ewsgui

2.0.27

functions/Register-EwsGuiApp.ps1

                                Function Register-EWSGuiApp {

    <#

    .SYNOPSIS

    Script to create the Azure App Registration for EWSGui.

    .DESCRIPTION

    Script to create the Azure App Registration for EWSGui.

    It will require an additional PS module "Microsoft.Graph.Applications", if not already installed it will download it.

    You have to pass the list of app permissions you want to grant.

    You can use the "UseClientSecret" switch parameter to configure a new ClientSecret for the app. If this parameter is ommitted, we will use a Certificate.

    You can pass a certificate path if you have an existing certificate, or leave the parameter blank and a new self-signed certificate will be created.

    .PARAMETER AppName

    The friendly name of the app registration. By default will be "EWSGui Registered App".

    .PARAMETER TenantId

    Optional parameter to set the TenantID GUID.

    .PARAMETER StayConnected

    Use this optional parameter to not disconnect from Graph after the script execution.

    .PARAMETER ImportAppDataToModule

    Use this optional parameter to import your app's ClientId, TenantId and ClientSecret into the EWSGui module. In this way, the next time you run the app it will use the Application flow to authenticate with these values.

    .EXAMPLE

    PS C:\> Register-AzureADApp.ps1 -AppName "Graph DemoApp" -StayConnected

    The script will create a new AzureAD App Registration.

    The name of the app will be "Graph DemoApp".

    It will add the following API Permissions: "full_access_as_app".

    it will use a ClientSecret (later will be exposed).

    Once the app is created, the script will expose the link to grant "Admin consent" for the permissions requested.

    .NOTES

    General notes

#>

    [Cmdletbinding()]

    param(

        [Parameter(Mandatory = $false)]

        [String]

        $AppName = "EWSGui Registered App",

        [Parameter(Mandatory = $false)]

        [String]

        $TenantId,

        [Parameter(Mandatory = $false)]

        [Switch]

        $StayConnected,

        [Parameter(Mandatory = $false)]

        [Switch]

        $ImportAppDataToModule

    )

    # Required modules

    Write-PSFMessage -Level Verbose -Message "Looking for required 'Microsoft.Graph.Applications' powershell module"

    if ( -not(Get-module "Microsoft.Graph.Applications" -ListAvailable) ) {

        Install-Module "Microsoft.Graph.Applications" -Scope CurrentUser -Force

    }

    Import-Module "Microsoft.Graph.Applications"

    # Graph permissions variables

    $graphResourceId = "00000002-0000-0ff1-ce00-000000000000"

    $EwsApiPermission = @{

        Id   = "dc890d15-9560-4a4c-9b7f-a736ec74ec40" # "full_access_as_app"

        Type = "Role"

    }

    # Requires an admin

    Write-PSFMessage -Level Important -Message "Connecting to MgGraph"

    if ($TenantId) {

        Connect-MgGraph -Scopes "Application.ReadWrite.All User.Read" -TenantId $TenantId

    }

    else {

        Connect-MgGraph -Scopes "Application.ReadWrite.All User.Read"

    }

    # Get context for access to tenant ID

    $context = Get-MgContext

    # Create app registration

    $appRegistration = New-MgApplication -DisplayName $AppName -SignInAudience "AzureADMyOrg" `

        -Web @{ RedirectUris = "http://localhost"; } `

        -RequiredResourceAccess @{ ResourceAppId = $graphResourceId; ResourceAccess = @($EwsApiPermission) } `

        -AdditionalProperties @{}

    $appObjId = Get-MgApplication -Filter "AppId eq '$($appRegistration.Appid)'"

    $passwordCred = @{

        displayName = 'Secret created in PowerShell'

        endDateTime = (Get-Date).Addyears(1)

    }

    $secret = Add-MgApplicationPassword -applicationId $appObjId.Id -PasswordCredential $passwordCred

    Write-PSFMessage -Level Important -Message "App registration created with app ID $($appRegistration.AppId) and clientSecret: $($secret.SecretText)"

    Write-PSFMessage -Level Important -Message "Please take note of your client secret as it will not be shown anymore"

    # Create corresponding service principal

    New-MgServicePrincipal -AppId $appRegistration.AppId -AdditionalProperties @{} | Out-Null

    Write-PSFMessage -Level Important -Message "Service principal created"

    Write-PSFMessage -Level Important -Message "Success"

    # Generate admin consent URL

    $adminConsentUrl = "https://login.microsoftonline.com/" + $context.TenantId + "/adminconsent?client_id=" + $appRegistration.AppId

    Write-PSFHostColor "[$(Get-Date -Format "HH:MM:ss")] Please go to the following URL in your browser to provide admin consent" -DefaultColor Yellow

    Write-PSFMessage -Level Important -Message "$adminConsentUrl"

    if ( $ImportAppDataToModule ) {

        Import-EWsGuiAADAppData -ClientID $appRegistration.AppId -TenantID $context.TenantId -ClientSecret $secret.SecretText

    }

    if ($StayConnected -eq $false) {

        $null = Disconnect-MgGraph

        Write-PSFMessage -Level Important -Message "Disconnected from Microsoft Graph"

    }

    else {

        Write-PSFHostColor "[$(Get-Date -Format "HH:MM:ss")] The connection to Microsoft Graph is still active. To disconnect, use Disconnect-MgGraph" -DefaultColor Yellow

    }

}