Generate-EntraAdminRolesReport

0.9

This PowerShell script generates a comprehensive HTML report of Microsoft Entra ID administrative role assignments. It connects to Microsoft Graph API using multiple authentication methods (Interactive, ClientSecret, or Certificate) and retrieves all role assignments in the tenant, including permanent and eligible (PIM) assignments. The script categorizes assignments
This PowerShell script generates a comprehensive HTML report of Microsoft Entra ID administrative role assignments. It connects to Microsoft Graph API using multiple authentication methods (Interactive, ClientSecret, or Certificate) and retrieves all role assignments in the tenant, including permanent and eligible (PIM) assignments. The script categorizes assignments by principal type (users, groups, service principals), collects group membership details, and supports filtering by various criteria.


Show more

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Generate-EntraAdminRolesReport

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Package Details

Author(s)

  • Roy Klooster

Tags

RKSolutions Microsoft365 MicrosoftEntraID MicrosoftGraph

Functions

New-AdminRoleHTMLReport Invoke-GraphRequestWithPaging Install-Requirements Connect-ToMgGraph Get-SecurityGroups Get-PIMAuditLogs Send-EmailWithAttachment Get-GroupActivationDetails

Dependencies

This script has no dependencies.

Release Notes

0.1 - Initial version of the script, providing basic functionality to connect to Microsoft Graph and retrieve role assignments.
0.2 - Adding authentication option for system managed identity and access token
Removed the need of the paramater "IncludePrivilegedAssignments" because this sometimes confusing for admins
Added extra required scopes for the script to function correctly.
Added PIM audit logs with filter options
Fixed some UI issues in the HTML report.
0.3 - Added e-mail functionality
0.4 - corrected the missing mail.send permission.
0.5 - fixed the activated roles and added activated members column to the group assignment overview
0.6 - added debugmode parameter
0.7 - added group membership overview report, fixed some UI issues, added more filter options, added custom search functionality, added theme toggle switch, improved DataTables integration, and enhanced overall styling and responsiveness.

FileList

Version History

Version Downloads Last updated
0.9 (current version) 23 6/30/2025
0.6 46 6/28/2025
0.5 12 6/27/2025
0.4 173 5/23/2025
0.3 15 5/22/2025
0.2 221 5/2/2025
0.1 361 4/25/2025
Show more