vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: App Authentication test

Browse Source
This commit is contained in:
DrIOS
2024-08-03 18:52:46 -05:00
parent 45eb961554
commit d7d16ff0b5
14 changed files with 1035 additions and 1035 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
source/Private/Connect-M365Suite.ps1
View File

@@ -2,13 +2,21 @@ function Connect-M365Suite {
[OutputType([void])]
[CmdletBinding()]
param (
[Parameter(Mandatory = $false)]
[Parameter(
Mandatory = $false
)]
[string]$TenantAdminUrl,
[Parameter(Mandatory)]
[Parameter(
Mandatory = $false
)]
[CISAuthenticationParameters]$AuthParams, # Custom authentication parameters
[Parameter(
Mandatory
)]
[string[]]$RequiredConnections,
[Parameter(Mandatory = $false)]
[Parameter(
Mandatory = $false
)]
[switch]$SkipConfirmation
)
if (!$SkipConfirmation) {
@@ -19,87 +27,90 @@ function Connect-M365Suite {
}
$tenantInfo = @()
$connectedServices = @()
try {
if ($RequiredConnections -contains "AzureAD" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "AzureAD | EXO | Microsoft Graph") {
Write-Verbose "Connecting to Azure Active Directory..."
Connect-AzureAD -WarningAction SilentlyContinue | Out-Null
$tenantDetails = Get-AzureADTenantDetail -WarningAction SilentlyContinue
$tenantInfo += [PSCustomObject]@{
Service = "Azure Active Directory"
TenantName = $tenantDetails.DisplayName
TenantID = $tenantDetails.ObjectId
}
$connectedServices += "AzureAD"
Write-Verbose "Successfully connected to Azure Active Directory."
}
if ($RequiredConnections -contains "Microsoft Graph" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Verbose "Connecting to Microsoft Graph with scopes: Directory.Read.All, Domain.Read.All, Policy.Read.All, Organization.Read.All"
try {
Write-Verbose "Connecting to Microsoft Graph"
if ($AuthParams) {
# Use application-based authentication
Connect-MgGraph -CertificateThumbprint $AuthParams.ClientCertThumbPrint -AppId $AuthParams.ClientId -TenantId $AuthParams.TenantId -NoWelcome | Out-Null
}
else {
# Use interactive authentication with scopes
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome | Out-Null
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Verbose "Successfully connected to Microsoft Graph with specified scopes."
}
catch {
Write-Verbose "Failed to connect to MgGraph, attempting device auth."
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -UseDeviceCode -NoWelcome | Out-Null
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Verbose "Successfully connected to Microsoft Graph with specified scopes."
$graphOrgDetails = Get-MgOrganization
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Graph"
TenantName = $graphOrgDetails.DisplayName
TenantID = $graphOrgDetails.Id
}
$connectedServices += "Microsoft Graph"
Write-Verbose "Successfully connected to Microsoft Graph.`n"
}
if ($RequiredConnections -contains "EXO" -or $RequiredConnections -contains "AzureAD | EXO" -or $RequiredConnections -contains "Microsoft Teams | EXO" -or $RequiredConnections -contains "EXO | Microsoft Graph") {
Write-Verbose "Connecting to Exchange Online..."
Connect-ExchangeOnline -ShowBanner:$false | Out-Null
if ($AuthParams) {
# Use application-based authentication
Connect-ExchangeOnline -AppId $AuthParams.ClientId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -Organization $AuthParams.OnMicrosoftUrl -ShowBanner:$false | Out-Null
}
else {
# Use interactive authentication
Connect-ExchangeOnline -ShowBanner:$false | Out-Null
}
$exoTenant = (Get-OrganizationConfig).Identity
$tenantInfo += [PSCustomObject]@{
Service = "Exchange Online"
Service = "Exchange Online"
TenantName = $exoTenant
TenantID = "N/A"
TenantID = "N/A"
}
$connectedServices += "EXO"
Write-Verbose "Successfully connected to Exchange Online."
Write-Verbose "Successfully connected to Exchange Online.`n"
}
if ($RequiredConnections -contains "SPO") {
Write-Verbose "Connecting to SharePoint Online..."
Connect-SPOService -Url $TenantAdminUrl | Out-Null
$spoContext = Get-SPOCrossTenantHostUrl
$tenantName = Get-UrlLine -Output $spoContext
if ($AuthParams) {
# Use application-based authentication
Connect-PnPOnline -Url $AuthParams.SpAdminUrl -ClientId $AuthParams.ClientId -Tenant $AuthParams.OnMicrosoftUrl -Thumbprint $AuthParams.ClientCertThumbPrint | Out-Null
}
else {
# Use interactive authentication
Connect-SPOService -Url $TenantAdminUrl | Out-Null
}
# Assuming that Get-SPOCrossTenantHostUrl and Get-UrlLine are valid commands in your context
if ($AuthParams) {
$spoContext = Get-PnPSite
$tenantName = $spoContext.Url
}
else {
$spoContext = Get-SPOCrossTenantHostUrl
$tenantName = Get-UrlLine -Output $spoContext
}
$tenantInfo += [PSCustomObject]@{
Service = "SharePoint Online"
Service = "SharePoint Online"
TenantName = $tenantName
}
$connectedServices += "SPO"
Write-Verbose "Successfully connected to SharePoint Online."
Write-Verbose "Successfully connected to SharePoint Online.`n"
}
if ($RequiredConnections -contains "Microsoft Teams" -or $RequiredConnections -contains "Microsoft Teams | EXO") {
Write-Verbose "Connecting to Microsoft Teams..."
Connect-MicrosoftTeams | Out-Null
if ($AuthParams) {
# Use application-based authentication
Connect-MicrosoftTeams -TenantId $AuthParams.TenantId -CertificateThumbprint $AuthParams.ClientCertThumbPrint -ApplicationId $AuthParams.ClientId | Out-Null
}
else {
# Use interactive authentication
Connect-MicrosoftTeams | Out-Null
}
$teamsTenantDetails = Get-CsTenant
$tenantInfo += [PSCustomObject]@{
Service = "Microsoft Teams"
Service = "Microsoft Teams"
TenantName = $teamsTenantDetails.DisplayName
TenantID = $teamsTenantDetails.TenantId
TenantID = $teamsTenantDetails.TenantId
}
$connectedServices += "Microsoft Teams"
Write-Verbose "Successfully connected to Microsoft Teams."
Write-Verbose "Successfully connected to Microsoft Teams.`n"
}
# Display tenant information and confirm with the user
if (-not $SkipConfirmation) {
Write-Verbose "Connected to the following tenants:"
@@ -109,7 +120,7 @@ function Connect-M365Suite {
#Write-Verbose "Tenant ID: $($tenant.TenantID)"
}
$confirmation = Read-Host "Do you want to proceed with these connections? (Y/N)"
if ($confirmation -notlike 'Y') {
if ($confirmation -notLike 'Y') {
Write-Verbose "Connection setup aborted by user."
Disconnect-M365Suite -RequiredConnections $connectedServices
throw "User aborted connection setup."
@@ -117,10 +128,9 @@ function Connect-M365Suite {
}
}
catch {
$CatchError = $_
$VerbosePreference = "Continue"
Write-Verbose "There was an error establishing one or more connections: $_"
throw $_
throw $CatchError
}
$VerbosePreference = "Continue"
}