MSIdentityTools Commands

• Add-MsIdClientSecretToAgentIdentityBlueprint
  Adds a client secret to the current Agent Identity Blueprint
• Add-MsIdInheritablePermissionsToAgentIdentityBlueprint
  Adds inheritable permissions to Agent Identity Blueprints
• Add-MsIdPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal
  Grants permission to create Agent Users to the Agent Identity Blueprint Principal
• Add-MsIdPermissionsToInheritToAgentIdentityBlueprintPrincipal
  Opens admin consent page in browser for Agent Identity Blueprint Principal to inherit permissions
• Add-MsIdRedirectURIToAgentIdentityBlueprint
  Adds a web redirect URI to the current Agent Identity Blueprint
• Add-MsIdScopeToAgentIdentityBlueprint
  Adds an OAuth2 permission scope to the current Agent Identity Blueprint
• Add-MsIdServicePrincipal
  Create service principal for existing application registration
• Confirm-MsIdJwtTokenSignature
  Validate the digital signature for JSON Web Token.
• Connect-MsIdEntraAsUser
  Connects to Microsoft Graph as a user with required scopes and validates admin privileges
• ConvertFrom-MsIdAadcAadConnectorSpaceDn
  Convert Azure AD connector space object Distinguished Name (DN) in AAD Connect
• ConvertFrom-MsIdAadcSourceAnchor
  Convert Azure AD Connect metaverse object sourceAnchor or Azure AD ImmutableId to sourceGuid.
• ConvertFrom-MsIdJwtToken
  Convert Msft Identity token structure to PowerShell object.
• ConvertFrom-MsIdSamlMessage
  Convert SAML Message structure to PowerShell object.
• ConvertFrom-MsIdUniqueTokenIdentifier
  Convert Azure AD Unique Token Identifier to Request Id.
• Disconnect-MsIdEntraAgentID
  Disconnects from Microsoft Graph and clears module connection state
• Expand-MsIdJwtTokenPayload
  Extract Json Web Token (JWT) payload from JWS structure to PowerShell object.
• Export-MsIdAppConsentGrantReport
  Lists and categorizes privilege for delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments).
• Export-MsIdAzureMfaReport
  Exports the list of users that have signed into the Azure portal, Azure CLI, or Azure PowerShell over the last 30 days by querying the sign-in logs.
• Find-MsIdUnprotectedUsersWithAdminRoles
  Find Users with Admin Roles that are not registered for MFA
• Get-MsIdAdfsSamlToken
  Initiates a SAML logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdAdfsSampleApp
  Returns the list of availabe sample AD FS relyng party trust applications available in this module.
• Get-MsIdAdfsWsFedToken
  Initiates a Ws-Fed logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdAdfsWsTrustToken
  Initiates a Ws-Trust logon request to and AD FS server to generate log activity and returns the user token.
• Get-MsIdAgentIdentity
  Gets an Agent Identity by its ID
• Get-MsIdAgentIdentityToken
  Acquires an access token for an agent identity using client credentials.
• Get-MsIdApplicationIdByAppId
  Lookup Application Registration by AppId
• Get-MsIdAuthorityUri
  Build Microsoft Identity Provider Authority URI
• Get-MsIdAzureIpRange
  Get list of IP ranges for Azure
• Get-MsIdAzureUsers
  Returns a list of users that have signed into the Azure portal, Azure CLI, or Azure PowerShell over the last 30 days by querying the sign-in logs.
• Get-MsIdCBACertificateUserIdFromCertificate
  Generates an object representing all the values contained in a certificate file that can be used in Entra ID for configuring CertificateUserIDs in Certificate-Based Authentication.
• Get-MsIdCrossTenantAccessActivity
  Gets cross tenant user sign-in activity
• Get-MsIdGroupWithExpiration
  Return groups with an expiration date via lifecycle policy.
• Get-MsIdGroupWritebackConfiguration
  Gets the group writeback configuration for the group ID
• Get-MsIdHasMicrosoftAccount
  Returns true if the user's mail is a Microsoft Account
• Get-MsIdInactiveSignInUser
  Retrieve Users who have not had interactive sign ins since XX days ago
• Get-MsIdIsViralUser
  Returns true if the user's mail domain is a viral (unmanaged) Azure AD tenant.
• Get-MsIdMsftIdentityAssociation
  Parse Microsoft Identity Association Configuration for a Public Domain (such as published apps)
• Get-MsIdO365Endpoints
  Get list of URLs and IP ranges for O365
• Get-MsIdOpenIdProviderConfiguration
  Parse OpenId Provider Configuration and Keys
• Get-MsIdProvisioningLogStatistics
  Get Statistics for Set of Azure AD Provisioning Logs
• Get-MsIdSamlFederationMetadata
  Parse Federation Metadata
• Get-MsIdServicePrincipalIdByAppId
  Lookup Service Principal by AppId
• Get-MsIdSigningKeyThumbprint
  Get signing keys used by Azure AD.
• Get-MsIdUnmanagedExternalUser
  Returns a list of all the external users in the tenant that are unmanaged (viral users).
• Get-MsIdUnredeemedInvitedUser
  Retrieve Users who have not had interactive sign ins since XX days ago
• Grant-MsIdMcpServerPermission
  Grants delegated permissions to MCP clients for the Microsoft MCP Server for Enterprise.
• Import-MsIdAdfsSampleApp
  Imports a list availabe sample AD FS relyng party trust applications available in this module, the list is created by the Get-MsIdAdfsSampleApps cmdlet.
• Import-MsIdAdfsSamplePolicy
  Imports the 'MsId Block Off Corp and VPN' sample AD FS access control policy.
• Invoke-MsIdAgentIdInteractive
  Interactive cmdlet to create and configure an Agent ID.
• Invoke-MsIdAzureAdSamlRequest
  Invoke Saml Request on Azure AD.
• New-MsIdAgentIDForAgentIdentityBlueprint
  Creates a new Agent Identity using an Agent Identity Blueprint
• New-MsIdAgentIDUserForAgentId
  Creates a new Agent User using an Agent Identity
• New-MsIdAgentIdentityBlueprint
  Creates a new Agent Identity Blueprint
• New-MsIdAgentIdentityBlueprintPrincipal
  Creates a service principal for the Agent Identity Blueprint
• New-MsIdClientSecret
  Generate Random Client Secret for application registration or service principal in Azure AD.
• New-MsIdSamlRequest
  Create New Saml Request.
• New-MsIdTemporaryUserPassword
  Generate Random password for user in Azure AD.
• New-MsIdWsTrustRequest
  Create a WS-Trust request.
• Remove-MsIdUserAuthenticationMethod
  Deletes all the authentication methods registered against a user.
• Reset-MsIdExternalUser
  Resets the redemption state of an external user.
• Resolve-MsIdAzureIpAddress
  Lookup Azure IP address for Azure Cloud, Region, and Service Tag.
• Resolve-MsIdTenant
  Resolve TenantId or DomainName to an Azure AD Tenant
• Revoke-MsIdMcpServerPermission
  Revokes delegated permissions from MCP clients for the Microsoft MCP Server for Enterprise.
• Revoke-MsIdServicePrincipalConsent
  Revoke Existing Consent to an Azure AD Service Principal.
• Set-MsIdCbaAuthMethodPolicy
  Configure and enable users for CBA
• Set-MsIdCbaCertificateAuthority
  Configure certificate authorities for certificate-based authentication
• Set-MsIdServicePrincipalVisibleInMyApps
  Toggles whether application service principals are visible when launching myapplications.microsoft.com (MyApps)
• Set-MsIdWindowsTlsSettings
  Set TLS settings on Windows OS to use more secure TLS protocols.
• Show-MsIdJwtToken
  Show Json Web Token (JWT) decoded in Web Browser using diagnostic web app.
• Show-MsIdSamlToken
  Show Saml Security Token decoded in Web Browser using diagnostic web app.
• Split-MsIdEntitlementManagementConnectedOrganization
  Split elements of a connectedOrganization
• Test-MsIdAzureAdDeviceRegConnectivity
  Test connectivity on Windows OS for Azure AD Device Registration
• Test-MsIdCBATrustStoreConfiguration
  Test & report for common mis-configuration issues with the Entra ID Certificate Trust Store
• Update-MsIdApplicationSigningKeyThumbprint
  Update a Service Princpal's preferredTokenSigningKeyThumbprint to the specified certificate thumbprint
• Update-MsIdGroupWritebackConfiguration
  Update an Azure AD cloud group settings to writeback as an AD on-premises group
• Update-MsIdInvitedUserSponsorsFromInvitedBy
  Update the Sponsors attribute to include the user who initially invited them to the tenant using the InvitedBy property.