M365.Toolbox

0.0.1

Modules/Core/M365Core.psm1

                                function New-M365CertLogin {

    [CmdletBinding()]

    param

    (

        [Parameter(Mandatory = $true, Position = 1)] [string] $CertPW

    )

    # Login to Azure AD PowerShell With Admin Account

    Connect-AzureAD 

    # Create the self signed cert

    $currentDate = Get-Date

    $endDate = $currentDate.AddYears(1)

    $notAfter = $endDate.AddYears(1)

    $pwd = $CertPW

    $thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName dev.cloudjunkie.m365 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint

    $pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText

    Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\temp\M365CertLogin.pfx -Password $pwd

    # Load the certificate

    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\M365CertLogin.pfx", $pwd)

    $keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())

    # Create the Azure Active Directory Application

    $application = New-AzureADApplication -DisplayName "Microsoft 365 PowerShell Toolbox" -IdentifierUris "https://m365pstoolbox.cloudjunkie.dev"

    New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "M365PSToolbox" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue

    # Create the Service Principal and connect it to the Application

    $sp = New-AzureADServicePrincipal -AppId $application.AppId

    $role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}

    # Give the Service Principal Reader access to the current tenant (Get-AzureADDirectorsyRole)

    Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $sp.ObjectId

    # Get Tenant Detail

    $tenant = Get-AzureADTenantDetail

    if (-not(Test-Path Env:PowerShellCreds)) { 

        $value = Read-Host "Enter Path of PowerShell Credentials Directory"

        [System.Environment]::SetEnvironmentVariable('PowerShellCreds', $value, [System.EnvironmentVariableTarget]::Machine)

    }

    $logPath = $Env:PowerShellLogs

    # Now you can login to Azure PowerShell with your Service Principal and Certificate

    Connect-AzureAD -TenantId $tenant.ObjectId -ApplicationId  $sp.AppId -CertificateThumbprint $thumb

}

function Connect-Microsoft365{

    $appId = "d45781a1-54fe-4bfa-b0aa-88abd267fffe"

    $tenantId = "4363c191-6b37-4d31-9d87-b6db7dde138f"

    $certThumbprint = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object { $_.Subject -eq "CN=dev.cloudjunkie.m365" })[0].Thumbprint

    WRite-Host "App ID: $appId"

    WRite-Host "Tenant ID: $tenantId"

    WRite-Host "Thumbprint: $certThumbprint"

    Connect-AzureAD -TenantId $tenantId -ApplicationId $AppId -CertificateThumbprint $certThumbprint

    Connect-MicrosoftTeams -TenantId $tenantId -ApplicationId $AppId -CertificateThumbprint $certThumbprint

    Connect-PnPOnline -Url https://marathonconsulting-admin.sharepoint.com -ClientId $AppId -Tenant $tenantId -Thumbprint $certThumbprint

    #Connect-ExchangeOnline 

    #Connect-MsolService

}

Export-ModuleMember -Function *