microsoft · lusassl-msft · Apr 21, 2023 · Apr 21, 2023
@@ -724,14 +724,16 @@ begin {
             }
         }
 
+        # Specify secret expiration time which must be in ISO 8601 format and is always in UTC time
+        $pwdEndDateTime = ([DateTime]::UtcNow).AddDays(7).ToString("o")
         # Graph API call to create a new application password
         $newAadApplicationPasswordParams = @{
             Query       = "applications/$($getAadApplicationResponse.value.id)/addPassword"
             AccessToken = $AzAccountsObject.AccessToken
             Body        = @{
                 "passwordCredential" = @{
                     "displayName" = "AppAccessKey"
-                    "endDateTime" = (Get-Date).AddDays(7).ToString("yyyy-MM-ddTHH:mm:ssZ")
+                    "endDateTime" = $pwdEndDateTime
                 }
             } | ConvertTo-Json
             Method      = "POST"
@@ -914,6 +916,7 @@ begin {
     }
 } end {
     Write-Host ("CVE-2023-23397 script version $($BuildVersion)") -ForegroundColor Green
+    Write-Verbose "PowerShell version: $($PSVersionTable.PSVersion)"
 
     # Using either of these switches implies -UseSearchFolders
     if ($SearchFolderCleanup -or $SkipSearchFolderCreation) {

@@ -58,16 +58,19 @@ function Invoke-GraphApiRequest {
         }
 
         if (-not([System.String]::IsNullOrEmpty($Body))) {
+            Write-Verbose "Body: $Body"
             $graphApiRequestParams.Add("Body", $Body)
         }
 
+        Write-Verbose "Graph API uri called: $($graphApiRequestParams.Uri)"
+        Write-Verbose "Method: $($graphApiRequestParams.Method) ContentType: $($graphApiRequestParams.ContentType)"
         $graphApiResponse = Invoke-WebRequestWithProxyDetection -ParametersObject $graphApiRequestParams
 
         if (($null -eq $graphApiResponse) -or
             ([System.String]::IsNullOrEmpty($graphApiResponse.StatusCode))) {
             Write-Verbose "Graph API request failed - no response"
         } elseif ($graphApiResponse.StatusCode -ne $ExpectedStatusCode) {
-            Write-Verbose "Graph API status code $($graphApiResponse.StatusCode) does not match expected status code $ExpectedStatusCode"
+            Write-Verbose "Graph API status code: $($graphApiResponse.StatusCode) does not match expected status code: $ExpectedStatusCode"
         } else {
             Write-Verbose "Graph API request successful"
             $successful = $true

@@ -10,14 +10,19 @@ function Confirm-ProxyServer {
         $TargetUri
     )
 
+    Write-Verbose "Calling $($MyInvocation.MyCommand)"
     try {
         $proxyObject = ([System.Net.WebRequest]::GetSystemWebProxy()).GetProxy($TargetUri)
         if ($TargetUri -ne $proxyObject.OriginalString) {
+            Write-Verbose "Proxy server configuration detected"
+            Write-Verbose $proxyObject.OriginalString
             return $true
         } else {
+            Write-Verbose "No proxy server configuration detected"
             return $false
         }
     } catch {
+        Write-Verbose "Unable to check for proxy server configuration"
         return $false
     }
 }
@@ -2,6 +2,7 @@
 # Licensed under the MIT License.
 
 . $PSScriptRoot\Confirm-ProxyServer.ps1
+. $PSScriptRoot\..\Write-ErrorInformation.ps1
 
 function Invoke-WebRequestWithProxyDetection {
     [CmdletBinding(DefaultParameterSetName = "Default")]
@@ -23,6 +24,7 @@ function Invoke-WebRequestWithProxyDetection {
         $OutFile
     )
 
+    Write-Verbose "Calling $($MyInvocation.MyCommand)"
     if ([System.String]::IsNullOrEmpty($Uri)) {
         $Uri = $ParametersObject.Uri
     }
@@ -47,5 +49,9 @@ function Invoke-WebRequestWithProxyDetection {
         $params = $ParametersObject
     }
 
-    Invoke-WebRequest @params
+    try {
+        Invoke-WebRequest @params
+    } catch {
+        Write-VerboseErrorInformation
+    }
 }