Examples/Resources/AADApplication/1-ConfigureAADApplication.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<#
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
#>


Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $credsGlobalAdmin
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADApplication DSCApp1
        {
            DisplayName                = "AppDisplayName"
            AvailableToOtherTenants    = $false
            GroupMembershipClaims      = "0"
            Homepage                   = "https://app.contoso.com"
            IdentifierUris             = "https://app.contoso.com"
            KnownClientApplications    = ""
            LogoutURL                  = "https://app.contoso.com/logout"
            Oauth2AllowImplicitFlow    = $false
            Oauth2AllowUrlPathMatching = $false
            Oauth2RequirePostResponse  = $false
            PublicClient               = $false
            ReplyURLs                  = "https://app.contoso.com"
            SamlMetadataUrl            = ""
            Permissions                = @(
                MSFT_AADApplicationPermission
                {
                    Name                = 'User.Read'
                    Type                = 'Delegated'
                    SourceAPI           = 'Microsoft Graph'
                    AdminConsentGranted = $false
                }
                MSFT_AADApplicationPermission
                {
                    Name                = 'User.ReadWrite.All'
                    Type                = 'Delegated'
                    SourceAPI           = 'Microsoft Graph'
                    AdminConsentGranted = $True
                }
                MSFT_AADApplicationPermission
                {
                    Name                = 'User.Read.All'
                    Type                = 'AppOnly'
                    SourceAPI           = 'Microsoft Graph'
                    AdminConsentGranted = $True
                }
            )
            Ensure                     = "Present"
            GlobalAdminAccount         = $credsGlobalAdmin
        }
    }
}