search

JulianHayward / Azure-MG-Sub-Governance-Reporting

Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
MIT License
858 stars 308 forks source link

Scoping AAD and/or Graph read rights to an AU? #192

Closed cpen-blm closed 1 year ago

cpen-blm commented 1 year ago

We need to be able to scope the read rights of the service principal to just an AU within AAD (we have this deployed to GitHub and are using Actions).

I can't seem to find any info in the Microsoft documentation relating to scoping AAD read rights of the SP down further to an AU - can you please provide insight or even another way?

We do not have tenant access and are a business unit under the tenant with many systems, so being able to run this app at our level without having to manually run it would be helpful. We do have access to our own AU within AAD.

Thanks!

JulianHayward commented 1 year ago

@cpen-blm I do not have a solution handy, if you find a way to accomplish please post back - thanks. close for now?

cpen-blm commented 1 year ago

I guess, the folks at the tenant don't seem to know either so maybe we cannot use your app which would be a shame as it is helpful.