AzureAD/New-AadAppsForBc.ps1
<#
.Synopsis Create Apps in Azure Active Directory to allow Single Signon when using AAD .Description This function will create an app in AAD, to allow Web and Windows Client to use AAD for authentication Optionally the function can also create apps for the Excel AddIn and/or Other services integration .Parameter accessToken Accesstoken for Microsoft Graph with permissions to create apps in the AAD .Parameter appIdUri Unique Uri to identify the AAD App (typically we use the URL for the Web Client) .Parameter publicWebBaseUrl URL for the Web Client (defaults to the value of appIdUri) .Parameter iconPath Path of the image you want to use for the SSO App .Parameter IncludeExcelAadApp Add this switch to request the function to also create an AAD app for the Excel AddIn .Parameter IncludePowerBiAadApp Add this switch to request the function to also create an AAD app for the PowerBI service .Parameter IncludeEMailAadApp Add this switch to request the function to also create an AAD app for the EMail service .Parameter IncludeOtherServicesAadApp Add this switch to request the function to also create an AAD app for other services (including PowerBI, SharePoint, Universal Print, etc.) https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/register-app-azure .Parameter IncludeApiAccess Add this switch to add application permissions for Web Services API and automation API .Parameter Singletenant Indicates whether this application is singletenant .Parameter PreAuthorizePowerShell Indicates whether the well known PowerShell AppID (1950a258-227b-4e31-a9cf-717495945fc2) should be pre-authorized for access .Parameter useCurrentMicrosoftGraphConnection Specify this switch to use the current Microsoft Graph Connection instead of invoking Connect-MgGraph (which will pop up a UI) .Parameter autoConsent Specify that this will automatically grant Admin permissions to the created application registration. (Cloud Application Administrator role required) .Example New-AadAppsForBC -accessToken $accessToken -appIdUri https://mycontainer.mydomain/bc/ .Example $bcAuthContext = New-BcAuthContext -tenantID $azureTenantId -clientID $azureApplicationId -clientSecret $clientSecret -scopes "https://graph.microsoft.com/.default" $AdProperties = New-AadAppsForBc -appIdUri https://mycontainer.mydomain/bc/ -bcAuthContext $bcAuthContext #> function New-AadAppsForBc { Param ( [Parameter(Mandatory=$false)] [string] $accessToken, [Parameter(Mandatory=$true)] [string] $appIdUri, [Parameter(Mandatory=$false)] [string] $publicWebBaseUrl = $appIdUri, [Parameter(Mandatory=$false)] [string] $iconPath, [switch] $IncludeExcelAadApp, [switch] $IncludePowerBiAadApp, [switch] $IncludeEmailAadApp, [switch] $IncludeOtherServicesAadApp, [switch] $IncludeApiAccess, [switch] $SingleTenant, [switch] $preAuthorizePowerShell, [switch] $useCurrentMicrosoftGraphConnection, [Hashtable] $bcAuthContext, [switch] $autoConsent ) $telemetryScope = InitTelemetryScope -name $MyInvocation.InvocationName -parameterValues $PSBoundParameters -includeParameters @() try { $publicWebBaseUrl = "$($publicWebBaseUrl.TrimEnd('/'))/" if (!(Get-PackageProvider -Name NuGet -ListAvailable -ErrorAction Ignore)) { Write-Host "Installing NuGet Package Provider" Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -WarningAction Ignore | Out-Null } if (!(Get-Package -Name Microsoft.Graph -ErrorAction Ignore)) { Write-Host "Installing Microsoft.Graph PowerShell package" Install-Package Microsoft.Graph -Force -WarningAction Ignore | Out-Null } # Connect to Microsoft.Graph if (!$useCurrentMicrosoftGraphConnection) { if ($bcAuthContext) { $bcAuthContext = Renew-BcAuthContext -bcAuthContext $bcAuthContext $jwtToken = Parse-JWTtoken -token $bcAuthContext.accessToken if ($jwtToken.aud -ne 'https://graph.microsoft.com') { Write-Host -ForegroundColor Yellow "The accesstoken was provided for $($jwtToken.aud), should have been for https://graph.microsoft.com" } $accessToken = $bcAuthContext.accessToken } if ($accessToken) { # Check the AccessToken since Microsoft Graph V2 requires a SecureString $graphAccesTokenParameter = (Get-Command Connect-MgGraph).Parameters['AccessToken'] if ($graphAccesTokenParameter.ParameterType -eq [securestring]) { Connect-MgGraph -AccessToken (ConvertTo-SecureString -String $accessToken -AsPlainText -Force) | Out-Null } else { Connect-MgGraph -AccessToken $accessToken | Out-Null } } else { Connect-MgGraph -Scopes 'Application.ReadWrite.All' | Out-Null } } $account = Get-MgContext $AdProperties = @{} $aadTenant = $account.TenantId $AdProperties["AadTenant"] = $AadTenant if ($null -eq $account.Account) { $adUser = Get-MgServicePrincipal -Filter "AppId eq '$($account.ClientId)'" } else { $adUser = Get-MgUser -UserId $account.Account } if (!$adUser) { throw "Could not identify Aad Tenant" } # Remove "old" AD Application Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $appIdUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } $signInReplyUrls = @("$($publicWebBaseUrl.ToLowerInvariant())SignIn",$publicWebBaseUrl.ToLowerInvariant().TrimEnd('/')) $oAuthReplyUrls = @("$($publicWebBaseUrl.ToLowerInvariant())OAuthLanding.htm") if ($publicWebBaseUrl.ToLowerInvariant() -cne $publicWebBaseUrl) { $signInReplyUrls += @("$($publicWebBaseUrl)SignIn",$publicWebBaseUrl.TrimEnd('/')) $oAuthReplyUrls += @("$($publicWebBaseUrl)OAuthLanding.htm") } Write-Host "Creating AAD App for WebClient" if ($SingleTenant.IsPresent) { $signInAudience = 'AzureADMyOrg' } else { $signInAudience = 'AzureADMultipleOrgs' } $informationalUrl = @{ } if ($iconPath) { $informationalUrl += @{ "LogoUrl" = $iconPath } } $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Well-known ID, the same across all tenants $graphRRA.ResourceAccess = @( @{ Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; Type = "Scope" } # User.Read @{ Id = "9769c687-087d-48ac-9cb3-c37dde652038"; Type = "Scope" } # EWS.AccessAsUser.All @{ Id = "5fa075e9-b951-4165-947b-c63396ff0a37"; Type = "Scope" } # PrinterShare.ReadBasic.All @{ Id = "21f0d9c0-9f13-48b3-94e0-b6b231c7d320"; Type = "Scope" } # PrintJob.Create @{ Id = "6a71a747-280f-4670-9ca0-a9cbf882b274"; Type = "Scope" } # PrintJob.ReadBasic ) $powerBIRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $powerBIRRA.ResourceAppId = "00000009-0000-0000-c000-000000000000" # Power BI Service $powerBIRRA.ResourceAccess = @( @{ "Id" = "4ae1bf56-f562-4747-b7bc-2fa0874ed46f"; "Type" = "Scope" } # Report.Read.All ) $sharepointRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $sharepointRRA.ResourceAppId = "00000003-0000-0ff1-ce00-000000000000" # SharePoint $sharepointRRA.ResourceAccess = @( @{ "Id" = "640ddd16-e5b7-4d71-9690-3f4022699ee7"; "Type" = "Scope" } # AllSites.Write @{ "Id" = "2cfdc887-d7b4-4798-9b33-3d98d6b95dd2"; "Type" = "Scope" } # MyFiles.Write ) $resourceAccessList = @($graphRRA, $powerBIRRA, $sharepointRRA) $ssoAdApp = New-MgApplication ` -DisplayName "WebClient for $publicWebBaseUrl" ` -IdentifierUris $appIdUri ` -Web @{ ImplicitGrantSettings = @{ EnableIdTokenIssuance = $true }; RedirectUris = $signInReplyUrls } ` -SignInAudience $signInAudience ` -Info @{ "LogoUrl" = $iconPath } ` -RequiredResourceAccess $resourceAccessList $admspwd = Add-MgApplicationPassword -ApplicationId $ssoAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["SsoAdAppKeyValue"] = $admspwd.SecretText $ssoAdAppId = $ssoAdApp.AppId.ToString() $AdProperties["SsoAdAppId"] = $ssoAdAppId # Get oauth2 permission id for sso app $oauth2permissionid = [GUID]::NewGuid().ToString() $oauth2PermissionScopes = $ssoAdApp.Api.Oauth2PermissionScopes $oauth2PermissionScopes += @{ "Id" = $oauth2permissionid "value" = "user_impersonation" "Type" = "User" "adminConsentDisplayName" = "Access WebClient for $publicWebBaseUrl" "adminConsentDescription" = "Allow the application to access WebClient for $publicWebBaseUrl on behalf of the signed-in user." "userConsentDisplayName" = "Access WebClient for $publicWebBaseUrl" "userConsentDescription" = "Allow the application to access WebClient for $publicWebBaseUrl on your behalf." "IsEnabled" = $true } Update-MgApplication -ApplicationId $ssoAdApp.Id -Api @{Oauth2PermissionScopes = $oauth2PermissionScopes} if ($autoConsent.IsPresent) { try { $SsoAdAppId = $AdProperties["SsoAdAppId"] $sp = @( $null, $null ) $idx = 0 $ssoAdAppId | ForEach-Object { $appId = $_ $app = Get-MgApplication -All | Where-Object { $_.AppId -eq $appId } if (!$app) { Write-Host -NoNewline "Waiting for AD App synchronization." do { Start-Sleep -Seconds 2 $app = Get-MgApplication -All | Where-Object { $_.AppId -eq $appId } } while (!$app) } $sp[$idx] = Get-MgServicePrincipal -All | Where-Object { $_.AppId -eq $appId } if (!$sp[$idx]) { $sp[$idx] = New-MgServicePrincipal -AppId $appId -Tags @("WindowsAzureActiveDirectoryIntegratedApp") } $idx++ } $client = Get-MgServicePrincipal -Filter "appId eq '$appId'" $resource = Get-MgServicePrincipal -Filter "servicePrincipalNames / any(n: n eq 'https://graph.microsoft.com/')" New-MgOAuth2PermissionGrant -ClientId $client.Id -ConsentType "AllPrincipals" -ResourceId $resource.Id Write-Host "Installing Microsoft.Graph PowerShell package" } catch { Write-Error "An error occurred while attempting to automatically consent to the created application: $_" Write-Warning "Note: Cloud Application Administrator role required." } } if ($IncludeApiAccess) { $appRoleId = [Guid]::NewGuid().ToString() Update-MgApplication ` -ApplicationId $ssoAdApp.Id ` -AppRoles @{ "Id" = $appRoleId "DisplayName" = "API.ReadWrite.All" "Description" = "Full access to web services API" "Value" = "API.ReadWrite.All" "IsEnabled" = $true "AllowedMemberTypes" = @("Application","User") } } if ($preAuthorizePowerShell) { $PreAuthorizedApplications = $ssoAdApp.Api.PreAuthorizedApplications $PreAuthorizedApplications += @{ "AppId" = "1950a258-227b-4e31-a9cf-717495945fc2"; "DelegatedPermissionIds" = @($oauth2permissionid) } Update-MgApplication -ApplicationId $ssoAdApp.Id -Api @{PreAuthorizedApplications = $PreAuthorizedApplications} } # API Access Aad App if ($IncludeApiAccess) { # Remove "old" Api AAD Application $ApiIdentifierUri = $appIdUri.Replace('://','://api.') Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $ApiIdentifierUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } # Create AD Application Write-Host "Creating AAD App for API Access" $bcSSOAppRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $bcSSOAppRRA.ResourceAppId = "$ssoAdAppId" # BC SSO App $bcSSOAppRRA.ResourceAccess = @( @{ "Id" = "$oauth2permissionid"; "Type" = "Scope" } # OAuth2 @{ "Id" = "$appRoleId"; "Type" = "Role" } # API.ReadWrite.All ) $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph $graphRRA.ResourceAccess = @( @{ "Id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "Type" = "Scope" } # User.Read ) $apiAppResourceAccessList = @($graphRRA, $bcSSOAppRRA) $apiAdApp = New-MgApplication ` -DisplayName "API Access for $publicWebBaseUrl" ` -IdentifierUris $ApiIdentifierUri ` -Web @{ "RedirectUris" = $oAuthReplyUrls } ` -SignInAudience $signInAudience ` -RequiredResourceAccess $apiAppResourceAccessList $apiAdAppId = $apiAdApp.AppId.ToString() $AdProperties["ApiAdAppId"] = $apiAdAppId $admspwd = Add-MgApplicationPassword -ApplicationId $apiAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["ApiAdAppKeyValue"] = $admspwd.SecretText $sp = @( $null, $null ) $idx = 0 $ssoAdAppId,$apiAdAppId | ForEach-Object { $appId = $_ $app = Get-MgApplication -All | Where-Object { $_.AppId -eq $appId } if (!$app) { Write-Host -NoNewline "Waiting for AD App synchronization." do { Start-Sleep -Seconds 2 $app = Get-MgApplication -All | Where-Object { $_.AppId -eq $appId } } while (!$app) } $sp[$idx] = Get-MgServicePrincipal -All | Where-Object { $_.AppId -eq $appId } if (!$sp[$idx]) { $sp[$idx] = New-MgServicePrincipal -AppId $appId -Tags @("WindowsAzureActiveDirectoryIntegratedApp") } $idx++ } New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $sp[1].Id -PrincipalId $sp[1].Id -ResourceId $sp[0].Id -AppRoleId $appRoleId | Out-Null } # Excel Ad App if ($IncludeExcelAadApp) { # Remove "old" Excel AD Application $ExcelIdentifierUri = $appIdUri.Replace('://','://xls.') Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $ExcelIdentifierUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } # Create AD Application Write-Host "Creating AAD App for Excel Add-in" $bcSSOAppRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $bcSSOAppRRA.ResourceAppId = "$ssoAdAppId" # BC SSO App $bcSSOAppRRA.ResourceAccess = @( @{ "Id" = "$oauth2permissionid"; "Type" = "Scope" } # OAuth2 ) $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph $graphRRA.ResourceAccess = @( @{ "Id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "Type" = "Scope" } # User.Read ) $excelAppResourceAccessList = @($graphRRA, $bcSSOAppRRA) $excelAdApp = New-MgApplication ` -DisplayName "Excel AddIn for $publicWebBaseUrl" ` -IdentifierUris $ExcelIdentifierUri ` -Spa @{ "RedirectUris" = ($oAuthReplyUrls+@("https://az689774.vo.msecnd.net/dynamicsofficeapp/v1.3.0.0/*")) } ` -Web @{ "ImplicitGrantSettings" = @{ "EnableIdTokenIssuance" = $true; "EnableAccessTokenIssuance" = $true } } ` -SignInAudience $signInAudience ` -RequiredResourceAccess $excelAppResourceAccessList $ExcelAdAppId = $excelAdApp.AppId.ToString() $AdProperties["ExcelAdAppId"] = $ExcelAdAppId $admspwd = Add-MgApplicationPassword -ApplicationId $excelAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["ExcelAdAppKeyValue"] = $admspwd.SecretText } # Other Services Ad App if ($IncludeOtherServicesAadApp) { # Remove "old" Other Services AD Application $OtherServicesIdentifierUri = $appIdUri.Replace('://','://other.') Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $OtherServicesIdentifierUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } # Create AD Application Write-Host "Creating AAD App for Other Services" # Microsoft Graph $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph $graphRRA.ResourceAccess = @( @{ "Id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "Type" = "Scope" } # User.Read @{ "Id" = "5fa075e9-b951-4165-947b-c63396ff0a37"; "Type" = "Scope" } # PrinterShare.ReadBasic.All @{ "Id" = "21f0d9c0-9f13-48b3-94e0-b6b231c7d320"; "Type" = "Scope" } # PrintJob.Create @{ "Id" = "6a71a747-280f-4670-9ca0-a9cbf882b274"; "Type" = "Scope" } # PrintJob.ReadBasic @{ "Id" = "9769c687-087d-48ac-9cb3-c37dde652038"; "Type" = "Scope" } # EWS.AccessAsUser.All @{ "Id" = "d56682ec-c09e-4743-aaf4-1a3aac4caa21"; "Type" = "Scope" } # Contacts.ReadWrite ) $powerBIRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $powerBIRRA.ResourceAppId = "00000009-0000-0000-c000-000000000000" # Power BI Service $powerBIRRA.ResourceAccess = @( @{ "Id" = "4ae1bf56-f562-4747-b7bc-2fa0874ed46f"; "Type" = "Scope" } # Report.Read.All @{ "Id" = "b2f1b2fa-f35c-407c-979c-a858a808ba85"; "Type" = "Scope" } # Workspace.Read.All ) $sharePointRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $sharepointRRA.ResourceAppId = "00000003-0000-0ff1-ce00-000000000000" # Sharepoint Service $sharepointRRA.ResourceAccess = @( @{ "Id" = "56680e0d-d2a3-4ae1-80d8-3c4f2100e3d0"; "Type" = "Scope" } # AllSites.FullControl @{ "Id" = "82866913-39a9-4be7-8091-f4fa781088ae"; "Type" = "Scope" } # User.ReadWrite.All ) $otherServicesAppResourceAccessList = @($graphRRA, $powerBIRRA, $sharepointRRA) $otherServicesAdApp = New-MgApplication ` -DisplayName "Other Services for $publicWebBaseUrl" ` -IdentifierUris $OtherServicesIdentifierUri ` -Web @{ "RedirectUris" = $oAuthReplyUrls } ` -SignInAudience $signInAudience ` -RequiredResourceAccess $otherServicesAppResourceAccessList $OtherServicesAdAppId = $otherServicesAdApp.AppId.ToString() $AdProperties["OtherServicesAdAppId"] = $OtherServicesAdAppId $admspwd = Add-MgApplicationPassword -ApplicationId $otherServicesAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["OtherServicesAdAppKeyValue"] = $admspwd.SecretText } # PowerBI Ad App if ($IncludePowerBiAadApp) { Write-Host -ForegroundColor Yellow "-includePowerBiAadApp is deprecated. Use -includeOtherServicesAadApp instead." # Remove "old" PowerBI AD Application $PowerBiIdentifierUri = $appIdUri.Replace('://','://pbi.') Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $PowerBiIdentifierUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } # Create AD Application Write-Host "Creating AAD App for PowerBI Service" $powerBIRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $powerBIRRA.ResourceAppId = "00000009-0000-0000-c000-000000000000" # Power BI Service $powerBIRRA.ResourceAccess = @( @{ "Id" = "4ae1bf56-f562-4747-b7bc-2fa0874ed46f"; "Type" = "Scope" } # Report.Read.All @{ "Id" = "b2f1b2fa-f35c-407c-979c-a858a808ba85"; "Type" = "Scope" } # Workspace.Read.All ) $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph $graphRRA.ResourceAccess = @( @{ "Id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "Type" = "Scope" } # User.Read ) $powerBIAppResourceAccessList = @($powerBIRRA, $graphRRA) $powerBiAdApp = New-MgApplication ` -DisplayName "PowerBI Service for $publicWebBaseUrl" ` -IdentifierUris $PowerBiIdentifierUri ` -Web @{ "RedirectUris" = $oAuthReplyUrls } ` -SignInAudience $signInAudience ` -RequiredResourceAccess $powerBIAppResourceAccessList $PowerBiAdAppId = $powerBiAdApp.AppId.ToString() $AdProperties["PowerBiAdAppId"] = $PowerBiAdAppId $admspwd = Add-MgApplicationPassword -ApplicationId $PowerBiAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["PowerBiAdAppKeyValue"] = $admspwd.SecretText } # EMail App if ($IncludeEmailAadApp) { Write-Host -ForegroundColor Yellow "-includeEmailAadApp is deprecated. Use -includeOtherServicesAadApp instead." # Remove "old" Email AD Application $EMailIdentifierUri = $appIdUri.Replace('://','://email.') Get-MgApplication -All | Where-Object { $_.IdentifierUris -contains $EMailIdentifierUri } | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } # Create AD Application Write-Host "Creating AAD App for EMail Service" $graphRRA = New-Object -TypeName Microsoft.Graph.PowerShell.Models.MicrosoftGraphRequiredResourceAccess $graphRRA.ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph $graphRRA.ResourceAccess = @( @{ "Id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "Type" = "Scope" } # User.Read @{ "Id" = "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0"; "Type" = "Scope" } # Email @{ "Id" = "e383f46e-2787-4529-855e-0e479a3ffac0"; "Type" = "Scope" } # Mail.ReadWrite @{ "Id" = "024d486e-b451-40bb-833d-3e66d98c5c73"; "Type" = "Scope" } # Mail.Send @{ "Id" = "9769c687-087d-48ac-9cb3-c37dde652038"; "Type" = "Scope" } # EWS.AccessAsUser.All @{ "Id" = "d56682ec-c09e-4743-aaf4-1a3aac4caa21"; "Type" = "Scope" } # Contacts.ReadWrite ) $eMailAppResourceAccessList = @($graphRRA) $EMailAdApp = New-MgApplication ` -DisplayName "EMail Service for $publicWebBaseUrl" ` -IdentifierUris $EMailIdentifierUri ` -Web @{ "ImplicitGrantSettings" = @{ "EnableIdTokenIssuance" = $true; "EnableAccessTokenIssuance" = $true }; "RedirectUris" = $oAuthReplyUrls } ` -SignInAudience $signInAudience ` -RequiredResourceAccess $eMailAppResourceAccessList $EMailAdAppId = $EMailAdApp.AppId.ToString() $AdProperties["EMailAdAppId"] = $EMailAdAppId $admspwd = Add-MgApplicationPassword -ApplicationId $EmailAdApp.Id -PasswordCredential @{ "DisplayName" = "Password" } $AdProperties["EMailAdAppKeyValue"] = $admspwd.SecretText } $AdProperties } catch { TrackException -telemetryScope $telemetryScope -errorRecord $_ throw } finally { TrackTrace -telemetryScope $telemetryScope } } Export-ModuleMember -Function New-AadAppsForBc # SIG # Begin signature block # MIImbAYJKoZIhvcNAQcCoIImXTCCJlkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCQMWFm4C7oGS6w # s8MwVbvXOXQLUxcQhqyvOck0AFyfIaCCH4QwggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggYaMIIEAqADAgECAhBiHW0MUgGeO5B5FSCJIRwKMA0GCSqG # SIb3DQEBDAUAMFYxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 # ZWQxLTArBgNVBAMTJFNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBSb290IFI0 # NjAeFw0yMTAzMjIwMDAwMDBaFw0zNjAzMjEyMzU5NTlaMFQxCzAJBgNVBAYTAkdC # MRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVi # bGljIENvZGUgU2lnbmluZyBDQSBSMzYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw # ggGKAoIBgQCbK51T+jU/jmAGQ2rAz/V/9shTUxjIztNsfvxYB5UXeWUzCxEeAEZG # bEN4QMgCsJLZUKhWThj/yPqy0iSZhXkZ6Pg2A2NVDgFigOMYzB2OKhdqfWGVoYW3 # haT29PSTahYkwmMv0b/83nbeECbiMXhSOtbam+/36F09fy1tsB8je/RV0mIk8XL/ # tfCK6cPuYHE215wzrK0h1SWHTxPbPuYkRdkP05ZwmRmTnAO5/arnY83jeNzhP06S # hdnRqtZlV59+8yv+KIhE5ILMqgOZYAENHNX9SJDm+qxp4VqpB3MV/h53yl41aHU5 # pledi9lCBbH9JeIkNFICiVHNkRmq4TpxtwfvjsUedyz8rNyfQJy/aOs5b4s+ac7I # H60B+Ja7TVM+EKv1WuTGwcLmoU3FpOFMbmPj8pz44MPZ1f9+YEQIQty/NQd/2yGg # W+ufflcZ/ZE9o1M7a5Jnqf2i2/uMSWymR8r2oQBMdlyh2n5HirY4jKnFH/9gRvd+ # QOfdRrJZb1sCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFDLrkpr/NZZILyhAQnAg # NpFcF4XmMB0GA1UdDgQWBBQPKssghyi47G9IritUpimqF6TNDDAOBgNVHQ8BAf8E # BAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAb # BgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEsGA1UdHwREMEIwQKA+oDyGOmh0 # dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9v # dFI0Ni5jcmwwewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0 # LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdj # MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0B # AQwFAAOCAgEABv+C4XdjNm57oRUgmxP/BP6YdURhw1aVcdGRP4Wh60BAscjW4HL9 # hcpkOTz5jUug2oeunbYAowbFC2AKK+cMcXIBD0ZdOaWTsyNyBBsMLHqafvIhrCym # laS98+QpoBCyKppP0OcxYEdU0hpsaqBBIZOtBajjcw5+w/KeFvPYfLF/ldYpmlG+ # vd0xqlqd099iChnyIMvY5HexjO2AmtsbpVn0OhNcWbWDRF/3sBp6fWXhz7DcML4i # TAWS+MVXeNLj1lJziVKEoroGs9Mlizg0bUMbOalOhOfCipnx8CaLZeVme5yELg09 # Jlo8BMe80jO37PU8ejfkP9/uPak7VLwELKxAMcJszkyeiaerlphwoKx1uHRzNyE6 # bxuSKcutisqmKL5OTunAvtONEoteSiabkPVSZ2z76mKnzAfZxCl/3dq3dUNw4rg3 # sTCggkHSRqTqlLMS7gjrhTqBmzu1L90Y1KWN/Y5JKdGvspbOrTfOXyXvmPL6E52z # 1NZJ6ctuMFBQZH3pwWvqURR8AgQdULUvrxjUYbHHj95Ejza63zdrEcxWLDX6xWls # /GDnVNueKjWUH3fTv1Y8Wdho698YADR7TNx8X8z2Bev6SivBBOHY+uqiirZtg0y9 # ShQoPzmCcn63Syatatvx157YK9hlcPmVoa1oDE5/L9Uo2bC5a4CH2RwwggZZMIIE # waADAgECAhANIM3qwHRbWKHw+Zq6JhzlMA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNV # BAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3Rp # Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYwHhcNMjExMDIyMDAwMDAwWhcN # MjQxMDIxMjM1OTU5WjBdMQswCQYDVQQGEwJESzEUMBIGA1UECAwLSG92ZWRzdGFk # ZW4xGzAZBgNVBAoMEkZyZWRkeSBLcmlzdGlhbnNlbjEbMBkGA1UEAwwSRnJlZGR5 # IEtyaXN0aWFuc2VuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgYC5 # tlg+VRktRRkahxxaV8+DAd6vHoDpcO6w7yT24lnSoMuA6nR7kgy90Y/sHIwKE9Ww # t/px/GAY8eBePWjJrFpG8fBtJbXadRTVd/470Hs/q9t+kh6A/0ELj7wYsKSNOyuF # Poy4rtClOv9ZmrRpoDVnh8Epwg2DpklX2BNzykzBQxIbkpp+xVo2mhPNWDIesntc # 4/BnSebLGw1Vkxmu2acKkIjYrne/7lsuyL9ue0vk8TGk9JBPNPbGKJvHu9szP9oG # oH36fU1sEZ+AacXrp+onsyPf/hkkpAMHAhzQHl+5Ikvcus/cDm06twm7VywmZcas # 2rFAV5MyE6WMEaYAolwAHiPz9WAs2GDhFtZZg1tzbRjJIIgPpR+doTIcpcDBcHnN # dSdgWKrTkr2f339oT5bnJfo7oVzc/2HGWvb8Fom6LQAqSC11vWmznHYsCm72g+fo # TKqW8lLDfLF0+aFvToLosrtW9l6Z+l+RQ8MtJ9EHOm2Ny8cFLzZCDZYw32BydwcL # V5rKdy4Ica9on5xZvyMOLiFwuL4v2V4pjEgKJaGSS/IVSMEGjrM9DHT6YS4/oq9q # 20rQUmMZZQmGmEyyKQ8t11si8VHtScN5m0Li8peoWfCU9mRFxSESwTWow8d462+o # 9/SzmDxCACdFwzvfKx4JqDMm55cL+beunIvc0NsCAwEAAaOCAZwwggGYMB8GA1Ud # IwQYMBaAFA8qyyCHKLjsb0iuK1SmKaoXpM0MMB0GA1UdDgQWBBTZD6uy9ZWIIqQh # 3srYu1FlUhdM0TAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUE # DDAKBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBBAwSgYDVR0gBEMwQTA1Bgwr # BgEEAbIxAQIBAwIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9D # UFMwCAYGZ4EMAQQBMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuc2VjdGln # by5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3JsMHkGCCsGAQUF # BwEBBG0wazBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0 # aWdvUHVibGljQ29kZVNpZ25pbmdDQVIzNi5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6 # Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4IBgQASEbZACurQeQN8 # WDTR+YyNpoQ29YAbbdBRhhzHkT/1ao7LE0QIOgGR4GwKRzufCAwu8pCBiMOUTDHT # ezkh0rQrG6khxBX2nSTBL5i4LwKMR08HgZBsbECciABy15yexYWoB/D0H8WuGe63 # PhGWueR4IFPbIz+jEVxfW0Nyyr7bXTecpKd1iprm+TOmzc2E6ab95dkcXdJVx6Zy # s++QrrOfQ+a57qEXkS/wnjjbN9hukL0zg+g8L4DHLKTodzfiQOampvV8QzbnB7Y8 # YjNcxR9s/nptnlQH3jorNFhktiBXvD62jc8pAIg6wyH6NxSMjtTsn7QhkIp2kusw # IQwD8hN/fZ/m6gkXZhRJWFr2WRZOz+edZ62Jf25C/NYWscwfBwn2hzRZf1HgyxkX # Al88dvvUA3kw1T6uo8aAB9IcL6Owiy7q4T+RLRF7oqx0vcw0193Yhq/gPOaUFlqz # ExP6TQ5TR9XWVPQk+a1B1ATKMLi1JShO6KWTmNkFkgkgpkW69BEwggauMIIElqAD # AgECAhAHNje3JFR82Ees/ShmKl5bMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNVBAYT # AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy # dC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0yMjAz # MjMwMDAwMDBaFw0zNzAzMjIyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQK # Ew5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBS # U0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQDGhjUGSbPBPXJJUVXHJQPE8pE3qZdRodbSg9GeTKJtoLDM # g/la9hGhRBVCX6SI82j6ffOciQt/nR+eDzMfUBMLJnOWbfhXqAJ9/UO0hNoR8XOx # s+4rgISKIhjf69o9xBd/qxkrPkLcZ47qUT3w1lbU5ygt69OxtXXnHwZljZQp09ns # ad/ZkIdGAHvbREGJ3HxqV3rwN3mfXazL6IRktFLydkf3YYMZ3V+0VAshaG43IbtA # rF+y3kp9zvU5EmfvDqVjbOSmxR3NNg1c1eYbqMFkdECnwHLFuk4fsbVYTXn+149z # k6wsOeKlSNbwsDETqVcplicu9Yemj052FVUmcJgmf6AaRyBD40NjgHt1biclkJg6 # OBGz9vae5jtb7IHeIhTZgirHkr+g3uM+onP65x9abJTyUpURK1h0QCirc0PO30qh # HGs4xSnzyqqWc0Jon7ZGs506o9UD4L/wojzKQtwYSH8UNM/STKvvmz3+DrhkKvp1 # KCRB7UK/BZxmSVJQ9FHzNklNiyDSLFc1eSuo80VgvCONWPfcYd6T/jnA+bIwpUzX # 6ZhKWD7TA4j+s4/TXkt2ElGTyYwMO1uKIqjBJgj5FBASA31fI7tk42PgpuE+9sJ0 # sj8eCXbsq11GdeJgo1gJASgADoRU7s7pXcheMBK9Rp6103a50g5rmQzSM7TNsQID # AQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUuhbZbU2F # L3MpdpovdYxqII+eyG8wHwYDVR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08w # DgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHcGCCsGAQUFBwEB # BGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsG # AQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNybDAgBgNVHSAEGTAXMAgG # BmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggIBAH1ZjsCTtm+Y # qUQiAX5m1tghQuGwGC4QTRPPMFPOvxj7x1Bd4ksp+3CKDaopafxpwc8dB+k+YMjY # C+VcW9dth/qEICU0MWfNthKWb8RQTGIdDAiCqBa9qVbPFXONASIlzpVpP0d3+3J0 # FNf/q0+KLHqrhc1DX+1gtqpPkWaeLJ7giqzl/Yy8ZCaHbJK9nXzQcAp876i8dU+6 # WvepELJd6f8oVInw1YpxdmXazPByoyP6wCeCRK6ZJxurJB4mwbfeKuv2nrF5mYGj # VoarCkXJ38SNoOeY+/umnXKvxMfBwWpx2cYTgAnEtp/Nh4cku0+jSbl3ZpHxcpzp # SwJSpzd+k1OsOx0ISQ+UzTl63f8lY5knLD0/a6fxZsNBzU+2QJshIUDQtxMkzdwd # eDrknq3lNHGS1yZr5Dhzq6YBT70/O3itTK37xJV77QpfMzmHQXh6OOmc4d0j/R0o # 08f56PGYX/sr2H7yRp11LB4nLCbbbxV7HhmLNriT1ObyF5lZynDwN7+YAN8gFk8n # +2BnFqFmut1VwDophrCYoCvtlUG3OtUVmDG0YgkPCr2B2RP+v6TR81fZvAT6gt4y # 3wSJ8ADNXcL50CN/AAvkdgIm2fBldkKmKYcJRyvmfxqkhQ/8mJb2VVQrH4D6wPIO # K+XW+6kvRBVK5xMOHds3OBqhK/bt1nz8MIIGwjCCBKqgAwIBAgIQBUSv85SdCDmm # v9s/X+VhFjANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO # RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB # NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMB4XDTIzMDcxNDAwMDAwMFoXDTM0 # MTAxMzIzNTk1OVowSDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ # bmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAgMjAyMzCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBAKNTRYcdg45brD5UsyPgz5/X5dLnXaEOCdwv # SKOXejsqnGfcYhVYwamTEafNqrJq3RApih5iY2nTWJw1cb86l+uUUI8cIOrHmjsv # lmbjaedp/lvD1isgHMGXlLSlUIHyz8sHpjBoyoNC2vx/CSSUpIIa2mq62DvKXd4Z # GIX7ReoNYWyd/nFexAaaPPDFLnkPG2ZS48jWPl/aQ9OE9dDH9kgtXkV1lnX+3RCh # G4PBuOZSlbVH13gpOWvgeFmX40QrStWVzu8IF+qCZE3/I+PKhu60pCFkcOvV5aDa # Y7Mu6QXuqvYk9R28mxyyt1/f8O52fTGZZUdVnUokL6wrl76f5P17cz4y7lI0+9S7 # 69SgLDSb495uZBkHNwGRDxy1Uc2qTGaDiGhiu7xBG3gZbeTZD+BYQfvYsSzhUa+0 # rRUGFOpiCBPTaR58ZE2dD9/O0V6MqqtQFcmzyrzXxDtoRKOlO0L9c33u3Qr/eTQQ # fqZcClhMAD6FaXXHg2TWdc2PEnZWpST618RrIbroHzSYLzrqawGw9/sqhux7Ujip # mAmhcbJsca8+uG+W1eEQE/5hRwqM/vC2x9XH3mwk8L9CgsqgcT2ckpMEtGlwJw1P # t7U20clfCKRwo+wK8REuZODLIivK8SgTIUlRfgZm0zu++uuRONhRB8qUt+JQofM6 # 04qDy0B7AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIw # ADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjAL # BglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYD # VR0OBBYEFKW27xPn783QZKHVVqllMaPe1eNJMFoGA1UdHwRTMFEwT6BNoEuGSWh0 # dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZT # SEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsG # AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0 # dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQw # OTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIBAIEa # 1t6gqbWYF7xwjU+KPGic2CX/yyzkzepdIpLsjCICqbjPgKjZ5+PF7SaCinEvGN1O # tt5s1+FgnCvt7T1IjrhrunxdvcJhN2hJd6PrkKoS1yeF844ektrCQDifXcigLiV4 # JZ0qBXqEKZi2V3mP2yZWK7Dzp703DNiYdk9WuVLCtp04qYHnbUFcjGnRuSvExnvP # nPp44pMadqJpddNQ5EQSviANnqlE0PjlSXcIWiHFtM+YlRpUurm8wWkZus8W8oM3 # NG6wQSbd3lqXTzON1I13fXVFoaVYJmoDRd7ZULVQjK9WvUzF4UbFKNOt50MAcN7M # mJ4ZiQPq1JE3701S88lgIcRWR+3aEUuMMsOI5ljitts++V+wQtaP4xeR0arAVeOG # v6wnLEHQmjNKqDbUuXKWfpd5OEhfysLcPTLfddY2Z1qJ+Panx+VPNTwAvb6cKmx5 # AdzaROY63jg7B145WPR8czFVoIARyxQMfq68/qTreWWqaNYiyjvrmoI1VygWy2ny # Mpqy0tg6uLFGhmu6F/3Ed2wVbK6rr3M66ElGt9V/zLY4wNjsHPW2obhDLN9OTH0e # aHDAdwrUAuBcYLso/zjlUlrWrBciI0707NMX+1Br/wd3H3GXREHJuEbTbDJ8WC9n # R2XlG3O2mflrLAZG70Ee8PBf4NvZrZCARK+AEEGKMYIGPjCCBjoCAQEwaDBUMQsw # CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJT # ZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2AhANIM3qwHRbWKHw+Zq6 # JhzlMA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQBgjcCAQwxCjAIoAKAAKECgAAw # GQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisG # AQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBOcMnemvMkfyIbPUyg24PODcTFjvvG8 # pVEWAunanywBMA0GCSqGSIb3DQEBAQUABIICACrpfg+BAnlDaFprLCmT+vwzwect # IhPL3mOtKosSRIcXJjlAXKQOMWnb5TXOxJtdZn1xg946fX+hPw123YvQiLgg49xj # UrljBpdN/I6HGsL0ogDHT3HG7mFYH0HLfWH5ht72cWW2AolOJbwDDrZUc+mslln+ # LAv8SCxYnS3/15PrYDt5wz4g8gESHciN1FPMoTVXAVeduvywsBuaCB/Cw1LR/SdR # IPZcMQYSPv577W+AjzeIhaPp/+gIA1YrhyrqG+6jr6e0ERlQlfpmMIhUpih+tTFn # qRaEghBd983qOwK+fGNq78QsxOWPccra+8CTIK6bLQl8LXGfWHli5I9BPd2kF78P # zIjFpEbN+Q93PNFVjZKFTBWvYF5zLurW9JVtis5F19x8FF3DVqyO6AjK0AP/4DzH # 3mEFr09IFzuWj/40bEk6EHQQ02mraoWcPl13ALCJ/Npd2HKQVlT2zBEede2CXVYb # P00BAnIhrbp+xTtq2m5O3kQXWHxqJUDbqviqsX3jlEWKNyu8vX+9xyovM7vnSbnR # wpfg0BcWMl+1CpPdBKL3OaQf6fg55SluYnIo01KspjnTJcGyOQXxWs1y3K3bni1u # eCmiDp+vLgOOxCnSYq3Pg7vallI4gE3ku+GBpK/NFoXkCcbzb9ZnyI7Eejgb2eQF # OvxQ9HhN19xU05/XoYIDIDCCAxwGCSqGSIb3DQEJBjGCAw0wggMJAgEBMHcwYzEL # MAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJE # aWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBD # QQIQBUSv85SdCDmmv9s/X+VhFjANBglghkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJ # AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDgyNjExMDc1NVowLwYJ # KoZIhvcNAQkEMSIEIBE1WAL41dtE2dedL1GM56N5SlCM+Jlq7LXWNDcPR+XDMA0G # CSqGSIb3DQEBAQUABIICAE58Yv/ZMx9p7/DPxantqCL7+riGd3SdoqAteql83Dw1 # DvTnPPGwMJqgiSrTdPYPqWBMNtmbwPdtR8ueXedOyIazody26iCFF6HcqOIMy2Xo # +6NR7Q1pnsD37iIVwVH5YPlDcCQeYjbSK6J8RyI0WFAoXXjf0Rc2vLtj0RUP0hRJ # GfklgKdTv/AOk0Dm3NivEr1Ejn2JwpJDzviN38b4qrDeslrXip8l3m7Fkx+UrGtT # oeTarB/0hezer4aJvBEXslROmlj/zdOYrfORZSFJO9mRI4rSHW8lB05ppLIJlrqz # 7T8MTpf2TnIvUr2Vmou3ShKoTDCZA29dF3YmrjDODPa1VtT6NSGMVAgMFFFFykZv # P/PRROur5GjCU4B1pNdD/CawpXBsIp5hvz8jLN9GFPOSkI9B9tPYPdLx4CSzPaTq # 0csI6OkSgwYf1BQHL61RyZPq3gjl6FcSMqWSI7M7cs+5EkeV/wa35NN+UjtS7GfC # iSU9nBxkfN2oPbl4siOtb9FcyJo1mvh/snrmHQoLJv10VlpxrgVKaOY2TLS3+SuS # O938jsh0F5lG60p+qmkdyfBPbF7xxQv/P1uPLD/Ti12JCPzFFTyO3nMtqB0g6pEf # A+5S8vfYxVSAPt2Gu9OtJ7EdP1MFDh89+GmdNp6ywjPPr5TbsUQG2s9t/Hl3RT0S # SIG # End signature block |