##### Service Provider Configuration Area ##### # Modify the variable below to match your Enterprise Application ID $applicationId = "d398b2ed-16b2-4c5e-b07e-bb0c0c2eded7" ##### Warning: Do not edit the lines below ##### function Connect-VB365RestorePortal { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$ApplicationId ) # connecting to all things Microsoft try { Write-Verbose "Connecting to Microsoft Azure account" Connect-AzAccount -ErrorAction Stop | Out-Null $context = Get-AzContext Write-Verbose "Connecting to Azure AD account" Connect-AzureAD -TenantId $context.Tenant.TenantId -AccountId $context.Account.Id -ErrorAction Stop | Out-Null Write-Host "$($context.Account.Id) is now connected to Microsoft Azure" -ForegroundColor Green } catch { Write-Error "An issue occurred while logging into Microsoft. Please double-check your credentials and ensure you have sufficient access." throw $_ } # check if Enterprise Application already exists $sp = Get-AzureADServicePrincipal -Filter "AppId eq '$applicationId'" if ($sp) { Write-Host "Enterprise Application ($ApplicationId) already exists" -ForegroundColor Green } else { # creating link to Service Provider Enterprise Application try { Write-Verbose "Creating new Azure AD Service Principal" $sp = New-AzureADServicePrincipal -AppId $ApplicationId -Tags {WindowsAzureActiveDirectoryIntegratedApp} -ErrorAction Stop Write-Host "$($sp.DisplayName) ($($sp.AppId)) has been linked your account" -ForegroundColor Green Start-Sleep -Seconds 5 } catch { Write-Error "An unexpected error occurred while linking the Enterprise Application to your account." throw $_ Start-Sleep -Seconds 5 } } # granting admin consent $token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.TenantId, $null, "Never", $null, "74658136-14ec-4630-ad9b-26e160ff0fc6") $headers = @{ 'Authorization' = 'Bearer ' + $token.AccessToken 'X-Requested-With' = 'XMLHttpRequest' 'x-ms-client-request-id' = New-Guid 'x-ms-correlation-id' = New-Guid } $url = "https://main.iam.ad.ext.azure.com/api/RegisteredApplications/$($sp.AppId)/Consent?onBehalfOfAll=true" Write-Verbose "Granting admin consent to the newly linked Azure AD Service Principal" # loop waiting for change to actually take place while ($true) { try { Invoke-RestMethod -Uri $url -Headers $headers -Method POST -ErrorAction Stop | Out-Null break } catch { Write-Host "Waiting to grant admin consent... (this can take up to 15 minutes)" Write-Verbose "Error: $_" Start-Sleep -Seconds 5 } } Write-Host "$($sp.DisplayName) ($($sp.AppId)) has been granted admin consent" -ForegroundColor Green Write-Host "You can now login to Vitanium's 365 Restore Portal!" -ForegroundColor Green #Write-Warning "If you receive an error, wait 15 minutes and attempt login again." # logging out of remote sessions Write-Verbose "Logging out of Azure AD account" Disconnect-AzureAD | Out-Null Write-Verbose "Logging out of Microsoft Azure account" Disconnect-AzAccount | Out-Null } Write-Host "Vitanium Backup for 365 - Restore Portal" Write-Host "Checking required Azure PowerShell modules...Az.Accounts & AzureAd" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Find-PackageProvider -Name Nuget -ForceBootstrap -IncludeDependencies -Force | Out-Null # Determine if Az.Account module is already present if ( -not(Get-Module -ListAvailable -Name Az.Accounts)){ Install-Module -Name Az.Accounts -SkipPublisherCheck -Force -ErrorAction Stop Write-Host "Az.Accounts module installed successfully" -ForegroundColor Green } else { Write-Host "Az.Accounts module already present" -ForegroundColor Green } # Determine if AzureAd module is already present if ( -not(Get-Module -ListAvailable -Name AzureAd)){ Install-Module -Name AzureAD -SkipPublisherCheck -Force -ErrorAction Stop Write-Host "AzureAD module installed successfully" -ForegroundColor Green } else { Write-Host "AzureAD module already present" -ForegroundColor Green } Connect-VB365RestorePortal -ApplicationId $applicationId #Connect-VB365RestorePortal -ApplicationId $applicationId -Verbose Read-Host -Prompt "Press any key to exit"