Workloads/Azure.psm1

function Connect-MSCloudLoginAzure
{
    [CmdletBinding()]
    param()
    try
    {
        if ($null -ne $Global:o365Credential)
        {
            Connect-AzAccount -Credential $Global:o365Credential -ErrorAction Stop | Out-Null
            $Global:MSCloudLoginAzureConnected = $True
        }
        else
        {
            Connect-AzAccount -ErrorAction Stop | Out-Null
            $Global:MSCloudLoginAzureConnected = $True
        }
    }
    catch 
    {
        if ($_.Exception -like '*unknown_user_type: Unknown User Type*')
        {
            if ($Global:o365Credential.UserName.Split('@')[1] -like '*.de')
            {
                $EnvironmentName = 'AzureGermanCloud'
                $Global:CloudEnvironment = 'Germany'
            }
            else
            {
                $EnvironmentName = 'AzureCloud'
                $Global:CloudEnvironment = 'Public'
            }
            try
            {
                Connect-AzAccount -Credential $Global:o365Credential -Environment $EnvironmentName -ErrorAction Stop | Out-Null
                $Global:MSCloudLoginAzureConnected = $True
                $Global:IsMFAAuth = $false
            }
            catch
            {
                if ($_.Exception -like '*Due to a configuration change made by your administrator*')
                {
                    Connect-MSCloudLoginAzureMFA -EnvironmentName $EnvironmentName
                }
                elseif ($_.Exception -like '*unknown_user_type*')
                {
                    $Global:CloudEnvironment = 'GCCHigh'
                    Connect-MSCloudLoginAzureMFA -EnvironmentName 'GCCHigh'
                }
                else
                {
                    $Global:MSCloudLoginAzureConnected = $False
                    throw $_
                }
            }
        }
        else
        {
            if ($_.Exception -like '*Due to a configuration change made by your administrator*')
            {
                Connect-MSCloudLoginAzureMFA -EnvironmentName 'AzureCloud'
            }
            else
            {
                $Global:MSCloudLoginAzureConnected = $false
                throw $_
            }
        }
    }

    [array]$subscriptions = Get-AzSubscription -WarningAction Continue
    # Prompt for a subscription in case we have more than one
    if ($subscriptions.Count -gt 1)
    {
        Write-Host -ForegroundColor Cyan " - Prompting for Azure subscription..."
        $Global:subscriptionDetails = Get-AzSubscription -WarningAction SilentlyContinue | Sort-Object Name | Out-GridView -Title "Select ONE subscription..." -PassThru
        if ($null -eq $subscriptionDetails)
        {
            throw " - A subscription must be selected."
        }
        elseif ($subscriptionDetails.Count -gt 1)
        {
            throw " - Please select *only one* subscription."
        }
        Write-Host -ForegroundColor White " - Setting active subscription to '$($Global:subscriptionDetails.Name)'..."
        Set-AzContext -Subscription $Global:subscriptionDetails.Id
    }
    return
}

function Connect-MSCloudLoginAzureMFA
{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [System.String]
        $EnvironmentName
    )

    $clientID = "1950a258-227b-4e31-a9cf-717495945fc2"
    $ResourceURI = "https://management.core.windows.net"
    if ($EnvironmentName -eq 'AzureGermanCloud')
    {
        $ResourceURI = 'https://management.core.cloudapi.de/'
    }
    elseif ($EnvironmentName -eq 'GCCHigh')
    {
        $ResourceURI = 'https://management.core.usgovcloudapi.net/'
        $EnvironmentName = 'AzureUSGovernment'
    }
    $RedirectURI = "urn:ietf:wg:oauth:2.0:oob"
    try
    {
        $AuthHeader = Get-AuthHeader -UserPrincipalName $Global:o365Credential.UserName `
            -ResourceURI $ResourceURI -clientID $clientID -RedirectURI $RedirectURI
        $AccessToken = $AuthHeader.split(" ")[1]
        Connect-AzAccount -AccountId $Global:o365Credential.UserName -Environment $EnvironmentName -AccessToken $AccessToken -ErrorAction Stop | Out-Null
        $Global:IsMFAAuth = $true
        $Global:MSCloudLoginAzureConnected = $True
    }
    catch
    {
        $Global:MSCloudLoginAzureConnected = $False
        throw $_
    }
    return
}