Azure Powershell - 将应用程序权限添加到委派权限

我会尝试获取应用程序权限，就像您获取委派权限一样，然后将其添加到参数中。

          ...
            @{
                resourceAppId = "00000003-0000-0000-c000-000000000000"
                resourceAccess = @(
                    $filteredDelegatedPermissions | ForEach-Object {
                        @{
                            id = $_.Id
                            type = "Scope"
                        }
                    },
                    $filteredApplicationPermissions | ForEach-Object {
                        @{
                            id = $_.Id
                            type = "Role?"
                        }
                    }
                )
            }

您的函数开始得很好，但我会使用

New-MgServicePrincipalAppRoleAssignedTo

https://learn.microsoft.com/en-us/graph/permissions-grant-via-msgraph?tabs=powershell&pivots=grant-application-permissions#step-2-grant-an-app-role-to-客户服务主体

function Add-Permission {

    param(
        [string]$appName
    )

    $delegatedPermissions = @(
        "AuditLog.Read.All",
        "Directory.Read.All",
        "User.Read.All",
        "offline_access",
        "Group.Read.All",
        "GroupMember.Read.All",
        "GroupMember.ReadWrite.All"
    )

    $servicePrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$appName'"

    $filteredPermissions = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'" `
    -Property Oauth2PermissionScopes | Select-Object -ExpandProperty Oauth2PermissionScopes | `
    Where-Object { ($delegatedPermissions -contains $_.Value) -and ($_.Origin -eq "Application") }

    foreach ($perm in $filteredPermissions) {
        $params = @{
            principalId = $servicePrincipal.Id
            resourceId = $servicePrincipal.AppId
            appRoleId = $perm.Id
        }

        New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $servicePrincipal.Id -BodyParameter $params
    }

}

我稍微调整了您的过滤标准。