Microsoft.Entra.Beta.Governance.psm1
|
# ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ Set-StrictMode -Version 5 function Get-EntraBetaDirectoryRoleAssignment { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetVague", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $SearchString, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [switch] $All, [Alias('Id')] [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $UnifiedRoleAssignmentId, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $keysChanged = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($null -ne $PSBoundParameters["SearchString"]) { $params["SearchString"] = $PSBoundParameters["SearchString"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["All"]) { if ($PSBoundParameters["All"]) { $params["All"] = $PSBoundParameters["All"] } } if ($null -ne $PSBoundParameters["UnifiedRoleAssignmentId"]) { $params["UnifiedRoleAssignmentId"] = $PSBoundParameters["UnifiedRoleAssignmentId"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaRoleManagementDirectoryRoleAssignment @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaDirectoryRoleDefinition { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetVague", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $SearchString, [Alias('Id')] [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $UnifiedRoleDefinitionId, [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [switch] $All, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{SearchString = "Filter" } if ($null -ne $PSBoundParameters["UnifiedRoleDefinitionId"]) { $params["UnifiedRoleDefinitionId"] = $PSBoundParameters["UnifiedRoleDefinitionId"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["All"]) { if ($PSBoundParameters["All"]) { $params["All"] = $PSBoundParameters["All"] } } if ($null -ne $PSBoundParameters["SearchString"]) { $TmpValue = $PSBoundParameters["SearchString"] $Value = "startswith(displayName,'$TmpValue')" $params["Filter"] = $Value } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaRoleManagementDirectoryRoleDefinition @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { $propsToConvert = @('RolePermissions') foreach ($prop in $propsToConvert) { $value = $_.$prop | ConvertTo-Json -Depth 10 | ConvertFrom-Json $_ | Add-Member -MemberType NoteProperty -Name $prop -Value ($value) -Force } Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaPrivilegedResource { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{ProviderId = "PrivilegedAccessId" } if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["Id"]) { $params["GovernanceResourceId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["ProviderId"]) { $params["PrivilegedAccessId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaPrivilegedAccessResource @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaPrivilegedRole { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $keysChanged = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["Id"]) { $params["PrivilegedRoleId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaPrivilegedRole @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaPrivilegedRoleAssignmentRequest { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $keysChanged = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["Id"]) { $params["PrivilegedRoleAssignmentRequestId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["ProviderId"]) { $params["ProviderId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaPrivilegedRoleAssignmentRequest @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaPrivilegedRoleDefinition { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ResourceId, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{ProviderId = "PrivilegedAccessId"; ResourceId = "GovernanceResourceId" } if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["Id"]) { $params["GovernanceRoleDefinitionId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["ProviderId"]) { $params["PrivilegedAccessId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["ResourceId"]) { $params["GovernanceResourceId"] = $PSBoundParameters["ResourceId"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgBetaPrivilegedAccessResourceRoleDefinition @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Get-EntraBetaPrivilegedRoleSetting { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetById", Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{} if ($null -ne $PSBoundParameters["ProviderId"]) { $params["PrivilegedAccessId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["Id"]) { $params["GovernanceRoleSettingId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("========================================================================= ") $response = Get-MgBetaPrivilegedAccessRoleSetting @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { $propsToConvert = @('AdminEligibleSettings', 'AdminMemberSettings', 'UserEligibleSettings', 'UserMemberSettings') foreach ($prop in $propsToConvert) { $value = $_.$prop | ConvertTo-Json | ConvertFrom-Json $_ | Add-Member -MemberType NoteProperty -Name $prop -Value ($value) -Force } } } $response } } function New-EntraBetaCustomHeaders { <# .SYNOPSIS Creates a custom header for use in telemetry. .DESCRIPTION The custom header created is a User-Agent with header value "<PowerShell version> EntraPowershell/<EntraPowershell version> <Entra PowerShell command>" .EXAMPLE New-EntraBetaCustomHeaders -Command Get-EntraUser #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $Command ) $psVersion = $global:PSVersionTable.PSVersion $entraVersion = $ExecutionContext.SessionState.Module.Version.ToString() $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion $Command" $customHeaders = New-Object 'system.collections.generic.dictionary[string,string]' $customHeaders["User-Agent"] = $userAgentHeaderValue $customHeaders } function New-EntraBetaDirectoryRoleAssignment { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(ParameterSetName = "Default", Mandatory = $true)] [System.String] $RoleDefinitionId, [Parameter(ParameterSetName = "Default", Mandatory = $true)] [System.String] $DirectoryScopeId, [Parameter(ParameterSetName = "Default", Mandatory = $true)] [System.String] $PrincipalId ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["RoleDefinitionId"]) { $params["RoleDefinitionId"] = $PSBoundParameters["RoleDefinitionId"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["DirectoryScopeId"]) { $params["DirectoryScopeId"] = $PSBoundParameters["DirectoryScopeId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PrincipalId"]) { $params["PrincipalId"] = $PSBoundParameters["PrincipalId"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = New-MgBetaRoleManagementDirectoryRoleAssignment @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function New-EntraBetaDirectoryRoleDefinition { [CmdletBinding(DefaultParameterSetName = 'CreateRoleDefinition')] param ( [Parameter(ParameterSetName = "CreateRoleDefinition", Mandatory = $true)] [System.Nullable`1[System.Boolean]] $IsEnabled, [Parameter(ParameterSetName = "CreateRoleDefinition")] [System.String] $Version, [Parameter(ParameterSetName = "CreateRoleDefinition")] [System.Collections.Generic.List`1[System.String]] $ResourceScopes, [Parameter(ParameterSetName = "CreateRoleDefinition")] [System.String] $Description, [Parameter(ParameterSetName = "CreateRoleDefinition")] [System.String] $TemplateId, [Parameter(ParameterSetName = "CreateRoleDefinition", Mandatory = $true)] [System.String] $DisplayName, [Parameter(ParameterSetName = "CreateRoleDefinition", Mandatory = $true)] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]] $RolePermissions, [Parameter(ParameterSetName = "CreateRoleDefinition")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]] $InheritsPermissionsFrom ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($null -ne $PSBoundParameters["IsEnabled"]) { $params["IsEnabled"] = $PSBoundParameters["IsEnabled"] } if ($null -ne $PSBoundParameters["Version"]) { $params["Version"] = $PSBoundParameters["Version"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["ResourceScopes"]) { $params["ResourceScopes"] = $PSBoundParameters["ResourceScopes"] } if ($null -ne $PSBoundParameters["Description"]) { $params["Description"] = $PSBoundParameters["Description"] } if ($null -ne $PSBoundParameters["TemplateId"]) { $params["TemplateId"] = $PSBoundParameters["TemplateId"] } if ($null -ne $PSBoundParameters["DisplayName"]) { $params["DisplayName"] = $PSBoundParameters["DisplayName"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["RolePermissions"]) { $TmpValue = $PSBoundParameters["RolePermissions"] $Temp = @{ allowedResourceActions = $TmpValue.allowedResourceActions condition = $TmpValue.condition } $Value = $Temp $params["RolePermissions"] = $Value } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InheritsPermissionsFrom"]) { $params["InheritsPermissionsFrom"] = $PSBoundParameters["InheritsPermissionsFrom"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = New-MgBetaRoleManagementDirectoryRoleDefinition @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function New-EntraBetaPrivilegedRoleAssignment { [CmdletBinding(DefaultParameterSetName = 'ByUserIdAndRoleId')] param ( [Parameter(ParameterSetName = "ByUserIdAndRoleId")] [System.Nullable`1[System.DateTime]] $ExpirationDateTime, [Parameter(ParameterSetName = "ByUserIdAndRoleId")] [System.String] $ResultMessage, [Parameter(ParameterSetName = "ByUserIdAndRoleId")] [System.Nullable`1[System.Boolean]] $IsElevated, [Parameter(ParameterSetName = "ByUserIdAndRoleId", Mandatory = $true)] [System.String] $RoleId, [Parameter(ParameterSetName = "ByUserIdAndRoleId")] [System.String] $Id, [Parameter(ParameterSetName = "ByUserIdAndRoleId", Mandatory = $true)] [System.String] $UserId ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ExpirationDateTime"]) { $params["ExpirationDateTime"] = $PSBoundParameters["ExpirationDateTime"] } if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["ResultMessage"]) { $params["ResultMessage"] = $PSBoundParameters["ResultMessage"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["IsElevated"]) { $params["IsElevated"] = $PSBoundParameters["IsElevated"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["RoleId"]) { $params["RoleId"] = $PSBoundParameters["RoleId"] } if ($null -ne $PSBoundParameters["Id"]) { $params["Id"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["UserId"]) { $params["UserId"] = $PSBoundParameters["UserId"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = New-MgBetaPrivilegedRoleAssignment @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Remove-EntraBetaDirectoryRoleAssignment { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Alias('Id')] [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $UnifiedRoleAssignmentId ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["UnifiedRoleAssignmentId"]) { $params["UnifiedRoleAssignmentId"] = $PSBoundParameters["UnifiedRoleAssignmentId"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Remove-MgBetaRoleManagementDirectoryRoleAssignment @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Remove-EntraBetaDirectoryRoleDefinition { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Alias('Id')] [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $UnifiedRoleDefinitionId ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["UnifiedRoleDefinitionId"]) { $params["UnifiedRoleDefinitionId"] = $PSBoundParameters["UnifiedRoleDefinitionId"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Remove-MgBetaRoleManagementDirectoryRoleDefinition @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Set-EntraBetaAppRoleToApplicationUser { [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, HelpMessage = "Specify the data source type: 'DatabaseorDirectory', 'SAPCloudIdentity', or 'Generic' which determines the column attribute mapping.")] [ValidateSet("DatabaseorDirectory", "SAPCloudIdentity", "Generic")] [string]$DataSource, [Parameter(Mandatory = $true, HelpMessage = "Path to the input file containing users, e.g., C:\temp\users.csv")] [ValidateNotNullOrEmpty()] [ValidateScript({ Test-Path $_ })] [System.IO.FileInfo]$FilePath, [Parameter(Mandatory = $true, HelpMessage = "Name of the application (Service Principal) to assign roles for")] [ValidateNotNullOrEmpty()] [string]$ApplicationName, [Parameter(Mandatory = $false, HelpMessage = "Specifies what Microsoft accounts are supported for the application. Options are 'AzureADMyOrg', 'AzureADMultipleOrgs', 'AzureADandPersonalMicrosoftAccount', 'PersonalMicrosoftAccount'")] [ValidateSet("AzureADMyOrg", "AzureADMultipleOrgs", "AzureADandPersonalMicrosoftAccount", "PersonalMicrosoftAccount")] [string]$SignInAudience = "AzureADMyOrg", [Parameter(Mandatory = $false, ParameterSetName = 'ExportResults', HelpMessage = "Switch to enable export of results into a CSV file")] [switch]$Export, [Parameter(Mandatory = $false, ParameterSetName = 'ExportResults', HelpMessage = "Path for the export file. Defaults to current directory.")] [System.IO.FileInfo]$ExportFilePath = (Join-Path (Get-Location) "EntraAppRoleAssignments_$(Get-Date -Format 'yyyyMMdd_HHmmss').csv") ) begin { # Ensure connection to Microsoft Entra if (-not (Get-EntraContext)) { $errorMessage = "Not connected to Microsoft Graph. Use 'Connect-Entra -Scopes Application.ReadWrite.All,Application.ReadWrite.OwnedBy,User.ReadWrite.All,AppRoleAssignment.ReadWrite.All' to authenticate." Write-Error -Message $errorMessage -ErrorAction Stop return } } process { # Custom Verbose Function to Avoid Overriding Built-in Write-ColoredVerbose function Write-ColoredVerbose { param ( [Parameter(Mandatory = $true)] [string]$Message, [ValidateSet("Green", "Yellow", "Red", "Cyan", "Magenta")] [string]$Color = "Cyan" ) if ($VerbosePreference -eq "Continue") { Write-Host "VERBOSE: $Message" -ForegroundColor $Color } } function SanitizeInput { param ([string]$Value) if ([string]::IsNullOrWhiteSpace($Value)) { return $null } return $Value -replace "'", "''" -replace '\s+', ' ' -replace "`n|`r", "" | ForEach-Object { $_.Trim().ToLower() } } function CreateUserIfNotExists { param ( [string]$UserPrincipalName, [string]$DisplayName, [string]$MailNickname ) Write-ColoredVerbose -Message "User details: DisplayName $DisplayName | UserPrincipalName: $UserPrincipalName | MailNickname: $MailNickname" -Color "Cyan" try { $params = @{} $baseUri = "/beta/users" $query = "?`$filter=userPrincipalName eq '$UserPrincipalName'&`$select=Id,CreationType,DisplayName,GivenName,Mail,MailNickName,MobilePhone,OtherMails, UserPrincipalName,EmployeeId,JobTitle" $params["Method"] = "GET" $params["Uri"] = "$baseUri{0}" -f $query $getUserResponse = Invoke-GraphRequest @params # User doesn't exist if($null -eq $getUserResponse.value -or $getUserResponse.value.Count -eq 0){ $passwordProfile = @{ ForceChangePasswordNextSignIn = $true Password = -join (((48..90) + (96..122)) * 16 | Get-Random -Count 16 | % { [char]$_ }) } $userParams = @{ displayName = $DisplayName passwordProfile = $passwordProfile userPrincipalName = $UserPrincipalName accountEnabled = $false mailNickName = $MailNickname mail = $UserPrincipalName } $userParams = $userParams | ConvertTo-Json $newUserResponse = Invoke-GraphRequest -Uri '/beta/users?$select=*' -Method POST -Body $userParams $newUserResponse = $newUserResponse | ConvertTo-Json | ConvertFrom-Json Write-ColoredVerbose -Message "Created new user: $UserPrincipalName" -Color "Green" return [PSCustomObject]@{ Id = $newUserResponse.Id UserPrincipalName = $newUserResponse.UserPrincipalName DisplayName = $newUserResponse.DisplayName MailNickname = $newUserResponse.MailNickname Mail = $newUserResponse.Mail Status = 'Created' } } else{ # User exists Write-ColoredVerbose -Message "User $UserPrincipalName exists." -Color "Green" return [PSCustomObject]@{ Id = $getUserResponse.value.id UserPrincipalName = $getUserResponse.value.userPrincipalName DisplayName = $getUserResponse.value.displayName MailNickname = $getUserResponse.value.mailNickname Mail = $getUserResponse.value.mail Status = 'Exists' } } } catch { Write-Error "Failed to create or verify user $($UserPrincipalName) $_" return $null } } function CreateApplicationIfNotExists { param ( [string]$DisplayName, [string]$SignInAudience ) try { # Check if application exists $params = @{} $baseUri = "/beta/applications" $query = "?`$filter=displayName eq '$DisplayName'" $params["Method"] = "GET" $params["Uri"] = "$baseUri{0}" -f $query $getAppResponse = Invoke-GraphRequest @params if ($null -eq $getAppResponse.value -or $getAppResponse.value.Count -eq 0) { # Create new application $appParams = @{ displayName = $DisplayName signInAudience = $SignInAudience web = @{ RedirectUris = @("https://localhost") } } $appParams = $appParams | ConvertTo-Json $newAppResponse = Invoke-GraphRequest -Uri '/beta/applications' -Method POST -Body $appParams $newAppResponse = $newAppResponse | ConvertTo-Json | ConvertFrom-Json Write-ColoredVerbose "Created new application: $DisplayName" # Create service principal for the application $spParams = @{ appId = $newAppResponse.AppId displayName = $DisplayName } $spParams = $spParams | ConvertTo-Json $newSPResponse = Invoke-GraphRequest -Uri "/beta/servicePrincipals" -Method POST -Body $spParams $newSPResponse = $newSPResponse | ConvertTo-Json | ConvertFrom-Json Write-ColoredVerbose "Created new service principal for application: $DisplayName" [PSCustomObject]@{ ApplicationId = $newAppResponse.Id ApplicationDisplayName = $newAppResponse.DisplayName ServicePrincipalId = $newSPResponse.Id ServicePrincipalDisplayName = $newSPResponse.DisplayName AppId = $newAppResponse.AppId Status = 'Created' } } else { # Get existing service principal $params = @{} $baseUri = "/beta/servicePrincipals" $query = "?`$filter=appId eq '$($getAppResponse.value.AppId)'" $params["Method"] = "GET" $params["Uri"] = "$baseUri{0}" -f $query $getSPResponse = Invoke-GraphRequest @params $sp = $null if ($null -eq $getSPResponse.value -or $getSPResponse.value.Count -eq 0) { # Create service principal if it doesn't exist $spParams = @{ appId = $getAppResponse.value.AppId displayName = $DisplayName } $spParams = $spParams | ConvertTo-Json $newSPResponse = Invoke-GraphRequest -Uri "/beta/servicePrincipals" -Method POST -Body $spParams $newSPResponse = $newSPResponse | ConvertTo-Json | ConvertFrom-Json $sp = $newSPResponse Write-ColoredVerbose "Created new service principal for existing application: $DisplayName" } else { $sp = $getSPResponse.value Write-ColoredVerbose "Service principal already exists for application: $DisplayName" } [PSCustomObject]@{ ApplicationId = $getAppResponse.value.Id ApplicationDisplayName = $getAppResponse.value.DisplayName ServicePrincipalId = $sp.Id ServicePrincipalDisplayName = $sp.DisplayName AppId = $getAppResponse.value.AppId Status = 'Exists' } } } catch { Write-Error "Error in CreateApplicationIfNotExists: $_" return $null } } function AssignAppServicePrincipalRoleAssignmentIfNotExists { param ( [string]$ServicePrincipalId, [string]$UserId, [string]$ApplicationName, [string]$RoleDisplayName ) try { # Check if assignment exists $params = @{} $params["Uri"] = "/beta/servicePrincipals/$ServicePrincipalId" $params["Method"] = "GET" $servicePrincipalObject = Invoke-GraphRequest @params $appRoleId = ($servicePrincipalObject.AppRoles | Where-Object { $_.displayName -eq $RoleDisplayName }).Id $params = @{} $params["Uri"] = "/beta/servicePrincipals/$ServicePrincipalId/appRoleAssignedTo" $params["Method"] = "GET" $existingAssignment = (Invoke-GraphRequest @params).value | Where-Object { $_.AppRoleId -eq $appRoleId } -ErrorAction SilentlyContinue if($existingAssignment){ Write-ColoredVerbose "Role assignment already exists for user '$ApplicationName' with role '$RoleDisplayName'" -Color "Yellow" return [PSCustomObject]@{ ServicePrincipalId = $ServicePrincipalId PrincipalId = $UserId AppRoleId = $appRoleId AssignmentId = $existingAssignment.Id Status = 'Exists' #CreatedDateTime = $existingAssignment.CreatedDateTime ?? (Get-Date).ToUniversalTime().ToString("o") # This works in v1.0 end point CreatedDateTime = (Get-Date).ToUniversalTime().ToString("o") # ISO 8601 format } } # Create new assignment $assignmentParams = @{ appRoleId = $appRoleId principalId = $UserId resourceId = $ServicePrincipalId } $assignmentParams = $assignmentParams | ConvertTo-Json $assignmentResponse = Invoke-GraphRequest -Uri "/beta/servicePrincipals/$ServicePrincipalId/appRoleAssignments" -Method POST -Body $assignmentParams $assignmentResponse = $assignmentResponse | ConvertTo-Json | ConvertFrom-Json Write-ColoredVerbose "Created new role assignment for user '$UserId' - AppName: '$ApplicationName' with role '$RoleDisplayName'" -Color "Green" return [PSCustomObject]@{ ServicePrincipalId = $ServicePrincipalId PrincipalId = $UserId AppRoleId = $appRoleId AssignmentId = $assignmentResponse.Id Status = 'Created' #CreatedDateTime = $assignmentResponse.CreatedDateTime ?? (Get-Date).ToUniversalTime().ToString("o") # ISO 8601 format # This works in v1.0 end point CreatedDateTime = (Get-Date).ToUniversalTime().ToString("o") # ISO 8601 format } } catch { Write-Error "Failed to create or verify role assignment: $_)" return $null } } function NewAppRoleIfNotExists { param ( [Parameter(Mandatory = $true)] [string[]]$UniqueRoles, [Parameter(Mandatory = $true)] [string]$ApplicationId ) try { # Get existing application $params = @{} $params["Uri"] = "/beta/applications/$ApplicationId" $params["Method"] = "GET" $application = Invoke-GraphRequest @params if (-not $application) { Write-Error "Application not found with ID: $ApplicationId" return $null } # Ensure the existing AppRoles are properly formatted $existingRoles = @() if($null -ne $application.AppRoles){ $existingRoles = $application.AppRoles } $appRolesList = New-Object System.Collections.ArrayList foreach ($role in $existingRoles) { $appRolesList.Add($role) } $createdRoles = [System.Collections.ArrayList]::new() foreach ($roleName in $UniqueRoles) { # Check if the role already exists if ($existingRoles | Where-Object { $_.DisplayName -eq $roleName }) { Write-ColoredVerbose "Role '$roleName' already exists in application" -Color "Yellow" continue } $memberTypes = $roleToMemberTypeMapping[$roleName] $allowedMemberTypes = $memberTypes -split "," # Create array from comma separated string # Create new AppRole object $appRole = @{ allowedMemberTypes = $allowedMemberTypes description = $roleName displayName = $roleName id = [Guid]::NewGuid() isEnabled = $true value = $roleName } # Add to the typed list $appRolesList.Add($appRole) [void]$createdRoles.Add($appRole) Write-ColoredVerbose "Created new role definition for '$roleName'" -Color "Green" } if ($createdRoles.Count -gt 0) { # Update application with the new typed list $params = @{ appRoles = $appRolesList tags = @("WindowsAzureActiveDirectoryIntegratedApp") } $params = $params | ConvertTo-Json -Depth 10 $patchResponse = Invoke-GraphRequest -Uri "/beta/applications/$ApplicationId" -Method PATCH -Body $params $patchResponse = $patchResponse | ConvertTo-Json | ConvertFrom-Json Write-ColoredVerbose "Updated application with $($createdRoles.Count) new roles" -Color "Green" return $createdRoles | ForEach-Object { [PSCustomObject]@{ ApplicationId = $ApplicationId RoleId = $_.id DisplayName = $_.displayName Description = $_.description Value = $_.value IsEnabled = $true } } } Write-ColoredVerbose "No new roles needed to be created" -Color "Yellow" return $null } catch { Write-Error "Failed to create app roles: $_" return $null } } function StartOrchestration { try { # Import users from the CSV file Write-ColoredVerbose "Importing users from file: $FilePath" -Color "Cyan" $users = Import-Csv -Path $FilePath Write-ColoredVerbose "Imported : $($users.Count) users" -Color "Green" if (-not $users) { Write-Error "No users found in the provided file: $FilePath" return } # Define the property name for user lookup based on data source Write-ColoredVerbose "Using: $DataSource for pattern matching" -Color "Cyan" $sourceMatchPropertyName = switch ($DataSource) { "DatabaseorDirectory" { "email" } "SAPCloudIdentity" { "userName" } "Generic" { "userPrincipalName" } } Write-ColoredVerbose "Column used for lookup in Entra ID : $sourceMatchPropertyName." -Color "Green" # Get or create the application and service principal once Write-ColoredVerbose -Message "Checking if application exists for: $ApplicationName" -Color "Cyan" $application = CreateApplicationIfNotExists -DisplayName $ApplicationName -SignInAudience $SignInAudience if (-not $application) { Write-Error "Failed to retrieve or create application: $ApplicationName" return } Write-ColoredVerbose "Application $ApplicationName status: $($application.Status) | ApplicationId : $($application.ApplicationId) | AppId : $($application.AppId) | ServicePrincipalId : $($application.ServicePrincipalId)." -Color "Green" $uniqueRoles = @() $roleToMemberTypeMapping = @{} # Extract unique roles $users | ForEach-Object { $role = SanitizeInput -Value $_.Role if ($role -and $role -notin $uniqueRoles) { $uniqueRoles += $role $memberType = SanitizeInput -Value $_.memberType $roleToMemberTypeMapping[$role] = $memberType } } Write-ColoredVerbose "Found $($uniqueRoles.Count) unique roles: $($uniqueRoles -join ', ')" -Color "Green" # Create new roles if they do not exist if ($uniqueRoles.Count -gt 0) { Write-ColoredVerbose "Creating required roles in application..." -Color "Cyan" $createdRoles = NewAppRoleIfNotExists -UniqueRoles $uniqueRoles -ApplicationId $application.ApplicationId if ($createdRoles) { Write-ColoredVerbose "Successfully created $($createdRoles.Count) new roles" -Color "Green" } } else { Write-ColoredVerbose "No new roles needed to be created" -Color "Yellow" } # Process users in bulk Write-ColoredVerbose "Processing users details..." -Color "Cyan" $assignmentResults = [System.Collections.ArrayList]::new() foreach ($user in $users) { $cleanUserPrincipalName = SanitizeInput -Value $user.$sourceMatchPropertyName Write-ColoredVerbose "UPN : $($cleanUserPrincipalName)" -Color "Green" if (-not $cleanUserPrincipalName) { Write-Warning "Skipping user due to invalid userPrincipalName: $($user.$sourceMatchPropertyName)" continue } $cleanDisplayName = SanitizeInput -Value $user.displayName Write-ColoredVerbose "DisplayName : $($cleanDisplayName)" -Color "Green" if (-not $cleanDisplayName) { Write-Warning "Skipping user due to invalid displayName: $($user.DisplayName)" continue } $cleanMailNickname = SanitizeInput -Value $user.mailNickname Write-ColoredVerbose "Mail nickname : $($cleanMailNickname)" -Color "Green" if (-not $cleanMailNickname) { Write-Warning "Skipping user due to invalid mailNickname: $($user.MailNickname)" continue } # Get the user's role $userRole = SanitizeInput -Value $user.Role $userRoleType = SanitizeInput -Value $user.memberType Write-ColoredVerbose "Role : $($userRole)" -Color "Green" if (-not $userRole) { Write-Warning "Skipping user due to invalid Role: $($user.Role)" continue } # Create user if they do not exist Write-ColoredVerbose "Assigning roles to user $($cleanUserPrincipalName) " $userInfo = CreateUserIfNotExists -UserPrincipalName $cleanUserPrincipalName -DisplayName $cleanDisplayName -MailNickname $cleanMailNickname if (-not $userInfo) { continue } # Assign roles to the user (Placeholder for role assignment logic) Write-ColoredVerbose "Start app role assignment with params: ServicePrincipalId - $($application.ServicePrincipalId) | UserId - $($userInfo.Id) | AppName - $($ApplicationName) | Role - $($userRole) " -Color "Cyan" $assignment = AssignAppServicePrincipalRoleAssignmentIfNotExists -ServicePrincipalId $application.ServicePrincipalId -UserId $userInfo.Id -ApplicationName $ApplicationName -RoleDisplayName $userRole if (-not $assignment) { continue } Write-ColoredVerbose "Assigning roles to user $($userInfo.UserPrincipalName) in application $ApplicationName" if ($assignment) { [void]$assignmentResults.Add([PSCustomObject]@{ UserPrincipalName = $cleanUserPrincipalName DisplayName = $cleanDisplayName UserId = $userInfo.Id Role = $userRole ApplicationName = $ApplicationName ApplicationStatus = $application.Status ServicePrincipalId = $application.ServicePrincipalId UserCreationStatus = $userInfo.Status RoleAssignmentStatus = $assignment.Status AssignmentId = $assignment.AssignmentId AppRoleId = $assignment.AppRoleId PrincipalType = $userRoleType RoleAssignmentCreatedDateTime = $assignment.CreatedDateTime ResourceId = $application.ServicePrincipalId # Same as ServicePrincipalId in this context ProcessedTimestamp = (Get-Date).ToString('yyyy-MM-dd HH:mm:ss') }) } } # Export results if using ExportResults parameter set if ($Export -and $assignmentResults.Count -gt 0) { try { Write-ColoredVerbose "Exporting results to: $ExportFilePath" -Color "Cyan" $assignmentResults | Export-Csv -Path $ExportFilePath -NoTypeInformation -Force Write-ColoredVerbose "Successfully exported $($assignmentResults.Count) assignments" -Color "Green" } catch { Write-Error "Failed to export results: $_" } } return $assignmentResults } catch { Write-Error "Error in StartOrchestration: $_)" } } # Debugging output Write-ColoredVerbose -Message "Starting orchestration with params: AppName - $ApplicationName | FilePath - $FilePath | DataSource - $DataSource" -Color "Magenta" # Start orchestration StartOrchestration } } function Set-EntraBetaDirectoryRoleDefinition { [CmdletBinding(DefaultParameterSetName = 'ByRoleDefinitionId')] param ( [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.Nullable`1[System.Boolean]] $IsEnabled, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.String] $Version, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.Collections.Generic.List`1[System.String]] $ResourceScopes, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.String] $Description, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.String] $TemplateId, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.String] $DisplayName, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]] $RolePermissions, [Alias('Id')] [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $UnifiedRoleDefinitionId, [Parameter(ParameterSetName = "ByRoleDefinitionId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]] $InheritsPermissionsFrom ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($null -ne $PSBoundParameters["IsEnabled"]) { $params["IsEnabled"] = $PSBoundParameters["IsEnabled"] } if ($null -ne $PSBoundParameters["Version"]) { $params["Version"] = $PSBoundParameters["Version"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["ResourceScopes"]) { $params["ResourceScopes"] = $PSBoundParameters["ResourceScopes"] } if ($null -ne $PSBoundParameters["Description"]) { $params["Description"] = $PSBoundParameters["Description"] } if ($null -ne $PSBoundParameters["TemplateId"]) { $params["TemplateId"] = $PSBoundParameters["TemplateId"] } if ($null -ne $PSBoundParameters["DisplayName"]) { $params["DisplayName"] = $PSBoundParameters["DisplayName"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["RolePermissions"]) { $TmpValue = $PSBoundParameters["RolePermissions"] $Value = @() foreach ($val in $TmpValue) { $Temp = $val | ConvertTo-Json $hash = @{} (ConvertFrom-Json $Temp).psobject.properties | Foreach { $hash[$_.Name] = $_.Value } $Value += $hash } $params["RolePermissions"] = $Value } if ($null -ne $PSBoundParameters["UnifiedRoleDefinitionId"]) { $params["UnifiedRoleDefinitionId"] = $PSBoundParameters["UnifiedRoleDefinitionId"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InheritsPermissionsFrom"]) { $params["InheritsPermissionsFrom"] = $PSBoundParameters["InheritsPermissionsFrom"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Update-MgBetaRoleManagementDirectoryRoleDefinition @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Set-EntraBetaPrivilegedRoleAssignmentRequest { [CmdletBinding(DefaultParameterSetName = 'ByRequestIdAndProviderId')] param ( [Parameter(ParameterSetName = "ByRequestIdAndProviderId")] [System.String] $AssignmentState, [Parameter(ParameterSetName = "ByRequestIdAndProviderId")] [System.String] $Decision, [Parameter(ParameterSetName = "ByRequestIdAndProviderId")] [System.String] $Reason, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "ByRequestIdAndProviderId")] [Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedSchedule] $Schedule ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["AssignmentState"]) { $params["AssignmentState"] = $PSBoundParameters["AssignmentState"] } if ($null -ne $PSBoundParameters["Decision"]) { $params["Decision"] = $PSBoundParameters["Decision"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["Reason"]) { $params["Reason"] = $PSBoundParameters["Reason"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["Id"]) { $params["PrivilegedRoleAssignmentRequestId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["ProviderId"]) { $params["ProviderId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["Schedule"]) { $params["Schedule"] = $PSBoundParameters["Schedule"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Update-MgBetaPrivilegedRoleAssignmentRequest @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Set-EntraBetaPrivilegedRoleSetting { [CmdletBinding(DefaultParameterSetName = 'ByRoleSettingIdAndProviderId')] param ( [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]] $UserEligibleSettings, [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]] $UserMemberSettings, [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.String] $RoleDefinitionId, [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]] $AdminMemberSettings, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Id, [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]] $AdminEligibleSettings, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $ProviderId, [Parameter(ParameterSetName = "ByRoleSettingIdAndProviderId")] [System.String] $ResourceId ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["UserEligibleSettings"]) { $TmpValue = $PSBoundParameters["UserEligibleSettings"] $a = @() foreach ($setting in $TmpValue) { $Temp = $setting | ConvertTo-Json $a += $Temp } $Value = $a $params["UserEligibleSettings"] = $Value } if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["UserMemberSettings"]) { $TmpValue = $PSBoundParameters["UserMemberSettings"] $a = @() foreach ($setting in $TmpValue) { $Temp = $setting | ConvertTo-Json $a += $Temp } $Value = $a $params["UserMemberSettings"] = $Value } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["RoleDefinitionId"]) { $params["RoleDefinitionId"] = $PSBoundParameters["RoleDefinitionId"] } if ($null -ne $PSBoundParameters["AdminMemberSettings"]) { $TmpValue = $PSBoundParameters["AdminMemberSettings"] $a = @() foreach ($setting in $TmpValue) { $Temp = $setting | ConvertTo-Json $a += $Temp } $Value = $a $params["AdminMemberSettings"] = $Value } if ($null -ne $PSBoundParameters["Id"]) { $params["GovernanceRoleSettingId"] = $PSBoundParameters["Id"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["AdminEligibleSettings"]) { $TmpValue = $PSBoundParameters["AdminEligibleSettings"] $a = @() foreach ($setting in $TmpValue) { $Temp = $setting | ConvertTo-Json $a += $Temp } $Value = $a $params["AdminEligibleSettings"] = $Value } if ($null -ne $PSBoundParameters["ProviderId"]) { $params["PrivilegedAccessId"] = $PSBoundParameters["ProviderId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["ResourceId"]) { $params["ResourceId"] = $PSBoundParameters["ResourceId"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Update-MgBetaPrivilegedAccessRoleSetting @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } Export-ModuleMember -Function @('Get-EntraBetaDirectoryRoleAssignment', 'Get-EntraBetaDirectoryRoleDefinition', 'Get-EntraBetaPrivilegedResource', 'Get-EntraBetaPrivilegedRole', 'Get-EntraBetaPrivilegedRoleAssignmentRequest', 'Get-EntraBetaPrivilegedRoleDefinition', 'Get-EntraBetaPrivilegedRoleSetting', 'New-EntraBetaCustomHeaders', 'New-EntraBetaDirectoryRoleAssignment', 'New-EntraBetaDirectoryRoleDefinition', 'New-EntraBetaPrivilegedRoleAssignment', 'Remove-EntraBetaDirectoryRoleAssignment', 'Remove-EntraBetaDirectoryRoleDefinition', 'Set-EntraBetaAppRoleToApplicationUser', 'Set-EntraBetaDirectoryRoleDefinition', 'Set-EntraBetaPrivilegedRoleAssignmentRequest', 'Set-EntraBetaPrivilegedRoleSetting') # Typedefs # ------------------------------------------------------------------------------ # Type definitions required for commands inputs # ------------------------------------------------------------------------------ $def = @" namespace Microsoft.Open.AzureAD.Graph.PowerShell.Custom { using System.Linq; public enum KeyType{ Symmetric = 0, AsymmetricX509Cert = 1, } public enum KeyUsage{ Sign = 0, Verify = 1, Decrypt = 2, Encrypt = 3, } } namespace Microsoft.Open.AzureAD.Model { using System.Linq; public class AlternativeSecurityId { public System.String IdentityProvider; public System.Byte[] Key; public System.Nullable<System.Int32> Type; } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Origin; public System.String Value; } public class AssignedLicense { public System.Collections.Generic.List<System.String> DisabledPlans; public System.String SkuId; } public class AssignedLicenses { public System.Collections.Generic.List<Microsoft.Open.AzureAD.Model.AssignedLicense> AddLicenses; public System.Collections.Generic.List<System.String> RemoveLicenses; } public class CertificateAuthorityInformation { public enum AuthorityTypeEnum{ RootAuthority = 0, IntermediateAuthority = 1, } public System.Nullable<AuthorityTypeEnum> AuthorityType; public System.String CrlDistributionPoint; public System.String DeltaCrlDistributionPoint; public System.Byte[] TrustedCertificate; public System.String TrustedIssuer; public System.String TrustedIssuerSki; } public class CrossCloudVerificationCodeBody { public System.String CrossCloudVerificationCode; public CrossCloudVerificationCodeBody() { } public CrossCloudVerificationCodeBody(System.String value) { CrossCloudVerificationCode = value; } } public class GroupIdsForMembershipCheck { public System.Collections.Generic.List<System.String> GroupIds; public GroupIdsForMembershipCheck() { } public GroupIdsForMembershipCheck(System.Collections.Generic.List<System.String> value) { GroupIds = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Type; public System.String Usage; public System.Byte[] Value; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Value; } public class PasswordProfile { public System.String Password; public System.Nullable<System.Boolean> ForceChangePasswordNextLogin; public System.Nullable<System.Boolean> EnforceChangePasswordPolicy; } public class PrivacyProfile { public System.String ContactEmail; public System.String StatementUrl; } public class RoleMemberInfo { public System.String DisplayName; public System.String ObjectId; public System.String UserPrincipalName; } public class SignInName { public System.String Type; public System.String Value; } } namespace Microsoft.Open.MSGraph.Model { using System.Linq; public class MsRoleMemberInfo{ public System.String Id; } public class AddIn { public System.String Id; public System.String Type; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.KeyValue> Properties; } public class ApiApplication { public System.Nullable<System.Int32> RequestedAccessTokenVersion; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PermissionScope> Oauth2PermissionScopes; } public class ApplicationTemplateDisplayName { public System.String DisplayName; public ApplicationTemplateDisplayName() { } public ApplicationTemplateDisplayName(System.String value) { DisplayName = value; } } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Value; } public class AssignedLabel { public System.String LabelId; public System.String DisplayName; } public class AzureADMSPrivilegedRuleSetting { public System.String RuleIdentifier; public System.String Setting; } public class AzureADMSPrivilegedSchedule { public System.Nullable<System.DateTime> StartDateTime; public System.Nullable<System.DateTime> EndDateTime; public System.String Type; public System.String Duration; } public class ConditionalAccessApplicationCondition { public System.Collections.Generic.List<System.String> IncludeApplications; public System.Collections.Generic.List<System.String> ExcludeApplications; public System.Collections.Generic.List<System.String> IncludeUserActions; public System.Collections.Generic.List<System.String> IncludeAuthenticationContextClassReferences; } public class ConditionalAccessApplicationEnforcedRestrictions { public System.Nullable<System.Boolean> IsEnabled; public ConditionalAccessApplicationEnforcedRestrictions() { } public ConditionalAccessApplicationEnforcedRestrictions(System.Nullable<System.Boolean> value) { IsEnabled = value; } } public class ConditionalAccessCloudAppSecurity { public enum CloudAppSecurityTypeEnum{ McasConfigured = 0, MonitorOnly = 1, BlockDownloads = 2, } public System.Nullable<CloudAppSecurityTypeEnum> CloudAppSecurityType; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessConditionSet { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition Applications; public Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition Users; public Microsoft.Open.MSGraph.Model.ConditionalAccessPlatformCondition Platforms; public Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition Locations; public enum ConditionalAccessRiskLevel{ Low = 0, Medium = 1, High = 2, Hidden = 3, None = 4, UnknownFutureValue = 5, } public System.Collections.Generic.List<ConditionalAccessRiskLevel> UserRiskLevels; public System.Collections.Generic.List<ConditionalAccessRiskLevel> SignInRiskLevels; public enum ConditionalAccessClientApp{ All = 0, Browser = 1, MobileAppsAndDesktopClients = 2, ExchangeActiveSync = 3, EasSupported = 4, Other = 5, } public System.Collections.Generic.List<ConditionalAccessClientApp> ClientAppTypes; public Microsoft.Open.MSGraph.Model.ConditionalAccessDevicesCondition Devices; } public class ConditionalAccessDevicesCondition { public System.Collections.Generic.List<System.String> IncludeDevices; public System.Collections.Generic.List<System.String> ExcludeDevices; public Microsoft.Open.MSGraph.Model.ConditionalAccessFilter DeviceFilter; } public class ConditionalAccessFilter { public enum ModeEnum{ Include = 0, Exclude = 1, } public System.Nullable<ModeEnum> Mode; public System.String Rule; } public class ConditionalAccessGrantControls { public System.String _Operator; public enum ConditionalAccessGrantControl{ Block = 0, Mfa = 1, CompliantDevice = 2, DomainJoinedDevice = 3, ApprovedApplication = 4, CompliantApplication = 5, PasswordChange = 6, } public System.Collections.Generic.List<ConditionalAccessGrantControl> BuiltInControls; public System.Collections.Generic.List<System.String> CustomAuthenticationFactors; public System.Collections.Generic.List<System.String> TermsOfUse; } public class ConditionalAccessLocationCondition { public System.Collections.Generic.List<System.String> IncludeLocations; public System.Collections.Generic.List<System.String> ExcludeLocations; } public class ConditionalAccessPersistentBrowser { public enum ModeEnum{ Always = 0, Never = 1, } public System.Nullable<ModeEnum> Mode; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessPlatformCondition { public enum ConditionalAccessDevicePlatforms{ Android = 0, IOS = 1, Windows = 2, WindowsPhone = 3, MacOS = 4, All = 5, } public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> IncludePlatforms; public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> ExcludePlatforms; } public class ConditionalAccessSessionControls { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions ApplicationEnforcedRestrictions; public Microsoft.Open.MSGraph.Model.ConditionalAccessCloudAppSecurity CloudAppSecurity; public Microsoft.Open.MSGraph.Model.ConditionalAccessSignInFrequency SignInFrequency; public Microsoft.Open.MSGraph.Model.ConditionalAccessPersistentBrowser PersistentBrowser; } public class ConditionalAccessSignInFrequency { public enum TypeEnum{ Days = 0, Hours = 1, } public System.Nullable<TypeEnum> Type; public System.Nullable<System.Int32> Value; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessUserCondition { public System.Collections.Generic.List<System.String> IncludeUsers; public System.Collections.Generic.List<System.String> ExcludeUsers; public System.Collections.Generic.List<System.String> IncludeGroups; public System.Collections.Generic.List<System.String> ExcludeGroups; public System.Collections.Generic.List<System.String> IncludeRoles; public System.Collections.Generic.List<System.String> ExcludeRoles; } public enum CountriesAndRegion{ AD = 0, AE = 1, AF = 2, AG = 3, AI = 4, AL = 5, AM = 6, AN = 7, AO = 8, AQ = 9, AR = 10, AS = 11, AT = 12, AU = 13, AW = 14, AX = 15, AZ = 16, BA = 17, BB = 18, BD = 19, BE = 20, BF = 21, BG = 22, BH = 23, BI = 24, BJ = 25, BL = 26, BM = 27, BN = 28, BO = 29, BQ = 30, BR = 31, BS = 32, BT = 33, BV = 34, BW = 35, BY = 36, BZ = 37, CA = 38, CC = 39, CD = 40, CF = 41, CG = 42, CH = 43, CI = 44, CK = 45, CL = 46, CM = 47, CN = 48, CO = 49, CR = 50, CU = 51, CV = 52, CW = 53, CX = 54, CY = 55, CZ = 56, DE = 57, DJ = 58, DK = 59, DM = 60, DO = 61, DZ = 62, EC = 63, EE = 64, EG = 65, EH = 66, ER = 67, ES = 68, ET = 69, FI = 70, FJ = 71, FK = 72, FM = 73, FO = 74, FR = 75, GA = 76, GB = 77, GD = 78, GE = 79, GF = 80, GG = 81, GH = 82, GI = 83, GL = 84, GM = 85, GN = 86, GP = 87, GQ = 88, GR = 89, GS = 90, GT = 91, GU = 92, GW = 93, GY = 94, HK = 95, HM = 96, HN = 97, HR = 98, HT = 99, HU = 100, ID = 101, IE = 102, IL = 103, IM = 104, IN = 105, IO = 106, IQ = 107, IR = 108, IS = 109, IT = 110, JE = 111, JM = 112, JO = 113, JP = 114, KE = 115, KG = 116, KH = 117, KI = 118, KM = 119, KN = 120, KP = 121, KR = 122, KW = 123, KY = 124, KZ = 125, LA = 126, LB = 127, LC = 128, LI = 129, LK = 130, LR = 131, LS = 132, LT = 133, LU = 134, LV = 135, LY = 136, MA = 137, MC = 138, MD = 139, ME = 140, MF = 141, MG = 142, MH = 143, MK = 144, ML = 145, MM = 146, MN = 147, MO = 148, MP = 149, MQ = 150, MR = 151, MS = 152, MT = 153, MU = 154, MV = 155, MW = 156, MX = 157, MY = 158, MZ = 159, NA = 160, NC = 161, NE = 162, NF = 163, NG = 164, NI = 165, NL = 166, NO = 167, NP = 168, NR = 169, NU = 170, NZ = 171, OM = 172, PA = 173, PE = 174, PF = 175, PG = 176, PH = 177, PK = 178, PL = 179, PM = 180, PN = 181, PR = 182, PS = 183, PT = 184, PW = 185, PY = 186, QA = 187, RE = 188, RO = 189, RS = 190, RU = 191, RW = 192, SA = 193, SB = 194, SC = 195, SD = 196, SE = 197, SG = 198, SH = 199, SI = 200, SJ = 201, SK = 202, SL = 203, SM = 204, SN = 205, SO = 206, SR = 207, SS = 208, ST = 209, SV = 210, SX = 211, SY = 212, SZ = 213, TC = 214, TD = 215, TF = 216, TG = 217, TH = 218, TJ = 219, TK = 220, TL = 221, TM = 222, TN = 223, TO = 224, TR = 225, TT = 226, TV = 227, TW = 228, TZ = 229, UA = 230, UG = 231, UM = 232, US = 233, UY = 234, UZ = 235, VA = 236, VC = 237, VE = 238, VG = 239, VI = 240, VN = 241, VU = 242, WF = 243, WS = 244, YE = 245, YT = 246, ZA = 247, ZM = 248, ZW = 249, } public class DefaultUserRolePermissions { public System.Nullable<System.Boolean> AllowedToCreateApps; public System.Nullable<System.Boolean> AllowedToCreateSecurityGroups; public System.Nullable<System.Boolean> AllowedToReadOtherUsers; } public class DelegatedPermissionClassification { public enum ClassificationEnum{ Low = 0, Medium = 1, High = 2, } public System.Nullable<ClassificationEnum> Classification; public System.String Id; public System.String PermissionId; public System.String PermissionName; } public class DirectoryRoleDefinition { public System.String Id; public System.String OdataType; public System.String Description; public System.String DisplayName; public System.Nullable<System.Boolean> IsBuiltIn; public System.Collections.Generic.List<System.String> ResourceScopes; public System.Nullable<System.Boolean> IsEnabled; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.RolePermission> RolePermissions; public System.String TemplateId; public System.String Version; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition> InheritsPermissionsFrom; } public class DirectorySetting { public System.String Id; public System.String DisplayName; public System.String TemplateId; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.SettingValue> Values; public string this[string name] { get { SettingValue setting = this.Values.FirstOrDefault(namevaluepair => namevaluepair.Name.Equals(name)); return (setting != null) ? setting.Value : string.Empty; } set { SettingValue setting = this.Values.FirstOrDefault(namevaluepair => namevaluepair.Name.Equals(name)); if (setting != null) { // Capitalize the forst character of the value. if (string.IsNullOrEmpty(value)) { setting.Value = value; } else if (value.Length == 1) { setting.Value = value.ToUpper(); } else { setting.Value = char.ToUpper(value[0]) + value.Substring(1); } } } } } public class DirectorySettingTemplate { public System.String Id; public System.String DisplayName; public System.String Description; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.SettingTemplateValue> Values; public DirectorySetting CreateDirectorySetting() { DirectorySetting directorySetting = new DirectorySetting(); directorySetting.TemplateId = this.Id; directorySetting.Values = new System.Collections.Generic.List<SettingValue>(); foreach (var definition in this.Values) { SettingValue item = new SettingValue(); item.Name = definition.Name; string value = definition.DefaultValue; if (string.IsNullOrEmpty(value)) { item.Value = value; } else if (value.Length == 1) { item.Value = value.ToUpper(); } else { item.Value = char.ToUpper(value[0]) + value.Substring(1); } directorySetting.Values.Add(item); } return directorySetting; } } public class EmailAddress { public System.String Name; public System.String Address; } public class ImplicitGrantSettings { public System.Nullable<System.Boolean> EnableIdTokenIssuance; public System.Nullable<System.Boolean> EnableAccessTokenIssuance; } public class InformationalUrl { public System.String TermsOfServiceUrl; public System.String MarketingUrl; public System.String PrivacyStatementUrl; public System.String SupportUrl; public System.String LogoUrl; } public class InvitedUserMessageInfo { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.Recipient> CcRecipients; public System.String CustomizedMessageBody; public System.String MessageLanguage; } public class IpRange { public System.String CidrAddress; public IpRange() { } public IpRange(System.String value) { CidrAddress = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDateTime; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String Type; public System.String Usage; public System.Byte[] Key; } public class KeyValue { public System.String Key; public System.String Value; } public class MsDirectoryObject { public System.String Id; public System.String OdataType; } public class MsFeatureRolloutPolicy { public enum FeatureEnum{ PassthroughAuthentication = 0, SeamlessSso = 1, PasswordHashSync = 2, EmailAsAlternateId = 3, } public System.Nullable<FeatureEnum> Feature; public System.String Id; public System.String DisplayName; public System.String Description; public System.Nullable<System.Boolean> IsEnabled; public System.Nullable<System.Boolean> IsAppliedToOrganization; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.MsDirectoryObject> AppliesTo; } public class OptionalClaim { public System.String Name; public System.String Source; public System.Nullable<System.Boolean> Essential; public System.Collections.Generic.List<System.String> AdditionalProperties; } public class OptionalClaims { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> IdToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> AccessToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> SamlToken; } public class ParentalControlSettings { public enum LegalAgeGroupRuleEnum{ Allow = 0, RequireConsentForPrivacyServices = 1, RequireConsentForMinors = 2, RequireConsentForKids = 3, BlockMinors = 4, } public System.Nullable<LegalAgeGroupRuleEnum> LegalAgeGroupRule; public System.Collections.Generic.List<System.String> CountriesBlockedForMinors; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDateTime; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String SecretText; public System.String Hint; } public class PasswordSSOCredential { public System.String FieldId; public System.String Value; public System.String Type; } public class PasswordSSOCredentials { public System.String Id; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PasswordSSOCredential> Credentials; } public class PasswordSSOObjectId { public System.String Id; public PasswordSSOObjectId() { } public PasswordSSOObjectId(System.String value) { Id = value; } } public class PermissionScope { public System.String AdminConsentDescription; public System.String AdminConsentDisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Type; public System.String UserConsentDescription; public System.String UserConsentDisplayName; public System.String Value; } public class PreAuthorizedApplication { public System.String AppId; public System.Collections.Generic.List<System.String> PermissionIds; } public class PublicClientApplication { public System.Collections.Generic.List<System.String> RedirectUris; public PublicClientApplication() { } public PublicClientApplication(System.Collections.Generic.List<System.String> value) { RedirectUris = value; } } public class Recipient { public Microsoft.Open.MSGraph.Model.EmailAddress EmailAddress; public Recipient() { } public Recipient(Microsoft.Open.MSGraph.Model.EmailAddress value) { EmailAddress = value; } } public class RequiredResourceAccess { public System.String ResourceAppId; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.ResourceAccess> ResourceAccess; } public class ResourceAccess { public System.String Id; public System.String Type; } public class RolePermission { public System.Collections.Generic.List<System.String> AllowedResourceActions; public System.String Condition; } public class SettingTemplateValue { public System.String Name; public System.String Description; public System.String Type; public System.String DefaultValue; } public class SettingValue { public System.String Name; public System.String Value; } public class SetVerifiedPublisherRequest { public System.String VerifiedPublisherId; public SetVerifiedPublisherRequest() { } public SetVerifiedPublisherRequest(System.String value) { VerifiedPublisherId = value; } } public class User { public System.String Id; public System.String OdataType; } public class WebApplication { public System.String LogoutUrl; public System.Nullable<System.Boolean> Oauth2AllowImplicitFlow; public System.Collections.Generic.List<System.String> RedirectUris; public Microsoft.Open.MSGraph.Model.ImplicitGrantSettings ImplicitGrantSettings; } } "@ # Extract namespaces and types from the type definitions $lines = $def -split "`n" $namespace = $null $types = @() foreach ($line in $lines) { # Check for a namespace declaration if ($line -match '^\s*namespace\s+([\w\.]+)') { $namespace = $matches[1] } # Check for public classes or enums within a namespace elseif ($line -match '^\s*public\s+(class|enum)\s+(\w+)') { if ($namespace) { $types += "$namespace.$($matches[2])" } } } # Check if each type exists in the currently loaded assemblies $missingTypes = @() foreach ($type in $types) { if (-not [Type]::GetType($type, $false, $false)) { $missingTypes += $type } } # Add the $def if any type is missing if ($missingTypes.Count -gt 0) { try { # Define parameters for dynamic compilation Add-Type -TypeDefinition $def } catch { } } #Don't add the types # ------------------------------------------------------------------------------ # End of Type definitions required for commands inputs # ------------------------------------------------------------------------------ # SIG # Begin signature block # MIIoLQYJKoZIhvcNAQcCoIIoHjCCKBoCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD7+3cdAALjfWgk # kjeVFLWIknOCEFPJz6N41F8jkC/C2qCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJMoTTU9RQmBZZT7E98aZlfs # wC41+pSroF7nT+TQTd6WMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAMbVIdtkF8kHKysVNrXkef2HUxF2eL/DRv6q474/792CipL0l0VY0Qcm8 # 2yK0+R3sQJVZriu5PWxGdmFZXr8MiSBRtmuC/jTSJ59ow5acm5led+36iX3k4sB7 # bzeqMGavXvsG17yUKj8geNaH+G6Zy42vYWRMUT4wbNemNNHyQuaHkudk/aKbZpNh # ZJxd32EvUrsgrZrd1M2Xxt1dYpb4soo9ozY3d1cFwi4coxA7XLsu5CoEiMjpVvaN # JB3LZC3ARzmKvwYIjyQbPJeZd2k1AK5+fN5rAaVF8gQt6dICcYNv+xCU40OzUGKj # vFF1XbS4t1sgby6bUCmd9qZZglrGVaGCF5cwgheTBgorBgEEAYI3AwMBMYIXgzCC # F38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCBP/2QzSRKVUF0WgFT+T96wXLyxFMB+yuQ+8rhO4jJbQIGZ/goJXYn # GBMyMDI1MDQxNDE2Mzc0Ny43ODlaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTYwMC0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHtMIIHIDCCBQigAwIBAgITMwAAAgTY4A4HlzJYmAABAAACBDANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yNTAxMzAxOTQy # NDdaFw0yNjA0MjIxOTQyNDdaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTYwMC0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDw3Sbcee2d66vkWGTIXhfGqqgQGxQXTnq44XlUvNzF # St7ELtO4B939jwZFX7DrRt/4fpzGNkFdGpc7EL5S86qKYv360eXjW+fIv1lAqDD3 # 1d/p8Ai9/AZz8M95zo0rDpK2csz9WAyR9FtUDx52VOs9qP3/pgpHvgUvD8s6/3KN # ITzms8QC1tJ3TMw1cRn9CZgVIYzw2iD/ZvOW0sbF/DRdgM8UdtxjFIKTXTaI/bJh # sQge3TwayKQ2j85RafFFVCR5/ChapkrBQWGwNFaPzpmYN46mPiOvUxriISC9nQ/G # rDXUJWzLDmchrmr2baABJevvw31UYlTlLZY6zUmjkgaRfpozd+Glq9TY2E3Dglr6 # PtTEKgPu2hM6v8NiU5nTvxhDnxdmcf8UN7goeVlELXbOm7j8yw1xM9IyyQuUMWko # rBaN/5r9g4lvYkMohRXEYB0tMaOPt0FmZmQMLBFpNRVnXBTa4haXvn1adKrvTz8V # lfnHxkH6riA/h2AlqYWhv0YULsEcHnaDWgqA29ry+jH097MpJ/FHGHxk+d9kH2L5 # aJPpAYuNmMNPB7FDTPWAx7Apjr/J5MhUx0i07gV2brAZ9J9RHi+fMPbS+Qm4AonC # 5iOTj+dKCttVRs+jKKuO63CLwqlljvnUCmuSavOX54IXOtKcFZkfDdOZ7cE4DioP # 1QIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFBp1dktAcGpW/Km6qm+vu4M1GaJfMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBecv6sRw2HTLMyUC1WJJ+FR+DgA9Jkv0lG # sIt4y69CmOj8R63oFbhSmcdpakxqNbr8v9dyTb4RDyNqtohiiXbtrXmQK5X7y/Q+ # +F0zMotTtTpTPvG3eltyV/LvO15mrLoNQ7W4VH58aLt030tORxs8VnAQQF5BmQQM # Oua+EQgH4f1F4uF6rl3EC17JBSJ0wjHSea/n0WYiHPR0qkz/NRAf8lSUUV0gbIMa # wGIjn7+RKyCr+8l1xdNkK/F0UYuX3hG0nE+9Wc0L4A/enluUN7Pa9vOV6Vi3BOJS # T0RY/ax7iZ45leM8kqCw7BFPcTIkWzxpjr2nCtirnkw7OBQ6FNgwIuAvYNTU7r60 # W421YFOL5pTsMZcNDOOsA01xv7ymCF6zknMGpRHuw0Rb2BAJC9quU7CXWbMbAJLd # Z6XINKariSmCX3/MLdzcW5XOycK0QhoRNRf4WqXRshEBaY2ymJvHO48oSSY/kpuY # vBS3ljAAuLN7Rp8jWS7t916paGeE7prmrP9FJsoy1LFKmFnW+vg43ANhByuAEXq9 # Cay5o7K2H5NFnR5wj/SLRKwK1iyUX926i1TEviEiAh/PVyJbAD4koipig28p/6HD # uiYOZ0wUkm/a5W8orIjoOdU3XsJ4i08CfNp5I73CsvB5QPYMcLpF9NO/1LvoQAw3 # UPdL55M5HTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNQ # MIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjk2MDAtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQC6 # PYHRw9+9SH+1pwy6qzVG3k9lbqCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA66dDpDAiGA8yMDI1MDQxNDA4MTk0 # OFoYDzIwMjUwNDE1MDgxOTQ4WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDrp0Ok # AgEAMAoCAQACAhCYAgH/MAcCAQACAhLtMAoCBQDrqJUkAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQELBQADggEBABhup+yPJXqVuvSQFvo0W8l8iMxabp2wC1ut6elU/FmW # LzIpy2UfoPqszlMPKdFx7HtgHWME4utU4nENn7/ppnQnZPM7vsUJ3h0Fy78hFa8i # Cqwvqzaeg8zbUZtIwLOkD9eSsZaZnOyyx2MiM3Os9Vvp/a+xdoEJTE/ng0GJ2oJq # dni/itJMRCJhyCPUbUdgxIF3fbr31oONW4i2E7pfjp+FPLahOWeZKrkXJojF52Sf # YXAgs73MLllvz49mvfuvYTfIEcbu+9opQtEQNGFVanpF9ECrGYjHx4dfX65gBPqQ # jrzAl7we9RViZh9fMFZEH5r8UfbOCDEQhPgRju0vecoxggQNMIIECQIBATCBkzB8 # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1N # aWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAgTY4A4HlzJYmAABAAAC # BDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE # MC8GCSqGSIb3DQEJBDEiBCDKdy9r8eFfkZBKiaWeA8WYOP43tx+RSQ4RSbP5+7c+ # 0TCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIPnteGX9Wwq8VdJM6mjfx1GE # Jsu7/6kU6l0SS5rcebn+MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAIE2OAOB5cyWJgAAQAAAgQwIgQgAxp9vqqw/L3iiIPisV9PsXaO # KMAL4jb+ehpUYVOA89gwDQYJKoZIhvcNAQELBQAEggIAzUBGlwyj9O3YKNNC9Z5V # Z3U4vK4gimBPRQVC4ErGr1bCqkUYw/mV7fdnVXNQxuXKhf8mOLz5GXfjB9Lgdz1W # Zc06VCxgCRFywBOw9LyOtogHMY1NgE796tNT7d2iAeNi/pJ9R9e8AkP+VzG21oR3 # Ah3/pXq2LkL+ivmR8C0DjzM2NHqLMlS3MX+nxM7IoCZD8tzvtNYon1az4zCvnjVP # QQZ5A/iu+8Ad5j5/HVagdJfW9+iPGtcK/H9zbCLctN17cHZLad9AKVyB2vG2A9tY # MD3jvluGOaA1qV5j//zx9dIO/gLJJt5G8RdcTEFrBXu/mTXxM9k3VkQkzKDFIU0r # JydAy8hxfbldcTdJqMSY9mZJnyM+N3qGvbc02K4n7xO9knclO1hnfE8hRXgZDN4X # XuAyxaOj5P2RfR51lmqjrG0e9rsKb5e/B7GrzahlwoZVmygsJWNBxGvLZvfJJAy3 # 3mcLotowoeMkk/UJjtxRPEF0BSxltcpbb42gDvF0PVtTn6HQtDw0mg1ibn7eKPJd # bCZMwAHknMPyq6jbTbhUw3/SETjkJ2v+622JMNh8syEKVbyHv93+RlhspqcmTuyU # /YgcZfvTlDgYwuRpav9hHCdJOH9P1/ghbIt1vgcvPdTfrK8OZie6Scp73IFtiOrK # smqHKS7Nt4mIlANh1fdy5nE= # SIG # End signature block |