IntuneWin32Deployer

24.7.11.1

Public/Connect-IWD.ps1

                                function Connect-IWD {

    <#

    .SYNOPSIS

        Connect to Microsoft Graph API.

    .DESCRIPTION

        Connect to Microsoft Graph API using either Azure App authentication or user authentication.

    .PARAMETER ClientId

        The Azure App ID (Client ID) for connecting to Microsoft Graph.

    .PARAMETER ClientSecret

        The App Secret for connecting to Microsoft Graph when using Azure App authentication.

    .PARAMETER TenantId

        The Tenant ID for connecting to Microsoft Graph when using Azure App authentication.

    .EXAMPLE

        Example 1:

        Connect-IWD -ClientId "YourAppId" -ClientSecret "YourAppSecret" -TenantId "YourTenantId"

        This command connects to Microsoft Graph using Azure App authentication with the specified Client ID, Client Secret, and Tenant ID.

    .EXAMPLE

        Example 2:

        Connect-IWD

        This command connects to Microsoft Graph using user authentication.

    .NOTES

        Author: Florian Salzmann (@FlorianSLZ)

        Version: 1.0

        Date: 2023-10-15

    #>

    param (

        [parameter(Mandatory = $false, HelpMessage = "AppId for connection with MSGraph")]

        [ValidateNotNullOrEmpty()]

        [string]$ClientId,

        [parameter(Mandatory = $false, HelpMessage = "TenantId for connection with MSGraph")]

        [ValidateNotNullOrEmpty()]

        [string]$TenantId,

        [parameter(Mandatory = $false, HelpMessage = "App Secret for connection with MSGraph")]

        [ValidateNotNullOrEmpty()]

        [string]$ClientSecret

    )

    if($ClientId -and $ClientSecret -and $TenantId){

        Write-Verbose "Graph connection via Azure App, Tenant: $TenantId"

        $authority = "https://login.windows.net/$TenantId"

        Update-MSGraphEnvironment -AppId $ClientId -Quiet

        Update-MSGraphEnvironment -AuthUrl $authority -Quiet

        Connect-MSGraph -ClientSecret $ClientSecret -Quiet

    }else{

        # Disconnect old session

        if($(Get-MgContext).AppName){   

            Write-Host "Kill old Graph Session"

            Disconnect-Graph    

        }

        Write-Verbose "Graph connection via user authentification"

        $MSGraph = Connect-MgGraph -Scopes "User.Read.All", "Device.Read.All", "DeviceManagementManagedDevices.ReadWrite.All", "DeviceManagementServiceConfig.ReadWrite.All", "GroupMember.ReadWrite.All" 

        Write-Verbose $MSGraph

        $CurrentMgContext = Get-MgContext

        $MSIntuneGraph = Connect-MSIntuneGraph -TenantID $CurrentMgContext.TenantId -ClientID $CurrentMgContext.ClientID

        Write-Verbose $MSIntuneGraph

    } 

}