Merge branch 'dev' into master

Author: peombwa

README.md

@@ -1,4 +1,4 @@
-# Microsoft Graph PowerShell SDK Preview
+# Microsoft Graph PowerShell SDK
 The Microsoft Graph PowerShell SDK is a collection of PowerShell modules that contain commands for calling Microsoft Graph service.
 
 # Modules

samples/0-InstallModule.ps1

@@ -1,8 +1,14 @@
 # Installing the Module
 
-# Installing the Graph PowerShell module for the Beta API with no previous versions installed
+# Installing the Graph PowerShell module with no previous versions installed
 Install-module Microsoft.Graph
 
+# If upgrading from our preview modules, run install-module with AllowClobber and Force parameter to avoid command name conflicts
+Install-Module Microsoft.Graph -AllowClobber -Force
+
+# Updating from an earlier version of MS Graph PowerShell installed from PS Gallery
+Update-module Microsoft.Graph
+
 # Uninstalling the old preview version, before installing the new
 
 # Remove the main meta module

samples/3-TenantInformation.ps1

@@ -7,8 +7,8 @@ Get-MgOrganization | Select-Object DisplayName, City, State, Country, PostalCode
 Get-MgOrganization | Select-Object -expand AssignedPlans
 
 ## List application registrations in the tenant
-Get-MgApplication | Select-Object DisplayName, Appid, WebRedirectUris
+Get-MgApplication | Select-Object DisplayName, Appid, SignInAudience
 
 ## List service principals in the tenant
-get-MgServicePrincipal | Select-Object id, AppDisplayName | Where-Object { $_.AppDisplayName -like "*powershell*" }
+Get-MgServicePrincipal | Select-Object id, AppDisplayName | Where-Object { $_.AppDisplayName -like "*powershell*" }
 

samples/5-Teams.ps1

@@ -1,3 +1,48 @@
+# Switch to beta profile. This loads cmdlets that call MS Graph beta endpoint.
+Select-MgProfile -Name beta
+
+# Create a new team.
+$TeamName = "2020 Interns"
+New-MgTeam -DisplayName $TeamName -Description $TeamName `
+    -AdditionalProperties @{
+        "[email protected]" = "https://graph.microsoft.com/beta/teamsTemplates('standard')"
+    }
+
+# Filter groups by displayName and resourceProvisioningOptions to find team.
+$InternsTeam = Get-MgGroup -Filter "StartsWith(DisplayName, '$TeamName')" `
+               | Where-Object { $_.ResourceProvisioningOptions -Contains "Team" }
+
+# Add team owner.
+$teamOwner = Get-MgUser -UserId "{TEAM_OWNER_UPN}"
+New-MgTeamMember -TeamId $InternsTeam.Id -Roles "owner" `
+    -AdditionalProperties @{ 
+        "@odata.type" = "#microsoft.graph.aadUserConversationMember"; 
+        "[email protected]" = "https://graph.microsoft.com/beta/users/" + $teamOwner.Id
+    }
+
+# Filter users to find users who have a UPN that starts with 't-'.
+$TeamMembers = Get-MgUser -Filter "startswith(userPrincipalName, 't-')"
+
+# Add team members.
+foreach ($teamMember in $TeamMembers) {
+    New-MgTeamMember -TeamId $InternsTeam.Id -Roles "member" `
+        -AdditionalProperties @{
+            "@odata.type" = "#microsoft.graph.aadUserConversationMember";
+            "[email protected]" = "https://graph.microsoft.com/beta/users/" + $teamMember.Id
+        }
+}
+
+# Send a welcome message to the channel.
+$PrimaryChannel = Get-MgTeamPrimaryChannel -TeamId $InternsTeam.Id
+New-MgTeamChannelMessage -TeamId $InternsTeam.Id `
+                         -ChannelId $PrimaryChannel.Id `
+                         -Body @{
+                             Content = "Welcome to Teams!"
+                            }
+
+# Delete team.
+Remove-MgGroup -GroupId $InternsTeam.Id
+
 # Teams Chat snippets
 
 # Get list of 1:1 chats
@@ -7,17 +52,24 @@ Get-MgChat
 Get-MgChatMessage -chatId $chatId 
 
 # Send a message in that 1:1 chat
-New-MgChatMessage -chatId $chatId -BodyContent "Hi from VSCode again!"
+New-MgChatMessage -chatId $chatId -Body @{ Content = "Hi from VSCode again!" }
 
 # Mention a user in a channel message.
-$UserToMention = Get-MGUser -UserId $userUPN
+$User = Get-MgUser -UserId $userUPN | select id, displayName, userIdentityType
+$UserToMention  = @{
+    Id = $User.Id;
+    DisplayName = $User.DisplayName;
+    UserIdentityType = "aadUser";
+}
 
 New-MgTeamChannelMessage -ChannelId $ChannelId -TeamId $TeamId `
-    -BodyContentType "html" `
-    -BodyContent "Welcome to the channel! <at id='0'>$($UserToMention.DisplayName)</at>" `
+    -Body @{ `
+        ContentType = "html"; `
+        Content = "Welcome to the channel! <at id='0'>$($UserToMention.DisplayName)</at>" `
+    } `
     -Mentions @( `
         @{ `
             id          = 0; `
             mentionText = $UserToMention.DisplayName; `
             mentioned   = @{user = $UserToMention } `
-        })
+        })

samples/8-ConditionalAccess.ps1

@@ -1,13 +1,15 @@
 #Minimum required parameters to create a conditional access policy
 
-New-MgConditionalAccessPolicy -DisplayName 'Minimum required Parameters' `
-     -GrantControlBuiltInControls @('mfa') `
+New-MgIdentityConditionalAccessPolicy -DisplayName 'Minimum required Parameters' `
+     -GrantControls @{ `
+        BuiltInControls = @('mfa'); `
+        Operator = 'OR' `
+     } `
      -State 'disabled' `
-     -GrantControlOperator 'OR' `
      -Conditions @{ `
-       applications = @{includeApplications = 'none'}; `
-       users = @{includeUsers = 'none'} `
+        Applications = @{includeApplications = 'none'}; `
+        Users = @{includeUsers = 'none'} `
      }
 
 # Get a list of conditional access policies where DisplayName starts with Minimum.
-Get-MgConditionalAccessPolicy -Filter "StartsWith(DisplayName, 'Minimum')"
+Get-MgIdentityConditionalAccessPolicy -Filter "StartsWith(DisplayName, 'Minimum')"

samples/9-Applications.ps1

@@ -1,17 +1,50 @@
+# Incremental scope consent.
+Connect-Graph -Scopes "Application.ReadWrite.All"
 
 # Create an application for use with DeviceCodeFlow
-$app1 = new-mgApplication   -displayName "DeviceCodeFlowApp" `
+$app1 = New-MgApplication   -displayName "DeviceCodeFlowApp" `
                             -IsFallbackPublicClient `
-                            -PublicClientRedirectUris "https://login.microsoftonline.com/common/oauth2/nativeclient"
+                            -PublicClient @{ `
+                                RedirectUris = "https://login.microsoftonline.com/common/oauth2/nativeclient" `
+                            }
 
 # Create an application for use with Native Client an interactive sign in
-$app2 = new-mgApplication   -displayName "NativeAppInteractiveFlowApp" `
+$app2 = New-MgApplication   -displayName "NativeAppInteractiveFlowApp" `
                             -IsFallbackPublicClient `
-                            -PublicClientRedirectUris "http://localhost"
+                            -PublicClient @{ `
+                                RedirectUris = "http://localhost" `
+                            }
 
 # Create an web app with implicit auth
-$app3 = new-mgApplication -displayName "ImplicitWebApp" `
-         -ImplicitGrantSettingEnableAccessTokenIssuance `
-         -ImplicitGrantSettingEnableIdTokenIssuance `
-         -WebRedirectUris "https://localhost:3000/"                            
-         
+$app3 = New-MgApplication -displayName "ImplicitWebApp" `
+         -Web @{ `
+            RedirectUris = "https://localhost:3000/"; `
+            ImplicitGrantSettings = @{ `
+                EnableAccessTokenIssuance = $true; `
+                EnableIdTokenIssuance = $true; `
+             } `
+        }  
+
+# Create an application for use with Confidential Client flow using a certificate.
+# Get certificate from current user store.
+$CertificateThumbprint = "YOUR_THUMBPRINT"
+$Certificate = Get-ChildItem -Path "Cert:\CurrentUser\My\$CertificateThumbprint"
+
+# Graph resource Id
+$GraphResourceId = "00000003-0000-0000-c000-000000000000"
+
+# Graph permissions constants
+$UserReadAll = @{ Id = "df021288-bdef-4463-88db-98f22de89214"; Type = "Role" }
+$GroupReadAll = @{ Id = "5b567255-7703-4780-807c-7be8301ae99b"; Type = "Role" }
+$MailboxSettingsRead = @{ Id = "40f97065-369a-49f4-947c-6a255697ae91"; Type = "Role" }
+$MailSend = @{ Id = "b633e1c5-b582-4048-a93e-9f11b44c7e96"; Type = "Role" }
+
+# Create an application registration.
+$AppName = "ScriptedGraphPSApp"
+$app4 = New-MgApplication -"ClientCredentialApp" $AppName `
+                    -SignInAudience "AzureADMyOrg" `
+                    -RequiredResourceAccess @{ ResourceAppId = $graphResourceId; ResourceAccess = $UserReadAll, $GroupReadAll, $MailboxSettingsRead, $MailSend } `
+                    -KeyCredentials @(@{ Type = "AsymmetricX509Cert"; Usage = "Verify"; Key= $Certificate.RawData })
+
+# Create corresponding service principal.
+New-MgServicePrincipal -AppId $appRegistration.AppId

samples/Scripts/Get-TeamMembers.ps1

@@ -1,12 +1,17 @@
 # Replace with your ClientId
 # Replace with your TenantId
 # Replace with your Cert subject
-Connect-Graph -ClientId "1e4ee20b-9a64-44cb-bb6f-0d693e76490a" `
-              -TenantId "d5fe491b-5987-4770-a68f-477c204cd1ca" `
-              -CertificateName "CN=GraphPowerShellScriptCert"    
+Connect-Graph -ClientId "YOUR_CLIENT_ID" `
+              -TenantId "YOUR_TENANT_ID" `
+              -CertificateName "YOUR_CERTIFICATE_NAME"
+
+# Switch to beta profile to use these samples.
+Select-MgProfile -Name beta
+
 $groups = Get-MgGroup
 $teams = $groups | Where-Object { $_.ResourceProvisioningOptions -Contains "Team" }
 
+# List owners and memebers of all Teams team in your tenant.
 foreach($team in $teams) {
     Write-Host "Team: " + $team.DisplayName -ForegroundColor Blue
 

samples/Scripts/UsersAndGroups.ps1

@@ -0,0 +1,58 @@
+$TenantId = "YOUR_TENANT_ID"
+$ClientId = "YOUR_CLIENT_ID"
+$CertThumbprint = "YOUR_CERTIFICATE_THUMBPRINT"
+$AdminMail = "ADMIN_MAIL"
+
+# Consent to permissions using app created in the last demo.
+$AdminConsentUrl = "https://login.microsoftonline.com/$TenantId/adminconsent?client_id=$ClientId"
+Write-Host -ForeGroundColor Yellow "Please go to the following URL in your browser to provide admin consent"
+Write-Host $AdminConsentUrl
+Write-Host "Press any key to continue when done ....."
+$Key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
+
+# Authenticate as a confidential client for app only calls.
+Connect-Graph -ClientId $ClientId -TenantId $TenantId -CertificateThumbprint $CertThumbprint
+
+# Get group named 'Weekday Employees'
+$WeekdayEmployeesGroup = Get-MgGroup -Filter "DisplayName eq 'Weekday Employees'"
+
+# Get Members of the group.
+$GroupMembers = Get-MgGroupMember -GroupId $WeekdayEmployeesGroup.Id
+$ToRecipients = @()
+foreach ($member in $GroupMembers) {
+    $User = Get-MgUser -UserId $member.Id -Select "displayName", "mail", "mailboxSettings" | `
+                        Select DisplayName, Mail, MailboxSettings
+
+    # Get users with invalid workdays in their mailbox setting.
+    if ( $User.MailboxSettings.WorkingHours.DaysOfWeek -contains "saturday" || `
+         $User.MailboxSettings.WorkingHours.DaysOfWeek -contains "sunday" ) {
+             Write-Host -ForegroundColor Yellow "User "$User.DisplayName" has an invalid workday."
+
+            $ToRecipients += @{ 
+                emailAddress = @{
+                    name = $User.DisplayName;
+                    address = $User.Mail
+                }}
+    }
+}
+
+if ($ToRecipients.Length) {
+    # Compose message.
+    $Message = @{
+        subject = "Update Your Mailbox Settings!";
+        toRecipients = $ToRecipients;
+        body = @{
+            contentType = "Text";
+            content = "Please update to your mailbox settings to reflect your working hours." + `
+                    " You currently have Saturday and/or Sunday set as workday."
+        }
+    }
+    
+    $Admin = Get-MgUser -UserId $AdminMail
+
+    # Send mail to users with invalid workdays.
+    Send-MgUserMail -UserId $Admin.Id -BodyParameter @{message = $Message}
+    Write-Host -ForegroundColor Green "Mail sent to affected users."
+}
+
+Disconnect-Graph