Generate-EntraAdminRolesReport

0.2

This PowerShell script generates a comprehensive HTML report of Microsoft Entra ID administrative role assignments. It connects to Microsoft Graph API using multiple authentication methods (Interactive, ClientSecret, or Certificate) and retrieves all role assignments in the tenant, including permanent and eligible (PIM) assignments. The script categorizes assignments

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Generate-EntraAdminRolesReport

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Royklo

Package Details

Author(s)

Roy Klooster

Functions

New-AdminRoleHTMLReport Invoke-GraphRequestWithPaging Install-Requirements Connect-ToMgGraph Get-SecurityGroups Get-PIMAuditLogs

Dependencies

This script has no dependencies.

Release Notes

0.1 - Initial version of the script, providing basic functionality to connect to Microsoft Graph and retrieve role assignments.
0.2 - Adding authentication option for system managed identity and access token
Removed the need of the paramater "IncludePrivilegedAssignments" because this sometimes confusing for admins
Added extra required scopes for the script to function correctly.
Added PIM audit logs with filter options
Fixed some UI issues in the HTML report.

FileList

Generate-EntraAdminRolesReport.nuspec
Generate-EntraAdminRolesReport.ps1

Version History

Version	Downloads	Last updated
0.2 (current version)	161	5/2/2025
0.1	321	4/25/2025