public/Connect-MyCorp.ps1
|
function Connect-MyCorp { <# .SYNOPSIS Connect to Microsoft 365 services (Graph, Azure, Exchange Online, Teams) using the required scopes. .DESCRIPTION This cmdlet connects to Microsoft Graph and other Microsoft 365 services used by the MyCorp assessment toolkit. By default, it attempts to connect to all supported services unless otherwise specified. If you are already connected manually using Connect-MgGraph, this cmdlet is optional. .EXAMPLE Connect-MyCorp Connects to all supported Microsoft services: Graph, Azure, Exchange Online, Security & Compliance, and Teams. .EXAMPLE Connect-MyCorp -Service Graph,Teams .EXAMPLE Connect-MyCorp -Privileged Connects to Graph using elevated PIM scopes. .EXAMPLE Connect-MyCorp -UseDeviceCode Uses device code flow for login (useful for non-interactive environments). #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '', Justification = 'Color output intended')] [Alias('Connect-MyCorpGraph', 'Connect-MtMyCorp')] [CmdletBinding()] param( [switch] $SendMail, [switch] $SendTeamsMessage, [switch] $Privileged, [switch] $UseDeviceCode, [ValidateSet('China', 'Germany', 'Global', 'USGov', 'USGovDoD')] [string]$Environment = 'Global', [ValidateSet('AzureChinaCloud', 'AzureCloud', 'AzureUSGovernment')] [string]$AzureEnvironment = 'AzureCloud', [ValidateSet('O365China', 'O365Default', 'O365GermanyCloud', 'O365USGovDoD', 'O365USGovGCCHigh')] [string]$ExchangeEnvironmentName = 'O365Default', [ValidateSet('TeamsChina', 'TeamsGCCH', 'TeamsDOD')] [string]$TeamsEnvironmentName = $null, [ValidateSet('All', 'Azure', 'ExchangeOnline', 'Graph', 'SecurityCompliance', 'Teams')] [string[]]$Service = 'Graph', [string]$TenantId ) # # Write selected services to MyCorp session variable # $__MyCorpSession.Connections = $Service # # Determine import sequence for modules # $OrderedImport = Get-ModuleImportOrder -Name @( 'Az.Accounts', 'ExchangeOnlineManagement', 'Microsoft.Graph.Authentication', 'MicrosoftTeams' ) switch ($OrderedImport.Name) { ############################################################################### # AZURE ############################################################################### 'Az.Accounts' { if ($Service -contains 'Azure' -or $Service -contains 'All') { Write-Verbose 'Connecting to Microsoft Azure' try { if ($TenantId) { Connect-AzAccount -SkipContextPopulation -UseDeviceAuthentication:$UseDeviceCode -Environment $AzureEnvironment -Tenant $TenantId } else { Connect-AzAccount -SkipContextPopulation -UseDeviceAuthentication:$UseDeviceCode -Environment $AzureEnvironment } } catch [Management.Automation.CommandNotFoundException] { Write-Host "`nAzure PowerShell module not installed." -ForegroundColor Red Write-Host "Install-Module Az.Accounts -Scope CurrentUser`n" -ForegroundColor Yellow } } } ############################################################################### # EXCHANGE ONLINE + SECURITY & COMPLIANCE ############################################################################### 'ExchangeOnlineManagement' { $ExchangeWarningIssued = $false if ($Service -contains 'ExchangeOnline' -or $Service -contains 'All') { Write-Verbose 'Connecting to Exchange Online' try { if ($UseDeviceCode -and $PSVersionTable.PSEdition -eq 'Desktop') { Write-Host 'Exchange Online PowerShell in Windows PowerShell does not support device code flow.' -ForegroundColor Red Write-Host 'Use PowerShell Core for device code login.' -ForegroundColor Yellow } elseif ($UseDeviceCode) { Connect-ExchangeOnline -ShowBanner:$false -Device:$UseDeviceCode -ExchangeEnvironmentName $ExchangeEnvironmentName } else { Connect-ExchangeOnline -ShowBanner:$false -ExchangeEnvironmentName $ExchangeEnvironmentName } } catch [Management.Automation.CommandNotFoundException] { Write-Host "`nExchange Online module missing." -ForegroundColor Red Write-Host "Install-Module ExchangeOnlineManagement -Scope CurrentUser`n" -ForegroundColor Yellow $ExchangeWarningIssued = $true } } # # Security & Compliance Center # if ($Service -contains 'SecurityCompliance' -or $Service -contains 'All') { $Environments = @{ 'O365China' = @{ ConnectionUri = 'https://ps.compliance.protection.partner.outlook.cn/powershell-liveid' AuthZEndpointUri = 'https://login.chinacloudapi.cn/common' } 'O365GermanyCloud' = @{ ConnectionUri = 'https://ps.compliance.protection.outlook.com/powershell-liveid/' AuthZEndpointUri = 'https://login.microsoftonline.com/common' } 'O365Default' = @{ ConnectionUri = 'https://ps.compliance.protection.outlook.com/powershell-liveid/' AuthZEndpointUri = 'https://login.microsoftonline.com/common' } 'O365USGovGCCHigh' = @{ ConnectionUri = 'https://ps.compliance.protection.office365.us/powershell-liveid/' AuthZEndpointUri = 'https://login.microsoftonline.us/common' } 'O365USGovDoD' = @{ ConnectionUri = 'https://l5.ps.compliance.protection.office365.us/powershell-liveid/' AuthZEndpointUri = 'https://login.microsoftonline.us/common' } } Write-Verbose 'Connecting to Security & Compliance Center' if ($Service -notcontains 'ExchangeOnline' -and $Service -notcontains 'All') { Write-Host "`nSecurity & Compliance requires ExchangeOnline module." -ForegroundColor Red } else { if ($UseDeviceCode) { Write-Host "`nSCC PowerShell does not support device code flow." -ForegroundColor Red } else { try { $EnvConfig = $Environments[$ExchangeEnvironmentName] Connect-IPPSSession -BypassMailboxAnchoring -ConnectionUri $EnvConfig.ConnectionUri -AzureADAuthorizationEndpointUri $EnvConfig.AuthZEndpointUri -ShowBanner:$false } catch [Management.Automation.CommandNotFoundException] { if (-not $ExchangeWarningIssued) { Write-Host "`nExchange Online module missing." -ForegroundColor Red Write-Host "Install-Module ExchangeOnlineManagement -Scope CurrentUser`n" -ForegroundColor Yellow } } } } } } ############################################################################### # MICROSOFT GRAPH ############################################################################### 'Microsoft.Graph.Authentication' { if ($Service -contains 'Graph' -or $Service -contains 'All') { Write-Verbose 'Connecting to Microsoft Graph' try { $Scopes = Get-MyCorpGraphScope -SendMail:$SendMail -SendTeamsMessage:$SendTeamsMessage -Privileged:$Privileged if ($TenantId) { Connect-MgGraph -Scopes $Scopes -NoWelcome -UseDeviceCode:$UseDeviceCode -Environment $Environment -TenantId $TenantId } else { Connect-MgGraph -Scopes $Scopes -NoWelcome -UseDeviceCode:$UseDeviceCode -Environment $Environment $TenantId = (Get-MgContext).TenantId } } catch [Management.Automation.CommandNotFoundException] { Write-Host "`nMicrosoft Graph module missing." -ForegroundColor Red Write-Host "Install-Module Microsoft.Graph.Authentication -Scope CurrentUser`n" -ForegroundColor Yellow } } } ############################################################################### # MICROSOFT TEAMS ############################################################################### 'MicrosoftTeams' { if ($Service -contains 'Teams' -or $Service -contains 'All') { Write-Verbose 'Connecting to Microsoft Teams' try { if ($UseDeviceCode) { Connect-MicrosoftTeams -UseDeviceAuthentication } elseif ($TeamsEnvironmentName) { Connect-MicrosoftTeams -TeamsEnvironmentName $TeamsEnvironmentName > $null } else { Connect-MicrosoftTeams > $null } } catch [Management.Automation.CommandNotFoundException] { Write-Host "`nMicrosoft Teams module missing." -ForegroundColor Red Write-Host "Install-Module MicrosoftTeams -Scope CurrentUser`n" -ForegroundColor Yellow } } } } # end switch } # end function |