BitTitan.Runbooks.AzureAD

0.2.3

BitTitan.Runbooks.AzureAD.psm1

                                <#

.SYNOPSIS

    PowerShell module for common Azure Active Directory (AzureAD) functions and resources used in BitTitan Runbooks.

.NOTES

    Version: 0.2.3

    Last updated: 2 November 2018

    Copyright (c) BitTitan, Inc. All rights reserved.

    Licensed under the MIT License.

#>

# Install/import external modules

Install-Module AzureAD -RequiredVersion 2.0.1.16 -Scope CurrentUser -AllowClobber -Force

Import-Module AzureAD -RequiredVersion 2.0.1.16 -Force -Global

# Install/import BitTitan.Runbooks.Modules to bootstrap the install/import of the other modules

Install-Module BitTitan.Runbooks.Modules -Scope CurrentUser -AllowClobber

Import-Module BitTitan.Runbooks.Modules -Force

# Install/import the other BitTitan.Runbooks modules

Import-BT_Module BitTitan.Runbooks.MSPComplete -Quiet

<#

.SYNOPSIS

    This function connects to Azure AD using admin account credentials or a MSPComplete Endpoint.

.DESCRIPTION

    This function connects to Azure AD using admin account credentials or a MSPComplete Endpoint.

    It returns whether the connection and logon was successful.

.PARAMETER username

    The username of the Azure AD admin account.

.PARAMETER password

    The password of the Azure AD admin account.

.PARAMETER endpoint

    The MSPComplete Endpoint for the Azure AD admin credentials.

    This endpoint can be masked or unmasked.

.EXAMPLE

    Connect-AzureADAdminAccount -Endpoint $Endpoint

.EXAMPLE

    $Endpoint | Connect-AzureADAdminAccount

.EXAMPLE

    Connect-AzureADAdminAccount -Username $username -Password $password

#>

function Connect-AzureADAdminAccount {

    param (

        # The username of the AzureAD account.

        [Parameter(Mandatory=$true, ParameterSetName="credential")]

        [String]$username,

        # The password of the AzureAD account.

        [Parameter(Mandatory=$true, ParameterSetName="credential")]

        [SecureString]$password,

        # The MSPComplete Endpoint.

        [Parameter(Mandatory=$true, ParameterSetName="endpoint", ValueFromPipeline=$true)]

        $endpoint

    )

    # If given endpoint, retrieve credential directly

    if ($PSCmdlet.ParameterSetName -eq "endpoint") {

        $azureADCredential = $endpoint | Get-CredentialFromMSPCompleteEndpoint

        $username = $azureADCredential.Username

    }

    # Create the AzureAD credential from the given username and password

    else {

        $azureADCredential = New-Object System.Management.Automation.PSCredential($username, $password)

    }

    # Logon to AzureAD

    try {

        Connect-AzureAD -Credential $azureADCredential -ErrorAction Stop

        # Logon was successful

        Write-Information "Connection and logon to AzureAD successful with username '$($username)' using the '$($(Get-AzureRmContext).Subscription.Name)' Subscription."

        return $true

    }

    catch {

        # Logon was unsuccessful

        Write-Error "Failed AzureAD account login with username '$($username)'. $($_.Exception.Message)"

        return $false

    }

}