AzureAD / M365 – View all active role assignments

As I am implementing many Conditional Access Policies and scope them to specific roles, I want to know which admins will be effected, in advance. But I am too lazy to go through all roles by hand, so I wrote following script: Nothing too fancy, but re-usable. But be aware: Roles “eligable” via PIM “eligable” Read more about AzureAD / M365 – View all active role assignments[…]

Report all Azure AD role assignments

Having “historically grown” structures it could happen that you lose the overview of all role assisgnments in Azure AD. With this script you can create a report: Import-Module AzureAD Connect-AzureAD $AllAzureADDirectoryRoles = Get-AzureADDirectoryRole $Table = @() Foreach ($AzureADDirectoryRole in $AllAzureADDirectoryRoles){ Foreach($User in ($AzureADDirectoryRole | Get-AzureADDirectoryRoleMember)){ $Row = “” | Select DirectoryRole,UserPrincipalName $Row.DirectoryRole = $AzureADDirectoryRole.DisplayName $Row.UserPrincipalName Read more about Report all Azure AD role assignments[…]