Skip to main content

SYNOPSIS

Get-MgRoleReport.ps1 - Reports on Microsoft Entra ID (Azure AD) roles

SYNTAX

Get-MgRoleReport [-IncludeEmptyRoles] [[-IncludePIMEligibleAssignments] <Boolean>] [-ForceNewToken]
 [-MaesterMode] [-ExportToExcel] [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

By default, the report contains only the roles with members. To get all the role, included empty roles, add -IncludeEmptyRoles $true

EXAMPLES

EXAMPLE 1

Get-MgRoleReport
Get all the roles with members, including PIM eligible assignments but without empty roles

EXAMPLE 2

Get-MgRoleReport -IncludeEmptyRoles
Get all the roles, including the ones without members

EXAMPLE 3

Get-MgRoleReport -IncludePIMEligibleAssignments $false
Get all the roles with members (without empty roles), but without PIM eligible assignments

EXAMPLE 4

Get-MgRoleReport | Export-CSV -NoTypeInformation "$(Get-Date -Format yyyyMMdd)_adminRoles.csv" -Encoding UTF8

PARAMETERS

-IncludeEmptyRoles

Switch parameter to include empty roles in the report 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-IncludePIMEligibleAssignments

Boolean parameter to include PIM eligible assignments in the report. Default is $true 
Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-ForceNewToken

Switch parameter to force getting a new token from Microsoft Graph 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-MaesterMode

Switch parameter to use with the Maester framework (internal process not presented here) 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ExportToExcel

Switch parameter to export the report to an Excel file in the user’s profile directory 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

The report is output to an array contained all the audit logs found.

To export in a csv, do Get-MgRoleReport | Export-CSV -NoTypeInformation ”$(Get-Date -Format yyyyMMdd)_adminRoles.csv” -Encoding UTF8

NOTES

https://itpro-tips.com/get-the-office-365-admin-roles-and-track-the-changes/ Written by Bastien Perez (Clidsys.com - ITPro-Tips.com) For more Office 365/Microsoft 365 tips and news, check out ITPro-Tips.com. https://ps365.clidsys.com/docs/commands/Get-MgRoleReport