Merge branch 'microsoftgraph:main' into se-Build-Install-Dependencies

Author: SamErde

.config/CredScanSuppressions.json

@@ -40,6 +40,14 @@
       {
         "file": "test\\Entra\\Users\\New-EntraUser.Tests.ps1",
         "_justification": "Unit test file has a sample Password used in mocking."
+      },
+      {
+        "file": "test\\EntraBeta\\Users\\New-EntraBetaUser.Tests.ps1",
+        "_justification": "Unit test file has a sample Password used in mocking."
+      },
+      {
+        "file": "test\\Entra\\CertificateBasedAuthentication\\Get-EntraUserCertificateUserIdsFromCertificate.Tests.ps1",
+        "_justification": "Unit test file has a sample certificate with only public keys used in mocking."
       }
     ]
 }

build/BUILD.md

@@ -60,6 +60,7 @@ Import-Module .\bin\Microsoft.Entra.Applications.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.DirectoryManagement.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Governance.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Users.psd1 -Force
+Import-Module .\bin\Microsoft.Entra.CertificateBasedAuthentication.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Groups.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Reports.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.SignIns.psd1 -Force
@@ -138,6 +139,7 @@ Import-Module .\bin\Microsoft.Entra.Applications.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.DirectoryManagement.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Governance.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Users.psd1 -Force
+Import-Module .\bin\Microsoft.Entra.CertificateBasedAuthentication.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Groups.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.Reports.psd1 -Force
 Import-Module .\bin\Microsoft.Entra.SignIns.psd1 -Force

build/Create-EntraModule.ps1

@@ -7,6 +7,7 @@ param (
 
 . (Join-Path $psscriptroot "/common-functions.ps1")
 . (Join-Path $psscriptroot "../src/EntraModuleBuilder.ps1")
+. (Join-Path $psscriptroot "../src/Get-MissingCmds.ps1")
 
 $moduleBuilder = [EntraModuleBuilder]::new()
 
@@ -17,6 +18,7 @@ if($Module -eq 'Entra'){
     $typeDefsPath=(Join-Path $PSScriptRoot "/Beta-TypeDefs.txt")
 }
 if($Root){
+    $moduleBuilder.CreateRootModule($Module)
     $moduleBuilder.CreateRootModuleManifest($Module)
 }else{
     $moduleBuilder.CreateModuleHelp($Module)

module/Entra/Microsoft.Entra/Applications/Add-EntraApplicationOwner.ps1

@@ -3,16 +3,28 @@
 #  Licensed under the MIT License.  See License in the project root for license information. 
 # ------------------------------------------------------------------------------ 
 function Add-EntraApplicationOwner {
-    [CmdletBinding(DefaultParameterSetName = '')]
+    [CmdletBinding(DefaultParameterSetName = 'ByApplicationIdAndOwnerId')]
     param (
         [Alias('ObjectId')]
         [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Unique ID of the application object (Application Object ID).")]
-        [System.String] $ApplicationId,
+        [ValidateNotNullOrEmpty()]
+        [guid] $ApplicationId,
 
         [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "The ID of the user, group, or service principal to be added as an owner of the application.")]
         [Alias('RefObjectId')]
-        [System.String] $OwnerId
+        [ValidateNotNullOrEmpty()]
+        [guid] $OwnerId
     )
+
+    begin {
+        # Ensure connection to Microsoft Entra
+        if (-not (Get-EntraContext)) {
+            $errorMessage = "Not connected to Microsoft Graph. Use 'Connect-Entra -Scopes Application.ReadWrite.All' to authenticate."
+            Write-Error -Message $errorMessage -ErrorAction Stop
+            return
+        }
+    }
+
     PROCESS {
         $params = @{}
         $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand
@@ -22,8 +34,18 @@ function Add-EntraApplicationOwner {
 
         $newOwner = @{}
 
+        $rootUri = (Get-EntraEnvironment -Name (Get-EntraContext).Environment).GraphEndpoint
+
+        if (-not $rootUri) {
+            $rootUri = "https://graph.microsoft.com"
+            Write-Verbose "Using default Graph endpoint: $rootUri"
+        }
+        else {
+            Write-Verbose "Using environment-specific Graph endpoint: $rootUri"
+        }
+        
         if ($null -ne $PSBoundParameters["OwnerId"]) {
-            $newOwner["@odata.id"] = "https://graph.microsoft.com/v1.0/directoryObjects/" + $PSBoundParameters["OwnerId"]
+            $newOwner["@odata.id"] = "$rootUri/v1.0/directoryObjects/" + $PSBoundParameters["OwnerId"]
             $params["BodyParameter"] = $newOwner
         }
         if ($null -ne $PSBoundParameters["WarningVariable"]) {

module/Entra/Microsoft.Entra/Applications/Add-EntraServicePrincipalDelegatedPermissionClassification.ps1

@@ -3,103 +3,100 @@
 #  Licensed under the MIT License.  See License in the project root for license information. 
 # ------------------------------------------------------------------------------ 
 function Add-EntraServicePrincipalDelegatedPermissionClassification {
-    [CmdletBinding(DefaultParameterSetName = 'InvokeByDynamicParameters')]
-    param (
+    [CmdletBinding(DefaultParameterSetName = 'ByServicePrincipalAndPermissionInfo')]
+    param (                
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Unique ID of the service principal object (Service Principal Object ID).")]
+        [Alias('ObjectId')]
+        [ValidateNotNullOrEmpty()]
+        [guid] $ServicePrincipalId,
 
-    [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
-    [System.String] $ServicePrincipalId,
+        [Parameter(ParameterSetName = "ByServicePrincipalAndPermissionInfo", Mandatory = $true, HelpMessage = "Permission classification. e.g. Low, Medium, High")]
+        [ValidateNotNullOrEmpty()]
+        [System.Nullable`1[Microsoft.Open.MSGraph.Model.DelegatedPermissionClassification+ClassificationEnum]] $Classification,
 
-    [Parameter(ParameterSetName = "InvokeByDynamicParameters", Mandatory = $true)]
-    [System.Nullable`1[Microsoft.Open.MSGraph.Model.DelegatedPermissionClassification+ClassificationEnum]] $Classification,
+        [Parameter(ParameterSetName = "ByServicePrincipalAndPermissionInfo", Mandatory = $true, HelpMessage = "Unique ID of the permission. e.g. 00000000-0000-0000-0000-000000000000")]
+        [ValidateNotNullOrEmpty()]
+        [guid] $PermissionId,
 
-    [Parameter(ParameterSetName = "InvokeByDynamicParameters", Mandatory = $true)]
-    [System.String] $PermissionId,
-                
-    [Parameter(ParameterSetName = "InvokeByDynamicParameters", Mandatory = $true)]
-    [System.String] $PermissionName
+        [Parameter(ParameterSetName = "ByServicePrincipalAndPermissionInfo", Mandatory = $true, HelpMessage = "Name of the permission. e.g. HR.Read.All")]
+        [ValidateNotNullOrEmpty()]
+        [System.String] $PermissionName
     )
 
+    begin {
+        # Ensure connection to Microsoft Entra
+        if (-not (Get-EntraContext)) {
+            $errorMessage = "Not connected to Microsoft Graph. Use 'Connect-Entra -Scopes Policy.ReadWrite.PermissionGrant' to authenticate."
+            Write-Error -Message $errorMessage -ErrorAction Stop
+            return
+        }
+    }
+
     PROCESS {    
-    $params = @{}
-    $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand
+        $params = @{}
+        $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand
 
-    if ($null -ne $PSBoundParameters["ServicePrincipalId"])
-    {
-        $params["ServicePrincipalId"] = $PSBoundParameters["ServicePrincipalId"]
-    }
-    if($PSBoundParameters.ContainsKey("Debug"))
-    {
-        $params["Debug"] = $PSBoundParameters["Debug"]
-    }
-    if ($null -ne $PSBoundParameters["PipelineVariable"])
-    {
-        $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"]
-    }
-    if ($null -ne $PSBoundParameters["InformationVariable"])
-    {
-        $params["InformationVariable"] = $PSBoundParameters["InformationVariable"]
-    }
-    if ($null -ne $PSBoundParameters["Classification"])
-    {
-        $params["Classification"] = $PSBoundParameters["Classification"]
-    }
-    if ($null -ne $PSBoundParameters["OutBuffer"])
-    {
-        $params["OutBuffer"] = $PSBoundParameters["OutBuffer"]
-    }
-    if ($null -ne $PSBoundParameters["WarningVariable"])
-    {
-        $params["WarningVariable"] = $PSBoundParameters["WarningVariable"]
-    }
-    if($PSBoundParameters.ContainsKey("Verbose"))
-    {
-        $params["Verbose"] = $PSBoundParameters["Verbose"]
-    }
-    if ($null -ne $PSBoundParameters["PermissionId"])
-    {
-        $params["PermissionId"] = $PSBoundParameters["PermissionId"]
-    }
-    if ($null -ne $PSBoundParameters["PermissionName"])
-    {
-        $params["PermissionName"] = $PSBoundParameters["PermissionName"]
-    }
-    if ($null -ne $PSBoundParameters["ErrorVariable"])
-    {
-        $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"]
-    }
-    if ($null -ne $PSBoundParameters["ErrorAction"])
-    {
-        $params["ErrorAction"] = $PSBoundParameters["ErrorAction"]
-    }
-    if ($null -ne $PSBoundParameters["InformationAction"])
-    {
-        $params["InformationAction"] = $PSBoundParameters["InformationAction"]
-    }
-    if ($null -ne $PSBoundParameters["WarningAction"])
-    {
-        $params["WarningAction"] = $PSBoundParameters["WarningAction"]
-    }
-    if ($null -ne $PSBoundParameters["ProgressAction"])
-    {
-        $params["ProgressAction"] = $PSBoundParameters["ProgressAction"]
-    }
-    if ($null -ne $PSBoundParameters["OutVariable"])
-    {
-        $params["OutVariable"] = $PSBoundParameters["OutVariable"]
-    }
+        if ($null -ne $PSBoundParameters["ServicePrincipalId"]) {
+            $params["ServicePrincipalId"] = $PSBoundParameters["ServicePrincipalId"]
+        }
+        if ($PSBoundParameters.ContainsKey("Debug")) {
+            $params["Debug"] = $PSBoundParameters["Debug"]
+        }
+        if ($null -ne $PSBoundParameters["PipelineVariable"]) {
+            $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"]
+        }
+        if ($null -ne $PSBoundParameters["InformationVariable"]) {
+            $params["InformationVariable"] = $PSBoundParameters["InformationVariable"]
+        }
+        if ($null -ne $PSBoundParameters["Classification"]) {
+            $params["Classification"] = $PSBoundParameters["Classification"]
+        }
+        if ($null -ne $PSBoundParameters["OutBuffer"]) {
+            $params["OutBuffer"] = $PSBoundParameters["OutBuffer"]
+        }
+        if ($null -ne $PSBoundParameters["WarningVariable"]) {
+            $params["WarningVariable"] = $PSBoundParameters["WarningVariable"]
+        }
+        if ($PSBoundParameters.ContainsKey("Verbose")) {
+            $params["Verbose"] = $PSBoundParameters["Verbose"]
+        }
+        if ($null -ne $PSBoundParameters["PermissionId"]) {
+            $params["PermissionId"] = $PSBoundParameters["PermissionId"]
+        }
+        if ($null -ne $PSBoundParameters["PermissionName"]) {
+            $params["PermissionName"] = $PSBoundParameters["PermissionName"]
+        }
+        if ($null -ne $PSBoundParameters["ErrorVariable"]) {
+            $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"]
+        }
+        if ($null -ne $PSBoundParameters["ErrorAction"]) {
+            $params["ErrorAction"] = $PSBoundParameters["ErrorAction"]
+        }
+        if ($null -ne $PSBoundParameters["InformationAction"]) {
+            $params["InformationAction"] = $PSBoundParameters["InformationAction"]
+        }
+        if ($null -ne $PSBoundParameters["WarningAction"]) {
+            $params["WarningAction"] = $PSBoundParameters["WarningAction"]
+        }
+        if ($null -ne $PSBoundParameters["ProgressAction"]) {
+            $params["ProgressAction"] = $PSBoundParameters["ProgressAction"]
+        }
+        if ($null -ne $PSBoundParameters["OutVariable"]) {
+            $params["OutVariable"] = $PSBoundParameters["OutVariable"]
+        }
 
-    Write-Debug("============================ TRANSFORMATIONS ============================")
-    $params.Keys | ForEach-Object {"$_ : $($params[$_])" } | Write-Debug
-    Write-Debug("=========================================================================`n")
+        Write-Debug("============================ TRANSFORMATIONS ============================")
+        $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug
+        Write-Debug("=========================================================================`n")
 
-    $response = New-MgServicePrincipalDelegatedPermissionClassification @params -Headers $customHeaders
-    $response | ForEach-Object {
-        if($null -ne $_) {
-        Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id
+        $response = New-MgServicePrincipalDelegatedPermissionClassification @params -Headers $customHeaders
+        $response | ForEach-Object {
+            if ($null -ne $_) {
+                Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id
 
+            }
         }
-    }
-    $response
+        $response
     }
 }
 

module/Entra/Microsoft.Entra/Applications/Add-EntraServicePrincipalOwner.ps1

@@ -3,21 +3,38 @@
 #  Licensed under the MIT License.  See License in the project root for license information. 
 # ------------------------------------------------------------------------------ 
 function Add-EntraServicePrincipalOwner {
-    [CmdletBinding(DefaultParameterSetName = '')]
+    [CmdletBinding(DefaultParameterSetName = 'ByServicePrincipalIdAndOwnerId')]
     param (
         [Alias('ObjectId')]
         [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Unique ID of the service principal.")]
+        [ValidateNotNullOrEmpty()]
         [System.String] $ServicePrincipalId,
 
         [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "Unique ID of the owner, which can be a user, the service principal itself, or another service principal.")]
         [Alias('RefObjectId')]
+        [ValidateNotNullOrEmpty()]
         [System.String] $OwnerId
     )
 
+    begin {
+        # Ensure connection to Microsoft Entra
+        if (-not (Get-EntraContext)) {
+            $errorMessage = "Not connected to Microsoft Graph. Use 'Connect-Entra -Scopes Application.ReadWrite.All' to authenticate."
+            Write-Error -Message $errorMessage -ErrorAction Stop
+            return
+        }
+    }
+
     PROCESS {    
         $params = @{}
         $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand
 
+        $rootUri = (Get-EntraEnvironment -Name (Get-EntraContext).Environment).GraphEndpoint
+
+        if (-not $rootUri) {
+            $rootUri = "https://graph.microsoft.com"
+            Write-Verbose "Using default Graph endpoint: $rootUri"
+        }
         if ($null -ne $PSBoundParameters["OutVariable"]) {
             $params["OutVariable"] = $PSBoundParameters["OutVariable"]
         }
@@ -59,7 +76,7 @@ function Add-EntraServicePrincipalOwner {
         }
         if ($null -ne $PSBoundParameters["OwnerId"]) {
             $TmpValue = $PSBoundParameters["OwnerId"]
-            $Value = @{ "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$TmpValue" }
+            $Value = @{ "@odata.id" = "$rootUri/v1.0/directoryObjects/$TmpValue" }
             $params["BodyParameter"] = $Value
         }