MSIdentityTools Commands

• Add-MsIdServicePrincipalCreate service principal for existing application registration
• Confirm-MsIdJwtTokenSignatureValidate the digital signature for JSON Web Token.
• ConvertFrom-MsIdAadcAadConnectorSpaceDnConvert Azure AD connector space object Distinguished Name (DN) in AAD Connect
• ConvertFrom-MsIdAadcSourceAnchorConvert Azure AD Connect metaverse object sourceAnchor or Azure AD ImmutableId to sourceGuid.
• ConvertFrom-MsIdJwtTokenConvert Msft Identity token structure to PowerShell object.
• ConvertFrom-MsIdSamlMessageConvert SAML Message structure to PowerShell object.
• ConvertFrom-MsIdUniqueTokenIdentifierConvert Azure AD Unique Token Identifier to Request Id.
• Expand-MsIdJwtTokenPayloadExtract Json Web Token (JWT) payload from JWS structure to PowerShell object.
• Export-MsIdAppConsentGrantReportLists and categorizes privilege for delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments).
• Export-MsIdAzureMfaReportExports the list of users that have signed into the Azure portal, Azure CLI, or Azure PowerShell over the last 30 days by querying the sign-in logs.
• Find-MsIdUnprotectedUsersWithAdminRolesFind Users with Admin Roles that are not registered for MFA
• Get-MsIdAdfsSamlTokenInitiates a SAML logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdAdfsSampleAppReturns the list of availabe sample AD FS relyng party trust applications available in this module.
• Get-MsIdAdfsWsFedTokenInitiates a Ws-Fed logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdAdfsWsTrustTokenInitiates a Ws-Trust logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdApplicationIdByAppIdLookup Application Registration by AppId
• Get-MsIdAuthorityUriBuild Microsoft Identity Provider Authority URI
• Get-MsIdAzureIpRangeGet list of IP ranges for Azure
• Get-MsIdAzureUsersReturns a list of users that have signed into the Azure portal, Azure CLI, or Azure PowerShell over the last 30 days by querying the sign-in logs.
• Get-MsIdCrossTenantAccessActivityGets cross tenant user sign-in activity
• Get-MsIdGroupWithExpirationReturn groups with an expiration date via lifecycle policy.
• Get-MsIdGroupWritebackConfigurationGets the group writeback configuration for the group ID
• Get-MsIdHasMicrosoftAccountReturns true if the user's mail is a Microsoft Account
• Get-MsIdInactiveSignInUserRetrieve Users who have not had interactive sign ins since XX days ago
• Get-MsIdIsViralUserReturns true if the user's mail domain is a viral (unmanaged) Azure AD tenant.
• Get-MsIdMsftIdentityAssociationParse Microsoft Identity Association Configuration for a Public Domain (such as published apps)
• Get-MsIdO365EndpointsGet list of URLs and IP ranges for O365
• Get-MsIdOpenIdProviderConfigurationParse OpenId Provider Configuration and Keys
• Get-MsIdProvisioningLogStatisticsGet Statistics for Set of Azure AD Provisioning Logs
• Get-MsIdSamlFederationMetadataParse Federation Metadata
• Get-MsIdServicePrincipalIdByAppIdLookup Service Principal by AppId
• Get-MsIdSigningKeyThumbprintGet signing keys used by Azure AD.
• Get-MsIdUnmanagedExternalUserReturns a list of all the external users in the tenant that are unmanaged (viral users).
• Get-MsIdUnredeemedInvitedUserRetrieve Users who have not had interactive sign ins since XX days ago
• Import-MsIdAdfsSampleAppImports a list availabe sample AD FS relyng party trust applications available in this module, the list is created by the Get-MsIdAdfsSampleApps cmdlet.
• Import-MsIdAdfsSamplePolicyImports the 'MsId Block Off Corp and VPN' sample AD FS access control policy.
• Invoke-MsIdAzureAdSamlRequestInvoke Saml Request on Azure AD.
• New-MsIdClientSecretGenerate Random Client Secret for application registration or service principal in Azure AD.
• New-MsIdSamlRequestCreate New Saml Request.
• New-MsIdTemporaryUserPasswordGenerate Random password for user in Azure AD.
• New-MsIdWsTrustRequestCreate a WS-Trust request.
• Remove-MsIdUserAuthenticationMethodDeletes all the authentication methods registered against a user.
• Reset-MsIdExternalUserResets the redemption state of an external user.
• Resolve-MsIdAzureIpAddressLookup Azure IP address for Azure Cloud, Region, and Service Tag.
• Resolve-MsIdTenantResolve TenantId or DomainName to an Azure AD Tenant
• Revoke-MsIdServicePrincipalConsentRevoke Existing Consent to an Azure AD Service Principal.
• Set-MsIdServicePrincipalVisibleInMyAppsToggles whether application service principals are visible when launching myapplications.microsoft.com (MyApps)
• Set-MsIdWindowsTlsSettingsSet TLS settings on Windows OS to use more secure TLS protocols.
• Show-MsIdJwtTokenShow Json Web Token (JWT) decoded in Web Browser using diagnostic web app.
• Show-MsIdSamlTokenShow Saml Security Token decoded in Web Browser using diagnostic web app.
• Split-MsIdEntitlementManagementConnectedOrganizationSplit elements of a connectedOrganization
• Test-MsIdAzureAdDeviceRegConnectivityTest connectivity on Windows OS for Azure AD Device Registration
• Test-MsIdCBATrustStoreConfigurationTest & report for common mis-configuration issues with the Entra ID Certificate Trust Store
• Update-MsIdApplicationSigningKeyThumbprintUpdate a Service Princpal's preferredTokenSigningKeyThumbprint to the specified certificate thumbprint
• Update-MsIdGroupWritebackConfigurationUpdate an Azure AD cloud group settings to writeback as an AD on-premises group
• Update-MsIdInvitedUserSponsorsFromInvitedByUpdate the Sponsors attribute to include the user who initially invited them to the tenant using the InvitedBy property.