cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

3.3.1 Beta

Browse Source
This commit is contained in:
Mikael Karlsson
2021-10-28 21:30:21 +11:00
parent 4add87884a
commit 2b9efd5c85
16 changed files with 874 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Extensions/DocumentationCustom.psm1
View File

@@ -10,7 +10,7 @@ This module will also document some objects based on PowerShell functions
function Get-ModuleVersion
{
'1.0.5'
'1.0.6'
}
function Invoke-InitializeModule
@@ -1061,6 +1061,16 @@ function Add-CDDocumentCustomProfileProperty
$obj | Add-Member Noteproperty -Name "detectionScriptAdded" -Value (-not [String]::IsNullOrEmpty($obj.detectionScriptContent))
$obj | Add-Member Noteproperty -Name "remediationScriptAdded" -Value (-not [String]::IsNullOrEmpty($obj.remediationScriptContent))
$obj | Add-Member Noteproperty -Name "useLoggedOnCredentials" -Value ($obj.runAsAccount -ne "system")
if($obj.detectionScriptContent)
{
$obj | Add-Member Noteproperty -Name "detectionScriptContentString" -Value ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(($obj.detectionScriptContent))))
}
if($obj.remediationScriptContent)
{
$obj | Add-Member Noteproperty -Name "remediationScriptContentString" -Value ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(($obj.remediationScriptContent))))
}
}
if(($obj.PSObject.Properties | where Name -eq "securityRequireSafetyNetAttestationBasicIntegrity") -and

141
Extensions/DocumentationWord.psm1
View File

@@ -3,7 +3,7 @@
#https://docs.microsoft.com/en-us/office/vba/api/overview/word
function Get-ModuleVersion
{
'1.0.5'
'1.0.6'
}
function Invoke-InitializeModule
@@ -86,6 +86,10 @@ function Add-WordOptionsControl
$global:txtWordTitleProperty.Text = Get-Setting "Documentation" "WordTitleProperty" "Intune documentation"
$global:txtWordSubjectProperty.Text = Get-Setting "Documentation" "WordSubjectProperty" "Intune documentation"
$global:chkWordIncludeScripts.IsChecked = ((Get-Setting "Documentation" "WordIncludeScripts" "true") -ne "false")
$global:chkWordExcludeScriptSignature.IsChecked = ((Get-Setting "Documentation" "WordExcludeScriptSignature" "false") -ne "false")
$global:txtWordScriptTableStyle.Text = Get-Setting "Documentation" "WordScriptTableStyle" ""
$global:txtWordScriptStyle.Text = Get-Setting "Documentation" "WordScriptStyle"
$global:chkWordOpenDocument.IsChecked = ((Get-Setting "Documentation" "WordOpenDocument" "true") -ne "false")
@@ -132,7 +136,12 @@ function Invoke-WordPreProcessItems
Save-Setting "Documentation" "WordContentControls" $global:txtWordContentControls.Text
Save-Setting "Documentation" "WordTitleProperty" $global:txtWordTitleProperty.Text
Save-Setting "Documentation" "WordSubjectProperty" $global:txtWordSubjectProperty.Text
Save-Setting "Documentation" "WordIncludeScripts" $global:chkWordIncludeScripts.IsChecked
Save-Setting "Documentation" "WordExcludeScriptSignature" $global:chkWordExcludeScriptSignature.IsChecked
Save-Setting "Documentation" "WordScriptTableStyle" $global:txtWordScriptTableStyle.Text
Save-Setting "Documentation" "WordScriptStyle" $global:txtWordScriptStyle.Text
try
{
$script:wordApp = New-Object -ComObject Word.Application
@@ -472,6 +481,8 @@ function Invoke-WordProcessItem
Add-DocTableItems $obj $objectType $documentedObj.ApplicabilityRules $properties "SettingDetails.applicabilityRules"
}
Add-DocObjectSettings $obj $objectType $documentedObj
if(($documentedObj.Assignments | measure).Count -gt 0)
{
$params = @{}
@@ -712,6 +723,49 @@ function Add-DocTableItems
#$script:doc.Application.Selection.TypeParagraph()
}
function Add-DocTableScript
{
param($caption, $header, $script)
if(-not $script) { return }
$tblScriptStyle = (?? $global:txtWordScriptTableStyle.Text $global:txtWordTableStyle.Text)
$range = $script:doc.application.selection.range
$scriptTable = $script:doc.Tables.Add($range, 2, 1, [Microsoft.Office.Interop.Word.WdDefaultTableBehavior]::wdWord9TableBehavior, [Microsoft.Office.Interop.Word.WdAutoFitBehavior]::wdAutoFitWindow)
$scriptTable.ApplyStyleHeadingRows = $true
Set-DocObjectStyle $scriptTable $tblScriptStyle | Out-Null
if($header)
{
$scriptTable.Cell(1, 1).Range.Text = $header
}
$scriptTable.Cell(2,1).Range.Font.Bold = $false
$scriptTable.Cell(2, 1).Range.Text = $script
if($global:txtWordScriptStyle.Text)
{
Set-DocObjectStyle $scriptTable.Rows(2).Range $global:txtWordScriptStyle.Text | Out-Null
}
else
{
$tmp = $script:wordStyles | Where Name -like "HTML Code"
if($tmp)
{
$scriptTable.Cell(2,1).Range.Font = $tmp.Style.Font
}
$scriptTable.Cell(2,1).Range.Font.Bold = $false
}
$scriptTable.Cell(2,1).Range.NoProofing = $true
# -2 = Table, 1 = Below
$scriptTable.Application.Selection.InsertCaption(-2, ". $caption", $null, 1)
# Add new row after the table
$script:doc.Application.Selection.TypeParagraph()
}
function Get-DocStyle
{
param($styleName)
@@ -788,3 +842,86 @@ function Set-DocObjectStyle
}
$styleSet
}
function Add-DocObjectSettings
{
param($obj, $objectType, $documentedObj)
if($obj."@OData.Type" -eq "#microsoft.graph.deviceManagementScript")
{
if($obj.ScriptContent -and $global:chkWordIncludeScripts.IsChecked -eq $true)
{
$caption = "{1} - {0}" -f $obj.displayName,(Get-LanguageString "WindowsManagement.powerShellScriptObjectName")
Add-DocTableScript $caption $obj.FileName (Get-DocScriptContent $obj.ScriptContent)
}
}
if($obj."@OData.Type" -eq "#microsoft.graph.deviceShellScript")
{
if($obj.ScriptContent -and $global:chkWordIncludeScripts.IsChecked -eq $true)
{
$caption = "{1} - {0}" -f $obj.displayName,(Get-LanguageString "WindowsManagement.shellScriptObjectName")
Add-DocTableScript $caption $obj.FileName (Get-DocScriptContent $obj.ScriptContent)
}
}
elseif($obj."@OData.Type" -eq "#microsoft.graph.deviceHealthScript")
{
if($obj.detectionScriptContent)
{
$caption = Get-LanguageString "ProactiveRemediations.Create.Settings.DetectionScriptMultiLineTextBox.label"
$header = "{1} - {0}" -f $obj.displayName,$caption
Add-DocTableScript $header $caption (Get-DocScriptContent $obj.detectionScriptContent)
}
if($obj.remediationScriptContent)
{
$caption = Get-LanguageString "ProactiveRemediations.Create.Settings.RemediationScriptMultiLineTextBox.label"
$header = "{1} - {0}" -f $obj.displayName,$caption
Add-DocTableScript $header $caption (Get-DocScriptContent $obj.remediationScriptContent)
}
}
elseif($obj."@OData.Type" -eq "#microsoft.graph.win32LobApp")
{
foreach($rule in ($obj.requirementRules | Where { $_.'@OData.Type' -eq "#microsoft.graph.win32LobAppPowerShellScriptRequirement" } ))
{
$caption = "{0} - {1}" -f @($obj.displayName, "Requirement script")
Add-DocTableScript $caption $rule.displayName (Get-DocScriptContent $rule.scriptContent)
}
foreach($rule in ($obj.detectionRules | Where { $_.'@OData.Type' -eq "#microsoft.graph.win32LobAppPowerShellScriptDetection" } ))
{
$caption = "{0} - {1}" -f @($obj.displayName,(Get-LanguageString "ProactiveRemediations.Create.Settings.DetectionScriptMultiLineTextBox.label"))
Add-DocTableScript $caption (Get-LanguageString "ProactiveRemediations.Create.Settings.DetectionScriptMultiLineTextBox.label") (Get-DocScriptContent $rule.scriptContent)
}
}
}
function Get-DocScriptContent
{
param($encodeContent)
if(-not $encodeContent) { return }
try
{
$scriptContent = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodeContent))
if($global:chkWordExcludeScriptSignature.IsChecked -eq $true)
{
$x = $scriptContent.IndexOf("# SIG # Begin signature block")
if($x -gt 0)
{
$scriptContent = $scriptContent.SubString(0,$x)
$scriptContent = $scriptContent + "# SIG # Begin signature block`nSignature data excluded..."
}
}
$scriptContent
}
catch
{
}
}

22
Extensions/EndpointManager.psm1
View File

@@ -11,7 +11,7 @@ This module is for the Endpoint Manager/Intune View. It manages Export/Import/Co
#>
function Get-ModuleVersion
{
'3.1.12'
'3.1.13'
}
function Invoke-InitializeModule
@@ -74,6 +74,7 @@ function Invoke-InitializeModule
SubPath = "EndpointManager"
}) "EndpointManager"
$viewPanel = Get-XamlObject ($global:AppRootFolder + "\Xaml\EndpointManagerPanel.xaml") -AddVariables
Set-EMViewPanel $viewPanel
@@ -83,13 +84,14 @@ function Invoke-InitializeModule
Title = "Intune Manager"
Description = "Manages Intune environments. This view can be used for copying objects in an Intune environment. It can also be used for backing up an entire Intune environment and cloning the Intune environment into another tenant."
ID="IntuneGraphAPI"
ViewPanel = $viewPanel
ViewPanel = $viewPanel
AuthenticationID = "MSAL"
ItemChanged = { Show-GraphObjects; Invoke-ModuleFunction "Invoke-GraphObjectsChanged"; Write-Status ""}
Deactivating = { Invoke-EMDeactivateView }
Activating = { Invoke-EMActivatingView }
Authentication = (Get-MSALAuthenticationObject)
Authenticate = { Invoke-EMAuthenticateToMSAL }
AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" "EM")
SaveSettings = { Invoke-EMSaveSettings }
Permissions = @()
@@ -606,7 +608,7 @@ function Invoke-InitializeModule
function Invoke-EMAuthenticateToMSAL
{
$global:EMViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$global:EMViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" "EM"
Set-MSALCurrentApp $global:EMViewObject.AppInfo
& $global:msalAuthenticator.Login -Account (?? $global:MSALToken.Account.UserName (Get-Setting "" "LastLoggedOnUser"))
}
@@ -622,7 +624,7 @@ function Invoke-EMActivatingView
Show-MSALError
# Refresh values in case they have changed
$global:EMViewObject.AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
$global:EMViewObject.AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" "EM")
if(-not $global:EMViewObject.Authentication)
{
$global:EMViewObject.Authentication = Get-MSALAuthenticationObject
@@ -647,6 +649,16 @@ function Invoke-EMSaveSettings
Write-Status ""
}
Set-EMUIStatus
}
function Invoke-GraphAuthenticationUpdated
{
Set-EMUIStatus
}
function Set-EMUIStatus
{
# Hide/Show Delete button
$allowDelete = Get-SettingValue "EMAllowDelete"
$global:btnDelete.Visibility = (?: ($allowDelete -eq $true) "Visible" "Collapsed")

7
Extensions/EndpointManagerInfo.psm1
View File

@@ -10,7 +10,7 @@ This module is for the Endpoint Info View. It shows read-only objects in Intune
#>
function Get-ModuleVersion
{
'3.1.3'
'3.1.4'
}
function Invoke-InitializeModule
@@ -21,11 +21,12 @@ function Invoke-InitializeModule
Description = "Displays read-only information in Intune."
ID = "EMInfoGraphAPI"
ViewPanel = $viewPanel
AuthenticationID = "MSAL"
ItemChanged = { Show-GraphObjects; Invoke-ModuleFunction "Invoke-GraphObjectsChanged"; Write-Status ""}
Activating = { Invoke-EMInfoActivatingView }
Authentication = (Get-MSALAuthenticationObject)
Authenticate = { Invoke-EMInfoAuthenticateToMSAL }
AppInfo = (Get-GraphAppInfo "EM" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547")
AppInfo = (Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" "EM")
SaveSettings = { Invoke-EMSaveSettings }
Permissions = @()
})
@@ -95,7 +96,7 @@ function Invoke-EMInfoActivatingView
function Invoke-EMInfoAuthenticateToMSAL
{
$global:EMInfoViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$global:EMInfoViewObject.AppInfo = Get-GraphAppInfo "EMAzureApp" "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" "EM"
Set-MSALCurrentApp $global:EMInfoViewObject.AppInfo
$usr = (?? $global:MSALToken.Account.UserName (Get-Setting "" "LastLoggedOnUser"))
if($usr)

5
Extensions/IntuneTools.psm1
View File

@@ -22,7 +22,7 @@ $global:EMToolsViewObject = $null
function Get-ModuleVersion
{
'1.0.1'
'1.0.2'
}
function Invoke-InitializeModule
@@ -75,7 +75,8 @@ function Add-EMToolsViewItem
$global:EMToolsViewObject = (New-Object PSObject -Property @{
Title = "Intune Tools"
Description = "Additional tools for managing Intune"
ID = "EMTools"
ID = "EMTools"
AuthenticationID = "MSAL"
ViewPanel = $viewPanel
ItemChanged = { Show-EMTool }
Activating = { Invoke-EMToolsActivatingView }

238
Extensions/MSALAuthentication.psm1
View File

@@ -10,7 +10,7 @@ This module manages Authentication for the application with MSAL. It is also res
#>
function Get-ModuleVersion
{
'3.3.0'
'3.3.1'
}
$global:msalAuthenticator = $null
@@ -37,6 +37,25 @@ function Invoke-InitializeModule
Name = "Azure AD China"
Value = "china"
URL = "login.partner.microsoftonline.cn"
GraphURL = "https://microsoftgraph.chinacloudapi.cn"
}
)
$script:lstGCCEnvironments = @(
[PSCustomObject]@{
Name = "GCC"
Value = "gcc"
URL = "graph.microsoft.com"
},
[PSCustomObject]@{
Name = "GCC High"
Value = "gcgHigh"
URL = "graph.microsoft.us"
},
[PSCustomObject]@{
Name = "GCC DoD"
Value = "gccDoD"
URL = "dod-graph.microsoft.us"
}
)
@@ -74,7 +93,7 @@ function Invoke-InitializeModule
Title = "Use Default Permissions"
Key = "UseDefaultPermissions"
Type = "Boolean"
DefaultValue = $false
DefaultValue = $true
Description = "Default permissions of the selected app will be used when logging on. Some objects might not be accessable"
}) "MSAL"
@@ -94,6 +113,14 @@ function Invoke-InitializeModule
DefaultValue = "public"
}) "MSAL"
Add-SettingsObject (New-Object PSObject -Property @{
Title = "GCC Environment"
Key = "GCCEnvironment"
Type = "List"
ItemsSource = $script:lstGCCEnvironments
DefaultValue = "gcc"
}) "MSAL"
Add-MSALPrereq
#$script:MSALDLLMissing = $true #!!!!
@@ -105,6 +132,7 @@ function Get-MSALAuthenticationObject
{
$global:msalAuthenticator = New-Object PSObject -Property @{
Title = "MSAL"
ID = "MSAL"
SilentLogin = { Connect-MSALUser -Silent @args; }
Login = { Connect-MSALUser @args }
Logout = { Disconnect-MSALUser }
@@ -130,6 +158,7 @@ function Initialize-MSALSettings
function Clear-MSALCurentUserVaiables
{
$global:MSALTenantId = $null
$global:MSALGraphEnvironment = $null
}
function Get-MSALCurrentApp
@@ -144,6 +173,53 @@ function Set-MSALCurrentApp
$global:appObj = $appInfoObj
}
function Set-MSALGraphEnvironment
{
param($user, $tenantId)
if($global:MSALGraphEnvironment)
{
return
}
$graphEnv = "graph.microsoft.com"
if($user)
{
$curAADEnv = $script:lstAADEnvironments | Where URL -eq $user.Environment
}
else
{
$loginValue = Get-SettingValue "AzureLogin" "public" -TenantID (?? $tenantId $loginHint.user.TenantId)
$curAADEnv = $script:lstAADEnvironments | Where value -eq $loginValue
}
if($curAADEnv.Value -eq "usGov")
{
$gccEnv = Get-SettingValue "GCCEnvironment" "gcc" -TenantID (?? $tenantId $loginHint.user.TenantId)
if($gccEnv)
{
$GCCEnvObj = $script:lstGCCEnvironments | Where Value -eq $gccEnv
if($GCCEnvObj.URL)
{
$graphEnv = $GCCEnvObj.URL
}
else
{
Write-Log "Could not find GCC environment based on $gccEnv. Default will be used" 2
}
}
}
elseif($cuAADEnv.GraphURL)
{
$graphEnv = $cuAADEnv.GraphURL
}
Write-Log "Use Graph environment: $graphEnv"
$global:MSALGraphEnvironment = $graphEnv
}
function Get-MSALUserInfo
{
if($global:MSALToken)
@@ -160,7 +236,12 @@ function Get-MSALUserInfo
}
Write-Log "Get organization info"
$global:Organization = (MSGraph\Invoke-GraphRequest -Url "Organization" -SkipAuthentication -ODataMetadata "Skip").Value
$global:Organization = (MSGraph\Invoke-GraphRequest -Url "Organization" -SkipAuthentication -ODataMetadata "Skip").Value
if($global:Organization)
{
if($global:Organization -is [array]) { $global:Organization = $global:Organization[0]}
Save-Setting $global:Organization.Id "_Name" $global:Organization.displayName
}
}
else
{
@@ -642,34 +723,6 @@ function Connect-MSALUser
$global:MSALToken = $null
}
if((Get-SettingValue "UseDefaultPermissions") -eq $true -or ($global:currentViewObject.ViewInfo.Permissions | measure).Count -eq 0)
{
[string[]] $Scopes = "https://graph.microsoft.com/.default"
$useDefaultPermissions = $true
}
else
{
#$Scopes = [string[]]$global:PermissionScope
$reqScopes = [string[]]$global:msalAuthenticator.Permissions
$useDefaultPermissions = $false
$resolveRoles = ((Get-SettingValue "AzureADRoleRead" $false) -eq $true)
if($resolveRoles -and $global:msalAuthenticator.Permissions -notcontains "RoleManagement.Read.Directory")
{
# Adds the required permission for reading AAD directory roles
$reqScopes += "RoleManagement.Read.Directory"
}
$script:curViewPermissions = $global:currentViewObject.ViewInfo.Permissions
foreach($tmpScope in $script:curViewPermissions)
{
if($reqScopes -notcontains $tmpScope) { $reqScopes += $tmpScope }
}
$Scopes = [String[]]$reqScopes
}
$global:MSALApp = Get-MSALApp $global:appObj $Account
$loginHint = ""
@@ -682,10 +735,11 @@ function Connect-MSALUser
{
# We're logging in with someone else...
Clear-MSALCurentUserVaiables
$global:MSALToken = $null
}
}
# If we force interactive login the skip setting loginHint to force the user select account
# If we force interactive login then skip setting loginHint to force the user to select account
if(-not $loginHint -and $Interactive -ne $true)
{
if($global:MSALAccounts)
@@ -709,12 +763,49 @@ function Connect-MSALUser
}
}
}
}
if($ForceRefresh -eq $true)
{
$global:MSALGraphEnvironment = $null
}
$tenantId = ?? $global:MSALTenantId $global:appObj.TenantId
Set-MSALGraphEnvironment $loginHint $tenantId
$useDefaultPermissions = (Get-SettingValue "UseDefaultPermissions" -TenantID (?? $tenantId $loginHint.HomeAccountId.TenantId))
if($useDefaultPermissions -eq $true -or ($global:currentViewObject.ViewInfo.Permissions | measure).Count -eq 0)
{
[string[]] $Scopes = "https://$($global:MSALGraphEnvironment)/.default"
$useDefaultPermissions = $true
}
else
{
#$Scopes = [string[]]$global:PermissionScope
$reqScopes = [string[]]$global:msalAuthenticator.Permissions
$useDefaultPermissions = $false
$resolveRoles = ((Get-SettingValue "AzureADRoleRead" $false -TenantID (?? $tenantId $loginHint.HomeAccountId.TenantId)) -eq $true)
if($resolveRoles -and $global:msalAuthenticator.Permissions -notcontains "RoleManagement.Read.Directory")
{
# Adds the required permission for reading AAD directory roles
$reqScopes += "RoleManagement.Read.Directory"
}
$script:curViewPermissions = $global:currentViewObject.ViewInfo.Permissions
foreach($tmpScope in $script:curViewPermissions)
{
if($reqScopes -notcontains $tmpScope) { $reqScopes += $tmpScope }
}
$Scopes = [String[]]$reqScopes
}
$prompConsent = $false
$authResult = $null
$tenantId = ?? $global:MSALTenantId $global:appObj.TenantId
#$authority = ?? $global:MSALApp.Authority $global:appObj.Authority
try
{
@@ -851,7 +942,7 @@ function Connect-MSALUser
if($currentLoggedInUserId -ne $authResult.Account.HomeAccountId.Identifier)
{
$script:AccessableTenants = $null
if($authResult -and (Get-Setting "" "GetTenantList" $false) -eq $true)
if($authResult -and (Get-SettingValue "GetTenantList" -TenantID $authResult.Account.HomeAccountId.TenantId) -eq $true)
{
#########################################################################################################
### Get tenant list
@@ -916,10 +1007,79 @@ function Connect-MSALUser
Write-LogDebug "User, tenant or app has changed"
Get-MSALUserInfo
Invoke-MSALCheckObjectViewAccess
Invoke-ModuleFunction "Invoke-GraphAuthenticationUpdated"
}
}
function Invoke-MSALCheckObjectViewAccess
{
foreach($viewObjInfo in ($global:viewObjects | Where { $_.ViewInfo.AuthenticationID -eq "MSAL" }))
{
$viewObjInfo = $global:viewObjects | Where { $_.ViewInfo.Id -eq $global:EMViewObject.Id }
if($viewObjInfo)
{
$accessToken = Get-JWTtoken $global:MSALToken.AccessToken
if($accessToken.Payload.scp)
{
$curPermissions = $accessToken.Payload.scp.Split(" ")
foreach($viewItem in $viewObjInfo.ViewItems)
{
$full = 0
$partial = 0
foreach($permission in $viewItem.Permissons)
{
if($curPermissions -contains $permission)
{
$full++
continue
}
# Check read access
$arrTemp = $permission.Split('.')
if($arrTemp[1] -eq "ReadWrite")
{
$arrTemp[1] = "Read"
$arrTemp -join "."
}
if($curPermissions -contains $permission)
{
$partial++
}
}
$hasAccess = $false
if($viewItem.Permissons.Count -eq $full)
{
$accessType = "Full"
$hasAccess = $true
}
elseif($partial -gt 0)
{
$accessType = "Limited"
}
else
{
$accessType = "None"
}
if(-not ($viewItem.PSObject.Properties | Where Name -eq "@HasPermissions"))
{
$viewItem | Add-Member -NotePropertyName "@HasPermissions" -NotePropertyValue $hasAccess
$viewItem | Add-Member -NotePropertyName "@AccessType" -NotePropertyValue $accessType
}
else
{
$viewItem."@HasPermissions" = $hasAccess
$viewItem."@AccessType" = $accessType
}
}
}
}
}
Show-ViewMenu
}
function Disconnect-MSALUser
{
param($user, [switch]$force, [switch]$PassThru)
@@ -1039,7 +1199,9 @@ function Get-MSALProfileEllipse
$icon.Margin = "0,0,5,0"
$grdAccount.Children.Add($icon) | Out-Null
$lbObj = [Windows.Markup.XamlReader]::Parse("<TextBlock $wpfNS>$($account.UserName)<LineBreak/>$($account.HomeAccountId.TenantId)</TextBlock>")
$tenantName = Get-Setting $account.HomeAccountId.TenantId "_Name" $account.HomeAccountId.TenantId
$lbObj = [Windows.Markup.XamlReader]::Parse("<TextBlock $wpfNS>$($account.UserName)<LineBreak/>$($tenantName)</TextBlock>")
$lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
$grdAccount.Children.Add($lbObj) | Out-Null
@@ -1262,7 +1424,9 @@ function Get-MSALProfileEllipse
$icon.Margin = "0,0,5,0"
$grdLogin.Children.Add($icon) | Out-Null
$lbObj = [Windows.Markup.XamlReader]::Parse("<TextBlock $wpfNS>$($account.UserName)<LineBreak/>$($account.HomeAccountId.TenantId)</TextBlock>")
$tenantName = Get-Setting $account.HomeAccountId.TenantId "_Name" $account.HomeAccountId.TenantId
$lbObj = [Windows.Markup.XamlReader]::Parse("<TextBlock $wpfNS>$($account.UserName)<LineBreak/>$($tenantName)</TextBlock>")
$lbObj.SetValue([System.Windows.Controls.Grid]::ColumnProperty,1)
$grdLogin.Children.Add($lbObj) | Out-Null

28
Extensions/MSGraph.psm1
View File

@@ -10,11 +10,10 @@ This module manages Microsoft Grap fuctions like calling APIs, managing graph ob
#>
function Get-ModuleVersion
{
'3.1.8'
'3.1.9'
}
$global:MSGraphGlobalApps = @(
#Authority="https://login.microsoftonline.com/organizations/"
(New-Object PSObject -Property @{Name="";ClientId="";RedirectUri="";Authority=""}),
(New-Object PSObject -Property @{Name="Microsoft Intune PowerShell";ClientId="d1ddf0e4-d672-4dae-b554-9d5bdfd93547";RedirectUri="urn:ietf:wg:oauth:2.0:oob"; }),
(New-Object PSObject -Property @{Name="Microsoft Graph PowerShell";ClientId="14d82eec-204b-4c2f-b7e8-296a70dab67e";RedirectUri="https://login.microsoftonline.com/common/oauth2/nativeclient";})
@@ -164,7 +163,7 @@ function Invoke-InitializeModule
function Get-GraphAppInfo
{
param($settingId, $defaultAppId)
param($settingId, $defaultAppId, $prefix)
$graphAppId = Get-SettingValue $settingId
@@ -235,6 +234,9 @@ function Invoke-GraphRequest
$ODataMetadata = "full", # full, minimal, none or skip
[ValidateSet("BETA","v1.0")]
$GraphVersion = "BETA",
[switch]
$AllPages,
@@ -307,7 +309,7 @@ function Invoke-GraphRequest
if(($Url -notmatch "^http://|^https://"))
{
$Url = $global:graphURL + "/" + $Url.TrimStart('/')
$Url = "https://$((?? $global:MSALGraphEnvironment "graph.microsoft.com"))/$GraphVersion/" + $Url.TrimStart('/')
$Url = $Url -replace "%OrganizationId%", $global:Organization.Id
}
@@ -469,10 +471,18 @@ function Show-GraphObjects
if(-not $global:MSALToken)
{
$global:txtNotLoggedIn.Content = "Not logged in. Please login to view objects"
$global:grdNotLoggedIn.Visibility = "Visible"
$global:grdData.Visibility = "Collapsed"
return
}
elseif($global:curObjectType.'@AccessType' -eq "None")
{
$global:txtNotLoggedIn.Content = "You don't have the required permissons to access $($global:curObjectType.Title).`n`nRequired perimssons: $($global:curObjectType.Permissons)"
$global:grdNotLoggedIn.Visibility = "Visible"
$global:grdData.Visibility = "Collapsed"
return
}
$global:grdNotLoggedIn.Visibility = "Collapsed"
$global:grdData.Visibility = "Visible"
@@ -540,6 +550,7 @@ function Show-GraphObjects
$column.Binding = $binding
$tableColumns += $prop.Name
$dgObjects.Columns.Add($column)
}
}
@@ -577,7 +588,12 @@ function Show-GraphObjects
# Show/Hide buttons based on object type
foreach($ctrl in $spSubMenu.Children)
{
if(-not $global:curObjectType.ShowButtons -or ($global:curObjectType.ShowButtons | Where-Object { $ctrl.Name -like "*$($_)" } ))
if($ctrl.Name -eq "btnDelete")
{
$allowDelete = Get-SettingValue "EMAllowDelete"
$ctrl.Visibility = (?: ($allowDelete -eq $true) "Visible" "Collapsed")
}
elseif(-not $global:curObjectType.ShowButtons -or ($global:curObjectType.ShowButtons | Where-Object { $ctrl.Name -like "*$($_)" } ))
{
Write-LogDebug "Show $($ctrl.Name)"
$ctrl.Visibility = "Visible"
@@ -909,7 +925,7 @@ function Show-GraphBulkExportForm
$column = [System.Windows.Controls.DataGridTextColumn]::new()
$column.Header = "Object type"
$column.IsReadOnly = $true
$column.Binding = $binding
$column.Binding = $binding
$global:dgObjectsToExport.Columns.Add($column)
$global:dgObjectsToExport.ItemsSource = $script:exportObjects