
    The Test-MSCloudLogin function is used to assist with logging in to various Microsoft Cloud services, such as Azure, SharePoint Online, and SharePoint PnP.
    Test-MSCloudLogin -Platform AzureAD -Verbose
    Test-MSCloudLogin -Platform PnP
    The Platform parameter specifies which cloud service for which we are testing the login state. Possible values are Azure, AzureAD, SharePointOnline, ExchangeOnline, MSOnline, and PnP.
    Created & maintained by Brian Lalancette (@brianlala), 2019.

function Test-MSCloudLogin
        [ValidateSet("Azure","AzureAD","SharePointOnline","ExchangeOnline", `




    # If we specified the CloudCredential parameter then set the global o365Credential object to its value
    if ($null -ne $CloudCredential)
        $Global:o365Credential = $CloudCredential
    if($null -eq $Global:UseModernAuth){
        $Global:UseModernAuth = $UseModernAuth.IsPresent
    switch ($Platform)
            $testCmdlet = "Get-AzResource";
            $exceptionStringMFA = "AADSTS";
            $clientid = "1950a258-227b-4e31-a9cf-717495945fc2";
            $RessourceURI = "";
            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
            $connectCmdlet = "Connect-AzAccount";
            $connectCmdletArgs = ""
            $connectCmdletMfaRetryArgs = "-AccessToken `$AuthToken -AccountId `$global:o365Credential.UserName";
            $variablePrefix = "az"
            $testCmdlet = "Get-AzureADUser";
            $exceptionStringMFA = "AADSTS";
            $clientid = "1b730954-1685-4b74-9bfd-dac224a7b894";
            $RessourceURI = "";
            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
            $connectCmdlet = "Connect-AzureAD";
            $connectCmdletArgs = "-Credential `$Global:o365Credential";
            $connectCmdletMfaRetryArgs = "-AadAccessToken `$AuthToken -AccountId `$global:o365Credential.UserName"
            $variablePrefix = "aad"
            if ([string]::IsNullOrEmpty($ConnectionUrl))
                $Global:spoAdminUrl = Get-SPOAdminUrl;
                $Global:spoAdminUrl = $ConnectionUrl
            $testCmdlet = "Get-SPOSite";
            $exceptionStringMFA = "sign-in name or password does not match one in the Microsoft account system";
            $clientid = "9bc3ab49-b65d-410a-85ad-de819febfddc";
            $RessourceURI = $Global:spoAdminUrl;
            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
            $connectCmdlet = "Connect-SPOService";
            $connectCmdletArgs = "-Url $Global:spoAdminUrl -Credential `$Global:o365Credential";
            $connectCmdletMfaRetryArgs = $connectCmdletArgs.Replace("-Credential `$Global:o365Credential","");
            $variablePrefix = "spo"
            $VerbosePreference = 'SilentlyContinue'
            $WarningPreference = "Continue"
            $clientid = "a0c73c16-a7e3-4564-9a95-2bdf47383716";
            $RessourceURI = "";
            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
            $ClosedOrBrokenSessions = Get-PSSession -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.State -ne 'Opened' }
            if ($ClosedOrBrokenSessions)
                Write-Verbose -Message "Found Existing Unusable Session(s)."
                foreach ($SessionToBeClosed in $ClosedOrBrokenSessions)
                    Write-Verbose -Message "Closing Session: $(($SessionToBeClosed).InstanceId)"
                    $SessionToBeClosed | Remove-PSSession

            $Global:OpenExchangeSession = Get-PSSession -Name 'ExchangeOnline' `
                -ErrorAction SilentlyContinue | `
                    Where-Object -FilterScript { $_.State -eq 'Opened' }
            if ($null -eq $Global:OpenExchangeSession)
                    $PowerShellConnections = Get-NetTCPConnection | `
                        Where-Object -FilterScript { `
                            $_.RemotePort -eq '443' -and $_.State -ne 'Established' `

                    while ($PowerShellConnections)
                        Write-Verbose -Message "This process is using the following connections in a non-Established state: $($PowerShellConnections | Out-String)"
                        Write-Verbose -Message "Waiting for closing connections to close..."
                        Get-PSSession -Name 'ExchangeOnline' -ErrorAction SilentlyContinue | Remove-PSSession
                        Start-Sleep -seconds 1
                        $CheckConnectionsWithoutKillingWhileLoop = Get-NetTCPConnection | Where-Object -FilterScript { $_.OwningProcess -eq $PID -and $_.RemotePort -eq '443' -and $_.State -ne 'Established' }
                        if (-not $CheckConnectionsWithoutKillingWhileLoop)
                            Write-Verbose -Message "Connections have closed. Waiting 5 more seconds..."
                            Start-Sleep -seconds 5
                            $PowerShellConnections = Get-NetTCPConnection | Where-Object -FilterScript { $_.OwningProcess -eq $PID -and $_.RemotePort -eq '443' -and $_.State -ne 'Established' }

                    if ($Global:ExchangeOnlineSession.State -eq "Closed")
                        Remove-PSSession $Global:ExchangeOnlineSession
                        $Global:ExchangeOnlineSession = $null

                    while ($null -eq $Global:ExchangeOnlineSession)
                        Write-Verbose -Message "Creating new EXO Session"

                            $Global:ExchangeOnlineSession = New-PSSession -Name 'ExchangeOnline' -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $O365Credential -Authentication Basic -AllowRedirection -ErrorAction Stop
                            try {
                                $AuthHeader = Get-AuthHeader -UserPrincipalName $Global:o365Credential.UserName -RessourceURI $RessourceURI -clientID $clientID -RedirectURI $RedirectURI
                                $Password = ConvertTo-SecureString -AsPlainText $AuthHeader -Force
                                $Ctoken = New-Object System.Management.Automation.PSCredential -ArgumentList $Global:o365Credential.UserName, $Password
                                $Global:ExchangeOnlineSession = New-PSSession -ConfigurationName Microsoft.Exchange `
                                -ConnectionUri `
                                -Credential $Ctoken `
                                -Authentication Basic `
                                -ErrorAction Stop `
                                $Global:UseModernAuth = $True
                            catch {
                                if ($_ -like '*Connecting to remote server *Access is denied.*')
                                    Throw "The provided account doesn't have admin access to Exchange Online."


                        if ($null -eq $Global:ExchangeOnlineSession)
                                $Global:ExchangeOnlineSession = New-PSSession -Name 'ExchangeOnline' -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $O365Credential -Authentication Basic -AllowRedirection -ErrorAction Stop
                                    $Global:ExchangeOnlineSession = New-PSSession -Name 'ExchangeOnline' -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $O365Credential -Authentication Basic -AllowRedirection -ErrorAction Stop
                                    if ($_.Exception -like '*Access is denied*')
                                        Throw "Access Denied: The specified account doesn't have access to manage Exchange Online"
                                        Write-Warning "Exceeded max number of connections. Waiting 60 seconds"
                                        Start-Sleep 60
                    if ($null -eq $Global:ExchangeOnlineModules)
                        Write-Verbose -Message "Importing all commands into the EXO Session"
                        $WarningPreference = 'silentlycontinue'
                        $Global:ExchangeOnlineModules = Import-PSSession $Global:ExchangeOnlineSession -AllowClobber
                        Import-Module $Global:ExchangeOnlineModules -Global | Out-Null
                    $ExceptionMessage = $_.Exception
                    $VerbosePreference = 'SilentlyContinue'
                    if ($ExceptionMessage -imatch 'Please wait for [0-9]* seconds')
                        Write-Verbose -Message "Waiting for available runspace..."
                        [regex]$WaitTimePattern = 'Please wait for [0-9]* seconds'

                        $WaitTimePatternMatch = (($WaitTimePattern.Match($ExceptionMessage)).Value | `
                            Select-String -Pattern '[0-9]*' -AllMatches)

                        $WaitTimeInSeconds = ($WaitTimePatternMatch | ForEach-Object {$_.Matches} | Where-Object -FilterScript { $_.Value -NotLike $null }).Value
                        Write-Verbose -Message "Waiting for requested $WaitTimeInSeconds seconds..."
                        Start-Sleep -Seconds ($WaitTimeInSeconds + 1)
                            Write-Verbose -Message "Opening New ExchangeOnline Session."
                            $PowerShellConnections = Get-NetTCPConnection | Where-Object -FilterScript { $_.OwningProcess -eq $PID -and $_.RemotePort -eq '443' -and $_.State -ne 'Established' }
                            while ($PowerShellConnections)
                                Write-Verbose -Message "This process is using the following connections in a non-Established state: $($PowerShellConnections | Out-String)"
                                Write-Verbose -Message "Waiting for closing connections to close..."
                                Get-PSSession -Name 'ExchangeOnline' -ErrorAction SilentlyContinue | Remove-PSSession
                                Start-Sleep -seconds 1
                                $CheckConnectionsWithoutKillingWhileLoop = Get-NetTCPConnection | Where-Object -FilterScript { $_.OwningProcess -eq $PID -and $_.RemotePort -eq '443' -and $_.State -ne 'Established' }
                                if (-not $CheckConnectionsWithoutKillingWhileLoop)
                                    Write-Verbose -Message "Connections have closed. Waiting 5 more seconds..."
                                    Start-Sleep -seconds 5
                                    $PowerShellConnections = Get-NetTCPConnection | Where-Object -FilterScript { $_.OwningProcess -eq $PID -and $_.RemotePort -eq '443' -and $_.State -ne 'Established' }
                            $VerbosePreference = 'SilentlyContinue'
                            $Global:ExchangeOnlineSession = $null
                            while (-not $Global:ExchangeOnlineSession)
                                try {
                                    $Global:ExchangeOnlineSession = New-PSSession -Name 'ExchangeOnline' -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $O365Credential -Authentication Basic -AllowRedirection -ErrorAction Stop
                                catch {
                                    $AuthHeader = Get-AuthHeader -UserPrincipalName $Global:o365Credential.UserName -RessourceURI $RessourceURI -clientID $clientID -RedirectURI $RedirectURI
                                    $Password = ConvertTo-SecureString -AsPlainText $AuthHeader -Force
                                    $Ctoken = New-Object System.Management.Automation.PSCredential -ArgumentList $Global:o365Credential.UserName, $Password
                                    $Global:ExchangeOnlineSession = New-PSSession -ConfigurationName Microsoft.Exchange `
                                    -ConnectionUri `
                                    -Credential $Ctoken `
                                    -Authentication Basic `
                                    -AllowRedirection `
                                    -ErrorAction SilentlyContinue
                                    $Global:UseModernAuth = $True

                            $Global:ExchangeOnlineModules = Import-PSSession $Global:ExchangeOnlineSession -AllowClobber -ErrorAction SilentlyContinue
                            $ExchangeOnlineModuleImport = Import-Module $ExchangeOnlineModules -Global -ErrorAction SilentlyContinue
                            $VerbosePreference = 'SilentlyContinue'
                            $WarningPreference = "SilentlyContinue"
                            $Global:ExchangeOnlineSession = $null
                            Close-SessionsAndReturnError -ExceptionMessage $_.Exception
                            $Message = "Can't open Exchange Online session from Connect-ExchangeOnline"
                            New-Office365DSCLogEntry -Error $_ -Message $Message
                        Write-Verbose $_.Exception
                        $VerbosePreference = 'SilentlyContinue'
                        Get-PSSession -Name 'ExchangeOnline' -ErrorAction SilentlyContinue | Remove-PSSession
                        Write-Verbose -Message "Exchange Online connection failed."
                        Write-Verbose -Message "Waiting 60 seconds..."
                        Start-Sleep -Seconds 60
                            Write-Verbose -Message "Opening New ExchangeOnline Session."
                            $VerbosePreference = 'SilentlyContinue'
                            Get-PSSession -Name 'ExchangeOnline' -ErrorAction SilentlyContinue | Remove-PSSession -ErrorAction SilentlyContinue
                            $Global:ExchangeOnlineSession = New-PSSession -Name 'ExchangeOnline' -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $O365Credential -Authentication Basic -AllowRedirection
                            $Global:ExchangeOnlineModules = Import-PSSession $Global:ExchangeOnlineSession -AllowClobber -ErrorAction SilentlyContinue
                            $ExchangeOnlineModuleImport = Import-Module $ExchangeOnlineModules -Global -ErrorAction SilentlyContinue
                            $VerbosePreference = 'SilentlyContinue'
                            $WarningPreference = "SilentlyContinue"
                            $Global:ExchangeOnlineSession = $null
                            Close-SessionsAndReturnError -ExceptionMessage $_.Exception
                Write-Verbose -Message "Using Existing ExchangeOnline Session."
                $Global:OpenExchangeSession = Get-PSSession -Name 'ExchangeOnline' -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.State -eq 'Opened' }
                $VerbosePreference = 'SilentlyContinue'
                $WarningPreference = "SilentlyContinue"
            $WarningPreference = 'SilentlyContinue'
            $InformationPreference = 'Continue'
            $Global:SessionSecurityCompliance = Get-PSSession | `
                Where-Object{ `
                    ($_.ComputerName -like "*" -or `
                     $_.ComputerName -like "*" -or `
                     $_.ComputerName -like "*") `
                     -and $_.State -eq "Opened"`

            $CloudEnvironment = "Public"
            $ConnectionUrl = ''

            # If the CloudCredential received matches the pattern '*' we assume that we are
            # trying to connect to the Germany cloud.
            if ($O365Credential.UserName -like '*')
                $CloudEnvironment = "Germany"
                $ConnectionUrl = ''
            if ($null -eq $Global:SessionSecurityCompliance)
                        Write-Verbose -Message "Session to Security & Compliance no working session found, creating a new one"
                        $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName "Microsoft.Exchange" `
                        -ConnectionUri $ConnectionUrl `
                        -Credential $O365Credential `
                        -Authentication Basic `
                        -ErrorAction Stop `
                        # If the connection failed against either the Public or Germany clouds, then attempt to connect
                        # to the GCC Cloud.
                            $CloudEnvironment = "GCC"
                            Write-Verbose -Message "Session to Security & Compliance no working session found, creating a new one"
                            $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName "Microsoft.Exchange" `
                                -ConnectionUri '' `
                                -Credential $O365Credential `
                                -Authentication Basic `
                                -ErrorAction Stop `
                            throw $_
                    if ($_.ErrorDetails.ToString().Contains('Fail to create a runspace because you have exceeded the maximum number of connections allowed' -and  `
                        $CloudEnvironment -ne 'Germany'))
                        $counter = 1
                        while ($null -eq $Global:SessionSecurityCompliance -and $counter -le 10)
                                $InformationPreference = "Continue"
                                Write-Information -Message "[$counter/10] Too many existing workspaces. Waiting an additional 60 seconds for sessions to free up."                            
                                Start-Sleep -Seconds 60
                                    $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName "Microsoft.Exchange" `
                                        -ConnectionUri $ConnectionUrl `
                                        -Credential $O365Credential `
                                        -Authentication Basic `
                                        -ErrorAction Stop `
                                        $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName "Microsoft.Exchange" `
                                            -ConnectionUri '' `
                                            -Credential $O365Credential `
                                            -Authentication Basic `
                                            -ErrorAction Stop `
                                        throw $_
                                $InformationPreference = "SilentlyContinue"
                            $counter ++
                            $clientid = "a0c73c16-a7e3-4564-9a95-2bdf47383716";
                            $RessourceURI = "";
                            $NewConnectionUrl = $ConnectionUrl + '?BasicAuthToOAuthConversion=true'
                            if ($O365Credential.UserName -like '*')
                                $RessourceURI = "";
                            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
                            $AuthHeader = Get-AuthHeader -UserPrincipalName $Global:o365Credential.UserName `
                                                         -RessourceURI $RessourceURI -clientID $clientID `
                                                         -RedirectURI $RedirectURI

                            $Password = ConvertTo-SecureString -AsPlainText $AuthHeader -Force

                            $Ctoken = New-Object System.Management.Automation.PSCredential -ArgumentList $Global:o365Credential.UserName, $Password
                            $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName Microsoft.Exchange `
                                -ConnectionUri $NewConnectionUrl `
                                -Credential $Ctoken `
                                -Authentication Basic `
                            if ($null -eq $Global:SessionSecurityCompliance)
                                $Global:SessionSecurityCompliance = New-PSSession -ConfigurationName Microsoft.Exchange `
                                    -ConnectionUri `
                                    -Credential $Ctoken `
                                    -Authentication Basic `
                            $Global:UseModernAuth = $True
                            throw $_
                Write-Verbose -Message "Session to Security & Compliance already exists, re-using existing session"
            if ($null -eq $Global:SCModule)
                $Global:SCModule = Import-PSSession $Global:SessionSecurityCompliance  `
                        -ErrorAction SilentlyContinue `

                Import-Module $Global:SCModule -Global | Out-Null
            $testCmdlet = "Get-MsolUser";
            $exceptionStringMFA = "AADSTS";
            $clientid = "1b730954-1685-4b74-9bfd-dac224a7b894";
            $RessourceURI = "";
            $RedirectURI = "urn:ietf:wg:oauth:2.0:oob";
            $connectCmdlet = "Connect-MsolService";
            $connectCmdletArgs = "-Credential `$Global:o365Credential";
            $connectCmdletMfaRetryArgs = "-AdGraphAccessToken `$AuthToken";
            $variablePrefix = "msol"
            if ([string]::IsNullOrEmpty($ConnectionUrl))
                # If we haven't specified a ConnectionUrl, just make the connection URL central admin
                $Global:spoAdminUrl = Get-SPOAdminUrl;
                $Global:ConnectionUrl = $Global:spoAdminUrl
                $Global:ConnectionUrl = $ConnectionUrl
            Write-Verbose -Message "`$Global:ConnectionUrl is $Global:ConnectionUrl."
            $testCmdlet = "Get-PnPSite";
            $exceptionStringMFA = "sign-in name or password does not match one in the Microsoft account system";
            $clientid = "9bc3ab49-b65d-410a-85ad-de819febfddc";
            $RessourceURI = $Global:ConnectionUrl;
            $RedirectURI = "";
            $connectCmdlet = "Connect-PnPOnline";
            $connectCmdletArgs = "-Url $Global:ConnectionUrl -Credentials `$Global:o365Credential";
            $connectCmdletMfaRetryArgs = "-AccessToken `$AuthToken";
            $variablePrefix = "pnp"
            # Need to force-import this for some reason as of 1.0.0
            Import-Module MicrosoftTeams -Force
            $testCmdlet = "Get-Team";
            $exceptionStringMFA = "AADSTS";
            $clientid = "12128f48-ec9e-42f0-b203-ea49fb6af367";
            $RessourceURI = "";
            $RedirectURI = "";
            $connectCmdlet = "Connect-MicrosoftTeams";
            $connectCmdletArgs = "-Credential `$Global:o365Credential";
            #$connectCmdletMfaRetryArgs = "-AadAccessToken `$AuthToken -AccountId `$Global:o365Credential.UserName";
            $connectCmdletMfaRetryArgs = "-AccountId `$Global:o365Credential.UserName";
            $variablePrefix = "teams"

    New-Variable -Name $variablePrefix"LoginSucceeded" -Value $false -Scope Global -Option AllScope -Force
    Write-Debug -Message `$$variablePrefix"LoginSucceeded is '$(Get-Variable -Name $($variablePrefix+"LoginSucceeded") -ValueOnly -Scope Global -ErrorAction SilentlyContinue)'."
        Write-Verbose -Message "Checking $Platform login..."
        # Run a simple command to check if we are logged in
        Write-Debug -Message "Running '$testCmdlet -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null'"
        Invoke-Expression -Command "$testCmdlet -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null"
        if ($? -eq $false)
        elseif ($Platform -eq "PnP")
            $CurrentPnPConnection = (Get-PnPConnection).Url
            if ($ConnectionUrl -ne $CurrentPnPConnection)
                throw "PnP requires you to reconnect to new location using $connectCmdlet"
                Write-Verbose -Message "You are already logged in to $Platform."
            Write-Debug -Message "'$testCmdlet -ErrorAction Stop -WarningAction SilentlyContinue | Out-Null' succeeded."
            Write-Verbose -Message "You are already logged in to $Platform."
        if ($_.Exception -like "*$connectCmdlet*" -or $_.Exception -like "*The access token expiry*" -or `
            ($Platform -eq 'PnP' -and $_.Exception -like '*Microsoft.SharePoint.Client.ServerUnauthorizedAccessException*'))
            Write-Debug -Message "Running '$testCmdlet' failed on initial attempt."
                # Prompt for Windows-style credentials if we don't already have a credential object and not logging into Azure
                if ($null -eq $Global:o365Credential -and $Platform -ne "Azure")
                    Write-Host -ForegroundColor Cyan " - Prompting for Microsoft Online credentials..."
                    $Global:o365Credential = Get-Credential -Message "Please enter your credentials for MS Online Services:"
                    if ($null -eq $Global:o365Credential)
                        throw "Microsoft Online credentials must be supplied."
                    Write-Verbose -Message "Will now attempt to use credential for '$($Global:o365Credential.UserName)'..."
                if($_.Exception -like "*The access token expiry*")
                if($Global:UseModernAuth -eq $True)
                Write-Verbose -Message "Running '$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null'"
                Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                if ($? -eq $false -or $err)
                    New-Variable -Name $variablePrefix"LoginSucceeded" -Value $true -Scope Global -Option AllScope -Force
                    Write-Debug -Message `$$variablePrefix"LoginSucceeded is now '$(Get-Variable -Name $($variablePrefix+"LoginSucceeded") -ValueOnly -Scope Global -ErrorAction SilentlyContinue)'."
                Write-Debug -Message "Login using '$connectCmdlet' and '$connectCmdletArgs' failed on initial attempt."
                if ($_.Exception -like "*User canceled authentication*")
                    throw "User canceled authentication"
                elseif ($_.Exception -like "*The user name or password is incorrect*" -or $_.Exception -like "*ID3242*")
                    throw  "Bad credentials were supplied"
                elseif ($_.Exception -like "*$exceptionStringMFA*" -or `
                        $_.Exception -like "*Sequence contains no elements*" -or `
                        ($_.Exception -like "*System.Reflection.TargetInvocationException: Exception has been thrown*" -and $Platform -eq "PNP") -or `
                        ($_.Exception -like "*or the web site does not support SharePoint Online credentials*" -and $Platform -eq "SharePointOnline") -or `
                        ($_.Exception -like "*The access token expiry*" -and $Platform -eq "Azure") -or `
                        $Global:UseModernAuth -eq $True)
                    Write-Verbose -Message "The specified account is configured for Multi-Factor Authentication. Please re-enter your credentials."
                    Write-Host -ForegroundColor Green " - Prompting for credentials with MFA for $Platform"
                        Write-Debug -Message "Replacing connection parameters '$connectCmdletArgs' with '$connectCmdletMfaRetryArgs'..."
                        if($Platform -ne "SharePointOnline" -and $Platform -ne "MicrosoftTeams"){
                            $AuthHeader = Get-AuthHeader -UserPrincipalName $Global:o365Credential.UserName -RessourceURI $RessourceURI -clientID $clientID -RedirectURI $RedirectURI
                            $AuthToken = $AuthHeader.split(" ")[1]
                        Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletMfaRetryArgs | Out-Null"
                        if ($? -eq $false)
                            New-Variable -Name $variablePrefix"LoginSucceeded" -Value $true -Scope Global -Option AllScope -Force
                            Write-Debug $variablePrefix"LoginSucceeded is now '$(Get-Variable -Name $($variablePrefix+"LoginSucceeded") -ValueOnly -Scope Global -ErrorAction SilentlyContinue)'."
                            $Global:UseModernAuth = $True
                        Write-Debug -Message "Login using '$connectCmdlet' and '$connectCmdletMfaRetryArgs' failed."
                        Write-Host -ForegroundColor Red $_.Exception
                        throw $_
                elseif ($Platform -eq 'PnP' -and $_.Exception -like '*The remote server returned an error: (401) Unauthorized.*')
                    throw [System.Exception] "Specified account does not have access to connect to the site."
                elseif (($Platform -eq 'AzureAD' -and $_.Exception -like '*unknown_user_type*') -or `
                        ($Platform -eq 'MSOnline' -and $_.Exception -like '*Bad username or password*'))
                    $originalArgs = $connectCmdletArgs

                    $paramName = "-AzureEnvironmentName"
                    if ($Platform -eq 'MSOnline')
                        $paramName = '-AzureEnvironment'

                    # Try connecting to other Azure Clouds
                    try {
                        $connectCmdletArgs = $originalArgs + " $paramName AzureChinaCloud"
                        Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                    catch {
                        try {
                            $connectCmdletArgs = $originalArgs + " $paramName AzureUSGovernment"
                            Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                        catch {
                            try {
                                $connectCmdletArgs = $originalArgs + " $paramName AzureGermanyCloud"
                                Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                            catch {
                                throw $_
                elseif ($Platform -eq 'MicrosoftTeams' -and $_.Exception -like '*unknown_user_type*')
                    $originalArgs = $connectCmdletArgs

                    $paramName = "-TeamsEnvironmentName"

                    # Try connecting to other Azure Clouds
                    try {
                        $connectCmdletArgs = $originalArgs + " $paramName TeamsGCCH"
                        Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                    catch {
                        try {
                            $connectCmdletArgs = $originalArgs + " $paramName TeamsDOD"
                            Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                        catch {
                            throw $_
                elseif (($Platform -eq 'SharePointOnline' -and $_.Exception -like '*Could not connect to SharePoint Online*') -or `
                        ($Platform -eq 'PnP' -and $_.Exception -like '*The remote name could not be resolved*'))
                        $connectCmdletArgs = $connectCmdletArgs.Replace("", "")
                        Invoke-Expression -Command "$connectCmdlet -ErrorAction Stop $connectCmdletArgs -ErrorVariable `$err | Out-Null"
                        throw $_
                    Write-Host -ForegroundColor Red $_.Exception
                    throw $_
        elseif ($_.Exception -like "*Unable to acquire token for tenant*")
           Write-Host -ForegroundColor Red $_.Exception
        elseif ($_.Exception -like "*null array*")
            # Do nothing
        elseif ($_.Exception -like "*$testCmdlet*")
            # If the exception contains the name of the cmdlet we're trying to run, we probably don't have the required module installed yet
            Write-Error -Message "It appears you don't have the '$Platform' module installed, or it isn't loaded. Please install/load the module and try again."
        elseif ($_.Exception -like "*this.Client.SubscriptionId*" -and $Platform -eq "Azure")
            throw "It appears there are no Azure subscriptions associated with the account '$($Global:o365Credential.UserName)'."
            Write-Host -ForegroundColor Red $_.Exception
        if (Get-Variable -Name $variablePrefix"LoginSucceeded" -ValueOnly -Scope "Global")
            Write-Verbose -Message " - Successfully logged in to $Platform."
            # Extra step needed if we're logging into Azure - in case we have multiple subs we need to prompt for one
            if ($Platform -eq "Azure")
                [array]$subscriptions = Get-AzSubscription -WarningAction Continue
                # Prompt for a subscription in case we have more than one
                if ($subscriptions.Count -gt 1)
                    Write-Host -ForegroundColor Cyan " - Prompting for Azure subscription..."
                    $Global:subscriptionDetails = Get-AzSubscription -WarningAction SilentlyContinue | Sort-Object Name | Out-GridView -Title "Select ONE subscription..." -PassThru
                    if ($null -eq $subscriptionDetails)
                        throw " - A subscription must be selected."
                    elseif ($subscriptionDetails.Count -gt 1)
                        throw " - Please select *only one* subscription."
                    Write-Host -ForegroundColor White " - Setting active subscription to '$($Global:subscriptionDetails.Name)'..."
                    Set-AzContext -Subscription $Global:subscriptionDetails.Id


function Get-SPOAdminUrl

    Write-Verbose -Message "Connection to Azure AD is required to automatically determine SharePoint Online admin URL..."
    Test-MSCloudLogin -Platform AzureAD
    Write-Verbose -Message "Getting SharePoint Online admin URL..."
    $defaultDomain = Get-AzureADDomain | Where-Object {$_.Name -like "*" -and $_.IsInitial -eq $true} # We don't use IsDefault here because the default could be a custom domain
    $tenantName = $defaultDomain[0].Name -replace "",""
    $spoAdminUrl = "https://$"
    Write-Verbose -Message "SharePoint Online admin URL is $spoAdminUrl"
    return $spoAdminUrl

function Get-AzureADDLL
    [array]$AzureADModules = Get-Module -ListAvailable | Where-Object{$ -eq "AzureAD" -or $ -eq "AzureADPreview"}
    if($AzureADModules.count -eq 0)
        Throw "Can't find Azure AD DLL. Install the module manually 'Install-Module AzureAD'"
        $AzureDLL = Join-Path (($AzureADModules | Sort-Object version -Descending | Select-Object -first 1).Path | split-Path) Microsoft.IdentityModel.Clients.ActiveDirectory.dll
        Return $AzureDLL


function Get-TenantLoginEndPoint
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $false)]
        $LoginSource = "EvoSTS"
    $TenantInfo = @{}
    if($LoginSource -eq "EvoSTS")
        $webrequest = Invoke-WebRequest -Uri$($TenantName)/.well-known/openid-configuration -UseBasicParsing
    else {
        $webrequest = Invoke-WebRequest -Uri$($TenantName)/.well-known/openid-configuration -UseBasicParsing
    if ($webrequest.StatusCode -eq 200)
        $TenantInfo = $webrequest.Content |ConvertFrom-Json
    Return $TenantInfo

function New-ADALServiceInfo
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $false)]
        $LoginSource = "EvoSTS"
    $AzureADDLL = Get-AzureADDLL
        Throw "Can't find Azure AD DLL"
        $tMod = [System.Reflection.Assembly]::LoadFrom($AzureADDLL)
    $TenantInfo = Get-TenantLoginEndPoint -TenantName $TenantName
        Throw "Can't find Tenant Login Endpoint"
        [string] $authority = $TenantInfo.authorization_endpoint
    $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto
    $Service["authContext"] = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
    $Service["platformParam"] = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $PromptBehavior
    $Service["userId"] = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList $UserPrincipalName, "OptionalDisplayableId"
    Return $Service

function Get-AuthHeader
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $True)]
        [Parameter(Mandatory = $True)]
    if($null -eq $Global:ADALServicePoint)
        $TenantName = $UserPrincipalName.split("@")[1]
        $Global:ADALServicePoint = New-ADALServiceInfo -TenantName $TenantName -UserPrincipalName $UserPrincipalName

        Write-Debug "Looking for a refresh token"
        $authResult = $Global:ADALServicePoint.authContext.AcquireTokenSilentAsync($RessourceURI, $clientId)
        if($null -eq $authResult.result)
            Write-Debug "Creating a new Token"
            $authResult = $Global:ADALServicePoint.authContext.AcquireTokenAsync($RessourceURI, $clientId, $RedirectURI, $Global:ADALServicePoint.platformParam, $Global:ADALServicePoint.userId)
        Throw "Can't create Authorization header"
    Return $AuthHeader