public/New-MdeServicePrincipal.ps1
|
#Requires -PSEdition Core #Requires -Version 7.0 <# .SYNOPSIS Creates a service principal (app registration) for Defender for Endpoint. .DESCRIPTION Creates a service principal (app registration) for Defender for Endpoint with a given set of permissions to interact with MDE. .NOTES Author: Jan-Henrik Damaschke .PARAMETER name Optional. Service principal name, defaults to 'PSMDE'. .PARAMETER permissions Optional. Service principal permissions, defaults to 'read'. Possible values are 'read', 'readwrite'. Assigns either all 'Read' or all 'ReadWrite' permissions to the new service principal. .PARAMETER delegated Optional. If defined, the service principal will be created with delegated, not with application permissions. .PARAMETER initialize Optional. If defined, a secret will be generated and the service principal details will be handed over to Set-MdeAuthorizationInfo. .PARAMETER dontOpenGrantUrl Optional. If defined, it will not open a browser after the service principal was created to grant permissions. .LINK https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide .EXAMPLE New-MdeServicePrincipal -name 'PSMDE-SP' -permissions 'read' -delegated .EXAMPLE New-MdeServicePrincipal -permissions 'readwrite' -initialize .EXAMPLE New-MdeServicePrincipal -dontOpenGrantUrl #> function New-MdeServicePrincipal { [CmdletBinding()] param ( [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [string] $name = 'PSMDE', [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [ValidateSet('read', 'readwrite')] [string] $permissions = 'read', [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $delegated, [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $initialize, [Parameter(ValueFromPipelineByPropertyName, ValueFromPipeline)] [switch] $dontOpenGrantUrl ) Begin { $mdeIdAppId = 'fc780465-2017-40d4-a0c5-307022471b92' $applicationReadRoles = @( @{name = 'AdvancedQuery.Read.All'; id = '93489bf5-0fbc-4f2d-b901-33f2fe08ff05' } @{name = 'Alert.Read.All'; id = '71fe6b80-7034-4028-9ed8-0f316df9c3ff' } @{name = 'File.Read.All'; id = '8788f1a9-beca-4e26-ba58-10513f3b896f' } @{name = 'Ip.Read.All'; id = '47bf842d-354b-49ef-b741-3a6dd815bc13' } @{name = 'Machine.Read.All'; id = 'ea8291d3-4b9a-44b5-bc3a-6cea3026dc79' } @{name = 'RemediationTasks.Read.All'; id = '6a33eedf-ba73-4e5a-821b-f057ef63853a' } @{name = 'Score.Read.All'; id = '02b005dd-f804-43b4-8fc7-078460413f74' } @{name = 'SecurityBaselinesAssessment.Read.All'; id = 'e870c0c1-c1a2-41ca-948e-a33912d2d3f0' } @{name = 'SecurityConfiguration.Read.All'; id = '227f2ea0-c2c2-4428-b7af-9ff40f1a720e' } @{name = 'SecurityRecommendation.Read.All'; id = '6443965c-7dd2-4cfd-b38f-bb7772bee163' } @{name = 'Software.Read.All'; id = '37f71c98-d198-41ae-964d-2c49aab74926' } @{name = 'Ti.Read.All'; id = '528ca142-c849-4a5b-935e-10b8b9c38a84' } @{name = 'Url.Read.All'; id = '721af526-ffa8-42d7-9b84-1a56244dd99d' } @{name = 'User.Read.All'; id = 'a833834a-4cf1-4732-8acf-bbcfa13fb610' } @{name = 'Vulnerability.Read.All'; id = '41269fc5-d04d-4bfd-bce7-43a51cea049a' } ) $applicationReadWriteRoles = @( @{name = 'AdvancedQuery.Read.All'; id = '93489bf5-0fbc-4f2d-b901-33f2fe08ff05' } @{name = 'Alert.ReadWrite.All'; id = '0f7000ec-157b-497f-b70e-ef0b0584f140' } @{name = 'Event.Write'; id = '84ddd701-5fac-4c30-b0ad-aa73a67bea1a' } @{name = 'File.Read.All'; id = '8788f1a9-beca-4e26-ba58-10513f3b896f' } @{name = 'IntegrationConfiguration.ReadWrite'; id = '7c6f6912-60e9-4fcd-bb2a-c25bc35e8c59' } @{name = 'Ip.Read.All'; id = '47bf842d-354b-49ef-b741-3a6dd815bc13' } @{name = 'Library.Manage'; id = '41d209c7-2511-4fc9-b899-8008a3976f09' } @{name = 'Machine.ReadWrite.All'; id = 'aa027352-232b-4ed4-b963-a705fc4d6d2c' } @{name = 'RemediationTasks.Read.All'; id = '6a33eedf-ba73-4e5a-821b-f057ef63853a' } @{name = 'Score.Read.All'; id = '02b005dd-f804-43b4-8fc7-078460413f74' } @{name = 'SecurityBaselinesAssessment.Read.All'; id = 'e870c0c1-c1a2-41ca-948e-a33912d2d3f0' } @{name = 'SecurityConfiguration.ReadWrite.All'; id = 'e5e05709-32a3-4c85-89c8-67596eb94f24' } @{name = 'SecurityRecommendation.Read.All'; id = '6443965c-7dd2-4cfd-b38f-bb7772bee163' } @{name = 'Software.Read.All'; id = '37f71c98-d198-41ae-964d-2c49aab74926' } @{name = 'Ti.ReadWrite.All'; id = 'fc511a58-3adf-4d71-af24-00f13e35e479' } @{name = 'Url.Read.All'; id = '721af526-ffa8-42d7-9b84-1a56244dd99d' } @{name = 'User.Read.All'; id = 'a833834a-4cf1-4732-8acf-bbcfa13fb610' } @{name = 'Vulnerability.Read.All'; id = '41269fc5-d04d-4bfd-bce7-43a51cea049a' } ) $delegatedReadRoles = @( @{name = 'AdvancedQuery.Read'; id = '1fb6e712-1bd9-4184-b1c0-5e71e759196b' } @{name = 'Alert.Read'; id = 'b2069dc0-9fe9-4e6d-9aca-ccf3dd503819' } @{name = 'File.Read.All'; id = '8fce64a0-67c8-4e39-8f47-cac9ff7e13bb' } @{name = 'Ip.Read.All'; id = 'b65a97e8-c8e8-4908-b19a-f654615de1a9' } @{name = 'Machine.Read'; id = 'fbd3d33a-b1f5-4573-906c-51b39682fbcf' } @{name = 'RemediationTasks.Read'; id = '19956c04-168f-4f44-b471-48c8f50dc0c8' } @{name = 'Score.Read'; id = 'df4ed126-3a4c-460a-b0fc-67aea84fc332' } @{name = 'SecurityBaselinesAssessment.Read'; id = 'd42e2aa1-a664-43a9-b7c6-2766d44a6687' } @{name = 'SecurityConfiguration.Read'; id = '4ac83e46-552f-4948-91c2-f7eaff971018' } @{name = 'SecurityRecommendation.Read'; id = '1ab96238-1253-4059-a32f-4087f20ed65d' } @{name = 'Software.Read'; id = '5f216ada-3f51-4a22-ace5-06b198328476' } @{name = 'Url.Read.All'; id = '42b4777c-6196-49ad-9cfc-207e73f2eb61' } @{name = 'User.Read.All'; id = 'ffd6563e-842b-4cfc-b349-06006e0473a3' } @{name = 'Vulnerability.Read'; id = '63a677ce-818c-4409-9d12-5c6d2e2a6bfe' } ) $delegatedReadWriteRoles = @( @{name = 'AdvancedQuery.Read'; id = '1fb6e712-1bd9-4184-b1c0-5e71e759196b' } @{name = 'Alert.ReadWrite'; id = 'cbc3b413-21e6-416d-95a4-af87687efbd0' } @{name = 'File.Read.All'; id = '8fce64a0-67c8-4e39-8f47-cac9ff7e13bb' } @{name = 'IntegrationConfiguration.ReadWrite'; id = '7c6f6912-60e9-4fcd-bb2a-c25bc35e8c59' } @{name = 'Ip.Read.All'; id = 'b65a97e8-c8e8-4908-b19a-f654615de1a9' } @{name = 'Library.Manage'; id = '5998a3da-2c9b-4bf3-99bd-44c9fe337ad2' } @{name = 'Machine.ReadWrite'; id = 'f6846c57-9e3c-4a65-81aa-2f5e09ff4f0b' } @{name = 'RemediationTasks.Read'; id = '19956c04-168f-4f44-b471-48c8f50dc0c8' } @{name = 'Score.Read'; id = 'df4ed126-3a4c-460a-b0fc-67aea84fc332' } @{name = 'SecurityBaselinesAssessment.Read'; id = 'd42e2aa1-a664-43a9-b7c6-2766d44a6687' } @{name = 'SecurityConfiguration.ReadWrite'; id = 'bfc81a3a-4f6d-4bfe-b945-d7fe6747d2a0' } @{name = 'SecurityRecommendation.Read'; id = '1ab96238-1253-4059-a32f-4087f20ed65d' } @{name = 'Software.Read'; id = '5f216ada-3f51-4a22-ace5-06b198328476' } @{name = 'Ti.ReadWrite'; id = '650ff1f9-dd5f-48ee-8c58-7beef332c818' } @{name = 'Url.Read.All'; id = '42b4777c-6196-49ad-9cfc-207e73f2eb61' } @{name = 'User.Read.All'; id = 'ffd6563e-842b-4cfc-b349-06006e0473a3' } @{name = 'Vulnerability.Read'; id = '63a677ce-818c-4409-9d12-5c6d2e2a6bfe' } ) try { Get-Command Get-AzContext -ErrorAction Stop } catch { Throw 'Az module not found, please install it and connect to Azure.' } $context = (Get-AzContext) } Process { if ($context) { $sp = New-AzADServicePrincipal -DisplayName $name # Wait for Azure AD Write-Verbose 'Waiting 5 seconds for the app to be available in Azure AD' Start-Sleep -Seconds 5 $sp = Get-AzADApplication -ApplicationId $sp.AppId if ($delegated) { $permissionSet = $permissions -eq 'read' ? $delegatedReadRoles : $delegatedReadWriteRoles foreach ($permission in $permissionSet) { Add-AzADAppPermission -ObjectId $sp.Id -ApiId $mdeIdAppId -PermissionId $permission.id -Type Scope } } else { $permissionSet = $permissions -eq 'read' ? $applicationReadRoles : $applicationReadWriteRoles foreach ($permission in $permissionSet) { Add-AzADAppPermission -ObjectId $sp.Id -ApiId $mdeIdAppId -PermissionId $permission.id -Type Role } } # Wait for Azure AD Write-Verbose 'Waiting 5 seconds for the app permissions to be applied in Azure AD' Start-Sleep -Seconds 5 if ($initialize) { $secret = $sp | New-AzADAppCredential -EndDate (Get-Date).AddDays(30) Set-MdeAuthorizationInfo -tenantId $context.Tenant.Id -appId $sp.AppId -appSecret $secret.SecretText -noTokenRefresh $script:initialize = $true } $grantUrl = "https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/CallAnAPI/appId/$($sp.AppId)" if (-not $dontOpenGrantUrl) { Start-Process $grantUrl } Write-Output "Please grant consent for the provided API permissions. The first execution of a function can take a few seconds, as the grants are not immediatly available." return @{ servicePrincipalName = $sp.DisplayName servicePrincipalId = $sp.Id servicePrincipalApplicationId = $sp.AppId servicePrincipalTenantId = $context.Tenant.Id servicePrincipalSecret = ${secret}?.SecretText servicePrincipalSecretExpiration = ${secret}?.EndDateTime servicePrincipalPermissionsUrl = $grantUrl } } else { Throw 'No active Az session found, please run Connect-AzAccount first.' } } End {} } # SIG # Begin signature block # MIImxAYJKoZIhvcNAQcCoIImtTCCJrECAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUD+HJL80pGA1eysk/xc2eAy1r # QYmggh/VMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw # MFoXDTI4MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp # Z28gTGltaXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n # IFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIE # JHQu/xYjApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7 # fbu2ir29BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGr # YbNzszwLDO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTH # qi0Eq8Nq6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv # 64IplXCN/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2J # mRCxrds+LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0P # OM1nqFOI+rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXy # bGWfv1VbHJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyhe # Be6QTHrnxvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXyc # uu7D1fkKdvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7id # FT/+IAx1yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQY # MBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJw # IDaRXBeF5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE # DDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1Ud # HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmlj # YXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3Sa # mES4aUa1qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+ # BtlcY2fUQBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8 # ZsBRNraJAlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx # 2jLsFeSmTD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyo # XZ3JHFuu2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p # 1FiAhORFe1rYMIIGGjCCBAKgAwIBAgIQYh1tDFIBnjuQeRUgiSEcCjANBgkqhkiG # 9w0BAQwFADBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYw # HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBUMQswCQYDVQQGEwJHQjEY # MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1Ymxp # YyBDb2RlIFNpZ25pbmcgQ0EgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB # igKCAYEAmyudU/o1P45gBkNqwM/1f/bIU1MYyM7TbH78WAeVF3llMwsRHgBGRmxD # eEDIArCS2VCoVk4Y/8j6stIkmYV5Gej4NgNjVQ4BYoDjGMwdjioXan1hlaGFt4Wk # 9vT0k2oWJMJjL9G//N523hAm4jF4UjrW2pvv9+hdPX8tbbAfI3v0VdJiJPFy/7Xw # iunD7mBxNtecM6ytIdUlh08T2z7mJEXZD9OWcJkZk5wDuf2q52PN43jc4T9OkoXZ # 0arWZVeffvMr/iiIROSCzKoDmWABDRzV/UiQ5vqsaeFaqQdzFf4ed8peNWh1OaZX # nYvZQgWx/SXiJDRSAolRzZEZquE6cbcH747FHncs/Kzcn0Ccv2jrOW+LPmnOyB+t # AfiWu01TPhCr9VrkxsHC5qFNxaThTG5j4/Kc+ODD2dX/fmBECELcvzUHf9shoFvr # n35XGf2RPaNTO2uSZ6n9otv7jElspkfK9qEATHZcodp+R4q2OIypxR//YEb3fkDn # 3UayWW9bAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBQy65Ka/zWWSC8oQEJwIDaR # XBeF5jAdBgNVHQ4EFgQUDyrLIIcouOxvSK4rVKYpqhekzQwwDgYDVR0PAQH/BAQD # AgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwGwYD # VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAEEATBLBgNVHR8ERDBCMECgPqA8hjpodHRw # Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RS # NDYuY3JsMHsGCCsGAQUFBwEBBG8wbTBGBggrBgEFBQcwAoY6aHR0cDovL2NydC5z # ZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdSb290UjQ2LnA3YzAj # BggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEM # BQADggIBAAb/guF3YzZue6EVIJsT/wT+mHVEYcNWlXHRkT+FoetAQLHI1uBy/YXK # ZDk8+Y1LoNqHrp22AKMGxQtgCivnDHFyAQ9GXTmlk7MjcgQbDCx6mn7yIawsppWk # vfPkKaAQsiqaT9DnMWBHVNIabGqgQSGTrQWo43MOfsPynhbz2Hyxf5XWKZpRvr3d # MapandPfYgoZ8iDL2OR3sYztgJrbG6VZ9DoTXFm1g0Rf97Aaen1l4c+w3DC+IkwF # kvjFV3jS49ZSc4lShKK6BrPTJYs4NG1DGzmpToTnwoqZ8fAmi2XlZnuchC4NPSZa # PATHvNIzt+z1PHo35D/f7j2pO1S8BCysQDHCbM5Mnomnq5aYcKCsdbh0czchOm8b # kinLrYrKpii+Tk7pwL7TjRKLXkomm5D1Umds++pip8wH2cQpf93at3VDcOK4N7Ew # oIJB0kak6pSzEu4I64U6gZs7tS/dGNSljf2OSSnRr7KWzq03zl8l75jy+hOds9TW # SenLbjBQUGR96cFr6lEUfAIEHVC1L68Y1GGxx4/eRI82ut83axHMViw1+sVpbPxg # 51Tbnio1lB93079WPFnYaOvfGAA0e0zcfF/M9gXr+korwQTh2Prqooq2bYNMvUoU # KD85gnJ+t0smrWrb8dee2CvYZXD5laGtaAxOfy/VKNmwuWuAh9kcMIIGVjCCBL6g # AwIBAgIQSLErKd7D+K4bkReO90aFWDANBgkqhkiG9w0BAQwFADBUMQswCQYDVQQG # EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQDEyJTZWN0aWdv # IFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2MB4XDTIyMDkxNDAwMDAwMFoXDTI1 # MDkxMzIzNTk1OVowTzELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0hhbWJ1cmcxFjAU # BgNVBAoMDVZpc29yaWFuIEdtYkgxFjAUBgNVBAMMDVZpc29yaWFuIEdtYkgwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/SsWhmbM7lO+pge5iLxuq3kXF # 3xvbHU34E1wluLQOVC/A66AKKPo89E04zwAqqezN62flVYk9Xc+vFzNyy7I8wqq5 # vWojRnS7xW+QbFqJYxxHuGRiWEnt90p/wBrnq98Fl8JcmCKSDy/mUVAj+Lmq6WsU # ph81PJMwC6T9POxk9/9k5I49Q8bBm5Yjx7yBTanHfdupCCFBgTFyJs9K4XLzva1I # lCiMSYUxPRED0Dv8jVKdWnz3dbt00esUtubx5lD3YHdW6pYUR0hvJEi50G3sSqZ8 # Mebjts3+0PmEvHIR2aKvG/stx4jMngnBfwmeNbzWjwmqp4Qa4EGwv4Abs4hyK/kT # erQua3IcXOgJqbblfxSoFDai14aCUGs2zxornoXhoYtjBj6XYgVS5eVME874hJLJ # EZENiukta9r4IYOqnKglj+fwJrvEyx2INTELz99Ha074I8lG8ZJzNhuCqH6XgMUn # 3EyOHMzbCrw1uDn0JDlhFX0sdaGXtopPgweIHbS87rcJc/tRSGhDG0YHqQWvxi9r # Rb+v0L3KRYvtwih/VfpjQyFHFzcArDxKyrQ2SyGJ2ta0/Exl1dkYoTkVDm8R8f/2 # dG/VhTgvnDV1zW/SFRLwQAg/qmy6wpgK78338G+xCX47iauFtj2TAvw6sWB8jhwL # xBvqvkP+r84HNB8KhQIDAQABo4IBpzCCAaMwHwYDVR0jBBgwFoAUDyrLIIcouOxv # SK4rVKYpqhekzQwwHQYDVR0OBBYEFEHuYVgbSyoXa7Xei0crFprgrkXEMA4GA1Ud # DwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEoG # A1UdIARDMEEwNQYMKwYBBAGyMQECAQMCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8v # c2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEATBJBgNVHR8EQjBAMD6gPKA6hjhodHRw # Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ0NBUjM2 # LmNybDB5BggrBgEFBQcBAQRtMGswRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQuc2Vj # dGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3J0MCMGCCsG # AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAcBgNVHREEFTATgRFpbmZv # QHZpc29yaWFuLmNvbTANBgkqhkiG9w0BAQwFAAOCAYEASbJLCqUl82MPxtVDdBxd # sOBCbYWxMvc4A9a/L+cuES3FYnBEa9jmA8o23+kvy2LZS3GeAU1AnNYkg2TAF+Oh # fPDUviHUZDM/JgvCUF1ZmAvi6nLLBxvxfRxhGoUCkjaKIzDpPHZia6e/Jl9Xxthe # GtCR9epTBuizMZTCTUvNPxY+Tm9L4EKHRsRBv8NkeuTKQpnGYfrHeKz/hVUeS4IS # sTyv+xg7/nBITBSosfB79XDORaoNBxpqrSZLrpZV5OHIH2IGxRKKHyLVVCQAzriK # +OV1EGBSmknqDarNbgtzU94iULYu15a1/PElzK7qB2i76FmLMMBVb9NVuXTfgMgT # VzWfMs4mdsdOg7dcPxKpK2nViPbY3JQQVx8aKX+gJwWajuELP/JSE6nPYPSrwMLT # xXRQ7AiScBTf6J3EeWq71AEUTSZ4/FImjbv0hDfnoSCr/6SRxc4it/kjXyJKXF1p # VVbuEFsgyZpmxlSM3jSR9R02TrDR0q95oC/6eSwGxfwPMIIG7DCCBNSgAwIBAgIQ # MA9vrN1mmHR8qUY2p3gtuTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYD # VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBS # U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTkwNTAyMDAwMDAwWhcNMzgw # MTE4MjM1OTU5WjB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5j # aGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 # ZWQxJTAjBgNVBAMTHFNlY3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgQ0EwggIiMA0G # CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDIGwGv2Sx+iJl9AZg/IJC9nIAhVJO5 # z6A+U++zWsB21hoEpc5Hg7XrxMxJNMvzRWW5+adkFiYJ+9UyUnkuyWPCE5u2hj8B # BZJmbyGr1XEQeYf0RirNxFrJ29ddSU1yVg/cyeNTmDoqHvzOWEnTv/M5u7mkI0Ks # 0BXDf56iXNc48RaycNOjxN+zxXKsLgp3/A2UUrf8H5VzJD0BKLwPDU+zkQGObp0n # dVXRFzs0IXuXAZSvf4DP0REKV4TJf1bgvUacgr6Unb+0ILBgfrhN9Q0/29DqhYyK # VnHRLZRMyIw80xSinL0m/9NTIMdgaZtYClT0Bef9Maz5yIUXx7gpGaQpL0bj3duR # X58/Nj4OMGcrRrc1r5a+2kxgzKi7nw0U1BjEMJh0giHPYla1IXMSHv2qyghYh3ek # FesZVf/QOVQtJu5FGjpvzdeE8NfwKMVPZIMC1Pvi3vG8Aij0bdonigbSlofe6GsO # 8Ft96XZpkyAcSpcsdxkrk5WYnJee647BeFbGRCXfBhKaBi2fA179g6JTZ8qx+o2h # ZMmIklnLqEbAyfKm/31X2xJ2+opBJNQb/HKlFKLUrUMcpEmLQTkUAx4p+hulIq6l # w02C0I3aa7fb9xhAV3PwcaP7Sn1FNsH3jYL6uckNU4B9+rY5WDLvbxhQiddPnTO9 # GrWdod6VQXqngwIDAQABo4IBWjCCAVYwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHY # m8Cd8rIDZsswHQYDVR0OBBYEFBqh+GEZIA/DQXdFKI7RNV8GEgRVMA4GA1UdDwEB # /wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMI # MBEGA1UdIAQKMAgwBgYEVR0gADBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3Js # LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0 # eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVz # ZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUH # MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIB # AG1UgaUzXRbhtVOBkXXfA3oyCy0lhBGysNsqfSoF9bw7J/RaoLlJWZApbGHLtVDb # 4n35nwDvQMOt0+LkVvlYQc/xQuUQff+wdB+PxlwJ+TNe6qAcJlhc87QRD9XVw+K8 # 1Vh4v0h24URnbY+wQxAPjeT5OGK/EwHFhaNMxcyyUzCVpNb0llYIuM1cfwGWvnJS # ajtCN3wWeDmTk5SbsdyybUFtZ83Jb5A9f0VywRsj1sJVhGbks8VmBvbz1kteraMr # Qoohkv6ob1olcGKBc2NeoLvY3NdK0z2vgwY4Eh0khy3k/ALWPncEvAQ2ted3y5wu # jSMYuaPCRx3wXdahc1cFaJqnyTdlHb7qvNhCg0MFpYumCf/RoZSmTqo9CfUFbLfS # ZFrYKiLCS53xOV5M3kg9mzSWmglfjv33sVKRzj+J9hyhtal1H3G/W0NdZT1QgW6r # 8NDT/LKzH7aZlib0PHmLXGTMze4nmuWgwAxyh8FuTVrTHurwROYybxzrF06Uw3hl # IDsPQaof6aFBnf6xuKBlKjTg3qj5PObBMLvAoGMs/FwWAKjQxH/qEZ0eBsambTJd # tDgJK0kHqv3sMNrxpy/Pt/360KOE2See+wFmd7lWEOEgbsausfm2usg1XTN2jvF8 # IAwqd661ogKGuinutFoAsYyr4/kKyVRd1LlqdJ69SK6YMIIG9jCCBN6gAwIBAgIR # AJA5f5rSSjoT8r2RXwg4qUMwDQYJKoZIhvcNAQEMBQAwfTELMAkGA1UEBhMCR0Ix # GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEY # MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBU # aW1lIFN0YW1waW5nIENBMB4XDTIyMDUxMTAwMDAwMFoXDTMzMDgxMDIzNTk1OVow # ajELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1Nl # Y3RpZ28gTGltaXRlZDEsMCoGA1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGlu # ZyBTaWduZXIgIzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQsnE/ # eeHUuYoXzMOXwpCUcu1aOm8BQ39zWiifJHygNUAG+pSvCqGDthPkSxUGXmqKIDRx # e7slrT9bCqQfL2x9LmFR0IxZNz6mXfEeXYC22B9g480Saogfxv4Yy5NDVnrHzgPW # AGQoViKxSxnS8JbJRB85XZywlu1aSY1+cuRDa3/JoD9sSq3VAE+9CriDxb2YLAd2 # AXBF3sPwQmnq/ybMA0QfFijhanS2nEX6tjrOlNEfvYxlqv38wzzoDZw4ZtX8fR6b # WYyRWkJXVVAWDUt0cu6gKjH8JgI0+WQbWf3jOtTouEEpdAE/DeATdysRPPs9zdDn # 4ZdbVfcqA23VzWLazpwe/OpwfeZ9S2jOWilh06BcJbOlJ2ijWP31LWvKX2THaygM # 2qx4Qd6S7w/F7KvfLW8aVFFsM7ONWWDn3+gXIqN5QWLP/Hvzktqu4DxPD1rMbt8f # vCKvtzgQmjSnC//+HV6k8+4WOCs/rHaUQZ1kHfqA/QDh/vg61MNeu2lNcpnl8TIt # UfphrU3qJo5t/KlImD7yRg1psbdu9AXbQQXGGMBQ5Pit/qxjYUeRvEa1RlNsxfTh # hieThDlsdeAdDHpZiy7L9GQsQkf0VFiFN+XHaafSJYuWv8at4L2xN/cf30J7qusc # 6es9Wt340pDVSZo6HYMaV38cAcLOHH3M+5YVxQIDAQABo4IBgjCCAX4wHwYDVR0j # BBgwFoAUGqH4YRkgD8NBd0UojtE1XwYSBFUwHQYDVR0OBBYEFCUuaDxrmiskFKkf # ot8mOs8UpvHgMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB # /wQMMAoGCCsGAQUFBwMIMEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMIMCUwIwYI # KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEAjBEBgNV # HR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FU # aW1lU3RhbXBpbmdDQS5jcmwwdAYIKwYBBQUHAQEEaDBmMD8GCCsGAQUFBzAChjNo # dHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5j # cnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3 # DQEBDAUAA4ICAQBz2u1ocsvCuUChMbu0A6MtFHsk57RbFX2o6f2t0ZINfD02oGnZ # 85ow2qxp1nRXJD9+DzzZ9cN5JWwm6I1ok87xd4k5f6gEBdo0wxTqnwhUq//EfpZs # K9OU67Rs4EVNLLL3OztatcH714l1bZhycvb3Byjz07LQ6xm+FSx4781FoADk+AR2 # u1fFkL53VJB0ngtPTcSqE4+XrwE1K8ubEXjp8vmJBDxO44ISYuu0RAx1QcIPNLiI # ncgi8RNq2xgvbnitxAW06IQIkwf5fYP+aJg05Hflsc6MlGzbA20oBUd+my7wZPvb # pAMxEHwa+zwZgNELcLlVX0e+OWTOt9ojVDLjRrIy2NIphskVXYCVrwL7tNEunTh8 # NeAPHO0bR0icImpVgtnyughlA+XxKfNIigkBTKZ58qK2GpmU65co4b59G6F87VaA # pvQiM5DkhFP8KvrAp5eo6rWNes7k4EuhM6sLdqDVaRa3jma/X/ofxKh/p6FIFJEN # gvy9TZntyeZsNv53Q5m4aS18YS/to7BJ/lu+aSSR/5P8V2mSS9kFP22GctOi0MBk # 0jpCwRoD+9DtmiG4P6+mslFU1UzFyh8SjVfGOe1c/+yfJnatZGZn6Kow4NKtt32x # akEnbgOKo3TgigmCbr/j9re8ngspGGiBoZw/bhZZSxQJCZrmrr9gFd2G9TGCBlkw # ggZVAgEBMGgwVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRl # ZDErMCkGA1UEAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNgIQ # SLErKd7D+K4bkReO90aFWDAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAig # AoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgEL # MQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUCeRjUull5kys9TeRmzs+ # sO/K8VAwDQYJKoZIhvcNAQEBBQAEggIAHPmhB6gxiBGJ33BDOjH0Eo3+Vo5R2C4S # 0Wo3b3OrxaRgzR2C5ZLu0fd/k6WgjR9xmmYHuqFLhgU3EoIdhBMtNmFoG7fsGGXG # o4BVJ9kLUIYeYZjCa9KAgXo/CXvIaRuVGPs/kxwei7zME3pJ1x0hZnC3vva/qZQX # JzY3Pgz+D/4VP+RIhy9VbxD/ejeECl5Q2afdnngcAPCN/pNKwxZrx51kLIjDaVzc # FZDl1uS1t5sGPnsBHVWtTkHIgjBLHc1i/zE5OqagGRh4R/wKjnrieRE1CHKu4pWg # fo46bwvDjT/vZOKKhwOoAjNyc4HKFC7k6BjBvqekbMLMtjNZ1Y7W0IWL9QRMLFWz # AzGVfKUBLXjqc5dl4FYZkZTnRstnSGDLAhif2rVE4LVpj/iICZOUFChEV/6MtQX1 # fnBjI3GFADOwQj95D7Mvv42573HYhOhaIdyhEbn/U3VSb0moz0K/zRdi8tbhnWgd # on46RaaBpg+qVVcCJqZg0JZqDq+hdsMAkeKi0K8w05W8XVNbNnZNOQnQiPmerabF # y49o1Av+CSEn6MEN/wlQAVbwcFKrOKychpLArc3ETrnlmE1hpdqkYLEwYI8Gin1r # Kp+1fNuXbx1Jy2zRQIbD1B1nQxcxR3GzVvjy9bCDSK0BjswVFWK4iK2gyYc5elag # H9WErDCdA/qhggNMMIIDSAYJKoZIhvcNAQkGMYIDOTCCAzUCAQEwgZIwfTELMAkG # A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH # U2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0 # aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBAhEAkDl/mtJKOhPyvZFfCDipQzANBglg # hkgBZQMEAgIFAKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN # AQkFMQ8XDTIyMTEyNDE2MTkzMVowPwYJKoZIhvcNAQkEMTIEMNLTbzVv1vJCo/qR # Ixgs3pebb68xG4A2UNF8rZ1lYih2CjCnfx6OoBeB3xxIKNWwGjANBgkqhkiG9w0B # AQEFAASCAgCL1SIZwW0rXA/L3WhzY/45nAb6k2eFvSH+68TvEkJjym3N/VFlz93m # MCBo7YhZ8qzssO0AHhqPnPtSjNUdzmz1hnjHDmtXeSTJ9pzoo4EA6I/hu8BOwECZ # yJVlvBC/TG7PIuysgReaeAt8/xsDQHPZ74AslUtkwZCsJaoHWzJzFoLt5fMezGPa # 55C4DejQooPtaCAQ+Y52CLBky7vecQkELaBzRaU8X5HhbUmr+UW/JJjFU8Fy+daZ # /DEKW5v/3qnpX2flYKbpHW0JDGlx/LpwQBAz8RKzaOOwpf2Sj61HvQV72SJ+u8cR # IIAGZACijFpIH5ZBybHtWEuN9eRwp7aLsOsPPbDPXzGXedic6ZjFrlg7KTuyFio6 # M8xMdqDF8i2dhcAw+rwvpkoU50xAJhYvK2hzoftIWOJpF0bgYHvoPXro8szCIcwy # 61fkYiMAiCheTmjW7TCHR/9cVywXwwqroemv3Y8q2BKsL0+6eS3b6E57wzrndF/S # 6SCN9RmLXAIrY+SeMqevBBoRkv81fdSouMlrIQTT6v4p/t4Y/7cT90O/QPBKtW22 # lbN28qPsv2IPjct913sRtjeymNl6ohIuYXByH1yzhQ5AYLt+z5qe13uTEtexL0FI # ri5jW6NtodpAXZgOaW1oAIiQa7fojSXW+QWsYnpRQEuRqYkhhvzNFA== # SIG # End signature block |