Connect-AadSupport.ps1
|
<#
.SYNOPSIS Connect to the Azure AD Support PowerShell module. This will use the same sign-in session to access different Microsoft resources. .DESCRIPTION Connect to the Azure AD Support PowerShell module. This will use the same sign-in session to access different Microsoft resources. .PARAMETER TenantId Provide the Tenant ID you want to authenticate to. .PARAMETER AzureEnvironmentName Provide the Azure AD Instance you want to connect to. .PARAMETER LogLevel Specifies the log level. The accdeptable values for this parameter are: - Info - Error - Warning - None .PARAMETER LogPath The path where the log file for this PowerShell session is written to. Provide a value here if you need to deviate from the default PowerShell log file location. .PARAMETER NewSession By default, when calling Connect-AadSupport will use a cached access token. To sign-in again, Use this switch. .EXAMPLE Example 1: Log in with your admin account... Connect-AadSupport .NOTES General notes #> function Connect-AadSupport { [CmdletBinding()] param ( $TenantId = "Common", $AzureEnvironmentName = "AzureCloud", $LogLevel = "Info", $LogPath = "C:\AadExtensionLogs", [switch] $NewSession = $false ) switch($AzureEnvironmentName) { "AzureCloud" { $Global:AadSupport.Session.AadInstance = "https://login.microsoftonline.com" $Global:AadSupport.Resources.AadGraph = "https://graph.windows.net" $Global:AadSupport.Resources.MsGraph = "https://graph.microsoft.com" $Global:AadSupport.Resources.AzureRmApi = "https://management.azure.com" $Global:AadSupport.Resources.AzureServiceApi = "https://management.core.windows.net" $Global:AadSupport.Resources.KeyVault = "https://vault.azure.net" } "AzureChinaCloud" { $Global:AadSupport.Session.AadInstance = "https://login.chinacloudapi.cn" #https://login.partner.microsoftonline.cn $Global:AadSupport.Resources.AadGraph = "https://graph.chinacloudapi.cn" $Global:AadSupport.Resources.MsGraph = "https://microsoftgraph.chinacloudapi.cn" $Global:AadSupport.Resources.AzureRmApi = "https://management.chinacloudapi.cn" $Global:AadSupport.Resources.AzureServiceApi = "https://management.core.chinacloudapi.cn" $Global:AadSupport.Resources.KeyVault = "https://vault.azure.cn" } "AzureUSGovernment" { $Global:AadSupport.Session.AadInstance = "https://login.microsoftonline.us" $Global:AadSupport.Resources.AadGraph = "https://graph.windows.net" $Global:AadSupport.Resources.MsGraph = "https://graph.microsoft.us" #DOD https://dod-graph.microsoft.us $Global:AadSupport.Resources.AzureRmApi = "https://management.usgovcloudapi.net/" $Global:AadSupport.Resources.AzureServiceApi = "https://management.core.usgovcloudapi.net/" $Global:AadSupport.Resources.KeyVault = "https://vault.usgovcloudapi.net" } "AzureGermanyCloud" { $Global:AadSupport.Session.AadInstance = "https://login.microsoftonline.de" $Global:AadSupport.Resources.AadGraph = "https://graph.cloudapi.de/" $Global:AadSupport.Resources.MsGraph = "https://graph.microsoft.de" $Global:AadSupport.Resources.AzureRmApi = "https://management.microsoftazure.de/" $Global:AadSupport.Resources.AzureServiceApi = "https://management.core.cloudapi.de/" $Global:AadSupport.Resources.KeyVault = "https://vault.microsoftazure.de" } } if($NewSession) { $Global:AadSupport.Session.Active = $false $Global:AadSupport.Session.TenantDomain = $null $Global:AadSupport.Session.TenantId = $null $Global:AadSupport.Session.AccountId = $null } # Connect to Azure AD PowerShell try { $AzureContext = Get-AzContext if(-not $Global:AadSupport.Session.Active) { $Prompt = "Always" Write-Host "" Write-Host "Connecting to Azure AD PowerShell (Connect-AzureAD)" Write-Host "and Connecting to Azure PowerShell (Connect-AzAccount)" Write-Host "" } else { $Prompt = "Auto" } # Get Current Session Info $AccountId = $Global:AadSupport.Session.AccountId $TenantDomain = $Global:AadSupport.Session.TenantDomain # Get Token for AAD Graph to be used for Azure AD PowerShell $token = Get-AadTokenUsingAdal ` -ResourceId $Global:AadSupport.Resources.AadGraph ` -ClientId $Global:AadSupport.Clients.AzurePowershell.ClientId ` -Redirect $Global:AadSupport.Clients.AzurePowershell.RedirectUri ` -Tenant $TenantDomain ` -UserId $AccountId ` -Prompt $Prompt ` -SkipServicePrincipalSearch ` -HideOutput $AadAccessToken = $token.AccessToken $AccountId = $token.IdTokenClaims.upn $TenantId = $token.IdTokenClaims.tid $Session = Connect-AzureAd ` -TenantId $TenantId ` -AzureEnvironmentName $AzureEnvironmentName ` -LogLevel $LogLevel ` -LogFilePath $LogPath ` -AadAccessToken $AadAccessToken ` -AccountId $AccountId # Determine if we need to reset Azure Context $TenantDomain = $Session.TenantDomain $Global:AadSupport.Session.TenantDomain = $TenantDomain if($AzureContext ` -and $Azure.Context.Tenants -contains -not "$($Session.TenantId)" ` -and $Azure.Context.Id -ne "$($Session.Account)" ) { Write-Verbose "Running 'Disconnect-AzAccount'" Disconnect-AzAccount | Out-Null } # Get Token for Azure to be used for Azure PowerShell $token = Get-AadTokenUsingAdal ` -ResourceId $Global:AadSupport.Resources.AzureServiceApi ` -ClientId $Global:AadSupport.Clients.AzurePowershell.ClientId ` -Redirect $Global:AadSupport.Clients.AzurePowershell.RedirectUri ` -UserId $AccountId ` -Tenant $TenantId ` -Prompt Never ` -SkipServicePrincipalSearch ` -HideOutput $AzureRmApiAccessToken = $token.AccessToken $Global:AadSupport.Session.AccountId = $Session.Account $Global:AadSupport.Session.TenantId = $Session.TenantId $AzureSession = Connect-AzAccount ` -AccessToken $AzureRmApiAccessToken ` -GraphAccessToken $AadAccessToken ` -AccountId $Global:AadSupport.Session.AccountId ` -Tenant $TenantId $Global:AadSupport.Session.Active = $true } catch { throw $_ } } |