Although I found a good example/article on how to set modify permission through Intune, I wanted to use more of a desired state configuration type remediation where inheritance is removed and all defined ACL’s are exclusively applied to a given folder and all child folders/files. It also includes creating the folder if it isn’t there yet, which can be useful for certain legacy applications 🙂
Are you also curious about all those PowerApps and Flows in your environment? Orphaned ones maybe? Or when someone leaves the company?
1.2.2 adds scanning of PowerApps and Flows! Only when using SPN auth. (setup instructions)
In addition to that, I’ve also added provisional support for scans of tenants in USGOV, USDOD and China. Since I don’t have a test tenant there, I’ll have to rely on you to test how it performs there.
Yes, we finally have Microsoft Azure! All active and eligible permissions are in scope from the subscription level and below.
If you use a service principal for scanning, be sure to assign read permissions for it to all subscriptions (or lower level resource groups) you want it to index.