KQL Search

Query Details

HomeAI ToolsDevice Query

External Data Microsoft Graph Permissions

Query

let PermissionsData = materialize(
    externaldata(delegatedScopesList: dynamic, applicationScopesList: dynamic)
    [@'https://raw.githubusercontent.com/microsoftgraph/microsoft-graph-devx-content/master/permissions/permissions-descriptions.json']
    with(format='multijson')
);
let DelegatedPermissions =
    PermissionsData
    | project delegatedScopesList
    | mv-expand delegatedScopesList
    | evaluate bag_unpack(delegatedScopesList)
    | project
        PermissionName = value,
        AdminConsent = isAdmin,
        DelegatedPermissionId = id,
        ConsentDisplayName = consentDisplayName,
        ConsentDescription = consentDescription,
        AdminConsentDisplayName = adminConsentDisplayName,
        AdminConsentDescription = adminConsentDescription
;
let ApplicationPermissions =
    PermissionsData
    | project applicationScopesList
    | mv-expand applicationScopesList
    | evaluate bag_unpack(applicationScopesList)
    | project
        PermissionName = value,
        ApplicationPermissionId = id,
        ApplicationConsentDisplayName = consentDisplayName,
        ApplicationConsentDescription = consentDescription
;
ApplicationPermissions
| join kind=fullouter DelegatedPermissions on PermissionName
| extend
    PermissionName = iff(isnotempty(PermissionName), PermissionName, PermissionName1),
    PermissionAPI = "Microsoft Graph",
    ConsentRisk = ""
| sort by PermissionAPI asc, PermissionName asc
| project
    PermissionAPI,
    PermissionName,
    AdminConsent,
    ConsentRisk,
    ConsentDisplayName,
    ConsentDescription,
    AdminConsentDisplayName,
    AdminConsentDescription,
    DelegatedPermissionId,
    ApplicationConsentDisplayName,
    ApplicationConsentDescription,
    ApplicationPermissionId

Explanation

This query is pulling data from a JSON file hosted on GitHub that contains information about permissions for Microsoft Graph. It then separates this data into two categories: Delegated Permissions and Application Permissions.

For Delegated Permissions, it extracts details such as the permission name, whether admin consent is required, the permission ID, and various display names and descriptions.

For Application Permissions, it extracts similar details but specific to application permissions.

The query then joins these two sets of data together based on the permission name. If there's no permission name in one of the sets, it uses the permission name from the other set. It also adds a column for the Permission API (which is set to "Microsoft Graph" for all rows) and a column for Consent Risk (which is left empty for all rows).

Finally, it sorts the data by the Permission API and Permission Name, and selects specific columns to display in the final output. These columns include the Permission API, Permission Name, Admin Consent, Consent Risk, and various display names, descriptions, and IDs for both Delegated and Application Permissions.

Details

Jose Sebastián Canós profile picture

Jose Sebastián Canós

Released: December 5, 2022

Tables

PermissionsDataDelegatedPermissionsApplicationPermissions

Keywords

Permissions,MicrosoftGraph,Consent,DelegatedPermissionId,ApplicationPermissionId,ConsentDisplayName,ConsentDescription,AdminConsentDisplayName,AdminConsentDescription,ApplicationConsentDisplayName,ApplicationConsentDescription

Operators

materialize()externaldata()with()project()mv-expand()evaluate()bag_unpack()join()extend()iff()isnotempty()sort by.

Actions