Rule Description
This rule will query Azure AD application roles and return all users assigned to these application roles along with any additional Active Directory parameters you select.
When to use this rule
Use this rule when you need to get a report about which Azure AD applications and roles assigned to Office 365 user accounts.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this Azure AD application |
Specify an application DisplayName to filter by application name. By default, all applications are considered. |
Application properties to display |
Application Name and Application Role Name is displayed in the report. |
User properties to display |
To display Office 365 user properties for each object found by the query, add those properties to the list. |
Initialization Script |
|
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
6.3.1 | The rule is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.