下面会用Powershell Azure AD实现创建一个自定义的App,其中包括Micrsoft Graph Read all groups权限添加,以及certificate证书验证上传证书的操作
1.获得自己自定义的证书的内容
#$certificatePath是自己证书的绝对路径
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificate.Import($certificatePath)
$certBinaries = $certificate.GetRawCertData()
$certHash = $certificate.GetCertHash();
$CertBase64 = [System.Convert]::ToBase64String($certBinaries)
$CustomKeyIdentifier=[System.Convert]::ToBase64String($certHash)
2.连接Azure AD,会弹出微软的用户输入窗口,输入有相应权限的用户
#$$TenantRegion是自己Tenant的区域,也可以输入$azureAd=Connect-AzureAD,默认是Global
$azureAd=Connect-AzureAD -AzureEnvironmentName $TenantRegion
3.建好Micrsoft Graph Read all groups权限的信息
$requiredAccess = New-Object 'System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]'
#oliver te