Public/Connect/Connect-CustomerExchange.ps1
|
function Connect-CustomerExchange { [CmdletBinding()] param ( [Parameter(Mandatory)] [string]$CustomerTenantId, [Parameter()] [ValidateSet('Application', 'Delegated')] [string]$FlowType = 'Application', [Parameter()] [string[]]$Scopes = @('https://outlook.office365.com/.default'), [Parameter()] [switch]$Force ) try { # Get token with optional cache bypass Write-ModuleLog -Message "Getting Exchange Online token for tenant $CustomerTenantId using $($FlowType) flow" -Level Verbose -Component 'ExchangeConnection' if ($Force) { Write-ModuleLog -Message "Force parameter specified - bypassing token cache" -Level Verbose -Component 'ExchangeConnection' } $token = Get-PartnerAccessToken ` -TenantId $CustomerTenantId ` -Scopes ($Scopes -join ' ') ` -FlowType $FlowType ` -Force:$Force # Connect to Graph Write-ModuleLog -Message "Connecting to Exchange Online" -Level Verbose -Component 'ExchangeConnection' Connect-ExchangeOnline -AccessToken $token.access_token -ShowBanner:$false -DelegatedOrganization $CustomerTenantId } catch { if ($_.Exception.Message -like '*The role assigned to application*') { Write-ModuleLog -Message "Failed to connect to Exchange Online for tenant $CustomerTenantId. The application does not have the required roles. Re-creating consent!" -Level Warning -Component 'ExchangeConnection' Set-ApplicationConsent -CustomerTenantId $CustomerTenantId -Force Write-ModuleLog -Message "Waiting for 30 seconds before retrying connection after consent has been granted.." -Level Info -Component 'ExchangeConnection' Start-Sleep -Seconds 30 Connect-CustomerExchange -CustomerTenantId $CustomerTenantId -Force Write-ModuleLog -Message "Successfully connected to Exchange Online for tenant $CustomerTenantId" -Level Info -Component 'ExchangeConnection' } else { Write-ModuleLog -Message "Failed to connect to Exchange Online for tenant $CustomerTenantId" -Level Error -Component 'ExchangeConnection' -ErrorRecord $_ } } } |