# Microsoft Entra ID PowerShell Script # Create a new temporary Access Pass (TAP) as bulk # Author : Yutaro Tamai (https://sccm.jp) # Initialization phase (Installing and Importing Modules) Install-Module Microsoft.Graph.Identity.Signins Install-Module Microsoft.Graph.Users Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force Import-Module Microsoft.Graph.Identity.SignIns Import-Module Microsoft.Graph.Users # Connect Microsoft Graph Connect-MgGraph -Scopes "UserAuthenticationMethod.ReadWrite.All", "User.Read.All" -NoWelcome # Input lifetime of the Temporary Access Pass by user [int]$TAP_Lifetime = Read-Host "Temporary Access Pass の有効期間 (分) を入力してください。" # Select a CSV user list Add-Type -assemblyName System.Windows.Forms $FileLoadDialog = New-Object System.Windows.Forms.OpenFileDialog $FileLoadDialog.Filter = "CSV File|*.csv" $FileLoadDialog.Title = "ユーザー リストを選択してください" if ($FileLoadDialog.ShowDialog() -ne [System.Windows.Forms.DialogResult]::OK) { Write-Output "処理をキャンセルしました" $FileLoadDialog.Dispose() exit } $Load_CSV_Path = $FileLoadDialog.FileName $FileLoadDialog.Dispose() # Select a CSV file to save $FileSaveDialog = New-Object System.Windows.Forms.SaveFileDialog $FileSaveDialog.Filter = "CSV File|*.csv" $FileSaveDialog.Title = "結果を保存するファイルを選択してください" $FileSaveDialog.OverwritePrompt = $True if ($FileSaveDialog.ShowDialog() -ne [System.Windows.Forms.DialogResult]::OK) { Write-Output "処理をキャンセルしました" $FileSaveDialog.Dispose() exit } $Save_CSV_Path = $FileSaveDialog.FileName $FileSaveDialog.Dispose() # Import CSV $UPNs = Import-Csv $Load_CSV_Path # Set json $properties = @{} $properties.isUsableOnce = $False $properties.LifetimeInMinutes = $TAP_Lifetime $propertiesJSON = $properties # Define array for result $TAP_Exports = New-Object System.Collections.ArrayList Foreach($UPN in $UPNs){ # Define variable $TAP_Export = New-Object PSObject | Select-Object UserPrincipalName, Mail, Manager_Mail, TemporaryAccessPass, TAP_StartDateTime_JST, TAP_LifetimeInMinutes, TAP_Expiration_JST # Get basic information $TAP_Export.UserPrincipalName = $UPN.Users $TAP_Export.Mail = Get-MgUser -UserId $UPN.Users | ForEach-Object {$_.Mail} # Create TAP $TAP_Info = New-MgUserAuthenticationTemporaryAccessPassMethod -UserId $UPN.Users -BodyParameter $propertiesJSON $TAP_Export.TemporaryAccessPass = $TAP_Info.TemporaryAccessPass # Get time-related data for TAP $TAP_Export.TAP_StartDateTime_JST = $TAP_Info.StartDateTime.AddHours(9) $TAP_Export.TAP_LifetimeInMinutes = $TAP_Info.LifetimeInMinutes $TAP_Export_StartDateTime_UTC = $TAP_Info.StartDateTime.AddMinutes($TAP_Info.LifetimeInMinutes) $TAP_Export.TAP_Expiration_JST = $TAP_Export_StartDateTime_UTC.AddHours(9) # Get Manager information, Error handling (No Manager) $TAP_Export.Manager_Mail = Get-MgUserManager -UserId $UPN.Users -ErrorAction SilentlyContinue | ForEach-Object {Get-MgUser -UserId $_.id } | ForEach-Object {$_.Mail} # Add Array [void]$TAP_Exports.Add($TAP_Export) } # Write results to target CSV file $TAP_Exports | Export-Csv $Save_CSV_Path -NoTypeInformation -Encoding UTF8 -NoClobber # End action (remove variable) Remove-Variable -Name TAP_Info, TAP_Export, TAP_Exports, TAP_Lifetime, TAP_Export_StartDateTime_UTC