Document Details

Powershell Webhook Secure Delivery Microsoft Entra User
Home / Scan 41 / Powershell Webhook Secure Delivery Microsoft Entra User
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ windows_first
⚠️ missing_linux_example
⚠️ windows_tools
Summary:
The documentation page is heavily biased towards Windows environments by providing only PowerShell script examples, referencing Azure PowerShell modules, and omitting any equivalent Bash, CLI, or Linux-native instructions. The script assumes the use of PowerShell and Windows-centric tooling, with no mention of cross-platform alternatives or guidance for Linux/macOS users.
Recommendations:
  • Provide equivalent examples using Azure CLI (az) and Bash scripts for each step, ensuring Linux/macOS users can follow along without PowerShell.
  • Explicitly mention that the PowerShell script can be run cross-platform using PowerShell Core, or provide installation instructions for PowerShell on Linux/macOS.
  • Include notes or links to documentation for performing the same tasks using REST API calls or SDKs, which are platform-agnostic.
  • Reorder or supplement instructions so that cross-platform or Linux-native approaches are presented alongside or before Windows/PowerShell-specific methods.
  • Add a section summarizing the requirements and options for users on different operating systems, clarifying how to adapt the instructions for their environment.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-07-12 23:44 #41 in_progress ❌ Biased
2025-07-12 00:58 #8 cancelled ✅ Clean
2025-07-10 05:06 #7 processing ✅ Clean

Flagged Code Snippets

# NOTE: Before run this script ensure you are logged in Azure by using "az login" command. $eventGridAppId = "[REPLACE_WITH_EVENT_GRID_APP_ID]" $webhookAppObjectId = "[REPLACE_WITH_YOUR_ID]" $eventSubscriptionWriterUserPrincipalName = "[REPLACE_WITH_USER_PRINCIPAL_NAME_OF_THE_USER_WHO_WILL_CREATE_THE_SUBSCRIPTION]" # Start execution try { # Creates an application role of given name and description Function CreateAppRole([string] $Name, [string] $Description) { $appRole = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphAppRole $appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string] $appRole.AllowedMemberTypes += "Application"; $appRole.AllowedMemberTypes += "User"; $appRole.DisplayName = $Name $appRole.Id = New-Guid $appRole.IsEnabled = $true $appRole.Description = $Description $appRole.Value = $Name; return $appRole } # Creates Azure Event Grid Microsoft Entra Application if not exists # You don't need to modify this id # But Azure Event Grid Microsoft Entra Application Id is different for different clouds $eventGridSP = Get-MgServicePrincipal -Filter ("appId eq '" + $eventGridAppId + "'") if ($eventGridSP.DisplayName -match "Microsoft.EventGrid") { Write-Host "The Event Grid Microsoft Entra Application is already defined.`n" } else { Write-Host "Creating the Azure Event Grid Microsoft Entra Application" $eventGridSP = New-MgServicePrincipal -AppId $eventGridAppId } # Creates the Azure app role for the webhook Microsoft Entra application $eventGridRoleName = "AzureEventGridSecureWebhookSubscriber" # You don't need to modify this role name $app = Get-MgApplication -ApplicationId $webhookAppObjectId $appRoles = $app.AppRoles Write-Host "Microsoft Entra App roles before addition of the new role..." Write-Host $appRoles.DisplayName if ($appRoles.DisplayName -match $eventGridRoleName) { Write-Host "The Azure Event Grid role is already defined.`n" } else { Write-Host "Creating the Azure Event Grid role in Microsoft Entra Application: " $webhookAppObjectId $newRole = CreateAppRole -Name $eventGridRoleName -Description "Azure Event Grid Role" $appRoles += $newRole Update-MgApplication -ApplicationId $webhookAppObjectId -AppRoles $appRoles } Write-Host "Microsoft Entra App roles after addition of the new role..." Write-Host $appRoles.DisplayName # Creates the user role assignment for the user who will create event subscription $servicePrincipal = Get-MgServicePrincipal -Filter ("appId eq '" + $app.AppId + "'") try { Write-Host "Creating the Microsoft Entra App Role assignment for user: " $eventSubscriptionWriterUserPrincipalName $eventSubscriptionWriterUser = Get-MgUser -UserId $eventSubscriptionWriterUserPrincipalName $eventGridAppRole = $app.AppRoles | Where-Object -Property "DisplayName" -eq -Value $eventGridRoleName New-MgUserAppRoleAssignment -UserId $eventSubscriptionWriterUser.Id -PrincipalId $eventSubscriptionWriterUser.Id -ResourceId $servicePrincipal.Id -AppRoleId $eventGridAppRole.Id } catch { if( $_.Exception.Message -like '*Permission being assigned already exists on the object*') { Write-Host "The Microsoft Entra User Application role is already defined.`n" } else { Write-Error $_.Exception.Message } Break } # Creates the service app role assignment for Event Grid Microsoft Entra Application $eventGridAppRole = $app.AppRoles | Where-Object -Property "DisplayName" -eq -Value $eventGridRoleName New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $eventGridSP.Id -PrincipalId $eventGridSP.Id -ResourceId $servicePrincipal.Id -AppRoleId $eventGridAppRole.Id # Print output references for backup Write-Host ">> Webhook's Microsoft Entra Application Id: $($app.AppId)" Write-Host ">> Webhook's Microsoft Entra Application Object Id: $($app.Id)" } catch { Write-Host ">> Exception:" Write-Host $_ Write-Host ">> StackTrace:" Write-Host $_.ScriptStackTrace }