4a1a-a1aa-cafe6c123456 --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope

Required Parameters

Following parameters required for this permission

--api

The target API to access.

--api-permissions

Space seperated list of =.

--id

Identifier uri, application id, or object id.

For more details CLI command you also could refer here

Note :

To executes above command you must need to install the CLI locally, run it in the browser with Azure Cloud Shell, or run in a Docker container. For installation reference you could see here

Powershell Command

You could find details steps here

I hope this would be helpful what you expected to do. Let's try it out. Thank you!

来源：https://stackoverflow.com/questions/55385802/how-to-give-azure-ad-application-access-to-required-permissions-using-powershell