TMF

1.7.12529

functions/policies/authenticationStrengthPolicies/Register-TmfAuthenticationStrengthPolicy.ps1

function Register-TmfAuthenticationStrengthPolicy {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string] $displayName,
        [string] $description="Authentication strength policy created by Tenant Management Framework",
        [Parameter(Mandatory = $true)]
        [string[]] $allowedCombinations,
        [bool] $present = $true,
        [string] $sourceConfig = "<Custom>",
        [System.Management.Automation.PSCmdlet]
        $Cmdlet = $PSCmdlet
    )
    
    begin
    {
        Test-GraphConnection -Cmdlet $Cmdlet
        $resourceName = "authenticationStrengthPolicies"
        if (!$script:desiredConfiguration[$resourceName]) {
            $script:desiredConfiguration[$resourceName] = @()
        }

        if ($script:desiredConfiguration[$resourceName].displayName -contains $displayName) {            
            $alreadyLoaded = $script:desiredConfiguration[$resourceName] | Where-Object {$_.displayName -eq $displayName}
        }
    }

    process { 
        if (Test-PSFFunctionInterrupt) { return }                

        $object = [PSCustomObject]@{    
            displayName = $displayName
            description = $description
            policyType = "custom"
            present = $present
            sourceConfig = $sourceConfig
        }

        #Verify that only allowed authentication combinations are used
        $allowedAuthenticationCombinations = (Invoke-MgGraphRequest -Method GET -Uri "$graphBaseUrl/identity/conditionalAccess/authenticationStrength/combinations").value

        foreach ($allowedCombination in $allowedCombinations) {
            if ($allowedAuthenticationCombinations -notcontains $allowedCombination) {
                throw "Authentication strength policy $displayname contains the following unallowed authentication combination: $allowedCombination"
            }
        }

        Add-Member -InputObject $object -MemberType NoteProperty -Name allowedCombinations -Value $allowedCombinations        
        Add-Member -InputObject $object -MemberType ScriptMethod -Name Properties -Value { ($this | Get-Member -MemberType NoteProperty).Name }

        if ($alreadyLoaded) {
            $script:desiredConfiguration[$resourceName][$script:desiredConfiguration[$resourceName].IndexOf($alreadyLoaded)] = $object
        }
        else {
            $script:desiredConfiguration[$resourceName] += $object
        }
    }

    end {}
}