Azuread command is part of Azuread module
AzureAD module fetches data from Microsoft servers using Microsoft graph API.
Create app registration within AzureAd Portal
--azuread.client_id=<application_id>
--azuread.client_secret=<Secret>
--azuread.tenant=Directory_id
--azuread.devices.json=azaddevices.json
Now, application is prepared but because of permissions, it needs to be approved by Global Admin within AzureAD.
fcpc azuread init
This will connect to application, check settings and if everything goes well, it returns URL:
Continue by logging as Global Administrator to allow FCPC permissions.
https://login.microsoftonline.com/......
Copy this url and send to AzureAd administrator. On this page, he will see all required permissions and he needs to approve.
After aproval, you can use rest of commands
azuread download-persons
azuread download-devices
azuread link-device-owners
azuread download-and-import-all
usage: fcpc azuread [-h] [--azuread.client_id AZUREAD.CLIENT_ID] [--azuread.client_secret AZUREAD.CLIENT_SECRET] [--azuread.tenant AZUREAD.TENANT]
[--azuread.username AZUREAD.USERNAME] [--azuread.password AZUREAD.PASSWORD] [--azuread.devices.json AZUREAD.DEVICES.JSON]
[--azuread.persons.json AZUREAD.PERSONS.JSON] [--azuread.owner.force_link {0,1}] [--azuread.continue_on_error {0,1}]
[--azuread.api.sleep AZUREAD.API.SLEEP] [--azuread.query.owners AZUREAD.QUERY.OWNERS]
{download-and-import-all,download-devices,download-persons,import-device-owners,import-devices,import-persons,init} [azobjects ...]
positional arguments:
{download-and-import-all,download-devices,download-persons,import-device-owners,import-devices,import-persons,init}
Choices:
download-and-import-all
download-devices
download-persons
import-device-owners
import-devices
import-persons
init
azobjects
optional arguments:
-h, --help show this help message and exit
--azuread.client_id AZUREAD.CLIENT_ID
AzureAd client id[Defined:fcplib.module.azuread.cmd] (default: None)
--azuread.client_secret AZUREAD.CLIENT_SECRET
AzureAd client secret[Defined:fcplib.module.azuread.cmd] (default: None)
--azuread.tenant AZUREAD.TENANT
AzureAd tenant[Defined:fcplib.module.azuread.cmd] (default: None)
--azuread.username AZUREAD.USERNAME
AzureAd username[Defined:fcplib.module.azuread.cmd] (default: None)
--azuread.password AZUREAD.PASSWORD
AzureAd password[Defined:fcplib.module.azuread.cmd] (default: None)
--azuread.devices.json AZUREAD.DEVICES.JSON
Name of devices file.[Defined:fcplib.module.azuread.cmd] (default: devices.json)
--azuread.persons.json AZUREAD.PERSONS.JSON
Name of persons file.[Defined:fcplib.module.azuread.cmd] (default: persons.json)
--azuread.owner.force_link {0,1}
By default, we are searching owned devices only for persons which do not own device yet.[Defined:fcplib.module.azuread.cmd]
(default: 0)
Choices:
0
1
--azuread.continue_on_error {0,1}
Continue on errors.[Defined:fcplib.module.azuread.cmd] (default: 0)
Choices:
0
1
--azuread.api.sleep AZUREAD.API.SLEEP
Wait seconds after each query[Defined:fcplib.module.azuread.cmd] (default: 0)
--azuread.query.owners AZUREAD.QUERY.OWNERS
Query to assign owners to devices[Defined:fcplib.module.azuread.cmd] (default: azureadperson/{ -tag: ( "disabled" "account:guest" )
}/ ~not-is-owner azureaddevice)