Fetch Azure role assignments to AAD groups

0
votes

In our current azure tenant we have 100's of subscriptions, user access is managed by azure AAD groups.

How can i view roles assigned to a group, Assume 1 group had access to only 1 subscription out of 100 subscriptions then from portal i need to select each and every subscription in group Azure role assignment page.

I wonder is there any direct way to fetch using powershell?

Thanks dev

2
azurepowershellazure-active-directoryazure-role-environment
@CarlZhao Thanks for the reply..link you have provide is related to exchange not related to azure AAD groupsDev Reddy
Hi, If you still have any doubts, I will answer you as soon as possible.Carl Zhao

2 Answers

1
votes
  1. In MS Graph API docs there is List appRoleAssignments granted to a group : https://docs.microsoft.com/en-US/graph/api/group-list-approleassignments?view=graph-rest-1.0&tabs=http
  2. Test it under MS Graph
  3. You can use Microsoft Graph PowerShell SDK https://github.com/microsoftgraph/msgraph-sdk-powershell
  4. Here are samples code - for example for fetching groups: https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/samples
1
votes

Usually we use the Get-AzRoleAssignment command to list all the role assignments that are valid on the scope. If no parameters are specified, this command will return all the role assignments made under the subscription.

For your problem, you want to use a security group to filter this list, just use the Azure AD group ObjectId parameter:

Get-AzRoleAssignment -ObjectId  <your group objectid>

enter image description here