Functions/Get-AzureADAccessToken.ps1

<#
.SYNOPSIS
    Retrieves an Azure AD access token using client credentials.
.DESCRIPTION
    This function retrieves an Azure AD access token using client credentials. The access token is used to authenticate requests to the Microsoft Graph API.
.PARAMETER ClientId
    The client ID of the Azure AD application.
.PARAMETER TenantId
    The tenant ID of the Azure AD directory.
.PARAMETER ClientSecret
    The client secret of the Azure AD application.
.EXAMPLE
    PS C:\> Get-AzureADAccessToken -TenantId "12345678-1234-1234-1234-1234567890ab" -ClientId "12345678-1234-1234-1234-1234567890ab" -ClientSecret "MyClientSecret"
    Retrieves an Azure AD access token using the specified client ID, tenant ID, and client secret.
#>


$global:AzureADAccessToken = $null
$global:AzureADAccessTokenExpiration = [DateTime]::MinValue

function Get-AzureADAccessToken {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string]$TenantId,
        [Parameter(Mandatory = $true)]
        [string]$ClientId,
        [Parameter(Mandatory = $true)]
        [string]$ClientSecret
    )

    Begin {
        $ErrorActionPreference = 'Stop'
    }

    Process {
        try {
            $body = @{
                'grant_type'    = 'client_credentials'
                'client_id'     = $ClientId
                'client_secret' = $ClientSecret
                'resource'      = 'https://graph.microsoft.com'
            }
            $response = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/token" -Method Post -Body $body
            $global:AzureADAccessToken = $response.access_token
            $global:AzureADAccessTokenExpiration = (Get-Date).AddSeconds($response.expires_in)
            write-host "Access token expires at $($global:AzureADAccessTokenExpiration)"
            write-host "------------------------------------------------------------------------"
        }
        catch {
            Write-Error $_.Exception.Message
        }
    }
}