Assuming you have an enterprise app configured (staged) – e.g. Exchange – and need to assign multiple users with the same role (e.g. User) to the app.

Quick Test and Connect to AAD (use Cloud Shell Preferably)

Connect-AzureAD 

Get-AzureADUser -ObjectId "[email protected]"

If the user is found correctly, run the Actual Script shown below:

TIP: Save this as a .ps1 locally and upload it via your cloud shell VM.  e.g. Run it from the home folder –  ./AddUserAssignments.ps1

# Assign the values to the variables
$username = "[email protected]"
$app_name = "Exchange" 
$app_role_name = "User"

# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId "$username"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id

Summary

That’s it. I prefer to run azure cloud shell (needs a storage account set up) . Save the file as a ps1 and upload it to cloud shell.

 


Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.