More cmdlets

Examples/GetO365AzureConditionalAccess.ps1

@@ -0,0 +1,21 @@
+Import-Module .\O365Essentials.psd1 -Force
+
+if (-not $Credentials) {
+    $Credentials = Get-Credential
+}
+# This makes a connection to Office 365 tenant
+# since we don't want to save the data we null it out
+# keep in mind that if there's an MFA you would be better left without Credentials and just let it prompt you
+$null = Connect-O365Admin -Verbose -Credential $Credentials
+
+$CA = Get-O365AzureConditionalAccess
+$CA | Format-Table
+#$CA | Format-List
+
+
+$CA = Get-O365AzureConditionalAccess -Details
+$CA | Format-Table
+
+
+#Get-O365AzureConditionalAccessPolicy -PolicyID '7eac83fb-856b-45bf-9896-4fc78ea686f1'
+Get-O365AzureConditionalAccessPolicy -PolicyName 'Guest Access Policy 1'

Private/Script.O365PolicyState.ps1

@@ -0,0 +1,5 @@
+$Script:O365PolicyState = @{
+    '2' = 'Report-only'
+    '1' = 'Off'
+    '0' = 'On' # i think
+}

Public/Get-O365AzureConditionalAccess.ps1

@@ -0,0 +1,49 @@
+function Get-O365AzureConditionalAccess {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers,
+        [switch] $Details
+    )
+    #$Uri = 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies'
+    # Need to figure out scopes and use graph instead. But till then...
+    #$Uri = 'https://main.iam.ad.ext.azure.com/api/Policies/Policies?top=10&nextLink=null&appId=&includeBaseline=true'
+    # "https://main.iam.ad.ext.azure.com/api/Policies/7eac83fb-856b-45bf-9896-4fc78ea686f1"
+
+    # move it later on
+    $Script:O365PolicyState = @{
+        '2' = 'Report-only'
+        '1' = 'Off'
+        '0' = 'On' # i think
+    }
+
+    $QueryParameters = @{
+        top             = 10
+        nextLink        = $null
+        #appID           = ''
+        includeBaseline = $true
+    }
+    $Uri = 'https://main.iam.ad.ext.azure.com/api/Policies/Policies'
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers -QueryParameter $QueryParameters
+    if ($Output.items) {
+        foreach ($Policy in $Output.items) {
+            if (-not $Details) {
+                [PSCustomObject] @{
+                    PolicyId       = $Policy.policyId         #: 7eac83fb-856b-45bf-9896-4fc78ea686f1
+                    PolicyName     = $Policy.policyName       #: Guest Access Policy 1
+                    ApplyRule      = $Policy.applyRule        #: False
+                    PolicyState    = $O365PolicyState[$Policy.policyState.ToString()]      #: 1
+                    UsePolicyState = $Policy.usePolicyState   #: True
+                    BaselineType   = $Policy.baselineType     #: 0
+                    CreatedDate    = $Policy.createdDateTime  #: 11.09.2021 09:02:21
+                    ModifiedDate   = $Policy.modifiedDateTime #: 11.09.2021 17:38:21
+                }
+            } else {
+                $PolicyDetails = Get-O365AzureConditionalAccessPolicy -PolicyID $Policy.policyId
+                if ($PolicyDetails) {
+                    $PolicyDetails
+                }
+            }
+        }
+    }
+}

Public/Get-O365AzureConditionalAccessClassic.ps1

@@ -0,0 +1,18 @@
+function Get-O365AzureConditionalAccessClassic {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://main.iam.ad.ext.azure.com/api/ClassicPolicies'
+
+    $QueryParameters = @{
+        top      = 10
+        nextLink = $null
+        filter   = 1
+    }
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers -QueryParameter $QueryParameters
+    if ($Output.items) {
+        $Output.items
+    }
+}

Public/Get-O365AzureConditionalAccessLocations.ps1

@@ -0,0 +1,22 @@
+function Get-O365AzureConditionalAccessLocation {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://graph.microsoft.com/beta/conditionalAccess/namedLocations'
+
+    #?`$filter=&`$orderby=displayName&`$skip=0&`$top=10&`$count=true
+
+    $QueryParameters = @{
+        top     = 10
+        skip    = 0
+        orderby = 'displayName'
+        filter  = ''
+        count   = 'true'
+    }
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers -QueryParameter $QueryParameters
+    if ($Output) {
+        $Output
+    }
+}

Public/Get-O365AzureConditionalAccessPolicy.ps1

@@ -0,0 +1,68 @@
+function Get-O365AzureConditionalAccessPolicy {
+    [cmdletbinding()]
+    param(
+        [parameter(ParameterSetName = 'PolicyID')]
+        [parameter(ParameterSetName = 'PolicyName')]
+        [alias('Authorization')][System.Collections.IDictionary] $Headers,
+
+        [parameter(Mandatory, ParameterSetName = 'PolicyID')][string] $PolicyID,
+        [parameter(Mandatory, ParameterSetName = 'PolicyName')][string] $PolicyName
+    )
+    # move it later on
+    $Script:O365PolicyState = @{
+        '2' = 'Report-only'
+        '1' = 'Off'
+        '0' = 'On' # i think
+    }
+
+
+    if ($PolicyID) {
+        $Uri = "https://main.iam.ad.ext.azure.com/api/Policies/$PolicyID"
+    } elseif ($PolicyName) {
+        $FoundPolicy = $null
+        $Policies = Get-O365AzureConditionalAccess -Headers $Headers
+        foreach ($Policy in $Policies) {
+            if ($Policy.policyName -eq $PolicyName) {
+                $FoundPolicy = $Policy.policyId
+                break
+            }
+        }
+        if ($null -ne $FoundPolicy) {
+            $Uri = "https://main.iam.ad.ext.azure.com/api/Policies/$FoundPolicy"
+        } else {
+            Write-Warning -Message "Get-O365AzureConditionalAccessPolicy - No policy with name $PolicyName"
+            return
+        }
+    } else {
+        Write-Warning -Message "Get-O365AzureConditionalAccessPolicy - No policy ID or name specified"
+        return
+    }
+
+    $PolicyDetails = Invoke-O365Admin -Uri $Uri -Headers $Headers #-QueryParameter $QueryParameters
+    if ($PolicyDetails) {
+        [PSCustomObject] @{
+            PolicyId               = $PolicyDetails.policyId         #: 7eac83fb-856b-45bf-9896-4fc78ea686f1
+            PolicyName             = $PolicyDetails.policyName       #: Guest Access Policy 1
+            ApplyRule              = $PolicyDetails.applyRule        #: False
+            PolicyState            = $Script:O365PolicyState[$PolicyDetails.policyState.ToString()]      #: 1
+            UsePolicyState         = $PolicyDetails.usePolicyState   #: True
+            BaselineType           = $PolicyDetails.baselineType     #: 0
+            CreatedDate            = $PolicyDetails.createdDateTime  #: 11.09.2021 09:02:21
+            ModifiedDate           = $PolicyDetails.modifiedDateTime #: 11.09.2021 17:38:21
+            users                  = $PolicyDetails.users                  #   # : @{allUsers=2; included=; excluded=}
+            usersV2                = $PolicyDetails.usersV2                #   # : @{allUsers=2; included=; excluded=}
+            servicePrincipals      = $PolicyDetails.servicePrincipals      #   # : @{allServicePrincipals=1; included=; excluded=; filter=; includeAllMicrosoftApps=False; excludeAllMicrosoftApps=False; userActions=; stepUpTags=}
+            servicePrincipalsV2    = $PolicyDetails.servicePrincipalsV2    #   # : @{allServicePrincipals=1; included=; excluded=; filter=; includedAppContext=; shouldIncludeAppContext=False}
+            controls               = $PolicyDetails.controls               #   # : @{controlsOr=True; blockAccess=False; challengeWithMfa=True; compliantDevice=False; domainJoinedDevice=False; approvedClientApp=False; claimProviderControlIds=System.Object[]; requireCompliantApp=False; requirePasswordChange=False; requiredFe
+            #   #   deratedAuthMethod=0}
+            sessionControls        = $PolicyDetails.sessionControls        #   # : @{appEnforced=False; cas=False; cloudAppSecuritySessionControlType=0; signInFrequencyTimeSpan=; signInFrequency=0; persistentBrowserSessionMode=0; continuousAccessEvaluation=0; resiliencyDefaults=0; secureSignIn=False}
+            conditions             = $PolicyDetails.conditions             #   # : @{minUserRisk=; minSigninRisk=; devicePlatforms=; locations=; namedNetworks=; clientApps=; clientAppsV2=; time=; deviceState=}
+            clientApplications     = $PolicyDetails.clientApplications     #   # : @{allServicePrincipals=0; filter=; includedServicePrincipals=; excludedServicePrincipals=}
+            isAllProtocolsEnabled  = $PolicyDetails.isAllProtocolsEnabled  #   # : False
+            isUsersGroupsV2Enabled = $PolicyDetails.isUsersGroupsV2Enabled #   # : False
+            isCloudAppsV2Enabled   = $PolicyDetails.isCloudAppsV2Enabled   #   # : False
+            version                = $PolicyDetails.version                #   # : 1
+            isFallbackUsed         = $PolicyDetails.isFallbackUsed         #   # : False
+        }
+    }
+}

Public/Get-O365AzureConditionalAccessTerms.ps1

@@ -0,0 +1,21 @@
+function Get-O365AzureConditionalAccessTerms {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+
+    # ?`$orderby=Name%20asc&`$filter=TypeId%20eq%208a76863a-a0e6-47a7-b99e-0410266eebcf
+    # &x-tenantid=ceb371f6-8745-4876-a040-69f2d10a9d1a&{}&_=1631363067293
+    $Uri = 'https://api.termsofuse.identitygovernance.azure.com/v1.1/Agreements'
+
+    $QueryParameter = @{
+        '$orderby'   = 'Name asc'
+        '$filter'    = 'TypeId eq 8a76863a-a0e6-47a7-b99e-0410266eebcf'
+        'x-tenantid' = $TenantID
+    }
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers
+    if ($Output) {
+        $Output
+    }
+}

Public/Get-O365AzureConditionalAccessVPN.ps1

@@ -0,0 +1,12 @@
+function Get-O365AzureConditionalAccessVPN {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://main.iam.ad.ext.azure.com/api/Vpn/Certificates'
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers
+    if ($Output) {
+        $Output
+    }
+}

Public/Get-O365AzureFeatureConfiguration.ps1

@@ -0,0 +1,12 @@
+function Get-O365AzureFeatureConfiguration {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://main.iam.ad.ext.azure.com/api/FeatureConfigurations?supportAU=false'
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers
+    if ($Output) {
+        $Output
+    }
+}

Public/Get-O365AzureFeaturePortal.ps1

@@ -0,0 +1,13 @@
+function Get-O365AzureFeaturePortal {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://afd.hosting.portal.azure.net/iam/?bundlingKind=DefaultPartitioner&cacheability=3&clientOptimizations=true&environmentjson=true&extensionName=Microsoft_AAD_IAM&l=en&pageVersion=3.0.01692206&trustedAuthority=portal.azure.com'
+
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers
+    if ($Output) {
+        $Output
+    }
+}

Public/Get-O365AzureLicenses.ps1

@@ -122,4 +122,4 @@
 
 # https://main.iam.ad.ext.azure.com/api/AccountSkus/UserAssignments?accountSkuID=evotecpoland%3AEMSPREMIUM&nextLink=&searchText=&columnName=&sortOrder=undefined
 # https://main.iam.ad.ext.azure.com/api/AccountSkus/UserAssignments?accountSkuID=evotecpoland%3AEMSPREMIUM&nextLink=&searchText=&columnName=&sortOrder=undefined
-# https://main.iam.ad.ext.azure.com/api/AccountSkus/GroupAssignments?accountSkuID=evotecpoland%3AEMSPREMIUM&nextLink=&searchText=&sortOrder=undefined
+# https://main.iam.ad.ext.azure.com/api/AccountSkus/GroupAssignments?accountSkuID=evotecpoland%3AEMSPREMIUM&nextLink=&searchText=&sortOrder=undefined

Public/Get-O365AzureTenantSku.ps1

@@ -0,0 +1,12 @@
+function Get-O365AzureTenantSKU {
+    [cmdletbinding()]
+    param(
+        [alias('Authorization')][System.Collections.IDictionary] $Headers
+    )
+    $Uri = 'https://main.iam.ad.ext.azure.com/api/TenantSkuInfo'
+
+    $Output = Invoke-O365Admin -Uri $Uri -Headers $Headers
+    if ($Output) {
+        $Output
+    }
+}

README.MD

@@ -30,7 +30,6 @@ This module wouldn't happen without great help from following people:
 - [Jos Lieben](https://twitter.com/joslieben)
 
 It is recommended to use **PowerShell 7** or higher. While the module does work in PowerShell 5.1 the error handling of RestMethod is superior in PowerShell 7 so all errors are more readable in it.
-
 ## Installing
 
 Everyone can install this module from **PowerShellGallery** hosted by Microsoft. It's recommended way to work with the module.