diff --git a/.vscode/ScriptAnalyzerSettings.psd1 b/.vscode/ScriptAnalyzerSettings.psd1 index dfe7f06..e1eef05 100644 --- a/.vscode/ScriptAnalyzerSettings.psd1 +++ b/.vscode/ScriptAnalyzerSettings.psd1 @@ -4,5 +4,6 @@ ExcludeRules = @('PSMissingModuleManifestField', 'PSUseShouldProcessForStateChangingFunctions', 'PSAvoidGlobalVars', - 'PSAvoidUsingWriteHost') + 'PSAvoidUsingWriteHost', + 'PSAvoidUsingConvertToSecureStringWithPlainText') } diff --git a/Modules/MSCloudLoginAssistant/ConnectionProfile.ps1 b/Modules/MSCloudLoginAssistant/ConnectionProfile.ps1 index 09c0218..d710c66 100644 --- a/Modules/MSCloudLoginAssistant/ConnectionProfile.ps1 +++ b/Modules/MSCloudLoginAssistant/ConnectionProfile.ps1 @@ -145,23 +145,14 @@ class Workload : ICloneable { $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -Credentials $this.Credentials } - elseif ($this.ApplicationID -and $this.CertificateThumbprint) + elseif ($this.AccessTokens -or ($this.ApplicationID -and (($this.CertificateThumbprint -or $this.ApplicationSecret)))) { - Add-MSCloudLoginAssistantEvent -Message "Trying to retrieve the Cloud Environment using Certificate Thumbprint." -Source $source - $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -ApplicationId $this.ApplicationId -TenantId $this.TenantId -CertificateThumbprint $this.CertificateThumbprint - } - elseif ($this.ApplicationID -and $this.ApplicationSecret) - { - $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -ApplicationId $this.ApplicationId -TenantId $this.TenantId -ApplicationSecret $this.ApplicationSecret + $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -TenantId $this.TenantId } elseif ($this.Identity.IsPresent) { $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -Identity -TenantId $this.TenantId } - elseif ($this.AccessTokens) - { - $Script:CloudEnvironmentInfo = Get-CloudEnvironmentInfo -TenantId $this.TenantId - } Add-MSCloudLoginAssistantEvent "Set environment to {$($Script:CloudEnvironmentInfo.tenant_region_sub_scope)}" -Source $source } diff --git a/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psd1 b/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psd1 index ab329b3..92d6be6 100644 --- a/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psd1 +++ b/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psd1 @@ -9,31 +9,31 @@ @{ # Script module or binary module file associated with this manifest. - RootModule = 'MSCloudLoginAssistant.psm1' + RootModule = 'MSCloudLoginAssistant.psm1' # Version number of this module. - ModuleVersion = '1.1.37' + ModuleVersion = '1.1.37' # Supported PSEditions # CompatiblePSEditions = @() # ID used to uniquely identify this module - GUID = 'ca0435a6-ea50-4aa6-8f97-5d031fdc5abe' + GUID = 'ca0435a6-ea50-4aa6-8f97-5d031fdc5abe' # Author of this module - Author = 'Microsoft Corporation' + Author = 'Microsoft Corporation' # Company or vendor of this module - CompanyName = 'Microsoft Corporation' + CompanyName = 'Microsoft Corporation' # Copyright statement for this module - Copyright = '(c) 2025 Microsoft Corporation. All rights reserved.' + Copyright = '(c) 2025 Microsoft Corporation. All rights reserved.' # Description of the functionality provided by this module - Description = 'Checks the current status of connections to (and as required, prompts for login to) various Microsoft Cloud platforms.' + Description = 'Checks the current status of connections to (and as required, prompts for login to) various Microsoft Cloud platforms.' # Minimum version of the Windows PowerShell engine required by this module - PowerShellVersion = '5.1' + PowerShellVersion = '5.1' # Name of the Windows PowerShell host required by this module # PowerShellHostName = '' @@ -51,7 +51,7 @@ # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module - RequiredModules = @() + RequiredModules = @() # Assemblies that must be loaded prior to importing this module # RequiredAssemblies = @() @@ -72,17 +72,17 @@ #FunctionsToExport = '' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. - CmdletsToExport = @( + CmdletsToExport = @( 'Connect-M365Tenant', 'Get-MSCloudLoginConnectionProfile', 'Reset-MSCloudLoginConnectionProfileContext' ) # Variables to export from this module - VariablesToExport = '*' + VariablesToExport = '*' # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. - AliasesToExport = @() + AliasesToExport = @() # DSC resources to export from this module # DscResourcesToExport = @() @@ -94,12 +94,12 @@ # FileList = @() # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. - PrivateData = @{ + PrivateData = @{ PSData = @{ # Tags applied to this module. These help with module discovery in online galleries. - Tags = 'EntraId', 'Cloud', 'Office365', 'PnP', 'MicrosoftTeams', "ExchangeOnline", "SharePointOnline", "Microsoft365DSC", "Fabric", "DefenderForEndpoint" + Tags = 'EntraId', 'Cloud', 'Office365', 'PnP', 'MicrosoftTeams', 'ExchangeOnline', 'SharePointOnline', 'Microsoft365DSC', 'Fabric', 'DefenderForEndpoint' # A URL to the license for this module. # LicenseUri = '' diff --git a/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1 b/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1 index 246f2cd..4214e5a 100644 --- a/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1 +++ b/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1 @@ -26,7 +26,7 @@ function Connect-M365Tenant ( [Parameter(Mandatory = $true)] [ValidateSet('AdminAPI', 'Azure', 'AzureDevOPS', 'ExchangeOnline', 'Fabric', 'Licensing', ` - 'SecurityComplianceCenter', 'PnP', 'PowerPlatforms', "PowerPlatformREST", ` + 'SecurityComplianceCenter', 'PnP', 'PowerPlatforms', 'PowerPlatformREST', ` 'MicrosoftTeams', 'MicrosoftGraph', 'SharePointOnlineREST', 'Tasks', 'DefenderForEndpoint')] [System.String] $Workload, @@ -251,7 +251,7 @@ function Connect-M365Tenant { $ForceRefresh = $false if ($Script:MSCloudLoginConnectionProfile.PnP.ConnectionUrl -ne $Url -and ` - -not [System.String]::IsNullOrEmpty($url)) + -not [System.String]::IsNullOrEmpty($url)) { $ForceRefresh = $true } @@ -630,7 +630,7 @@ function Compare-InputParametersForChange } } if ($workloadInternalName -eq 'PNP' -and $currentParameters.ContainsKey('Url') -and ` - -not [System.String]::IsNullOrEmpty($currentParameters.Url)) + -not [System.String]::IsNullOrEmpty($currentParameters.Url)) { $globalParameters.Add('Url', $workloadProfile.ConnectionUrl) } @@ -1174,22 +1174,10 @@ function Get-CloudEnvironmentInfo [System.Management.Automation.PSCredential] $Credentials, - [Parameter()] - [System.String] - $ApplicationId, - [Parameter()] [System.String] $TenantId, - [Parameter()] - [System.String] - $ApplicationSecret, - - [Parameter()] - [System.String] - $CertificateThumbprint, - [Parameter()] [switch] $Identity diff --git a/Modules/MSCloudLoginAssistant/Workloads/Azure.ps1 b/Modules/MSCloudLoginAssistant/Workloads/Azure.ps1 index b7e93d3..97e8f0d 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/Azure.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/Azure.ps1 @@ -95,9 +95,9 @@ function Connect-MSCloudLoginAzure -Identity ` -EnvironmentName $Script:MSCloudLoginConnectionProfile.Azure.EnvironmentName | Out-Null - $Script:MSCloudLoginConnectionProfile.ExchangeOnline.ConnectedDateTime = [System.DateTime]::Now.ToString() - $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Connected = $false - $Script:MSCloudLoginConnectionProfile.ExchangeOnline.MultiFactorAuthentication = $false + $Script:MSCloudLoginConnectionProfile.Azure.ConnectedDateTime = [System.DateTime]::Now.ToString() + $Script:MSCloudLoginConnectionProfile.Azure.Connected = $false + $Script:MSCloudLoginConnectionProfile.Azure.MultiFactorAuthentication = $false Add-MSCloudLoginAssistantEvent -Message 'Successfully connected to Azure using Managed Identity' -Source $source } catch diff --git a/Modules/MSCloudLoginAssistant/Workloads/AzureDevOPS.ps1 b/Modules/MSCloudLoginAssistant/Workloads/AzureDevOPS.ps1 index bdc48e8..d665001 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/AzureDevOPS.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/AzureDevOPS.ps1 @@ -28,7 +28,7 @@ function Connect-MSCloudLoginAzureDevOPS $Script:MSCloudLoginConnectionProfile.AzureDevOPS.AuthenticationType -eq 'Credentials' -or $Script:MSCloudLoginConnectionProfile.AzureDevOPS.AuthenticationType -eq 'CredentialsWithTenantId') { - Add-MSCloudLoginAssistantEvent -Message 'Attempting to connecto to Azure DevOPS using Credentials.' -Source $source + Add-MSCloudLoginAssistantEvent -Message 'Attempting to connect to Azure DevOPS using Credentials.' -Source $source Connect-MSCloudAzureDevOPSWithUser Add-MSCloudLoginAssistantEvent -Message 'Successfully connected to Azure DevOPS using Credentials' -Source $source } diff --git a/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.ps1 b/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.ps1 index 9ea936c..6c4ff94 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.ps1 @@ -117,8 +117,8 @@ function Connect-MSCloudLoginExchangeOnline } if ($null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.ConnectionUri -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.AzureADAuthorizationEndpointUri) + $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.ConnectionUri -and ` + $null -ne $Script:MSCloudLoginConnectionProfile.ExchangeOnline.Endpoints.AzureADAuthorizationEndpointUri) { Add-MSCloudLoginAssistantEvent -Message 'Connecting by endpoints URI' -Source $source Connect-ExchangeOnline -AppId $Script:MSCloudLoginConnectionProfile.ExchangeOnline.ApplicationId ` diff --git a/Modules/MSCloudLoginAssistant/Workloads/MicrosoftGraph.ps1 b/Modules/MSCloudLoginAssistant/Workloads/MicrosoftGraph.ps1 index 3c68ecb..98175b1 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/MicrosoftGraph.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/MicrosoftGraph.ps1 @@ -100,8 +100,8 @@ function Connect-MSCloudLoginMicrosoftGraph if ($Script:MSCloudLoginConnectionProfile.MicrosoftGraph.AuthenticationType -eq 'ServicePrincipalWithThumbprint') { if ($null -ne $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.ConnectionUri -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.AzureADAuthorizationEndpointUri) + $null -ne $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.ConnectionUri -and ` + $null -ne $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.AzureADAuthorizationEndpointUri) { $accessToken = Get-MSCloudLoginAccessToken -ConnectionUri $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.ConnectionUri ` -AzureADAuthorizationEndpointUri $Script:MSCloudLoginConnectionProfile.MicrosoftGraph.Endpoints.AzureADAuthorizationEndpointUri ` diff --git a/Modules/MSCloudLoginAssistant/Workloads/PnP.ps1 b/Modules/MSCloudLoginAssistant/Workloads/PnP.ps1 index a9888b2..08d729d 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/PnP.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/PnP.ps1 @@ -120,8 +120,8 @@ function Connect-MSCloudLoginPnP if ($Script:MSCloudLoginConnectionProfile.PnP.ConnectionUrl) { if ($null -ne $Script:MSCloudLoginConnectionProfile.PnP.Endpoints -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.ConnectionUri -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.AzureADAuthorizationEndpointUri) + $null -ne $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.ConnectionUri -and ` + $null -ne $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.AzureADAuthorizationEndpointUri) { $accessToken = Get-MSCloudLoginAccessToken -ConnectionUri $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.ConnectionUri ` -AzureADAuthorizationEndpointUri $Script:MSCloudLoginConnectionProfile.PnP.Endpoints.AzureADAuthorizationEndpointUri ` diff --git a/Modules/MSCloudLoginAssistant/Workloads/PowerPlatformREST.ps1 b/Modules/MSCloudLoginAssistant/Workloads/PowerPlatformREST.ps1 index d63ea05..a6d0a27 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/PowerPlatformREST.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/PowerPlatformREST.ps1 @@ -243,7 +243,7 @@ function Connect-MSCloudLoginPowerPlatformRESTWithCertificateThumbprint client_id = $Script:MSCloudLoginConnectionProfile.PowerPlatformREST.ApplicationId client_assertion = $JWT client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' - scope = $Script:MSCloudLoginConnectionProfile.PowerPlatformREST.Audience + "/.default" + scope = $Script:MSCloudLoginConnectionProfile.PowerPlatformREST.Audience + '/.default' grant_type = 'client_credentials' } diff --git a/Modules/MSCloudLoginAssistant/Workloads/SecurityCompliance.ps1 b/Modules/MSCloudLoginAssistant/Workloads/SecurityCompliance.ps1 index 8992f83..4ef1159 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/SecurityCompliance.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/SecurityCompliance.ps1 @@ -73,8 +73,8 @@ function Connect-MSCloudLoginSecurityCompliance { Add-MSCloudLoginAssistantEvent -Message 'Connecting to Security & Compliance with Service Principal and Certificate Thumbprint' -Source $source if ($null -ne $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Endpoints -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Endpoints.ConnectionUri -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Endpoints.AzureADAuthorizationEndpointUri) + $null -ne $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Endpoints.ConnectionUri -and ` + $null -ne $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Endpoints.AzureADAuthorizationEndpointUri) { Add-MSCloudLoginAssistantEvent -Message 'Connecting by endpoints URI' -Source $source Connect-IPPSSession -AppId $Script:MSCloudLoginConnectionProfile.SecurityComplianceCenter.ApplicationId ` diff --git a/Modules/MSCloudLoginAssistant/Workloads/Teams.ps1 b/Modules/MSCloudLoginAssistant/Workloads/Teams.ps1 index 60a9684..b9656f7 100644 --- a/Modules/MSCloudLoginAssistant/Workloads/Teams.ps1 +++ b/Modules/MSCloudLoginAssistant/Workloads/Teams.ps1 @@ -60,8 +60,8 @@ function Connect-MSCloudLoginTeams { Add-MSCloudLoginAssistantEvent -Message "Connecting to Microsoft Teams using AzureAD Application {$($Script:MSCloudLoginConnectionProfile.Teams.ApplicationId)}" -Source $source if ($null -ne $Script:MSCloudLoginConnectionProfile.Teams.Endpoints -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.ConnectionUri -and ` - $null -ne $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.AzureADAuthorizationEndpointUri) + $null -ne $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.ConnectionUri -and ` + $null -ne $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.AzureADAuthorizationEndpointUri) { $graphAccessToken = Get-MSCloudLoginAccessToken -ConnectionUri $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.ConnectionUri ` -AzureADAuthorizationEndpointUri $Script:MSCloudLoginConnectionProfile.Teams.Endpoints.AzureADAuthorizationEndpointUri `