EXORBACforAppManagement

0.5.1

Exchange Online RBAC governance for Entra application service principals: register apps, assign EXO application role scopes, and read them back. Requires the Microsoft.Graph and ExchangeOnlineManagement modules to be installed and connected at runtime (not declared as RequiredModules so the module imports without them for unit testing).

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name EXORBACforAppManagement

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name EXORBACforAppManagement

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Ziemek Borowski. All rights reserved.

Package Details

Author(s)

  • Ziemek Borowski

Tags

Exchange ExchangeOnline RBAC Entra AzureAD Graph M365

Functions

New-RBACforAppEntry New-RegisteredApp Get-RBACforAppEntry Get-RegisteredAppWithPermission New-RBACforAppUnifiedGroup Register-EXOServicePrincipal Convert-ApplicationAccessPolicyToRBAC Test-RBACforAppEntry Remove-RBACforAppEntry Set-RBACforAppEntry

Dependencies

This module has no dependencies.

Release Notes

0.4.1 - Renamed the module from RBACforAppGovern to EXORBACforAppManagement (module identity only; public function names and the manifest GUID are unchanged). New-RBACforAppEntry / New-RBACforAppUnifiedGroup now report the Unified Group owner as OwnerRequested/OwnerAdded. 0.4.0 - Added Convert-ApplicationAccessPolicyToRBAC: migrates legacy Application Access Policies to RBAC for Applications by deriving roles from the app's Graph permission grants and delegating to New-RBACforAppEntry. 0.3.0 - Get-RBACforAppEntry now filters by assignee type, defaulting to ServicePrincipal (use -RoleAssigneeType All or a specific type to change). 0.2.1 - Default -ManagedBy is now GraphAPI-Dummy-owner (a group owner must be a valid owner account, distinct from a plain member). 0.2.0 - Extracted New-RBACforAppUnifiedGroup and Register-EXOServicePrincipal as public functions; New-RBACforAppEntry now delegates to them.

FileList

Version History

Version Downloads Last updated
0.5.1 (current version) 5 6/7/2026