/IdentityProtectionTools

Sample PowerShell module and scripts for managing Azure AD Identity Protection service

Primary LanguagePowerShellMIT LicenseMIT

page_type languages products description urlFragment
sample
powershell
AzureActiveDirectory
Sample PowerShell module and scripts for automating activities for the Azure Active Directory Identity Protection services API
update-this-to-unique-url-stub

Sample

The Identity Protection Tools PowerShell module contains sample functions for:

  • Enumerating Risky Users by RiskLevel and date when their risk was last updated
  • Dismissing Risk for selected users for bulk operations
  • Confirming Compromise for selected users for bulk operations

Contents

Outline the file contents of the repository. It helps users navigate the codebase, build configuration and any related assets.

File/folder Description
src Sample source code.
.gitignore Define what to ignore at commit time.
CHANGELOG.md List of changes to the sample.
CONTRIBUTING.md Guidelines for contributing to the sample.
README.md This README file.
LICENSE The license for the sample.

Prerequisite

The IdentityProtectionTools is utilizing the Microsoft Graph PowerShell SDK module for connecting and managing sessions with the Microsoft Graph API.

  1. Install the following modules from the PowerShell Gallery which are used to execute the logic in this module where you intend to run the module functions
Install-module Microsoft.Graph.Authentication,Microsoft.Graph.Identity.SignIns
  1. For the user that you intend to invoke the commands against the Identity Protection RiskyUsers API you will need the following permissions granted
  • Listing riskyUsers
    • IdentityRiskyUser.Read.All
  • Dismissing User Risk
    • IdentityRiskyUser.ReadWrite.All

Note: You will need to consent to the Microsoft Graph SDK PowerShell nodule in the tenant to use it to invoke Connect-Graph.

Setup

  1. Download the Identity Protection Tools PowerShell Module from this repo
  2. From where you extracted the files, Import the module into your PowerShell Session Note: Please do not use the ISE to run this sample
Import-module .\IdentityProtectionTools.psd1

Running the sample

  1. Connect to the MS Graph endpoint with the proper permission scopes.
$apiPermissionScopes = @("IdentityRiskyUser.Read.All", "IdentityRiskyUser.ReadWrite.All")
Connect-Graph -Scopes $apiPermissionScopes

Note: For connecting as user identities, it will use the device flow using your browser.

  1. Enumerate users in the connected tenant which are a risky Users

    • You can specify the RiskLevel as:
      • low
      • medium
      • high
      • notnone (includes low,medium,high)
    • Days since risk was updated
      • -30 for updated in the last 30 days
Get-AzureADIPRiskyUser -RiskLevel High -All
  1. Dismiss User Risk for collection of User IDs for risky users updated in the last 30 days
$CollectionOfUsersIDs = Get-AzureADIPRiskyUser -RiskLevel High -All -asUserIds -riskUpdatedSinceDays 30
Invoke-AzureADIPDismissRiskyUser -UserIds $CollectionOfUsersIDs

Note: The riskyUsers API supports dismissing risk a page of 60 users at a time, which the sample will page through to completion.

Key concepts

The Identity Protection sample module is an example of utilizing the Microsoft Graph API for bulk operations.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.