'How to get the list of access policies of an Azure keyvault related to individual users?
I'm working on a script to remove all the permissions for indivudual users on a keyvault and replacing them with an access policy for a security group instead. With Get-AzKeyVault you can get all the access policies for a key vault, but I don't see a property on the access policy that allows me to differentiate between individual user accounts, applications, and security groups, like the Azure Portal does.
Solution 1:[1]
If you have enough slow browser then you may notice that Azure Portal first load plain list and then group it by type. This is exactly because of same reason as you have: the Graph API can return only the object id and nothing else. You should get the object to actually find out the type:
$kv = Get-AzKeyVault -VaultName you-vault-name
# take all object ids for policies
$ids = $kv.AccessPolicies | select -ExpandProperty ObjectId
$objects = Get-AzureADObjectByObjectId -ObjectIds $ids
$objects | % {
$obj = $_
$kv.AccessPolicies | ? {$_.ObjectId -eq $obj.ObjectId} | Add-Member -MemberType NoteProperty -Name "Type" -Value $obj.GetType().Name -Force
}
$kv.AccessPolicies | ft
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | FreemanRU |