Posh365

0.9.173

Public/Graph/Register-GraphApplication.ps1

function Register-GraphApplication {
    <#
    .SYNOPSIS
    Register Apps with preset permissions for quick access to graph endpoints

    .DESCRIPTION
    Register Apps with preset permissions for quick access to graph endpoints
    Use those permissions with the connection script, Connect-PoshGraph
    Please check the Azure AD app that this app creates to understand the permissions you have prior to running any commands.

    Make sure you that clearly understand and inspect any script before you run them!!!
    I am not responsible for any data in your tenant. Please test, test and test so more.

    If you want to add or remove permissions you can find your app here:
    https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps

    Please seee examples!

    .PARAMETER Tenant
    Use this to uniquely identify the tenant and permissions.
    You will use this to connect to graph with "Connect-PoshGraph"

    Please see examples!

    .PARAMETER App
    Currently just Intune and Teams to choose from, but more to follow.

    Note: The name of the app in Azure AD will be named Intune + the date/time it was added (but you won't need this information to connect)

    .PARAMETER AddDelegateCredentials
    A GUI will appear, type username and password and click "Export Tenant Credentials"

    .EXAMPLE

    Register-GraphApplication -Tenant Contoso -App Intune

    Connect-PoshGraph -Tenant Contoso

    .EXAMPLE

    Register-GraphApplication -Tenant ContosoIntune -App Intune

    Connect-PoshGraph -Tenant ContosoIntune

    .NOTES
    General notes
    #>
    [CmdletBinding()]
    param (
        [Parameter(Mandatory)]
        $Tenant,

        [Parameter(Mandatory)]
        [ValidateSet('Intune', 'Teams')]
        $App,

        [Parameter()]
        [switch]
        $AddDelegateCredentials
    )

    $PoshPath = Join-Path -Path $Env:USERPROFILE -ChildPath '.Posh365/Credentials/Graph'
    $ItemSplat = @{
        Type        = 'Directory'
        Force       = $true
        ErrorAction = 'SilentlyContinue'
    }
    if (-not (Test-Path $PoshPath)) { New-Item $PoshPath @ItemSplat }
    $TenantPath = Join-Path -Path $PoshPath -ChildPath $Tenant

    if (Test-Path $TenantPath) {
        Write-Host "$TenantPath is already in use" -ForegroundColor Yellow -NoNewline
        $UsePath = Read-Host ". Type 'YES' to overwrite"
        if ($UsePath -ne 'YES') {
            Write-Host "Please rerun your command and choose another name to represent your connection" -ForegroundColor Green
            Write-Host "Perhaps, try appending the the app's function to the company name" -ForegroundColor Green
            Write-Host "For example, Contoso-Intune" -ForegroundColor Green
            return
        }
    }
    if (-not (Test-Path $TenantPath)) { New-Item $TenantPath @ItemSplat }


    Write-Host "`r`nWe will create an Azure AD Application with the " -ForegroundColor Cyan -NoNewline
    Write-Host "$App" -ForegroundColor Green -NoNewLine
    Write-Host " API permission set. Credentials will be encrypted to $TenantPath. Once complete, connect to Graph with: `r`n" -ForegroundColor Cyan
    Write-Host "Connect-PoshGraph " -ForegroundColor Yellow -NoNewline
    Write-Host "-Tenant " -ForegroundColor White -NoNewline
    Write-Host "$Tenant`r`n`r`n" -ForegroundColor Green



    If (-not ($null = Get-Module -Name 'AzureAD', 'AzureADPreview' -ListAvailable)) {
        Write-Host "Installing AzureAD module" -ForegroundColor Cyan
        Install-Module -Name AzureAD -Scope CurrentUser -Force -AllowClobber
        Import-Module -Name AzureAD -force
    }
    If (-not ($null = Get-Command -Name 'Import-TemplateApp')) {
        Write-Host "Installing CloneApp module" -ForegroundColor Cyan
        Install-Module -Name CloneApp -Scope CurrentUser -Force -AllowClobber
        Import-Module -Name CloneApp -force
    }

    Write-Host "Disconnecting any possible connections to Azure AD" -ForegroundColor White
    try { $null = Disconnect-AzureAD -ErrorAction Stop } catch { }
    try {
        Write-Host "Please enter your Azure AD Credentials to login to Azure AD . . . " -ForegroundColor White
        $AzureAD = Connect-AzureAD -ErrorAction Stop
        Write-Host "Connected to Azure AD!" -ForegroundColor Cyan
        Write-Host "Tenant: " -ForegroundColor Green -NoNewline
        Write-Host "$($AzureAD.TenantId)" -ForegroundColor White
        Write-Host "Account: " -ForegroundColor Green -NoNewline
        Write-Host "$($AzureAD.Account)" -ForegroundColor White
    }
    catch {
        Write-Host "Not connected to Azure AD. " -ForegroundColor Yellow -NoNewline
        Write-Host "Please run the same command again and connect to Azure AD." -ForegroundColor Cyan
        return
    }

    $Params = @{
        Name                = $App
        ConsentAction       = 'Both'
        GithubUsername      = 'KevinBlumenfeld'
        GistFilename        = '{0}.xml' -f $App
        SecretDurationYears = 10
        Owner               = ($AzureAD.Account).toString()
    }
    $NewApp = Import-TemplateApp @Params
    $PoshPath = Join-Path -Path $Env:USERPROFILE -ChildPath '.Posh365/Credentials/Graph'

    $ConfigObject = [PSCustomObject]@{
        TenantClientID = $NewApp.ApplicationId
        TenantTenantID = $NewApp.TenantId
        TenantSecret   = $NewApp.Secret | ConvertTo-SecureString -AsPlainText -Force
    }
    $TenantConfig = Join-Path -Path $TenantPath -ChildPath ('{0}Config.xml' -f $Tenant)
    [PSCustomObject]@{
        Cred     = [PSCredential]::new($ConfigObject.TenantTenantID, $ConfigObject.TenantSecret)
        ClientId = $ConfigObject.TenantClientID
    } | Export-Clixml -Path $TenantConfig

    if ($AddDelegateCredentials -or $App -match 'Teams') {
        Write-Host "A GUI will now open, type your Global Admin Username & Password and click - Export Tenant Credentials -" -ForegroundColor Cyan -BackgroundColor White
        Export-GraphConfig -Tenant $Tenant
    }

    Write-Host ('Tenant configuration encrypted to: {0}' -f $TenantConfig)
}