Public/Get-GkConsentRequest.ps1
|
function Get-GkConsentRequest { <# .SYNOPSIS Report pending admin-consent requests (apps waiting for an administrator to grant permissions). .DESCRIPTION Reads GET /identityGovernance/appConsent/appConsentRequests — apps for which users have requested admin consent. Requires the admin-consent workflow to be enabled in the tenant. Requires the ConsentRequest.Read.All scope. Unavailable data warns and returns nothing. .PARAMETER AsReport Add a ReportGeneratedUtc column. .EXAMPLE Get-GkConsentRequest Apps awaiting admin consent, with the number of pending permission scopes. .EXAMPLE Get-GkConsentRequest | Where-Object PendingScopeCount -gt 0 | Sort-Object AppDisplayName .EXAMPLE Get-GkConsentRequest -AsReport | Export-Csv .\consent-requests.csv -NoTypeInformation .OUTPUTS PSGraphKit.ConsentRequest #> [CmdletBinding()] [OutputType('PSGraphKit.ConsentRequest')] param( [switch] $AsReport ) begin { Test-GkConnection -FunctionName 'Get-GkConsentRequest' | Out-Null $now = [datetime]::UtcNow } process { try { $requests = Invoke-GkGraphRequest -Uri '/identityGovernance/appConsent/appConsentRequests' -CallerFunction 'Get-GkConsentRequest' } catch { Write-Warning "Could not read admin-consent requests. Requires ConsentRequest.Read.All and the admin-consent workflow to be enabled. $($_.Exception.Message)" return } foreach ($r in $requests) { $obj = [ordered]@{ PSTypeName = 'PSGraphKit.ConsentRequest' AppDisplayName = [string](Get-GkDictValue $r 'appDisplayName') AppId = [string](Get-GkDictValue $r 'appId') PendingScopeCount = [int](Get-GkDictValue $r 'pendingScopeCount') ConsentType = [string](Get-GkDictValue $r 'consentType') Id = [string](Get-GkDictValue $r 'id') } if ($AsReport) { $obj['ReportGeneratedUtc'] = $now } [pscustomobject]$obj } } } |