FH-Inway · August 13, 2024 14:42
diff --git a/New-AzureAppRegistrationMSGraph.ps1 b/New-AzureAppRegistrationMSGraph.ps1
 <#
 To execute the steps, the id of an Azure application must be provided. The application must have the following API permissions:
        
        - Microsoft Graph (User.Read and Mail.Send permissions of the Application type).
 #>

 # Based on https://blog.icewolf.ch/archive/2022/12/02/create-azure-ad-app-registration-with-microsoft-graph-powershell
 # original gist: https://gist.github.com/FH-Inway/4fc4d4f263900ce1fe240f4d32df23e9

 [CmdletBinding()]
 param (
    [Parameter(Mandatory = $true, HelpMessage = "The name of the Azure Application.")]
    [String]
    $ApplicationName = "D365FO-Email-MSGraph"
 )

 # Install the PowerShell module "Microsoft.Graph" if it is not already installed.
 # Install-Module -Name Microsoft.Graph.Authentication -Scope CurrentUser -Force
 # Install-Module -Name Microsoft.Graph.Applications -Scope CurrentUser -Force

 # You need to have the Azure Active Directory Role “Application Administrator” or “Application Developer”.
 Connect-MgGraph -Scopes "Application.Read.All","Application.ReadWrite.All","User.Read.All"

 $Description = "https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/organization-administration/configure-email#send-email-with-microsoft-graph"

 # API permissions

 $DelegatedType = "Scope"
 $ApplicationType = "Role"

 ## Microsoft Graph
 $UserRead = @{
  Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
  Type = $DelegatedType 
 }
 $MailSend = @{
  Id = "b633e1c5-b582-4048-a93e-9f11b44c7e96"
  Type = $ApplicationType 
 }
 $MicrosoftGraph = @{
  ResourceAppId = "00000003-0000-0000-c000-000000000000"
  ResourceAccess = @($UserRead, $MailSend)
 }

 $RequiredResourceAccessList = @($MicrosoftGraph)

 $PasswordCredential = @{
    DisplayName = $ApplicationName
    EndDateTime = [DateTime]::Now.AddYears(1)
 }

 try {
    $params = @{
        DisplayName = $ApplicationName
        Description = $Description
        RequiredResourceAccess = $RequiredResourceAccessList
        PasswordCredential = $PasswordCredential
    }
    $app = New-MgApplication @params -Verbose
 } catch {
    Write-Error "Failed to create the application. Error details: $_"
    $_ | Format-List * -Force
 }

 Start-Sleep -Seconds 5
 $AdminConsentURL = "https://login.microsoftonline.com/$($app.PublisherDomain)/adminconsent?client_id=$($app.AppId)"
 Start-Process $AdminConsentURL

 Write-Output "Azure application $DisplayName was created."
 Write-Output "AppId: $($app.AppId)"
 Write-Output "Secret: $($app.PasswordCredentials.SecretText)"
 Write-Warning "Please copy the AppId and Secret to a secure location. The secret will not be displayed again."
	<#
	To execute the steps, the id of an Azure application must be provided. The application must have the following API permissions:

	- Microsoft Graph (User.Read and Mail.Send permissions of the Application type).
	#>

	# Based on https://blog.icewolf.ch/archive/2022/12/02/create-azure-ad-app-registration-with-microsoft-graph-powershell
	# original gist: https://gist.github.com/FH-Inway/4fc4d4f263900ce1fe240f4d32df23e9

	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $true, HelpMessage = "The name of the Azure Application.")]
	[String]
	$ApplicationName = "D365FO-Email-MSGraph"
	)

	# Install the PowerShell module "Microsoft.Graph" if it is not already installed.
	# Install-Module -Name Microsoft.Graph.Authentication -Scope CurrentUser -Force
	# Install-Module -Name Microsoft.Graph.Applications -Scope CurrentUser -Force

	# You need to have the Azure Active Directory Role “Application Administrator” or “Application Developer”.
	Connect-MgGraph -Scopes "Application.Read.All","Application.ReadWrite.All","User.Read.All"

	$Description = "https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/organization-administration/configure-email#send-email-with-microsoft-graph"

	# API permissions

	$DelegatedType = "Scope"
	$ApplicationType = "Role"

	## Microsoft Graph
	$UserRead = @{
	Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
	Type = $DelegatedType
	}
	$MailSend = @{
	Id = "b633e1c5-b582-4048-a93e-9f11b44c7e96"
	Type = $ApplicationType
	}
	$MicrosoftGraph = @{
	ResourceAppId = "00000003-0000-0000-c000-000000000000"
	ResourceAccess = @($UserRead, $MailSend)
	}

	$RequiredResourceAccessList = @($MicrosoftGraph)

	$PasswordCredential = @{
	DisplayName = $ApplicationName
	EndDateTime = [DateTime]::Now.AddYears(1)
	}

	try {
	$params = @{
	DisplayName = $ApplicationName
	Description = $Description
	RequiredResourceAccess = $RequiredResourceAccessList
	PasswordCredential = $PasswordCredential
	}
	$app = New-MgApplication @params -Verbose
	} catch {
	Write-Error "Failed to create the application. Error details: $_"
	$_ \| Format-List * -Force
	}

	Start-Sleep -Seconds 5
	$AdminConsentURL = "https://login.microsoftonline.com/$($app.PublisherDomain)/adminconsent?client_id=$($app.AppId)"
	Start-Process $AdminConsentURL

	Write-Output "Azure application $DisplayName was created."
	Write-Output "AppId: $($app.AppId)"
	Write-Output "Secret: $($app.PasswordCredentials.SecretText)"
	Write-Warning "Please copy the AppId and Secret to a secure location. The secret will not be displayed again."
No results found