Workloads/AzureAD.psm1
function Connect-MSCloudLoginAzureAD { [CmdletBinding()] param( [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.String] $CertificateThumbprint ) if (-not [String]::IsNullOrEmpty($ApplicationId) -and ` -not [String]::IsNullOrEmpty($TenantId) -and ` -not [String]::IsNullOrEmpty($CertificateThumbprint)) { Write-Verbose -Message "Connecting to AzureAD using Application {$ApplicationId}" try { Connect-AzureAD -ApplicationId $ApplicationId -TenantId $TenantId -CertificateThumbprint $CertificateThumbprint | Out-Null } catch { throw $_ } } else { try { Connect-AzureAD -Credential $Global:o365Credential -ErrorAction Stop | Out-Null $Global:IsMFAAuth = $false $Global:MSCloudLoginAzureADConnected = $true } catch { if ($_.Exception -like '*unknown_user_type: Unknown User Type*') { try { Connect-AzureAD -Credential $Global:o365Credential -AzureEnvironmentName AzureGermanyCloud -ErrorAction Stop | Out-Null $Global:IsMFAAuth = $false $Global:MSCloudLoginAzureADConnected = $true $Global:CloudEnvironment = 'Germany' } catch { if ($_.Exception -like '*AADSTS50076*') { Connect-MSCloudLoginAzureADMFA } elseif ($_.Exception -like '*unknown_user_type*') { $Global:CloudEnvironment = 'GCCHigh' Connect-MSCloudLoginAzureADMFA } else { $Global:MSCloudLoginAzureADConnected = $false throw $_ } } } elseif ($_.Exception -like '*AADSTS50076*') { Connect-MSCloudLoginAzureADMFA } else { $Global:MSCloudLoginAzureADConnected = $false throw $_ } } } return } function Connect-MSCloudLoginAzureADMFA { [CmdletBinding()] param() # We are using an MFA enabled account. Need to call Azure AD try { if ($null -ne $Global:o365Credential) { if ($Global:o365Credential.UserName.Split('@')[1] -like '*.de') { $EnvironmentName = 'AzureGermanyCloud' $Global:CloudEnvironment = 'Germany' } else { $EnvironmentName = 'AzureCloud' } Connect-AzureAD -AccountId $Global:o365Credential.UserName -AzureEnvironmentName $EnvironmentName -ErrorAction Stop | Out-Null $Global:IsMFAAuth = $true $Global:MSCloudLoginAzureADConnected = $true } else { Connect-AzureAD -ErrorAction Stop | Out-Null $Global:MSCloudLoginAzureADConnected = $true } } catch { try { Connect-AzureAD -AccountId $Global:o365Credential.UserName -AzureEnvironmentName AzureUSGovernment -ErrorAction Stop | Out-Null $Global:IsMFAAuth = $true $Global:MSCloudLoginAzureADConnected = $true if ($Global:CloudEnvironment -ne 'GCCHigh') { $Global:CloudEnvironment = 'USGovernment' } } catch { $Global:MSCloudLoginAzureADConnected = $false throw $_ } } return } |