Hi @Synthetic_Sentience,
It is possible to use PowerShell and the Microsoft Graph API to query and retrieve permissions for users in Microsoft 365 portals (Intune, Exchange Online,...)
To do this, you can try use the Invoke-RestMethod cmdlet to make API requests to the Microsoft Graph API. For example, to get the permissions for a specific user in Intune, you could use the following:
# Define the user's UPN (User Principal Name)
$upn = "email address removed for privacy reasons"
# Set the required API endpoint and version
$apiEndpoint = "https://graph.microsoft.com/v1.0"
$apiUrl = "$apiEndpoint/users/{0}/appRoleAssignments" -f $upn
# Make the API request to get the permissions for the user
$accessToken = "<Access Token>" # Replace with your valid access token
$headers = @{
"Authorization" = "Bearer $accessToken"
}
$response = Invoke-RestMethod -Uri $apiUrl -Headers $headers
# Display the permissions for the user
$response.value | Select-Object -Property appRoleId, appRoleDefinitionId, principalDisplayName, principalId
The script queries the Microsoft Graph API by making a GET request to the /users/{userPrincipalName}/appRoleAssignments endpoint, which retrieves the app role assignments (permissions) for the specified user
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
