TeamsFunctions

21.3.21-prerelease

Public/Functions/UserManagement/AzureAdAdminRole/Enable-MyAzureAdAdminRole.ps1

                                # Module:   TeamsFunctions

# Function: Testing

# Author:        David Eberhardt

# Updated:  13-MAR-2021

# Status:   Live

function Enable-MyAzureAdAdminRole {

  <#

    .SYNOPSIS

        Activates Azure Ad Admin Roles for currently connected User

    .DESCRIPTION

        Activates Azure Active Directory Privileged Identity Management Admin Roles for the currently connected User.

    Requires a Connection to AzureAd

    .EXAMPLE

        Enable-MyAzureAdAdminRole

  .INPUTS

    None

  .OUTPUTS

    Boolean if called

    None if executed from shell

  .LINK

    https://github.com/DEberhardt/TeamsFunctions/tree/master/docs/

  .LINK

    Connect-Me

  .LINK

    Assert-MicrosoftTeamsConnection

  .LINK

    Enable-AzureAdAdminRole

  .LINK

    Enable-MyAzureAdAdminRole

  .LINK

    Get-AzureAdAdminRole

  .LINK

    Get-MyAzureAdAdminRole

    #>

  [CmdletBinding()]

  [Alias('ear')]

  [OutputType([Boolean])]

  param() #param

  begin {

    Show-FunctionStatus -Level Live

    #Write-Verbose -Message "[BEGIN  ] $($MyInvocation.MyCommand)"

    # Asserting AzureAD Connection

    if (-not (Assert-AzureADConnection)) { break }

    $Stack = Get-PSCallStack

    $Called = ($stack.length -ge 3)

  } #begin

  process {

    #Write-Verbose -Message "[PROCESS] $($MyInvocation.MyCommand)"

    try {

      $PIMavailable = Get-Command -Name 'Get-AzureADMSPrivilegedRoleAssignment' -ErrorAction Stop

      #region Activating Admin Roles

      if ( $PIMavailable ) {

        try {

          $AzureAdFeedback = Get-AzureADCurrentSessionInfo

          $ActivatedRoles = Enable-AzureAdAdminRole -Identity $AzureAdFeedback.Account -PassThru -Force -ErrorAction Stop #(default should only enable the Teams ones? switch?)

          if ( $ActivatedRoles.Count -gt 0 ) {

            return $(if ($Called) { $ActivatedRoles } else {

                Write-Information "Enable-MyAzureAdAdminrole - $($ActivatedRoles.Count) Roles activated." -InformationAction Continue

                Write-Output $ActivatedRoles

              })

          }

          else {

            #TODO Query active roles with GET and feed these back! (Direct Assignments)

          }

        }

        catch {

          return $(if ($Called) { $false } else {

              Write-Information 'Enable-MyAzureAdAdminrole - Privileged Identity Management is not enabled for this tenant' -InformationAction Continue

            })

        }

      }

      else {

        return $(if ($Called) { $false } else {

            Write-Information 'Enable-MyAzureAdAdminrole - Privileged Identity Management is not enabled for this tenant' -InformationAction Continue

          })

      }

      #endregion

    }

    catch {

      return $(if ($Called) { $false } else {

          Write-Information 'Enable-MyAzureAdAdminrole - Privileged Identity Management functions are not available' -InformationAction Continue

        })

    }

  } #process

  end {

    #Write-Verbose -Message "[END    ] $($MyInvocation.MyCommand)"

  } #end

} # Enable-MyAzureAdAdminRole