Public/TenantConfiguration/New-BitTitanAppRegistration.ps1

function New-BitTitanAppRegistration() {
    param(
        [Parameter(Mandatory)]
        [string]$TenantId
    )
    Connect-CustomerGraph -CustomerTenantId $TenantId
        
    try {
        $Resource = Get-MgServicePrincipal -Filter "appId eq '00000002-0000-0ff1-ce00-000000000000'" -ErrorAction Stop
        if(!$Resource) {
            throw "Failed to find Exchange Online service principal. The customer does not have Exchange Online - and therefore app registration is impossible. Assign a license to the customer, and wait 10 minutes before trying again."
        }
    }
    catch {
        throw "Failed to find Exchange Online service principal. The customer does not have Exchange Online - and therefore app registration is impossible. Assign a license to the customer, and wait 10 minutes before trying again."
    }

    try {
        $AppRegistrationParams = @{
            displayName            = "BitTitan MigrationWiz"
            description            = "App registration for BitTitan MigrationWiz usage."
            isFallbackPublicClient = "True"
            signInAudience         = "AzureADMultipleOrgs"
            publicClient           = @{
                redirectUris = @(
                    "urn:ietf:wg:oauth:2.0:oob"
                )
            }
            requiredResourceAccess = @(
                @{
                    resourceAppId  = "00000002-0000-0ff1-ce00-000000000000"
                    resourceAccess = @(
                        @{
                            id   = "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5"
                            type = "Scope"
                        }
                    )
                }
            )
        }
        $Application = New-MgApplication -BodyParameter $AppRegistrationParams -ErrorAction Stop
        Write-Host "Completed creating BitTitan app registration." -ForegroundColor Green
    }
    catch {
        throw "Failed to create BitTitan app registration: $_"
    }

    try {
        $ServicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$($Application.AppId)'" -ErrorAction Stop
        if (!$ServicePrincipal) {
            Write-Host "Creating Service Principal for app registration." -ForegroundColor Cyan
            $ServicePrincipal = New-MgServicePrincipal -AppId $Application.AppId
        }
    }
    catch {
        throw "Failed to find/create app registration service principal: $_"
    }

    try {
        New-MgOauth2PermissionGrant -ClientId $ServicePrincipal.Id -ConsentType "AllPrincipals" -Scope "EWS.AccessAsUser.All" -ResourceId $Resource.Id -ErrorAction Stop
        Write-Host "Successfully granted admin consent for EWS.AccessAsUser.All." -ForegroundColor Green
    }
    catch {
        throw "Failed to grant admin consent for EWS.AccessAsUser.All: $_"
    }

    Write-Host "If enabling Modern Authentication for the source:" -ForegroundColor Cyan
    Write-Host "ModernAuthClientIdExport=$($Application.AppId)"
    Write-Host "ModernAuthTenantIdExport=$($TenantId)"
    Write-Host "If enabling modern authentication for the destination:" -ForegroundColor Cyan
    Write-Host "ModernAuthClientIdImport=$($Application.AppId)"
    Write-Host "ModernAuthTenantIdImport=$($TenantId)"
    Write-Host "Copy these values, and use them in your BitTitan project (see here: https://help.bittitan.com/hc/en-us/articles/360034124813-Authentication-Methods-for-Microsoft-365-All-Products-Migrations#h_01H9J5G42VTCP0WEED1A90DWQV) "
}