LeastPrivilegedMSGraph

1.0.0

Analyzes Microsoft Graph permissions and provides least privileged recommendations

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name LeastPrivilegedMSGraph -RequiredVersion 1.0.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name LeastPrivilegedMSGraph -Version 1.0.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Mynster

Copyright

Package Details

Author(s)

Morten Mynster

Functions

Export-PermissionAnalysisReport Get-AppActivityData Get-AppRoleAssignment Get-AppThrottlingData Get-PermissionAnalysis Initialize-LogAnalyticsApi

Dependencies

- EntraAuth
- PSFramework

Release Notes

## [1.0.0] - 2025-12-15

### Added
- **PSFramework Integration:**
- Utilizing the logging functionality along with runspace management
- Provides significantly faster results (2x performance improvement even with the bug fix implemented)
- **GitHub Pages Documentation:**
- Interactive command reference with searchable documentation
- Modern dark-themed documentation site with responsive design
- Comprehensive getting started guide
- Workflow examples demonstrating common use cases
- **Get-AppActivityData:**
- Introduce 3 new parameters
   - `-ThrottleLimit` allows you to specify a certain amoun of runspaces so it gathers multiple app data at once i recommend setting it somewhere between 5-20 the higher you go the more resources you use
   - `-MaxActivityEntries` This parameter allows you to specify how much data you want to base your analysis on lets say you want to look back 30 days but some apps might have sent 20 Millon requests in that time frame this parameter allows you to specify how many requests from the last 30 days you want to base of. This also allows you to speed up your analysis even further, usefull if you just want a fast overview but note that you might not get all endpoints that has been hit. Default amount is set to 100.000 request per app.
   - `-retainRawUri` Interested in the specific url's your apps are hitting? well worry no further this switch allows you to retain the raw url instead of annomynizing it note that if you utilize this switch you will not be able to run a permission analysis on the endpoints

### Fixed
- **Critical bug in `Get-AppActivityData`:**
- Applications with high activity volumes (e.g., 19 million requests) would fail to gather activity data and return 0 results
- Command now splits datetime ranges to handle large datasets reliably
- Results are now complete and accurate regardless of activity volume

### Performance
- 2x faster execution with PSFramework runspace implementation while maintaining complete data accuracy

### Acknowledgments
Huge thanks to @FriedrichWeinmann for his sparring and assistance on the PSFramework implementation.

FileList

LeastPrivilegedMSGraph.nuspec
LeastPrivilegedMSGraph.psm1
en-US\about_LeastPrivilegedMSGraph.help.txt
data\permissions-beta.json
data\extraction-summary.md
en-US\LeastPrivilegedMSGraph-help.xml
data\permissions-v1.0.json
data\base.html
LeastPrivilegedMSGraph.psd1

Version History

Version	Downloads	Last updated
1.1.0	17	12/19/2025
1.0.0 (current version)	8	12/15/2025
0.1.2-preview	16	11/26/2025
0.1.1-preview	4	11/26/2025