Closed Chris1WK closed 11 months ago
bgavrilMS
commented
11 months ago Well you have scopes in there
Scopes = 'https://graph.microsoft.com/User.Read.All','https://graph.microsoft.com/Files.ReadWrite'
Scope is the OAuth2 equivalent of the old "resource". It's like a resource, but more granular.
Chris1WK
commented
11 months ago Doh, I see what happened. I originally tried that, and it failed with an AAD 50131 error with PS Core. I (foolishly) assumed it wasn't capable. I just tried the same thing on PS 5.1 (ISE) and it works with scopes similar to this - "https://api.securitycenter.windows.com/AdvancedQuery.Read".
Reading this page from Microsoft documentation they indicate you can use the MSAL modules for resources other than the graph - Microsoft security center in this case (api.securitycenter.microsoft.com). Their example appears to be a copy-pasta for accessing some AAD/SharePoint scopes.
https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-create-app-user-context?view=o365-worldwide#get-an-access-token-on-behalf-of-a-user-using-powershell
It doesn't seem to have a parameter to specify the resource. Maybe I am missing something?