
    This function contacts the Microsoft Graph authentication servers to obtain an authentication token.

function Get-MicrosoftGraphAuthenticationToken {
    param (
        # The application Id of the Microsoft Graph web application.
        [Parameter(Mandatory=$true, ParameterSetName="values")]

        # The client secret of the Microsoft Graph web application.
        [Parameter(Mandatory=$true, ParameterSetName="values")]

        # The name of the organization in Office 365.
        # Example: if the onmicrosoft domain is, the organization name is 'contoso'
        [Parameter(Mandatory=$true, ParameterSetName="values")]

        # The MSPComplete Endpoint.
        [Parameter(Mandatory=$true, ParameterSetName="endpoint", ValueFromPipeline=$true)]

    # Retrieve the properties from the endpoint
    if ($PSCmdlet.ParameterSetName -eq "endpoint") {
        if ([String]::IsNullOrWhiteSpace((Search-HashTable $endpoint.ExtendedProperties "ApplicationId"))) {
            Write-Error "The endpoint does not have an 'ApplicationId' extended property."
        if ([String]::IsNullOrWhiteSpace((Search-HashTable $endpoint.ExtendedProperties "ClientSecret"))) {
            Write-Error "The endpoint does not have an 'ClientSecret' extended property."
        if ([String]::IsNullOrWhiteSpace((Search-HashTable $endpoint.ExtendedProperties "OrganizationName"))) {
            Write-Error "The endpoint does not have an 'OrganizationName' extended property."
        $applicationId = Search-HashTable $endpoint.ExtendedProperties "ApplicationId"
        $clientSecret = Search-HashTable $endpoint.ExtendedProperties "ClientSecret"
        $organizationName = Search-HashTable $endpoint.ExtendedProperties "OrganizationName"

    # Construct the REST call
    $url = "$($organizationName)"
    $body = @{
        client_id       = $applicationId
        grant_type      = "client_credentials"
        client_secret   = $clientSecret
        scope           = ""

    # Create hash table for params
    $invokeRestMethodParams = @{
        Uri         = $url
        ContentType = "application/x-www-form-urlencoded"
        Body        = $body
        Method      = "POST"

    # Invoke the REST call
    try {
        $response = Invoke-RestMethod @invokeRestMethodParams
    catch {
        Write-Error "Exception occurred while invoking REST call.`r`n$($_.Exception.Message)"

    # Verify the response
    if ($null -eq $response -or $response.expires_in -le 0 -or [String]::IsNullOrWhiteSpace($response.access_token)) {
        Write-Error "Failed to retrieve the access token."

    # Return the access token
    return $response.access_token