vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: error handling to identify problematic step in connect function

Browse Source
This commit is contained in:
DrIOS
2025-01-13 14:44:18 -06:00
parent 87c635210d
commit 6a8438bbe8
1 changed files with 89 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
source/Private/Connect-M365Suite.ps1
View File

@@ -2,135 +2,122 @@ function Connect-M365Suite {
[OutputType([void])] [OutputType([void])]
[CmdletBinding()] [CmdletBinding()]
param ( param (
[Parameter( [Parameter(Mandatory = $false)]
Mandatory = $false
)]
[string]$TenantAdminUrl, [string]$TenantAdminUrl,
[Parameter(
Mandatory = $false [Parameter(Mandatory = $false)]
)] [CISAuthenticationParameters]$AuthParams,
[CISAuthenticationParameters]$AuthParams, # Custom authentication parameters
[Parameter( [Parameter(Mandatory)]
Mandatory
)]
[string[]]$RequiredConnections, [string[]]$RequiredConnections,
[Parameter(
Mandatory = $false [Parameter(Mandatory = $false)]
)]
[switch]$SkipConfirmation [switch]$SkipConfirmation
) )
if (!$SkipConfirmation) {
$VerbosePreference = "Continue" $VerbosePreference = if ($SkipConfirmation) { "SilentlyContinue" } else { "Continue" }
}
else {
$VerbosePreference = "SilentlyContinue"
}
$tenantInfo = @() $tenantInfo = @()
$connectedServices = @() $connectedServices = @()
try { try {
if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") { if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Verbose "Connecting to Microsoft Graph" try {
if ($AuthParams) { Write-Verbose "Connecting to Microsoft Graph..."
# Use application-based authentication if ($AuthParams) {
Connect-MgGraph -CertificateThumbprint $AuthParams.ClientCertThumbPrint -AppId $AuthParams.ClientId -TenantId $AuthParams.TenantId -NoWelcome | Out-Null Connect-MgGraph -CertificateThumbprint $AuthParams.ClientCertThumbPrint -AppId $AuthParams.ClientId -TenantId $AuthParams.TenantId -NoWelcome | Out-Null
} else {
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
}
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Verbose "Successfully connected to Microsoft Graph."
} catch {
throw "Failed to connect to Microsoft Graph: $($_.Exception.Message)"
} }
else {
# Use interactive authentication with scopes
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
}
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Verbose "Successfully connected to Microsoft Graph.`n"
} }
if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") { if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Verbose "Connecting to Exchange Online..." try {
if ($AuthParams) { Write-Verbose "Connecting to Exchange Online..."
# Use application-based authentication if ($AuthParams) {
Connect-ExchangeOnline -AppId $AuthParams.ClientId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -Organization $AuthParams.OnMicrosoftUrl -ShowBanner:$false | Out-Null Connect-ExchangeOnline -AppId $AuthParams.ClientId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -Organization $AuthParams.OnMicrosoftUrl -ShowBanner:$false | Out-Null
} else {
Connect-ExchangeOnline -ShowBanner:$false | Out-Null
}
$exoTenant = (Get-OrganizationConfig).Identity
$tenantInfo += [PSCustomObject]@{
Service = "Exchange Online"
TenantName = $exoTenant
TenantID = "N/A"
}
$connectedServices += "EXO"
Write-Verbose "Successfully connected to Exchange Online."
} catch {
throw "Failed to connect to Exchange Online: $($_.Exception.Message)"
} }
else {
# Use interactive authentication
Connect-ExchangeOnline -ShowBanner:$false | Out-Null
}
$exoTenant = (Get-OrganizationConfig).Identity
$tenantInfo += [PSCustomObject]@{
Service = "Exchange Online"
TenantName = $exoTenant
TenantID = "N/A"
}
$connectedServices += "EXO"
Write-Verbose "Successfully connected to Exchange Online.`n"
} }
if ($RequiredConnections -contains "SPO") { if ($RequiredConnections -contains "SPO") {
Write-Verbose "Connecting to SharePoint Online..." try {
if ($AuthParams) { Write-Verbose "Connecting to SharePoint Online..."
# Use application-based authentication if ($AuthParams) {
Connect-PnPOnline -Url $AuthParams.SpAdminUrl -ClientId $AuthParams.ClientId -Tenant $AuthParams.OnMicrosoftUrl -Thumbprint $AuthParams.ClientCertThumbPrint | Out-Null Connect-PnPOnline -Url $AuthParams.SpAdminUrl -ClientId $AuthParams.ClientId -Tenant $AuthParams.OnMicrosoftUrl -Thumbprint $AuthParams.ClientCertThumbPrint | Out-Null
} else {
Connect-SPOService -Url $TenantAdminUrl | Out-Null
}
$tenantName = if ($AuthParams) { (Get-PnPSite).Url } else { (Get-SPOCrossTenantHostUrl).Host }
$tenantInfo += [PSCustomObject]@{
Service = "SharePoint Online"
TenantName = $tenantName
}
$connectedServices += "SPO"
Write-Verbose "Successfully connected to SharePoint Online."
} catch {
throw "Failed to connect to SharePoint Online: $($_.Exception.Message)"
} }
else {
# Use interactive authentication
Connect-SPOService -Url $TenantAdminUrl | Out-Null
}
# Assuming that Get-SPOCrossTenantHostUrl and Get-UrlLine are valid commands in your context
if ($AuthParams) {
$spoContext = Get-PnPSite
$tenantName = $spoContext.Url
}
else {
$spoContext = Get-SPOCrossTenantHostUrl
$tenantName = Get-UrlLine -Output $spoContext
}
$tenantInfo += [PSCustomObject]@{
Service = "SharePoint Online"
TenantName = $tenantName
}
$connectedServices += "SPO"
Write-Verbose "Successfully connected to SharePoint Online.`n"
} }
if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") { if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
Write-Verbose "Connecting to Microsoft Teams..." try {
if ($AuthParams) { Write-Verbose "Connecting to Microsoft Teams..."
# Use application-based authentication if ($AuthParams) {
Connect-MicrosoftTeams -TenantId $AuthParams.TenantId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -ApplicationId $AuthParams.ClientId | Out-Null Connect-MicrosoftTeams -TenantId $AuthParams.TenantId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -ApplicationId $AuthParams.ClientId | Out-Null
} else {
Connect-MicrosoftTeams | Out-Null
}
$teamsTenantDetails = Get-CsTenant
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Teams"
TenantName = $teamsTenantDetails.DisplayName
TenantID = $teamsTenantDetails.TenantId
}
$connectedServices += "Microsoft Teams"
Write-Verbose "Successfully connected to Microsoft Teams."
} catch {
throw "Failed to connect to Microsoft Teams: $($_.Exception.Message)"
} }
else {
# Use interactive authentication
Connect-MicrosoftTeams | Out-Null
}
$teamsTenantDetails = Get-CsTenant
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Teams"
TenantName = $teamsTenantDetails.DisplayName
TenantID = $teamsTenantDetails.TenantId
}
$connectedServices += "Microsoft Teams"
Write-Verbose "Successfully connected to Microsoft Teams.`n"
} }
# Display tenant information and confirm with the user
if (-not $SkipConfirmation) { if (-not $SkipConfirmation) {
Write-Verbose "Connected to the following tenants:" Write-Verbose "Connected to the following tenants:"
foreach ($tenant in $tenantInfo) { foreach ($tenant in $tenantInfo) {
Write-Verbose "Service: $($tenant.Service)" Write-Verbose "Service: $($tenant.Service) | Tenant: $($tenant.TenantName)"
Write-Verbose "Tenant Context: $($tenant.TenantName)`n"
#Write-Verbose "Tenant ID: $($tenant.TenantID)"
} }
$confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)" $confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
if ($confirmation -notLike 'Y') { if ($confirmation -notlike 'Y') {
Write-Verbose "Connection setup aborted by user."
Disconnect-M365Suite -RequiredConnections $connectedServices Disconnect-M365Suite -RequiredConnections $connectedServices
throw "User aborted connection setup." throw "User aborted connection setup."
} }
} }
} } catch {
catch { $VerbosePreference = "Continue"
$CatchError = $_ throw "Connection failed: $($_.Exception.Message)"
} finally {
$VerbosePreference = "Continue" $VerbosePreference = "Continue"
throw $CatchError
} }
$VerbosePreference = "Continue" }
}