Workloads/Intune.psm1
|
function Connect-MSCloudLoginIntune { [CmdletBinding()] param() $ProgressPreference = 'SilentlyContinue' $WarningPreference = 'SilentlyContinue' $VerbosePreference = 'SilentlyContinue' if ($Global:MSCloudLoginConnectionProfile.Intune.Connected) { return } if ($Global:MSCloudLoginConnectionProfile.Intune.AuthenticationType -eq 'Credentials') { try { if ($Global:MSCloudLoginConnectionProfile.environment -eq 'AzureUSGovernment' -or ($Global:MSCloudLoginConnectionProfile.environment -eq 'AzureDOD' )) { Update-MSGraphEnvironment -AuthUrl 'https://login.microsoftonline.us/common/' ` -GraphResourceId $Global:MSCloudLoginConnectionProfile.Intune.GraphResourceId ` -GraphBaseUrl $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl } else { Update-MSGraphEnvironment -AuthUrl 'https://login.microsoftonline.com/common/' ` -GraphResourceId $Global:MSCloudLoginConnectionProfile.Intune.GraphResourceId ` -GraphBaseUrl $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl } Connect-MSGraph -Credential $Global:MSCloudLoginConnectionProfile.Intune.Credentials | Out-Null $Global:MSCloudLoginConnectionProfile.Intune.ConnectedDateTime = [System.DateTime]::Now.ToString() $Global:MSCloudLoginConnectionProfile.Intune.MultiFactorAuthentication = $false $Global:MSCloudLoginConnectionProfile.Intune.Connected = $true } catch { # If the Intune PowerShell application has not yet been granted access to the tenant if ($_.Exception -like '*The user or administrator has not consented to use the application with ID*') { Write-Verbose "The Intune PowerShell Azure AD Application has not bee granted consent. Launching an interactive prompt to request consent.'" Connect-MSGraph -AdminConsent | Out-Null $Global:MSCloudLoginConnectionProfile.Intune.ConnectedDateTime = [System.DateTime]::Now.ToString() $Global:MSCloudLoginConnectionProfile.Intune.MultiFactorAuthentication = $false $Global:MSCloudLoginConnectionProfile.Intune.Connected = $true } elseif ($_.Exception -like '*Due to a configuration change made by your administrator*') { Write-Verbose "The specified user account requires MFA. Launching interactive prompt.'" Connect-MSGraph | Out-Null $Global:MSCloudLoginConnectionProfile.Intune.ConnectedDateTime = [System.DateTime]::Now.ToString() $Global:MSCloudLoginConnectionProfile.Intune.MultiFactorAuthentication = $true $Global:MSCloudLoginConnectionProfile.Intune.Connected = $true } else { $Global:MSCloudLoginConnectionProfile.Intune.Connected = $false throw $_ } } } else { $WarningPreference = 'SilentlyContinue' try { Update-MSGraphEnvironment -AuthUrl $Global:MSCloudLoginConnectionProfile.Intune.AuthorizationUrl ` -GraphResourceId $Global:MSCloudLoginConnectionProfile.Intune.GraphResourceId ` -GraphBaseUrl $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl ` -AppID $Global:MSCloudLoginConnectionProfile.Intune.ApplicationId Connect-MSGraph -ClientSecret $Global:MSCloudLoginConnectionProfile.Intune.ApplicationSecret | Out-Null } catch { $Global:MSCloudLoginConnectionProfile.Intune.Connected = $false throw $_ } } } |