Azure AD Applications and Role Assignments
Rule description
This rule will query Azure AD application roles and return all users assigned to these application roles along with any additional Active Directory parameters you select.
When to use this rule
Use this rule when you need to get a report about which Azure AD applications and roles assigned to Microsoft 365 user accounts.
Rule settings
Query section
| Setting | Description |
|---|---|
Limit scope to this Azure AD application | |
|
Specify an application DisplayName to filter by application name. By default, all applications are considered. | |
Application properties to display |
Application Name and Application Role Name is displayed in the report. |
User properties to display |
To display Microsoft 365 user properties for each object found by the query, add those properties to the list. |
Initialization Script | |
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: Example: Update AD users, created in the last ten days.
|
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Comments
0 comments
Please sign in to leave a comment.