Public/TenantConfiguration/New-BitTitanAppRegistration.ps1
function New-BitTitanAppRegistration() { param( [Parameter(Mandatory)] [string]$TenantId ) Connect-CustomerGraph -CustomerTenantId $TenantId try { $Resource = Get-MgServicePrincipal -Filter "appId eq '00000002-0000-0ff1-ce00-000000000000'" -ErrorAction Stop if(!$Resource) { throw "Failed to find Exchange Online service principal. The customer does not have Exchange Online - and therefore app registration is impossible. Assign a license to the customer, and wait 10 minutes before trying again." } } catch { throw "Failed to find Exchange Online service principal. The customer does not have Exchange Online - and therefore app registration is impossible. Assign a license to the customer, and wait 10 minutes before trying again." } try { $AppRegistrationParams = @{ displayName = "BitTitan MigrationWiz" description = "App registration for BitTitan MigrationWiz usage." isFallbackPublicClient = "True" signInAudience = "AzureADMultipleOrgs" publicClient = @{ redirectUris = @( "urn:ietf:wg:oauth:2.0:oob" ) } requiredResourceAccess = @( @{ resourceAppId = "00000002-0000-0ff1-ce00-000000000000" resourceAccess = @( @{ id = "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5" type = "Scope" } ) } ) } $Application = New-MgApplication -BodyParameter $AppRegistrationParams -ErrorAction Stop Write-Host "Completed creating BitTitan app registration." -ForegroundColor Green } catch { throw "Failed to create BitTitan app registration: $_" } try { $ServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$($Application.AppId)'" -ErrorAction Stop } catch { if (!$ServicePrincipal) { $ServicePrincipal = New-MgServicePrincipal -AppId $Application.AppId } throw "Failed to find/create app registration service principal: $_" } try { New-MgOauth2PermissionGrant -ClientId $ServicePrincipal.Id -ConsentType "AllPrincipals" -Scope "EWS.AccessAsUser.All" -ResourceId $Resource.Id Write-Host "Successfully granted admin consent for EWS.AccessAsUser.All." -ForegroundColor Green } catch { throw "Failed to grant admin consent for EWS.AccessAsUser.All: $_" } Write-Host "If enabling Modern Authentication for the source:" -ForegroundColor Cyan Write-Host "ModernAuthClientIdExport=$($Application.AppId)" Write-Host "ModernAuthTenantIdExport=$($TenantId)" Write-Host "If enabling modern authentication for the destination:" -ForegroundColor Cyan Write-Host "ModernAuthClientIdImport=$($Application.AppId)" Write-Host "ModernAuthTenantIdImport=$($TenantId)" Write-Host "Copy these values, and use them in your BitTitan project (see here: https://help.bittitan.com/hc/en-us/articles/360034124813-Authentication-Methods-for-Microsoft-365-All-Products-Migrations#h_01H9J5G42VTCP0WEED1A90DWQV) " } |