public/New-MdeServicePrincipal.ps1
|
#Requires -PSEdition Core #Requires -Version 7.0 <# .SYNOPSIS Creates a service principal (app registration) for Defender for Endpoint. .DESCRIPTION Creates a service principal (app registration) for Defender for Endpoint with a given set of permissions to interact with MDE. .NOTES Author: Jan-Henrik Damaschke .PARAMETER name Optional. Service principal name, defaults to 'PSMDE'. .PARAMETER permissions Optional. Service principal permissions, defaults to 'read'. Possible values are 'read', 'readwrite'. Assigns either all 'Read' or all 'ReadWrite' permissions to the new service principal. .PARAMETER delegated Optional. If defined, the service principal will be created with delegated, not with application permissions. .PARAMETER initialize Optional. If defined, a secret will be generated and the service principal details will be handed over to Set-MdeAuthorizationInfo. .PARAMETER dontOpenGrantUrl Optional. If defined, it will not open a browser after the service principal was created to grant permissions. .LINK https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide .EXAMPLE New-MdeServicePrincipal -name 'PSMDE-SP' -permissions 'read' -delegated .EXAMPLE New-MdeServicePrincipal -permissions 'readwrite' -initialize .EXAMPLE New-MdeServicePrincipal -dontOpenGrantUrl #> function New-MdeServicePrincipal { [CmdletBinding()] param ( [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [string] $name = 'PSMDE', [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [ValidateSet('read', 'readwrite')] [string] $permissions = 'read', [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $delegated, [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $initialize, [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $dontOpenGrantUrl ) Begin { $mdeIdAppId = 'fc780465-2017-40d4-a0c5-307022471b92' $applicationReadRoles = @( @{name = 'AdvancedQuery.Read.All'; id = '93489bf5-0fbc-4f2d-b901-33f2fe08ff05' } @{name = 'Alert.Read.All'; id = '71fe6b80-7034-4028-9ed8-0f316df9c3ff' } @{name = 'File.Read.All'; id = '8788f1a9-beca-4e26-ba58-10513f3b896f' } @{name = 'Ip.Read.All'; id = '47bf842d-354b-49ef-b741-3a6dd815bc13' } @{name = 'Machine.Read.All'; id = 'ea8291d3-4b9a-44b5-bc3a-6cea3026dc79' } @{name = 'RemediationTasks.Read.All'; id = '6a33eedf-ba73-4e5a-821b-f057ef63853a' } @{name = 'Score.Read.All'; id = '02b005dd-f804-43b4-8fc7-078460413f74' } @{name = 'SecurityBaselinesAssessment.Read.All'; id = 'e870c0c1-c1a2-41ca-948e-a33912d2d3f0' } @{name = 'SecurityConfiguration.Read.All'; id = '227f2ea0-c2c2-4428-b7af-9ff40f1a720e' } @{name = 'SecurityRecommendation.Read.All'; id = '6443965c-7dd2-4cfd-b38f-bb7772bee163' } @{name = 'Software.Read.All'; id = '37f71c98-d198-41ae-964d-2c49aab74926' } @{name = 'Ti.Read.All'; id = '528ca142-c849-4a5b-935e-10b8b9c38a84' } @{name = 'Url.Read.All'; id = '721af526-ffa8-42d7-9b84-1a56244dd99d' } @{name = 'User.Read.All'; id = 'a833834a-4cf1-4732-8acf-bbcfa13fb610' } @{name = 'Vulnerability.Read.All'; id = '41269fc5-d04d-4bfd-bce7-43a51cea049a' } ) $applicationReadWriteRoles = @( @{name = 'AdvancedQuery.Read.All'; id = '93489bf5-0fbc-4f2d-b901-33f2fe08ff05' } @{name = 'Alert.ReadWrite.All'; id = '0f7000ec-157b-497f-b70e-ef0b0584f140' } @{name = 'Event.Write'; id = '84ddd701-5fac-4c30-b0ad-aa73a67bea1a' } @{name = 'File.Read.All'; id = '8788f1a9-beca-4e26-ba58-10513f3b896f' } @{name = 'IntegrationConfiguration.ReadWrite'; id = '7c6f6912-60e9-4fcd-bb2a-c25bc35e8c59' } @{name = 'Ip.Read.All'; id = '47bf842d-354b-49ef-b741-3a6dd815bc13' } @{name = 'Library.Manage'; id = '41d209c7-2511-4fc9-b899-8008a3976f09' } @{name = 'Machine.ReadWrite.All'; id = 'aa027352-232b-4ed4-b963-a705fc4d6d2c' } @{name = 'RemediationTasks.Read.All'; id = '6a33eedf-ba73-4e5a-821b-f057ef63853a' } @{name = 'Score.Read.All'; id = '02b005dd-f804-43b4-8fc7-078460413f74' } @{name = 'SecurityBaselinesAssessment.Read.All'; id = 'e870c0c1-c1a2-41ca-948e-a33912d2d3f0' } @{name = 'SecurityConfiguration.ReadWrite.All'; id = 'e5e05709-32a3-4c85-89c8-67596eb94f24' } @{name = 'SecurityRecommendation.Read.All'; id = '6443965c-7dd2-4cfd-b38f-bb7772bee163' } @{name = 'Software.Read.All'; id = '37f71c98-d198-41ae-964d-2c49aab74926' } @{name = 'Ti.ReadWrite.All'; id = 'fc511a58-3adf-4d71-af24-00f13e35e479' } @{name = 'Url.Read.All'; id = '721af526-ffa8-42d7-9b84-1a56244dd99d' } @{name = 'User.Read.All'; id = 'a833834a-4cf1-4732-8acf-bbcfa13fb610' } @{name = 'Vulnerability.Read.All'; id = '41269fc5-d04d-4bfd-bce7-43a51cea049a' } ) $delegatedReadRoles = @( @{name = 'AdvancedQuery.Read'; id = '1fb6e712-1bd9-4184-b1c0-5e71e759196b' } @{name = 'Alert.Read'; id = 'b2069dc0-9fe9-4e6d-9aca-ccf3dd503819' } @{name = 'File.Read.All'; id = '8fce64a0-67c8-4e39-8f47-cac9ff7e13bb' } @{name = 'Ip.Read.All'; id = 'b65a97e8-c8e8-4908-b19a-f654615de1a9' } @{name = 'Machine.Read'; id = 'fbd3d33a-b1f5-4573-906c-51b39682fbcf' } @{name = 'RemediationTasks.Read'; id = '19956c04-168f-4f44-b471-48c8f50dc0c8' } @{name = 'Score.Read'; id = 'df4ed126-3a4c-460a-b0fc-67aea84fc332' } @{name = 'SecurityBaselinesAssessment.Read'; id = 'd42e2aa1-a664-43a9-b7c6-2766d44a6687' } @{name = 'SecurityConfiguration.Read'; id = '4ac83e46-552f-4948-91c2-f7eaff971018' } @{name = 'SecurityRecommendation.Read'; id = '1ab96238-1253-4059-a32f-4087f20ed65d' } @{name = 'Software.Read'; id = '5f216ada-3f51-4a22-ace5-06b198328476' } @{name = 'Url.Read.All'; id = '42b4777c-6196-49ad-9cfc-207e73f2eb61' } @{name = 'User.Read.All'; id = 'ffd6563e-842b-4cfc-b349-06006e0473a3' } @{name = 'Vulnerability.Read'; id = '63a677ce-818c-4409-9d12-5c6d2e2a6bfe' } ) $delegatedReadWriteRoles = @( @{name = 'AdvancedQuery.Read'; id = '1fb6e712-1bd9-4184-b1c0-5e71e759196b' } @{name = 'Alert.ReadWrite'; id = 'cbc3b413-21e6-416d-95a4-af87687efbd0' } @{name = 'File.Read.All'; id = '8fce64a0-67c8-4e39-8f47-cac9ff7e13bb' } @{name = 'IntegrationConfiguration.ReadWrite'; id = '7c6f6912-60e9-4fcd-bb2a-c25bc35e8c59' } @{name = 'Ip.Read.All'; id = 'b65a97e8-c8e8-4908-b19a-f654615de1a9' } @{name = 'Library.Manage'; id = '5998a3da-2c9b-4bf3-99bd-44c9fe337ad2' } @{name = 'Machine.ReadWrite'; id = 'f6846c57-9e3c-4a65-81aa-2f5e09ff4f0b' } @{name = 'RemediationTasks.Read'; id = '19956c04-168f-4f44-b471-48c8f50dc0c8' } @{name = 'Score.Read'; id = 'df4ed126-3a4c-460a-b0fc-67aea84fc332' } @{name = 'SecurityBaselinesAssessment.Read'; id = 'd42e2aa1-a664-43a9-b7c6-2766d44a6687' } @{name = 'SecurityConfiguration.ReadWrite'; id = 'bfc81a3a-4f6d-4bfe-b945-d7fe6747d2a0' } @{name = 'SecurityRecommendation.Read'; id = '1ab96238-1253-4059-a32f-4087f20ed65d' } @{name = 'Software.Read'; id = '5f216ada-3f51-4a22-ace5-06b198328476' } @{name = 'Ti.ReadWrite'; id = '650ff1f9-dd5f-48ee-8c58-7beef332c818' } @{name = 'Url.Read.All'; id = '42b4777c-6196-49ad-9cfc-207e73f2eb61' } @{name = 'User.Read.All'; id = 'ffd6563e-842b-4cfc-b349-06006e0473a3' } @{name = 'Vulnerability.Read'; id = '63a677ce-818c-4409-9d12-5c6d2e2a6bfe' } ) try { Get-Command Get-AzContext -ErrorAction Stop } catch { Throw 'Az module not found, please install it and connect to Azure.' } $context = (Get-AzContext) } Process { if ($context) { $sp = New-AzADServicePrincipal -DisplayName $name # Wait for Azure AD Write-Verbose 'Waiting 5 seconds for the app to be available in Azure AD' Start-Sleep -Seconds 5 $sp = Get-AzADApplication -ApplicationId $sp.AppId if ($delegated) { $permissionSet = $permissions -eq 'read' ? $delegatedReadRoles : $delegatedReadWriteRoles foreach ($permission in $permissionSet) { Add-AzADAppPermission -ObjectId $sp.Id -ApiId $mdeIdAppId -PermissionId $permission.id -Type Scope } } else { $permissionSet = $permissions -eq 'read' ? $applicationReadRoles : $applicationReadWriteRoles foreach ($permission in $permissionSet) { Add-AzADAppPermission -ObjectId $sp.Id -ApiId $mdeIdAppId -PermissionId $permission.id -Type Role } } # Wait for Azure AD Write-Verbose 'Waiting 5 seconds for the app permissions to be applied in Azure AD' Start-Sleep -Seconds 5 if ($initialize) { $secret = $sp | New-AzADAppCredential -EndDate (Get-Date).AddDays(30) Set-MdeAuthorizationInfo -tenantId $context.Tenant.Id -appId $sp.AppId -appSecret $secret.SecretText -noTokenRefresh $script:initialize = $true } $grantUrl = "https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/CallAnAPI/appId/$($sp.AppId)" if (-not $dontOpenGrantUrl) { Start-Process $grantUrl } Write-Output "Please grant consent for the provided API permissions. The first execution of a function can take a few seconds, as the grants are not immediatly available." return @{ servicePrincipalName = $sp.DisplayName servicePrincipalId = $sp.Id servicePrincipalApplicationId = $sp.AppId servicePrincipalTenantId = $context.Tenant.Id servicePrincipalSecret = ${secret}?.SecretText servicePrincipalSecretExpiration = ${secret}?.EndDateTime servicePrincipalPermissionsUrl = $grantUrl } } else { Throw 'No active Az session found, please run Connect-AzAccount first.' } } End {} } # SIG # Begin signature block # MIImwgYJKoZIhvcNAQcCoIImszCCJq8CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUD+HJL80pGA1eysk/xc2eAy1r # QYmggh/UMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw # MFoXDTI4MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp # Z28gTGltaXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n # IFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIE # JHQu/xYjApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7 # fbu2ir29BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGr # YbNzszwLDO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTH # qi0Eq8Nq6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv # 64IplXCN/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2J # mRCxrds+LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0P # OM1nqFOI+rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXy # bGWfv1VbHJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyhe # Be6QTHrnxvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXyc # uu7D1fkKdvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7id # FT/+IAx1yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQY # MBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJw # IDaRXBeF5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE # DDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1Ud # HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmlj # YXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3Sa # mES4aUa1qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+ # BtlcY2fUQBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8 # ZsBRNraJAlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx # 2jLsFeSmTD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyo # XZ3JHFuu2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p # 1FiAhORFe1rYMIIGGjCCBAKgAwIBAgIQYh1tDFIBnjuQeRUgiSEcCjANBgkqhkiG # 9w0BAQwFADBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYw # HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBUMQswCQYDVQQGEwJHQjEY # MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1Ymxp # YyBDb2RlIFNpZ25pbmcgQ0EgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB # igKCAYEAmyudU/o1P45gBkNqwM/1f/bIU1MYyM7TbH78WAeVF3llMwsRHgBGRmxD # eEDIArCS2VCoVk4Y/8j6stIkmYV5Gej4NgNjVQ4BYoDjGMwdjioXan1hlaGFt4Wk # 9vT0k2oWJMJjL9G//N523hAm4jF4UjrW2pvv9+hdPX8tbbAfI3v0VdJiJPFy/7Xw # iunD7mBxNtecM6ytIdUlh08T2z7mJEXZD9OWcJkZk5wDuf2q52PN43jc4T9OkoXZ # 0arWZVeffvMr/iiIROSCzKoDmWABDRzV/UiQ5vqsaeFaqQdzFf4ed8peNWh1OaZX # nYvZQgWx/SXiJDRSAolRzZEZquE6cbcH747FHncs/Kzcn0Ccv2jrOW+LPmnOyB+t # AfiWu01TPhCr9VrkxsHC5qFNxaThTG5j4/Kc+ODD2dX/fmBECELcvzUHf9shoFvr # n35XGf2RPaNTO2uSZ6n9otv7jElspkfK9qEATHZcodp+R4q2OIypxR//YEb3fkDn # 3UayWW9bAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBQy65Ka/zWWSC8oQEJwIDaR # XBeF5jAdBgNVHQ4EFgQUDyrLIIcouOxvSK4rVKYpqhekzQwwDgYDVR0PAQH/BAQD # AgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwGwYD # VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAEEATBLBgNVHR8ERDBCMECgPqA8hjpodHRw # Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RS # NDYuY3JsMHsGCCsGAQUFBwEBBG8wbTBGBggrBgEFBQcwAoY6aHR0cDovL2NydC5z # ZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290UjQ2LnA3YzAj # BggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEM # BQADggIBAAb/guF3YzZue6EVIJsT/wT+mHVEYcNWlXHRkT+FoetAQLHI1uBy/YXK # ZDk8+Y1LoNqHrp22AKMGxQtgCivnDHFyAQ9GXTmlk7MjcgQbDCx6mn7yIawsppWk # vfPkKaAQsiqaT9DnMWBHVNIabGqgQSGTrQWo43MOfsPynhbz2Hyxf5XWKZpRvr3d # MapandPfYgoZ8iDL2OR3sYztgJrbG6VZ9DoTXFm1g0Rf97Aaen1l4c+w3DC+IkwF # kvjFV3jS49ZSc4lShKK6BrPTJYs4NG1DGzmpToTnwoqZ8fAmi2XlZnuchC4NPSZa # PATHvNIzt+z1PHo35D/f7j2pO1S8BCysQDHCbM5Mnomnq5aYcKCsdbh0czchOm8b # kinLrYrKpii+Tk7pwL7TjRKLXkomm5D1Umds++pip8wH2cQpf93at3VDcOK4N7Ew # oIJB0kak6pSzEu4I64U6gZs7tS/dGNSljf2OSSnRr7KWzq03zl8l75jy+hOds9TW # SenLbjBQUGR96cFr6lEUfAIEHVC1L68Y1GGxx4/eRI82ut83axHMViw1+sVpbPxg # 51Tbnio1lB93079WPFnYaOvfGAA0e0zcfF/M9gXr+korwQTh2Prqooq2bYNMvUoU # KD85gnJ+t0smrWrb8dee2CvYZXD5laGtaAxOfy/VKNmwuWuAh9kcMIIGVjCCBL6g # AwIBAgIQSLErKd7D+K4bkReO90aFWDANBgkqhkiG9w0BAQwFADBUMQswCQYDVQQG # EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdv # IFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2MB4XDTIyMDkxNDAwMDAwMFoXDTI1 # MDkxMzIzNTk1OVowTzELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0hhbWJ1cmcxFjAU # BgNVBAoMDVZpc29yaWFuIEdtYkgxFjAUBgNVBAMMDVZpc29yaWFuIEdtYkgwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/SsWhmbM7lO+pge5iLxuq3kXF # 3xvbHU34E1wluLQOVC/A66AKKPo89E04zwAqqezN62flVYk9Xc+vFzNyy7I8wqq5 # vWojRnS7xW+QbFqJYxxHuGRiWEnt90p/wBrnq98Fl8JcmCKSDy/mUVAj+Lmq6WsU # ph81PJMwC6T9POxk9/9k5I49Q8bBm5Yjx7yBTanHfdupCCFBgTFyJs9K4XLzva1I # lCiMSYUxPRED0Dv8jVKdWnz3dbt00esUtubx5lD3YHdW6pYUR0hvJEi50G3sSqZ8 # Mebjts3+0PmEvHIR2aKvG/stx4jMngnBfwmeNbzWjwmqp4Qa4EGwv4Abs4hyK/kT # erQua3IcXOgJqbblfxSoFDai14aCUGs2zxornoXhoYtjBj6XYgVS5eVME874hJLJ # EZENiukta9r4IYOqnKglj+fwJrvEyx2INTELz99Ha074I8lG8ZJzNhuCqH6XgMUn # 3EyOHMzbCrw1uDn0JDlhFX0sdaGXtopPgweIHbS87rcJc/tRSGhDG0YHqQWvxi9r # Rb+v0L3KRYvtwih/VfpjQyFHFzcArDxKyrQ2SyGJ2ta0/Exl1dkYoTkVDm8R8f/2 # dG/VhTgvnDV1zW/SFRLwQAg/qmy6wpgK78338G+xCX47iauFtj2TAvw6sWB8jhwL # xBvqvkP+r84HNB8KhQIDAQABo4IBpzCCAaMwHwYDVR0jBBgwFoAUDyrLIIcouOxv # SK4rVKYpqhekzQwwHQYDVR0OBBYEFEHuYVgbSyoXa7Xei0crFprgrkXEMA4GA1Ud # DwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEoG # A1UdIARDMEEwNQYMKwYBBAGyMQECAQMCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8v # c2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEATBJBgNVHR8EQjBAMD6gPKA6hjhodHRw # Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ0NBUjM2 # LmNybDB5BggrBgEFBQcBAQRtMGswRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQuc2Vj # dGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3J0MCMGCCsG # AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAcBgNVHREEFTATgRFpbmZv # QHZpc29yaWFuLmNvbTANBgkqhkiG9w0BAQwFAAOCAYEASbJLCqUl82MPxtVDdBxd # sOBCbYWxMvc4A9a/L+cuES3FYnBEa9jmA8o23+kvy2LZS3GeAU1AnNYkg2TAF+Oh # fPDUviHUZDM/JgvCUF1ZmAvi6nLLBxvxfRxhGoUCkjaKIzDpPHZia6e/Jl9Xxthe # GtCR9epTBuizMZTCTUvNPxY+Tm9L4EKHRsRBv8NkeuTKQpnGYfrHeKz/hVUeS4IS # sTyv+xg7/nBITBSosfB79XDORaoNBxpqrSZLrpZV5OHIH2IGxRKKHyLVVCQAzriK # +OV1EGBSmknqDarNbgtzU94iULYu15a1/PElzK7qB2i76FmLMMBVb9NVuXTfgMgT # VzWfMs4mdsdOg7dcPxKpK2nViPbY3JQQVx8aKX+gJwWajuELP/JSE6nPYPSrwMLT # xXRQ7AiScBTf6J3EeWq71AEUTSZ4/FImjbv0hDfnoSCr/6SRxc4it/kjXyJKXF1p # VVbuEFsgyZpmxlSM3jSR9R02TrDR0q95oC/6eSwGxfwPMIIG7DCCBNSgAwIBAgIQ # MA9vrN1mmHR8qUY2p3gtuTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYD # VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBS # U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTkwNTAyMDAwMDAwWhcNMzgw # MTE4MjM1OTU5WjB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5j # aGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 # ZWQxJTAjBgNVBAMTHFNlY3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgQ0EwggIiMA0G # CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDIGwGv2Sx+iJl9AZg/IJC9nIAhVJO5 # z6A+U++zWsB21hoEpc5Hg7XrxMxJNMvzRWW5+adkFiYJ+9UyUnkuyWPCE5u2hj8B # BZJmbyGr1XEQeYf0RirNxFrJ29ddSU1yVg/cyeNTmDoqHvzOWEnTv/M5u7mkI0Ks # 0BXDf56iXNc48RaycNOjxN+zxXKsLgp3/A2UUrf8H5VzJD0BKLwPDU+zkQGObp0n # dVXRFzs0IXuXAZSvf4DP0REKV4TJf1bgvUacgr6Unb+0ILBgfrhN9Q0/29DqhYyK # VnHRLZRMyIw80xSinL0m/9NTIMdgaZtYClT0Bef9Maz5yIUXx7gpGaQpL0bj3duR # X58/Nj4OMGcrRrc1r5a+2kxgzKi7nw0U1BjEMJh0giHPYla1IXMSHv2qyghYh3ek # FesZVf/QOVQtJu5FGjpvzdeE8NfwKMVPZIMC1Pvi3vG8Aij0bdonigbSlofe6GsO # 8Ft96XZpkyAcSpcsdxkrk5WYnJee647BeFbGRCXfBhKaBi2fA179g6JTZ8qx+o2h # ZMmIklnLqEbAyfKm/31X2xJ2+opBJNQb/HKlFKLUrUMcpEmLQTkUAx4p+hulIq6l # w02C0I3aa7fb9xhAV3PwcaP7Sn1FNsH3jYL6uckNU4B9+rY5WDLvbxhQiddPnTO9 # GrWdod6VQXqngwIDAQABo4IBWjCCAVYwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHY # m8Cd8rIDZsswHQYDVR0OBBYEFBqh+GEZIA/DQXdFKI7RNV8GEgRVMA4GA1UdDwEB # /wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMI # MBEGA1UdIAQKMAgwBgYEVR0gADBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3Js # LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0 # eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVz # ZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUH # MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIB # AG1UgaUzXRbhtVOBkXXfA3oyCy0lhBGysNsqfSoF9bw7J/RaoLlJWZApbGHLtVDb # 4n35nwDvQMOt0+LkVvlYQc/xQuUQff+wdB+PxlwJ+TNe6qAcJlhc87QRD9XVw+K8 # 1Vh4v0h24URnbY+wQxAPjeT5OGK/EwHFhaNMxcyyUzCVpNb0llYIuM1cfwGWvnJS # ajtCN3wWeDmTk5SbsdyybUFtZ83Jb5A9f0VywRsj1sJVhGbks8VmBvbz1kteraMr # Qoohkv6ob1olcGKBc2NeoLvY3NdK0z2vgwY4Eh0khy3k/ALWPncEvAQ2ted3y5wu # jSMYuaPCRx3wXdahc1cFaJqnyTdlHb7qvNhCg0MFpYumCf/RoZSmTqo9CfUFbLfS # ZFrYKiLCS53xOV5M3kg9mzSWmglfjv33sVKRzj+J9hyhtal1H3G/W0NdZT1QgW6r # 8NDT/LKzH7aZlib0PHmLXGTMze4nmuWgwAxyh8FuTVrTHurwROYybxzrF06Uw3hl # IDsPQaof6aFBnf6xuKBlKjTg3qj5PObBMLvAoGMs/FwWAKjQxH/qEZ0eBsambTJd # tDgJK0kHqv3sMNrxpy/Pt/360KOE2See+wFmd7lWEOEgbsausfm2usg1XTN2jvF8 # IAwqd661ogKGuinutFoAsYyr4/kKyVRd1LlqdJ69SK6YMIIG9TCCBN2gAwIBAgIQ # OUwl4XygbSeoZeI72R0i1DANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJHQjEb # MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgw # FgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNlY3RpZ28gUlNBIFRp # bWUgU3RhbXBpbmcgQ0EwHhcNMjMwNTAzMDAwMDAwWhcNMzQwODAyMjM1OTU5WjBq # MQswCQYDVQQGEwJHQjETMBEGA1UECBMKTWFuY2hlc3RlcjEYMBYGA1UEChMPU2Vj # dGlnbyBMaW1pdGVkMSwwKgYDVQQDDCNTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5n # IFNpZ25lciAjNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKSTKFJL # zyeHdqQpHJk4wOcO1NEc7GjLAWTkis13sHFlgryf/Iu7u5WY+yURjlqICWYRFFiy # uiJb5vYy8V0twHqiDuDgVmTtoeWBIHIgZEFsx8MI+vN9Xe8hmsJ+1yzDuhGYHvzT # IAhCs1+/f4hYMqsws9iMepZKGRNcrPznq+kcFi6wsDiVSs+FUKtnAyWhuzjpD2+p # WpqRKBM1uR/zPeEkyGuxmegN77tN5T2MVAOR0Pwtz1UzOHoJHAfRIuBjhqe+/dKD # cxIUm5pMCUa9NLzhS1B7cuBb/Rm7HzxqGXtuuy1EKr48TMysigSTxleGoHM2K4GX # +hubfoiH2FJ5if5udzfXu1Cf+hglTxPyXnypsSBaKaujQod34PRMAkjdWKVTpqOg # 7RmWZRUpxe0zMCXmloOBmvZgZpBYB4DNQnWs+7SR0MXdAUBqtqgQ7vaNereeda/T # pUsYoQyfV7BeJUeRdM11EtGcb+ReDZvsdSbu/tP1ki9ShejaRFEqoswAyodmQ6Mb # AO+itZadYq0nC/IbSsnDlEI3iCCEqIeuw7ojcnv4VO/4ayewhfWnQ4XYKzl021p3 # AtGk+vXNnD3MH65R0Hts2B0tEUJTcXTC5TWqLVIS2SXP8NPQkUMS1zJ9mGzjd0HI # /x8kVO9urcY+VXvxXIc6ZPFgSwVP77kv7AkTAgMBAAGjggGCMIIBfjAfBgNVHSME # GDAWgBQaofhhGSAPw0F3RSiO0TVfBhIEVTAdBgNVHQ4EFgQUAw8xyJEqk71j89Fd # TaQ0D9KVARgwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/ # BAwwCgYIKwYBBQUHAwgwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwgwJTAjBggr # BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQCMEQGA1Ud # HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQVRp # bWVTdGFtcGluZ0NBLmNybDB0BggrBgEFBQcBAQRoMGYwPwYIKwYBBQUHMAKGM2h0 # dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNy # dDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcN # AQEMBQADggIBAEybZVj64HnP7xXDMm3eM5Hrd1ji673LSjx13n6UbcMixwSV32Vp # YRMM9gye9YkgXsGHxwMkysel8Cbf+PgxZQ3g621RV6aMhFIIRhwqwt7y2opF8773 # 9i7Efu347Wi/elZI6WHlmjl3vL66kWSIdf9dhRY0J9Ipy//tLdr/vpMM7G2iDczD # 8W69IZEaIwBSrZfUYngqhHmo1z2sIY9wwyR5OpfxDaOjW1PYqwC6WPs1gE9fKHFs # GV7Cg3KQruDG2PKZ++q0kmV8B3w1RB2tWBhrYvvebMQKqWzTIUZw3C+NdUwjwkHQ # epY7w0vdzZImdHZcN6CaJJ5OX07Tjw/lE09ZRGVLQ2TPSPhnZ7lNv8wNsTow0KE9 # SK16ZeTs3+AB8LMqSjmswaT5qX010DJAoLEZKhghssh9BXEaSyc2quCYHIN158d+ # S4RDzUP7kJd2KhKsQMFwW5kKQPqAbZRhe8huuchnZyRcUI0BIN4H9wHU+C4RzZ2D # 5fjKJRxEPSflsIZHKgsbhHZ9e2hPjbf3E7TtoC3ucw/ZELqdmSx813UfjxDElOZ+ # JOWVSoiMJ9aFZh35rmR2kehI/shVCu0pwx/eOKbAFPsyPfipg2I2yMO+AIccq/pK # QhyJA9z1XHxw2V14Tu6fXiDmCWp8KwijSPUV/ARP380hHHrl9Y4a1LlAMYIGWDCC # BlQCAQEwaDBUMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2AhBI # sSsp3sP4rhuRF473RoVYMAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKAC # gAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsx # DjAMBgorBgEEAYI3AgEVMCMGCSqGSIb3DQEJBDEWBBQJ5GNS6WXmTKz1N5GbOz6w # 78rxUDANBgkqhkiG9w0BAQEFAASCAgAc+aEHqDGIEYnfcEM6MfQSjf5WjlHYLhLR # ajdvc6vFpGDNHYLlku7R93+TpaCNH3GaZge6oUuGBTcSgh2EEy02YWgbt+wYZcaj # gFUn2QtQhh5hmMJr0oCBej8Je8hpG5UY+z+THB6LvMwTeknXHSFmcLe+9r+plBcn # Njc+DP4P/hU/5EiHL1VvEP96N4QKXlDZp92eeBwA8I3+k0rDFmvHnWQsiMNpXNwV # kOXW5LW3mwY+ewEdVa1OQciCMEsdzWL/MTk6pqAZGHhH/AqOeuJ5ETUIcq7ilaB+ # jjpvC8ONP+9k4oqHA6gCM3JzgcoULuToGMG+p6Rswsy2M1nVjtbQhYv1BEwsVbMD # MZV8pQEteOpzl2XgVhmRlOdGy2dIYMsCGJ/atUTgtWmP+IgJk5QUKERX/oy1BfV+ # cGMjcYUAM7BCP3kPsy+/jbnvcdiE6Foh3KERuf9TdVJvSajPQr/NF2Ly1uGdaB2i # fjpFpoGmD6pVVwImpmDQlmoOr6F2wwCR4qLQrzDTlbxdU1s2dk05CdCI+Z6tpsXL # j2jUC/4JISfowQ3/CVABVvBwUqs4rJyGksCtzcROueWYTWGl2qRgsTBgjwaKfWsq # n7V825dvHUnLbNFAhsPUHWdDFzFHcbNW+PL1sINIrQGOzBUVYriIraDJhzl6VqAf # 1YSsMJ0D+qGCA0swggNHBgkqhkiG9w0BCQYxggM4MIIDNAIBATCBkTB9MQswCQYD # VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT # YWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNlY3Rp # Z28gUlNBIFRpbWUgU3RhbXBpbmcgQ0ECEDlMJeF8oG0nqGXiO9kdItQwDQYJYIZI # AWUDBAICBQCgeTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ # BTEPFw0yMzEyMjEwMjE3MTBaMD8GCSqGSIb3DQEJBDEyBDDS0281b9byQqP6kSMY # LN6Xm2+vMRuANlDRfK2dZWIodgowp38ejqAXgd8cSCjVsBowDQYJKoZIhvcNAQEB # BQAEggIALJKZHeiBXoXfXFgbQRqPgyofQn4xieji/WOHSLlG/ptzwGrbjwkqI/NO # 7GBAWVoVosbzATi1gWkzV9Uqwx6lQhn5mIUbYkkKQCTbVfK5FlobIppJVuSDXtir # k5CfTLa9IuW1bxu/qdUzNZINbcKKx6L9kANCMvPykpcI6U5hyvARF0sLckNZGMYo # 3WvLYGBrmY4eeO7jYGz9u1g2ha1TUBgrb/r7zOGEWV40B3wKXWBOC//kscMBa/Fz # Nwy+GxAOfTFMgC9Hdvy9vHiM6xM3yOKBN4WbQ9ozDpRHvyzRjkz6aX7m79MgeESi # atYOa0V3g371d2FYroXsYLs1SmUbq3Y1H/9zR6BUO8UZmrCfYCFRrx/EFezFl42D # C0DauD9vvSFsglPuKubYW/axpmw7azJHDiUMPbD0W4wEtWtjPEzQ5Of5LgaaZb8o # wcMXj8T4II1pMQSUlRiDjynlv0pgq3/CuUxmO89Rio5B6G0+nozQZ+lQvzQkz6Fo # vH3lJpyZT4TcFXGv6BWaJl6RXtRODdtTrn3GDzKWeAYZyb5ToWcauA5h7Lhw4Aqi # 0JBktxYf7+TQdwjtCGvv8u219lcXOxWhR0Uyvnl42i6ApuJZhWeXEhU5r88C7QC1 # 4WI9EZfqjDibXDJN2Pq8zSpBCnOAFAM4zELuYQgeiAV8ow93Qpg= # SIG # End signature block |